From b003318d811c7cced4d7a90db8410d77e0d000ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=85smund=20Grammeltvedt?= <asmundg@snap.tv>
Date: Mon, 13 Oct 2014 21:31:58 +0200
Subject: [PATCH] Update .gitignore when registering new files

To reduce the risk of accidentally adding plaintext secrets, ignore
registered plaintext files.
---
 bin/blackbox_register_new_file | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/bin/blackbox_register_new_file b/bin/blackbox_register_new_file
index b370adf..2030999 100755
--- a/bin/blackbox_register_new_file
+++ b/bin/blackbox_register_new_file
@@ -8,10 +8,11 @@
 # to systems that need the plaintext (unencrypted) versions, run
 # blackbox_postdeploy.sh to decrypt all the files.
 
-# TODO(tlim): Add the unencrypted file to .gitignore
+# TODO(tlim): Add the unencrypted file to .hgignore
 
 set -e
 . _blackbox_common.sh
+_determine_vcs_base_and_type
 
 unencrypted_file=$(get_unencrypted_filename "$1")
 encrypted_file=$(get_encrypted_filename "$1")
@@ -45,6 +46,15 @@ if $SECRETSEXPOSED ; then
 else
   COMMIT_FILES="$BB_FILES $encrypted_file"
 fi
+
+IGNOREFILE=".${VCS_TYPE}ignore"
+if [[ $VCS_TYPE = 'git' ]]; then
+    if ! grep -Fsx >/dev/null "$unencrypted_file" "$IGNOREFILE"; then
+        echo "$unencrypted_file" >>"$IGNOREFILE"
+        COMMIT_FILES="$COMMIT_FILES $IGNOREFILE"
+    fi
+fi
+
 echo 'NOTE: "already tracked!" messages are safe to ignore.'
 vcs_add $BB_FILES $encrypted_file
 vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES