diff --git a/Makefile b/Makefile index 64334da..ba12ec1 100644 --- a/Makefile +++ b/Makefile @@ -33,3 +33,8 @@ lock: unlock: sudo yum versionlock clear + +test: + echo "You don't want to run this." + exit 1 + pkill gpg-agent ; rm -rf /tmp/tmp.* ; export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin ; cd ~/gitwork/blackbox;tools/confidence_test.sh;ls -lad /home/tlimoncelli/.gnupg || true diff --git a/README.md b/README.md index f2d2b08..e3244c9 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ What does this look like to the typical sysadmin? ``bin/blackbox_edit_end FILENAME`` - * Commit the changes. ``` @@ -123,74 +122,56 @@ To join the list of people that can edit the file requires three steps; You crea ### Step 1: YOU create a GPG key pair on a secure machine and add to public keychain. - ``` -KEYNAME=$USER@$DOMAINNAME -# For example... -KEYNAME=myusername@example.com gpg --gen-key ``` Pick defaults for encryption settings, 0 expiration. Pick a VERY GOOD passphrase. -When GPG is generating entropy, consider running this on the machine in another window: - ``` -dd if=/dev/sda of=/dev/null +blackbox_addadmin KEYNAME +``` +...where "KEYNAME" is the email address listed in the gpg key you created previously. For example: +``` +blackbox_addadmin tal@example.com ``` -Add your public key to the public key-ring. - +When the command completes successfully, instructions on how to +commit these changes will be output. Run the command as give. ``` -gpg --export -a $KEYNAME >~/.gnupg/pubkey.txt -wc -l ~/.gnupg/pubkey.txt +NEXT STEP: Check these into the repo. Probably with a command like... +git commit -m'NEW ADMIN: tal@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt ``` -The output of "wc" should be non-zero (usually it is 30 or more) - -Add your keyname to the list of keys: - +Role accounts: If you are adding the pubring.gpg of a role account, you can specify the directory where the pubring.gpg file can be found as a 2nd parameter: ``` -cd keyrings/live -gpg --homedir=. --import ~/.gnupg/pubkey.txt -cd ../.. -blackbox_addadmin $KEYNAME +blackbox_addadmin puppetmaster@puppet-master-1.example.com /path/to/the/dir ``` -Check all these updates into the VCS: - -``` -git add pubring.gpg trustdb.gpg blackbox-admins.txt -git commit -m"Adding my gpg key" pubring.gpg trustdb.gpg blackbox-admins.txt - -or - -hg commit -m"Adding my gpg key" pubring.gpg trustdb.gpg blackbox-admins.txt -``` - - ### Step 2: SOMEONE ELSE adds you to the system. Ask someone that already has access to re-encrypt the data files. This gives you access. They simply decrypt and re-encrypt the data without making any changes: ``` gpg --import keyrings/live/pubring.gpg -bin/blackbox_update_all_files +blackbox_update_all_files ``` Push the re-encrypted files: ``` +git commit -a git push or +hg commit hg push ``` ### Step 3: YOU test. -Make sure you can decrypt a file. (NOTE: It is a good idea to keep a dummy file in VCS just for new people to practice on.) +Make sure you can decrypt a file. (Suggestion: Keep a dummy file in VCS just for new people to practice on.) First Time Setup =========================== @@ -200,7 +181,7 @@ Overview: To add "blackbox" to a git repo, you'll need to do the following: 1. Create some directories - 2. For each user, have them createa GPG key and add it to the key ring. + 2. For each user, have them create a GPG key and add it to the key ring. 3. For any automated user (one that must be able to decrypt without a passphrase), create a GPG key and create a subkey with an empty passphrase. 4. Add diff --git a/bin/Makefile b/bin/Makefile new file mode 100644 index 0000000..c29f9f1 --- /dev/null +++ b/bin/Makefile @@ -0,0 +1,5 @@ +all: _stack_lib.sh + +# Snatch _stack_lib.sh from another StackExchange project. +_stack_lib.sh: ../../scripts/misc/_stack_lib.sh + cp ../../scripts/misc/_stack_lib.sh $@ diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index 60ac962..98dfb9a 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -11,7 +11,7 @@ : ${BLACKBOXDATA:=keyrings/live} ; # If BLACKBOXDATA not set, set it. set -e - + # Outputs a string that is the base directory of this VCS repo. # By side-effect, sets the variable VCS_TYPE to either 'git', 'hg', # or 'unknown'. @@ -28,8 +28,10 @@ function _determine_vcs_base_and_type() { REPOBASE=$(_determine_vcs_base_and_type) KEYRINGDIR="$REPOBASE/$BLACKBOXDATA" -BB_ADMINS="${KEYRINGDIR}/blackbox-admins.txt" -BB_FILES="${KEYRINGDIR}/blackbox-files.txt" +BB_ADMINS_FILE="blackbox-admins.txt" +BB_ADMINS="${KEYRINGDIR}/${BB_ADMINS_FILE}" +BB_FILES_FILE="blackbox-files.txt" +BB_FILES="${KEYRINGDIR}/${BB_FILES_FILE}" SECRING="${KEYRINGDIR}/secring.gpg" PUBRING="${KEYRINGDIR}/pubring.gpg" @@ -51,6 +53,16 @@ function fail_if_not_exists() { fi } +# Exit we we aren't in a VCS repo. +function fail_if_not_in_repo() { + _determine_vcs_base_and_type + if [[ $VCS_TYPE = "unknown" ]]; then + echo "ERROR: This must be run in a VCS repo such as git or hg." + echo Exiting... + exit 1 + fi +} + # Exit with error if filename is not registered on blackbox list. function fail_if_not_on_cryptlist() { if ! grep -s -q "$name" "$BB_FILES" ; then @@ -191,15 +203,18 @@ function enumerate_subdirs() { # Are we in git, hg, or unknown repo? function which_vcs() { - echo "$REPO_TYPE" + if [[ $VCS_TYPE = '' ]]; then + _determine_vcs_base_and_type >/dev/null + fi + echo "$VCS_TYPE" } + # Is this file in the current repo? function is_in_vcs() { is_in_$(which_vcs) """$@""" } - -# Is this file in mercurial? +# Mercurial function is_in_hg() { local filename filename="$1" @@ -210,8 +225,7 @@ function is_in_hg() { echo false fi } - -# Is this file in git? +# Git: function is_in_git() { local filename filename="$1" @@ -223,18 +237,46 @@ function is_in_git() { fi } + +# Add a file to the repo (but don't commit it). +function vcs_add() { + vcs_add_$(which_vcs) """$@""" +} +# Mercurial +function vcs_add_hg() { + hg add """$@""" +} +# Git +function vcs_add_git() { + git add """$@""" +} + +# Commit a file to the repo +function vcs_commit() { + vcs_commit_$(which_vcs) """$@""" +} +# Mercurial +function vcs_commit_hg() { + hg commit -m"""$@""" +} +# Git +function vcs_commit_git() { + git commit -m"""$@""" +} + + +# TODO(tlim): Rename these vcs_rm_file* to be in sync with the others. + # Remove file from repo, even if it was deleted locally already. # If it doesn't exist yet in the repo, it should be a no-op. -function rm_from_vcs() { - rm_from_$(which_vcs) """$@""" +function vcs_remove() { + vcs_remove$(which_vcs) """$@""" } - -# rm from mercurial. -function rm_from_hg() { +# Mercurial +function vcs_remove_hg() { hg rm -A """$@""" } - -# rm from git. -function rm_from_git() { +# Git +function vcs_remove_git() { git rm --ignore-unmatch -f -- """$@""" } diff --git a/bin/_stack_lib.sh b/bin/_stack_lib.sh new file mode 100755 index 0000000..ebc1310 --- /dev/null +++ b/bin/_stack_lib.sh @@ -0,0 +1,140 @@ +# Library functions for bash scripts at Stack Exchange. + +# Usage: +# . _stack_lib.sh + +# ----- Utility Functions ----- + +function debugmsg() { + # Log to stderr. + echo 1>&2 LOG: """$@""" + : +} + +function logit() { + # Log to stderr. + echo 1>&2 LOG: """$@""" +} + +function fail_out() { + echo "FAILED:" "$*" + echo 'Exiting...' + exit 1 +} + +# on_exit and add_on_exit from http://www.linuxjournal.com/content/use-bash-trap-statement-cleanup-temporary-files +# Usage: +# add_on_exit rm -f /tmp/foo +# add_on_exit echo "I am exiting" +# tempfile=$(mktemp) +# add_on_exit rm -f "$tempfile" +function on_exit() +{ + for i in "${on_exit_items[@]}" + do + eval $i + done +} + +function add_on_exit() +{ + local n=${#on_exit_items[*]} + on_exit_items[$n]="$*" + if [[ $n -eq 0 ]]; then + trap on_exit EXIT + fi +} + +# Securely and portably create a temporary file that will be deleted +# on EXIT. $1 is the variable name to store the result. +function make_self_deleting_tempfile() { + local __resultvar="$1" + local name + + case $(uname -s) in + Darwin ) + : ${TMPDIR:=/tmp} ; + name=$(mktemp -t _stacklib_ ) + ;; + Linux ) + name=$(mktemp) + ;; + * ) + echo 'ERROR: Unknown OS. Exiting.' + exit 1 + ;; + esac + + add_on_exit rm -f "$name" + eval $__resultvar="$name" +} + +function make_tempdir() { + local __resultvar="$1" + local name + + case $(uname -s) in + Darwin ) + : ${TMPDIR:=/tmp} ; + name=$(mktemp -d -t _stacklib_ ) + ;; + Linux ) + name=$(mktemp -d) + ;; + * ) + echo 'ERROR: Unknown OS. Exiting.' + exit 1 + ;; + esac + + eval $__resultvar="$name" +} + +function make_self_deleting_tempdir() { + local __resultvar="$1" + local dirname + + make_tempdir dirname + + add_on_exit rm -rf "$dirname" + eval $__resultvar="$dirname" +} + +function fail_if_not_running_as_root() { + if [[ $EUID -ne 0 ]]; then + echo 'ERROR: This command should only be run as root.' + echo 'Exiting...' + exit 1 + fi +} + +function fail_if_in_root_directory() { + # Verify nobody has tricked us into being in "/". + case $(uname -s) in + Darwin ) + if [[ $(stat -f'%i' / ) == $(stat -f'%i' . ) ]] ; then + echo 'SECURITY ALERT: The current directory is the root directory.' + echo 'Exiting...' + exit 1 + fi + ;; + Linux ) + if [[ $(stat -c'%i' / ) == $(stat -c'%i' . ) ]] ; then + echo 'SECURITY ALERT: The current directory is the root directory.' + echo 'Exiting...' + exit 1 + fi + ;; + CYGWIN* ) + if [[ $(stat -c'%i' / ) == $(stat -c'%i' . ) ]] ; then + echo 'SECURITY ALERT: The current directory is the root directory.' + echo 'Exiting...' + exit 1 + fi + ;; + * ) + echo 'ERROR: Unknown OS. Exiting.' + exit 1 + ;; + esac +} diff --git a/bin/blackbox_addadmin b/bin/blackbox_addadmin index 04afb8b..80b0e66 100755 --- a/bin/blackbox_addadmin +++ b/bin/blackbox_addadmin @@ -3,15 +3,51 @@ # # blackbox_addadmin -- Add an admin to the system # -# + # Example: # blackbox_addadmin tal@example.com # . _blackbox_common.sh +. _stack_lib.sh + +fail_if_not_in_repo + +KEYNAME="$1" +: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ; + +# The second argument, if present, is the directory to find the GPG keys to be imported. +if [[ "$2" == "" ]]; then + GPGEXPORTOPTIONS="" +else + GPGEXPORTOPTIONS=--homedir="${2}" +fi +# TODO(tlim): This could probably be done with GNUPGHOME +# but that affects all commands; we just want it to affect the key export. + # Add the email address to the BB_ADMINS file. Remove any duplicates. - # The file must exist for sort to act as we expect. touch "$BB_ADMINS" sort -fdu -o "$BB_ADMINS" <(echo "$1") "$BB_ADMINS" + + +# Add the user's key to the keychain. + +# Extract it: +make_self_deleting_tempfile pubkeyfile +gpg $GPGEXPORTOPTIONS --export -a "$KEYNAME" >"$pubkeyfile" +if [[ $(wc -l < "$pubkeyfile") = 0 ]]; then + fail_out "GPG key '$KEYNAME' not found. Please create it with: gpg --gen-key" + exit 1 +fi + +# Import it: +gpg --no-permission-warning --homedir="$KEYRINGDIR" --import "$pubkeyfile" +vcs_add "$KEYRINGDIR/pubring.gpg" "$KEYRINGDIR/trustdb.gpg" "$BB_ADMINS" + +# Make a suggestion: +echo +echo +echo 'NEXT STEP: You need to manually check these in:' +echo ' ' $VCS_TYPE commit -m\'NEW ADMIN: $KEYNAME\' "$BLACKBOXDATA/pubring.gpg" "$BLACKBOXDATA/trustdb.gpg" "$BLACKBOXDATA/$BB_ADMINS_FILE" diff --git a/bin/blackbox_edit_start b/bin/blackbox_edit_start index 30f2ee4..6a9c115 100755 --- a/bin/blackbox_edit_start +++ b/bin/blackbox_edit_start @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # blackbox_edit_start.sh -- Decrypt a file for editing. diff --git a/bin/blackbox_initialize b/bin/blackbox_initialize new file mode 100755 index 0000000..ed93740 --- /dev/null +++ b/bin/blackbox_initialize @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +# +# blackbox_initialize -- Enable blackbox for a GIT or HG repo. +# +# +# Example: +# blackbox_initialize +# + +. _blackbox_common.sh + +_determine_vcs_base_and_type # Sets VCS_TYPE + +if [[ $1 != 'yes' ]]; then + read -p "Enable blackbox for this $VCS_TYPE repo? (yes/no) " ans + if [[ $ans = 'no' || $ans = 'n' || $ans = '' ]]; then + echo 'Exiting...' + exit 1 + fi +fi + +echo cd "$REPOBASE" +cd "$REPOBASE" + +# Update .gitignore or .hgignore + +IGNOREFILE=".${VCS_TYPE}ignore" +if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then + echo 'pubring.gpg~' >>"$IGNOREFILE" +fi +if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then + echo 'secring.gpg' >>"$IGNOREFILE" +fi + +# Make directories +mkdir -p "${KEYRINGDIR}" +vcs_add "${KEYRINGDIR}" +touch "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE" +vcs_add "$IGNOREFILE" "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE" + +# Make a suggestion: +echo +echo +echo 'NEXT STEP: You need to manually check these in:' +echo ' ' $VCS_TYPE commit -m\'INITIALIZE BLACKBOX\' keyrings "$IGNOREFILE" diff --git a/bin/blackbox_postdeploy b/bin/blackbox_postdeploy index 3898471..3afd01b 100755 --- a/bin/blackbox_postdeploy +++ b/bin/blackbox_postdeploy @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # blackbox_postdeploy.sh -- Decrypt all blackbox files. diff --git a/bin/blackbox_register_new_file b/bin/blackbox_register_new_file index 48b00df..7d6ebc4 100755 --- a/bin/blackbox_register_new_file +++ b/bin/blackbox_register_new_file @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # blackbox_register_new_file.sh -- Enroll a new file in the blackbox system. @@ -8,6 +8,8 @@ # to systems that need the plaintext (unencrypted) versions, run # blackbox_postdeploy.sh to decrypt all the files. +# TODO(tlim): Add the unencrypted file to .gitignore + . _blackbox_common.sh unencrypted_file=$(get_unencrypted_filename "$1") @@ -36,17 +38,15 @@ shred_file "$unencrypted_file" VCSCMD=$(which_vcs) if $SECRETSEXPOSED ; then - rm_from_vcs "$unencrypted_file" - $VCSCMD add "$encrypted_file" - # NOTE(tlim): Because we use $VCSCMD as a command, we can only use commands - # that work for both git and hg. + vcs_remove "$unencrypted_file" + vcs_add "$encrypted_file" COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file" else COMMIT_FILES="$BB_FILES $encrypted_file" fi echo 'NOTE: "already tracked!" messages are safe to ignore.' -$VCSCMD add $BB_FILES $encrypted_file -$VCSCMD commit -m"registered in blackbox: ${unencrypted_file}" $COMMIT_FILES +vcs_add $BB_FILES $encrypted_file +vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES echo "========== UPDATING VCS: DONE" echo "Local repo updated. Please push when ready." echo " $VCSCMD push" diff --git a/bin/blackbox_removeadmin b/bin/blackbox_removeadmin new file mode 100755 index 0000000..8240f5c --- /dev/null +++ b/bin/blackbox_removeadmin @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +# +# blackbox_removeadmin -- Remove an admin to the system +# NOTE: Does not remove admin from the keyring. +# + +# Example: +# blackbox_removeadmin tal@example.com +# + +. _blackbox_common.sh +. _stack_lib.sh + +fail_if_not_in_repo + +KEYNAME="$1" +: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ; + +# Remove the email address from the BB_ADMINS file. +make_self_deleting_tempfile bbtemp +cp "$BB_ADMINS" "$bbtemp" +fgrep -v -x "$KEYNAME" <"$bbtemp" >"$BB_ADMINS" + +# Make a suggestion: +echo +echo +echo 'NEXT STEP: Check these into the repo. Probably with a command like...' +echo $VCS_TYPE commit -m\'REMOVED ADMIN: $KEYNAME\' "$BLACKBOXDATA/$BB_ADMINS_FILE" diff --git a/bin/blackbox_start b/bin/blackbox_start index bba4e80..444cf98 100755 --- a/bin/blackbox_start +++ b/bin/blackbox_start @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # blackbox_edit_start.sh -- Decrypt a file for editing. diff --git a/bin/blackbox_update_all_files b/bin/blackbox_update_all_files index 3208916..ad76adf 100755 --- a/bin/blackbox_update_all_files +++ b/bin/blackbox_update_all_files @@ -50,12 +50,9 @@ done fail_if_keychain_has_secrets echo '========== COMMITING TO HG:' -VCSCMD=$(which_vcs) -$VCSCMD commit -m'Re-encrypted keys' $(awk <$BB_FILES '{ print $1 ".gpg" }' ) -# NOTE(tlim): Because we use $VCSCMD as a command, we can only use commands -# that work for both git and hg. That's pretty lazy. We should add -# a function to _blackbox_common.sh that commits a file. +vcs_commit 'Re-encrypted keys' $(awk <$BB_FILES '{ print $1 ".gpg" }' ) +VCSCMD=$(which_vcs) echo '========== DONE.' echo 'Likely next step:' echo " ${VCSCMD} push" diff --git a/tools/confidence_test.sh b/tools/confidence_test.sh new file mode 100755 index 0000000..6a093f4 --- /dev/null +++ b/tools/confidence_test.sh @@ -0,0 +1,225 @@ +#!/usr/bin/env bash + +export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin + +. _stack_lib.sh + +set -e + +function PHASE() { + echo '====================' + echo '====================' + echo '=========' """$@""" + echo '====================' + echo '====================' +} + +function assert_file_missing() { + if [[ -e "$1" ]]; then + echo "ASSERT FAILED: ${1} should not exist." + exit 1 + fi +} + +function assert_file_exists() { + if [[ ! -e "$1" ]]; then + echo "ASSERT FAILED: ${1} should exist." + exit 1 + fi +} +function assert_file_md5hash() { + local file="$1" + local wanted="$2" + local found=$(md5sum <"$file" | cut -d' ' -f1 ) + assert_file_exists "$file" + if [[ "$wanted" != "$found" ]]; then + echo "ASSERT FAILED: $file hash wanted=$desired found=$found" + exit 1 + fi +} + +make_tempdir test_repository +cd "$test_repository" + +make_self_deleting_tempdir fake_alice_home +make_self_deleting_tempdir fake_bob_home +export GNUPGHOME="$fake_alice_home" +eval $(gpg-agent --homedir "$fake_alice_home" --daemon) +GPG_AGENT_INFO_ALICE="$GPG_AGENT_INFO" + +export GNUPGHOME="$fake_bob_home" +eval $(gpg-agent --homedir "$fake_alice_home" --daemon) +GPG_AGENT_INFO_BOB="$GPG_AGENT_INFO" + +function become_alice() { + export GNUPGHOME="$fake_alice_home" + export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE" + echo BECOMING ALICE: GNUPGHOME=$GNUPGHOME AGENT=$GPG_AGENT_INFO + git config --global user.name "Alice Example" + git config --global user.email alice@example.com +} + +function become_bob() { + export GNUPGHOME="$fake_alice_home" + export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE" + git config --global user.name "Bob Example" + git config --global user.email bob@example.com +} + + +PHASE 'Alice creates a repo. She creates secret.txt.' + +become_alice +git init +echo 'this is my secret' >secret.txt + + +PHASE 'Alice wants to be part of the secret system.' +PHASE 'She creates a GPG key...' + +make_self_deleting_tempfile gpgconfig +cat >"$gpgconfig" <"$gpgconfig" <secret.txt +blackbox_edit_end secret.txt +assert_file_missing secret.txt +assert_file_exists secret.txt.gpg + + +PHASE 'Bob appears.' +become_bob + +PHASE 'Bob makes sure he has all new keys.' + +gpg --import keyrings/live/pubring.gpg + +PHASE 'Bob postdeploys.' +blackbox_postdeploy +assert_file_exists secret.txt +assert_file_exists secret.txt.gpg +assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7" + +PHASE 'Bob cleans up the secret.' +rm secret.txt + +PHASE 'Bob removes alice.' +blackbox_removeadmin alice@example.com +if grep -xs >dev/null 'alice@example.com' keyrings/live/blackbox-admins.txt ; then + echo "ASSERT FAILED: alice@example.com should be removed from keyrings/live/blackbox-admins.txt" + echo ==== file start + cat keyrings/live/blackbox-admins.txt + echo ==== file end + exit 1 +fi + +PHASE 'Bob reencrypts files so alice can not access them.' +blackbox_update_all_files + +PHASE 'Bob decrypts secrets.txt.' +blackbox_edit_start secret.txt +assert_file_exists secret.txt +assert_file_exists secret.txt.gpg +assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7" + +PHASE 'Bob edits secrets.txt.' +echo 'BOB BOB BOB BOB' >secret.txt +blackbox_edit_end secret.txt +assert_file_missing secret.txt +assert_file_exists secret.txt.gpg + +PHASE 'Bob decrypts secrets.txt VERSION 3.' +blackbox_edit_start secret.txt +assert_file_exists secret.txt +assert_file_exists secret.txt.gpg +assert_file_md5hash secret.txt "beb0b0fd5701afb6f891de372abd35ed" + +# TODO(tlim): Add test to make sure that now alice can NOT decrypt. + +# +# ASSERTIONS +# + +if [[ -e $HOME/.gnupg ]]; then + echo "ASSERT FAILED: $HOME/.gnupg should not exist." + exit 1 +fi + +find * -ls +echo cd "$test_repository" +echo rm "$test_repository" +echo DONE. diff --git a/tools/rpm_filelist.txt b/tools/rpm_filelist.txt index 47fd19f..b2bad88 100644 --- a/tools/rpm_filelist.txt +++ b/tools/rpm_filelist.txt @@ -1,9 +1,12 @@ -exec /usr/blackbox/bin/blackbox_addadmin bin/blackbox_addadmin +read /etc/profile.d/usrblackbox.sh tools/profile.d-usrblackbox.sh exec /usr/blackbox/bin/_blackbox_common.sh bin/_blackbox_common.sh +exec /usr/blackbox/bin/_stack_lib.sh bin/_stack_lib.sh +exec /usr/blackbox/bin/blackbox_addadmin bin/blackbox_addadmin exec /usr/blackbox/bin/blackbox_edit_end bin/blackbox_edit_end exec /usr/blackbox/bin/blackbox_edit_start bin/blackbox_edit_start +exec /usr/blackbox/bin/blackbox_initialize bin/blackbox_initialize exec /usr/blackbox/bin/blackbox_postdeploy bin/blackbox_postdeploy exec /usr/blackbox/bin/blackbox_register_new_file bin/blackbox_register_new_file -exec /usr/blackbox/bin/blackbox_update_all_files bin/blackbox_update_all_files +exec /usr/blackbox/bin/blackbox_removeadmin bin/blackbox_removeadmin exec /usr/blackbox/bin/blackbox_start bin/blackbox_start -read /etc/profile.d/usrblackbox.sh tools/profile.d-usrblackbox.sh +exec /usr/blackbox/bin/blackbox_update_all_files bin/blackbox_update_all_files