From d45625086a22991e77289de810ee5ac69ff82724 Mon Sep 17 00:00:00 2001 From: "tlimoncelli@stackexchange.com" Date: Sat, 20 Jun 2015 15:54:08 +0000 Subject: [PATCH] blackbox_register_new_file: Accept multiple files on the command line. --- bin/blackbox_register_new_file | 65 +++++++++++++++++++--------------- tools/confidence_test.sh | 11 ++++++ 2 files changed, 47 insertions(+), 29 deletions(-) diff --git a/bin/blackbox_register_new_file b/bin/blackbox_register_new_file index f222ff9..430ab27 100755 --- a/bin/blackbox_register_new_file +++ b/bin/blackbox_register_new_file @@ -1,49 +1,56 @@ #!/usr/bin/env bash # -# blackbox_register_new_file -- Enroll a new file in the blackbox system. +# blackbox_register_new_file -- Enroll new file(s) in the blackbox system. # -# Takes a previously unencrypted file and enrolls it into the blackbox -# system. It will be kept in the repo as an encrypted file. On deployment +# Takes previously unencrypted file(s) and enrolls them into the blackbox +# system. Each file will be kept in the repo as an encrypted file. On deployment # to systems that need the plaintext (unencrypted) versions, run # blackbox_postdeploy.sh to decrypt all the files. set -e source "${0%/*}/_blackbox_common.sh" -unencrypted_file=$(get_unencrypted_filename "$1") -encrypted_file=$(get_encrypted_filename "$1") +function register_new_file() { + unencrypted_file=$(get_unencrypted_filename "$1") + encrypted_file=$(get_encrypted_filename "$1") -if [[ "$1" == "$encrypted_file" ]]; then - echo ERROR: Please only register unencrypted files. - exit 1 -fi + if [[ "$1" == "$encrypted_file" ]]; then + echo ERROR: Please only register unencrypted files. + exit 1 + fi -echo ========== PLAINFILE "$unencrypted_file" -echo ========== ENCRYPTED "$encrypted_file" + echo ========== PLAINFILE "$unencrypted_file" + echo ========== ENCRYPTED "$encrypted_file" -fail_if_not_exists "$unencrypted_file" "Please specify an existing file." -fail_if_exists "$encrypted_file" "Will not overwrite." + fail_if_not_exists "$unencrypted_file" "Please specify an existing file." + fail_if_exists "$encrypted_file" "Will not overwrite." -prepare_keychain -encrypt_file "$unencrypted_file" "$encrypted_file" -add_filename_to_cryptlist "$unencrypted_file" + prepare_keychain + encrypt_file "$unencrypted_file" "$encrypted_file" + add_filename_to_cryptlist "$unencrypted_file" -# Is the unencrypted file already in HG? (ie. are we correcting a bad situation) -SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}") -echo "========== CREATED: ${encrypted_file}" -echo "========== UPDATING REPO:" -shred_file "$unencrypted_file" + # Is the unencrypted file already in HG? (ie. are we correcting a bad situation) + SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}") + echo "========== CREATED: ${encrypted_file}" + echo "========== UPDATING REPO:" + shred_file "$unencrypted_file" -if "$SECRETSEXPOSED" ; then - vcs_remove "$unencrypted_file" - vcs_add "$encrypted_file" -fi + if "$SECRETSEXPOSED" ; then + vcs_remove "$unencrypted_file" + vcs_add "$encrypted_file" + fi + + vcs_ignore "$unencrypted_file" + echo 'NOTE: "already tracked!" messages are safe to ignore.' + vcs_add "$BB_FILES" "$encrypted_file" + vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file" +} + +for target in "$@"; do + register_new_file "$target" +done -vcs_ignore "$unencrypted_file" -echo 'NOTE: "already tracked!" messages are safe to ignore.' -vcs_add "$BB_FILES" "$encrypted_file" -vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file" echo "========== UPDATING VCS: DONE" echo "Local repo updated. Please push when ready." echo " $(which_vcs) push" diff --git a/tools/confidence_test.sh b/tools/confidence_test.sh index 6183ac4..8d824f0 100755 --- a/tools/confidence_test.sh +++ b/tools/confidence_test.sh @@ -448,6 +448,17 @@ assert_line_not_exists 'mistake.txt' 'keyrings/live/blackbox-files.txt' assert_file_missing 'mistake.txt.gpg' assert_file_exists 'mistake.txt' +PHASE 'Bob enrolls multiple files: multi1.txt and multi2.txt' +echo 'One singular sensation.' >'multi1.txt' +echo 'Another singular sensation.' >'multi2.txt' +blackbox_register_new_file 'multi1.txt' 'multi2.txt' +assert_file_missing 'multi1.txt' +assert_file_exists 'multi1.txt'.gpg +assert_line_exists '/multi1.txt' .gitignore +assert_file_missing 'multi2.txt' +assert_file_exists 'multi2.txt'.gpg +assert_line_exists '/multi2.txt' .gitignore + PHASE 'Alice returns. She should be locked out' assert_file_missing 'secret.txt' become_alice