diff --git a/Makefile b/Makefile index ba12ec1..9742e09 100644 --- a/Makefile +++ b/Makefile @@ -37,4 +37,8 @@ unlock: test: echo "You don't want to run this." exit 1 - pkill gpg-agent ; rm -rf /tmp/tmp.* ; export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin ; cd ~/gitwork/blackbox;tools/confidence_test.sh;ls -lad /home/tlimoncelli/.gnupg || true + pkill gpg-agent ; rm -rf /tmp/tmp.* ; \ + export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin ; \ + cd ~/gitwork/blackbox ; \ + tools/confidence_test.sh ; \ + if [[ -e ~/.gnupg ]]; then echo ERROR: '~/.gnupg' should not exist ; false ; fi diff --git a/bin/blackbox_register_new_file b/bin/blackbox_register_new_file index b370adf..f855ad8 100755 --- a/bin/blackbox_register_new_file +++ b/bin/blackbox_register_new_file @@ -8,10 +8,11 @@ # to systems that need the plaintext (unencrypted) versions, run # blackbox_postdeploy.sh to decrypt all the files. -# TODO(tlim): Add the unencrypted file to .gitignore +# TODO(tlim): Add the unencrypted file to .hgignore set -e . _blackbox_common.sh +_determine_vcs_base_and_type unencrypted_file=$(get_unencrypted_filename "$1") encrypted_file=$(get_encrypted_filename "$1") @@ -45,6 +46,19 @@ if $SECRETSEXPOSED ; then else COMMIT_FILES="$BB_FILES $encrypted_file" fi + +# TODO(tlim): This should be moved to _blackbox_common.sh in a +# VCS-independent way. +IGNOREFILE=".${VCS_TYPE}ignore" +if [[ $VCS_TYPE = 'git' ]]; then + ignored_file="$(echo "$unencrypted_file" | sed 's/^\([!#]\)/\\\1/')" + if ! grep -Fsx >/dev/null "$ignored_file" "$IGNOREFILE"; then + echo "$ignored_file" >>"$IGNOREFILE" + COMMIT_FILES="$COMMIT_FILES $IGNOREFILE" + fi + vcs_add "$IGNOREFILE" +fi + echo 'NOTE: "already tracked!" messages are safe to ignore.' vcs_add $BB_FILES $encrypted_file vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES diff --git a/tools/confidence_test.sh b/tools/confidence_test.sh index bd977af..67674a3 100755 --- a/tools/confidence_test.sh +++ b/tools/confidence_test.sh @@ -52,6 +52,30 @@ function assert_file_group() { exit 1 fi } +function assert_line_not_exists() { + local target="$1" + local file="$2" + assert_file_exists "$file" + if grep -F -x -s -q >/dev/null "$target" "$file" ; then + echo "ASSERT FAILED: line '$target' should not exist in file $file" + echo ==== file contents: START "$file" + cat "$file" + echo ==== file contents: END "$file" + exit 1 + fi +} +function assert_line_exists() { + local target="$1" + local file="$2" + assert_file_exists "$file" + if ! grep -F -x -s -q >/dev/null "$target" "$file" ; then + echo "ASSERT FAILED: line '$target' should not exist in file $file" + echo ==== file contents: START "$file" + cat "$file" + echo ==== file contents: END "$file" + exit 1 + fi +} make_tempdir test_repository cd "$test_repository" @@ -210,13 +234,7 @@ rm secret.txt PHASE 'Bob removes alice.' blackbox_removeadmin alice@example.com -if grep -xs >dev/null 'alice@example.com' keyrings/live/blackbox-admins.txt ; then - echo "ASSERT FAILED: alice@example.com should be removed from keyrings/live/blackbox-admins.txt" - echo ==== file start - cat keyrings/live/blackbox-admins.txt - echo ==== file end - exit 1 -fi +assert_line_not_exists 'alice@example.com' keyrings/live/blackbox-admins.txt PHASE 'Bob reencrypts files so alice can not access them.' blackbox_update_all_files @@ -266,6 +284,20 @@ assert_file_exists to/relsecrets.txt.gpg assert_file_md5hash to/relsecrets.txt "c47f9c3c8ce03d895b883ac22384cb67" cd ../.. +PHASE 'Bob enrolls !important!.txt' +echo A very important file >'!important!.txt' +blackbox_register_new_file '!important!.txt' +assert_file_missing '!important!.txt' +assert_file_exists '!important!.txt'.gpg +assert_line_exists '\!important!.txt' .gitignore + +PHASE 'Bob enrolls #andpounds.txt' +echo A very commented file >'#andpounds.txt' +blackbox_register_new_file '#andpounds.txt' +assert_file_missing '#andpounds.txt' +assert_file_exists '#andpounds.txt'.gpg +assert_line_exists '\#andpounds.txt' .gitignore + # TODO(tlim): Add test to make sure that now alice can NOT decrypt. # @@ -277,7 +309,7 @@ if [[ -e $HOME/.gnupg ]]; then exit 1 fi -find * -ls +find .git?* * -type f -ls echo cd "$test_repository" echo rm "$test_repository" echo DONE.