* Initialization for new repos AUTOMATED.

* Adding new users AUTOMATED.
* Update docs for the new, more simplified installation processes.
* Remove dependency on any particular paths, etc.  Copy "bin" into a place along your path and everything should "just work".
* Add support for Mercurial (not tested).
* blackbox_addadmin now adds keys to the keyring for you.
* Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD.
* BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git.
* BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout.
* BUGFIX: Temporary files aren't deleted.
* NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore).
* NEW FILE: bin/blackbox_removeadmin: Automates removing an admit.
* NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations.
* NEW FILE: bin/Makefile: Automate package creation.
* NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.

Makefile

@@ -33,3 +33,8 @@ lock:
 
 unlock:
 	sudo yum versionlock clear
+
+test:
+	echo "You don't want to run this."
+	exit 1
+	pkill gpg-agent ; rm -rf /tmp/tmp.* ; export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin ; cd ~/gitwork/blackbox;tools/confidence_test.sh;ls -lad /home/tlimoncelli/.gnupg || true

README.md

@@ -50,7 +50,6 @@ What does this look like to the typical sysadmin?
 
 ``bin/blackbox_edit_end FILENAME``
 
-
 *  Commit the changes.
 
 ```
@@ -123,74 +122,56 @@ To join the list of people that can edit the file requires three steps; You crea
 
 ### Step 1: YOU create a GPG key pair on a secure machine and add to public keychain.
 
-
 ```
-KEYNAME=$USER@$DOMAINNAME
-# For example...
-KEYNAME=myusername@example.com
 gpg --gen-key
 ```
 
 Pick defaults for encryption settings, 0 expiration.  Pick a VERY GOOD passphrase.
 
-When GPG is generating entropy, consider running this on the machine in another window:
-
 ```
-dd if=/dev/sda of=/dev/null
+blackbox_addadmin KEYNAME
+```
+...where "KEYNAME" is the email address listed in the gpg key you created previously. For example:
+```
+blackbox_addadmin tal@example.com
 ```
 
-Add your public key to the public key-ring.
-
+When the command completes successfully, instructions on how to
+commit these changes will be output.  Run the command as give.
 ```
-gpg --export -a $KEYNAME >~/.gnupg/pubkey.txt
-wc -l ~/.gnupg/pubkey.txt
+NEXT STEP: Check these into the repo.  Probably with a command like...
+git commit -m'NEW ADMIN: tal@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
 ```
 
-The output of "wc" should be non-zero (usually it is 30 or more)
-
-Add your keyname to the list of keys:
-
+Role accounts: If you are adding the pubring.gpg of a role account, you can specify the directory where the pubring.gpg file can be found as a 2nd parameter:
 ```
-cd keyrings/live
-gpg --homedir=. --import ~/.gnupg/pubkey.txt
-cd ../..
-blackbox_addadmin $KEYNAME
+blackbox_addadmin puppetmaster@puppet-master-1.example.com /path/to/the/dir
 ```
 
-Check all these updates into the VCS:
-
-```
-git add pubring.gpg trustdb.gpg blackbox-admins.txt
-git commit -m"Adding my gpg key" pubring.gpg trustdb.gpg blackbox-admins.txt
-
-or
-
-hg commit -m"Adding my gpg key" pubring.gpg trustdb.gpg blackbox-admins.txt
-```
-
-
 ### Step 2: SOMEONE ELSE adds you to the system.
 
 Ask someone that already has access to re-encrypt the data files. This gives you access.  They simply decrypt and re-encrypt the data without making any changes:
 
 ```
 gpg --import keyrings/live/pubring.gpg
-bin/blackbox_update_all_files
+blackbox_update_all_files
 ```
 
 Push the re-encrypted files:
 
 ```
+git commit -a
 git push
 
 or
 
+hg commit
 hg push
 ```
 
 ### Step 3: YOU test.
 
-Make sure you can decrypt a file.  (NOTE: It is a good idea to keep a dummy file in VCS just for new people to practice on.)
+Make sure you can decrypt a file.  (Suggestion: Keep a dummy file in VCS just for new people to practice on.)
 
 First Time Setup
 ===========================

bin/Makefile

@@ -0,0 +1,5 @@
+all: _stack_lib.sh
+
+# Snatch _stack_lib.sh from another StackExchange project.
+_stack_lib.sh: ../../scripts/misc/_stack_lib.sh
+	cp ../../scripts/misc/_stack_lib.sh $@

bin/_blackbox_common.sh

@@ -28,8 +28,10 @@ function _determine_vcs_base_and_type() {
 
 REPOBASE=$(_determine_vcs_base_and_type)
 KEYRINGDIR="$REPOBASE/$BLACKBOXDATA"
-BB_ADMINS="${KEYRINGDIR}/blackbox-admins.txt"
-BB_FILES="${KEYRINGDIR}/blackbox-files.txt"
+BB_ADMINS_FILE="blackbox-admins.txt"
+BB_ADMINS="${KEYRINGDIR}/${BB_ADMINS_FILE}"
+BB_FILES_FILE="blackbox-files.txt"
+BB_FILES="${KEYRINGDIR}/${BB_FILES_FILE}"
 SECRING="${KEYRINGDIR}/secring.gpg"
 PUBRING="${KEYRINGDIR}/pubring.gpg"
 
@@ -51,6 +53,16 @@ function fail_if_not_exists() {
   fi
 }
 
+# Exit we we aren't in a VCS repo.
+function fail_if_not_in_repo() {
+  _determine_vcs_base_and_type
+  if [[ $VCS_TYPE = "unknown" ]]; then
+    echo "ERROR: This must be run in a VCS repo such as git or hg."
+    echo Exiting...
+    exit 1
+  fi
+}
+
 # Exit with error if filename is not registered on blackbox list.
 function fail_if_not_on_cryptlist() {
   if ! grep -s -q "$name" "$BB_FILES" ; then
@@ -191,15 +203,18 @@ function enumerate_subdirs() {
 
 # Are we in git, hg, or unknown repo?
 function which_vcs() {
-  echo "$REPO_TYPE"
+  if [[ $VCS_TYPE = '' ]]; then
+    _determine_vcs_base_and_type >/dev/null
+  fi
+  echo "$VCS_TYPE"
 }
 
+
 # Is this file in the current repo?
 function is_in_vcs() {
   is_in_$(which_vcs) """$@"""
 }
-
-# Is this file in mercurial?
+# Mercurial
 function is_in_hg() {
   local filename
   filename="$1"
@@ -210,8 +225,7 @@ function is_in_hg() {
     echo false
   fi
 }
-
-# Is this file in git?
+# Git:
 function is_in_git() {
   local filename
   filename="$1"
@@ -223,18 +237,46 @@ function is_in_git() {
   fi
 }
 
+
+# Add a file to the repo (but don't commit it).
+function vcs_add() {
+  vcs_add_$(which_vcs) """$@"""
+}
+# Mercurial
+function vcs_add_hg() {
+  hg add """$@"""
+}
+# Git
+function vcs_add_git() {
+  git add """$@"""
+}
+
+# Commit a file to the repo
+function vcs_commit() {
+  vcs_commit_$(which_vcs) """$@"""
+}
+# Mercurial
+function vcs_commit_hg() {
+  hg commit -m"""$@"""
+}
+# Git
+function vcs_commit_git() {
+  git commit -m"""$@"""
+}
+
+
+# TODO(tlim): Rename these vcs_rm_file* to be in sync with the others.
+
 # Remove file from repo, even if it was deleted locally already.
 # If it doesn't exist yet in the repo, it should be a no-op.
-function rm_from_vcs() {
-  rm_from_$(which_vcs) """$@"""
+function vcs_remove() {
+  vcs_remove$(which_vcs) """$@"""
 }
-
-# rm from mercurial.
-function rm_from_hg() {
+# Mercurial
+function vcs_remove_hg() {
   hg rm -A """$@"""
 }
-
-# rm from git.
-function rm_from_git() {
+# Git
+function vcs_remove_git() {
   git rm --ignore-unmatch -f -- """$@"""
 }

bin/_stack_lib.sh

@@ -0,0 +1,140 @@
+# Library functions for bash scripts at Stack Exchange.
+
+# Usage:
+#   . _stack_lib.sh
+
+# ----- Utility Functions -----
+
+function debugmsg() {
+  # Log to stderr.
+  echo 1>&2 LOG: """$@"""
+  :
+}
+
+function logit() {
+  # Log to stderr.
+  echo 1>&2 LOG: """$@"""
+}
+
+function fail_out() {
+    echo "FAILED:" "$*"
+    echo 'Exiting...'
+    exit 1
+}
+
+# on_exit and add_on_exit from http://www.linuxjournal.com/content/use-bash-trap-statement-cleanup-temporary-files
+# Usage:
+#   add_on_exit rm -f /tmp/foo
+#   add_on_exit echo "I am exiting"
+#   tempfile=$(mktemp)
+#   add_on_exit rm -f "$tempfile"
+function on_exit()
+{
+    for i in "${on_exit_items[@]}"
+    do
+        eval $i
+    done
+}
+
+function add_on_exit()
+{
+    local n=${#on_exit_items[*]}
+    on_exit_items[$n]="$*"
+    if [[ $n -eq 0 ]]; then
+        trap on_exit EXIT
+    fi
+}
+
+# Securely and portably create a temporary file that will be deleted
+# on EXIT.  $1 is the variable name to store the result.
+function make_self_deleting_tempfile() {
+  local __resultvar="$1"
+  local name
+
+  case $(uname -s) in
+    Darwin )
+      : ${TMPDIR:=/tmp} ;
+      name=$(mktemp -t _stacklib_ )
+      ;;
+    Linux )
+      name=$(mktemp)
+      ;;
+    * )
+      echo 'ERROR: Unknown OS. Exiting.'
+      exit 1
+      ;;
+  esac
+
+  add_on_exit rm -f "$name"
+  eval $__resultvar="$name"
+}
+
+function make_tempdir() {
+  local __resultvar="$1"
+  local name
+
+  case $(uname -s) in
+    Darwin )
+      : ${TMPDIR:=/tmp} ;
+      name=$(mktemp -d -t _stacklib_ )
+      ;;
+    Linux )
+      name=$(mktemp -d)
+      ;;
+    * )
+      echo 'ERROR: Unknown OS. Exiting.'
+      exit 1
+      ;;
+  esac
+
+  eval $__resultvar="$name"
+}
+
+function make_self_deleting_tempdir() {
+  local __resultvar="$1"
+  local dirname
+
+  make_tempdir dirname
+
+  add_on_exit rm -rf "$dirname"
+  eval $__resultvar="$dirname"
+}
+
+function fail_if_not_running_as_root() {
+  if [[ $EUID -ne 0 ]]; then
+    echo 'ERROR: This command should only be run as root.'
+    echo 'Exiting...'
+    exit 1
+  fi
+}
+
+function fail_if_in_root_directory() {
+  # Verify nobody has tricked us into being in "/".
+  case $(uname -s) in
+    Darwin )
+      if [[ $(stat -f'%i' / ) == $(stat -f'%i' . ) ]] ; then
+        echo 'SECURITY ALERT: The current directory is the root directory.'
+        echo 'Exiting...'
+        exit 1
+      fi
+      ;;
+    Linux )
+      if [[ $(stat -c'%i' / ) == $(stat -c'%i' . ) ]] ; then
+        echo 'SECURITY ALERT: The current directory is the root directory.'
+        echo 'Exiting...'
+        exit 1
+      fi
+      ;;
+    CYGWIN* )
+      if [[ $(stat -c'%i' / ) == $(stat -c'%i' . ) ]] ; then
+        echo 'SECURITY ALERT: The current directory is the root directory.'
+        echo 'Exiting...'
+        exit 1
+      fi
+      ;;
+    * )
+      echo 'ERROR: Unknown OS. Exiting.'
+      exit 1
+      ;;
+  esac
+}

bin/blackbox_addadmin

@@ -3,15 +3,51 @@
 #
 # blackbox_addadmin -- Add an admin to the system
 #
-#
+
 # Example:
 #    blackbox_addadmin tal@example.com
 #
 
 . _blackbox_common.sh
+. _stack_lib.sh
+
+fail_if_not_in_repo
+
+KEYNAME="$1"
+: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ;
+
+# The second argument, if present, is the directory to find the GPG keys to be imported.
+if [[ "$2" == "" ]]; then
+  GPGEXPORTOPTIONS=""
+else
+  GPGEXPORTOPTIONS=--homedir="${2}"
+fi
+# TODO(tlim): This could probably be done with GNUPGHOME
+# but that affects all commands; we just want it to affect the key export.
+
 
 # Add the email address to the BB_ADMINS file.  Remove any duplicates.
-
 # The file must exist for sort to act as we expect.
 touch "$BB_ADMINS"
 sort  -fdu -o "$BB_ADMINS" <(echo "$1") "$BB_ADMINS"
+
+
+# Add the user's key to the keychain.
+
+# Extract it:
+make_self_deleting_tempfile pubkeyfile
+gpg $GPGEXPORTOPTIONS --export -a "$KEYNAME" >"$pubkeyfile"
+if [[ $(wc -l < "$pubkeyfile") = 0 ]]; then
+  fail_out "GPG key '$KEYNAME' not found.  Please create it with: gpg --gen-key"
+  exit 1
+fi
+
+# Import it:
+gpg --no-permission-warning --homedir="$KEYRINGDIR" --import "$pubkeyfile"
+vcs_add "$KEYRINGDIR/pubring.gpg" "$KEYRINGDIR/trustdb.gpg" "$BB_ADMINS"
+
+# Make a suggestion:
+echo
+echo
+echo 'NEXT STEP: You need to manually check these in:'
+echo '     ' $VCS_TYPE commit -m\'NEW ADMIN: $KEYNAME\' "$BLACKBOXDATA/pubring.gpg" "$BLACKBOXDATA/trustdb.gpg" "$BLACKBOXDATA/$BB_ADMINS_FILE"

bin/blackbox_edit_start

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #
 # blackbox_edit_start.sh -- Decrypt a file for editing.

bin/blackbox_initialize

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+#
+# blackbox_initialize -- Enable blackbox for a GIT or HG repo.
+#
+#
+# Example:
+#    blackbox_initialize
+#
+
+. _blackbox_common.sh
+
+_determine_vcs_base_and_type  # Sets VCS_TYPE
+
+if [[ $1 != 'yes' ]]; then
+  read -p "Enable blackbox for this $VCS_TYPE repo? (yes/no) " ans
+  if [[ $ans = 'no' || $ans = 'n' || $ans = '' ]]; then
+    echo 'Exiting...'
+    exit 1
+  fi
+fi
+
+echo cd "$REPOBASE"
+cd "$REPOBASE"
+
+# Update .gitignore or .hgignore
+
+IGNOREFILE=".${VCS_TYPE}ignore"
+if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
+  echo 'pubring.gpg~' >>"$IGNOREFILE"
+fi
+if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then
+  echo 'secring.gpg' >>"$IGNOREFILE"
+fi
+
+# Make directories
+mkdir -p "${KEYRINGDIR}"
+vcs_add "${KEYRINGDIR}"
+touch "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE"
+vcs_add "$IGNOREFILE" "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE"
+
+# Make a suggestion:
+echo
+echo
+echo 'NEXT STEP: You need to manually check these in:'
+echo '     ' $VCS_TYPE commit -m\'INITIALIZE BLACKBOX\' keyrings "$IGNOREFILE"

bin/blackbox_postdeploy

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #
 # blackbox_postdeploy.sh -- Decrypt all blackbox files.

bin/blackbox_register_new_file

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #
 # blackbox_register_new_file.sh -- Enroll a new file in the blackbox system.
@@ -8,6 +8,8 @@
 # to systems that need the plaintext (unencrypted) versions, run
 # blackbox_postdeploy.sh to decrypt all the files.
 
+# TODO(tlim): Add the unencrypted file to .gitignore
+
 . _blackbox_common.sh
 
 unencrypted_file=$(get_unencrypted_filename "$1")
@@ -36,17 +38,15 @@ shred_file "$unencrypted_file"
 
 VCSCMD=$(which_vcs)
 if $SECRETSEXPOSED ; then
-  rm_from_vcs "$unencrypted_file"
-  $VCSCMD add "$encrypted_file"
-  # NOTE(tlim): Because we use $VCSCMD as a command, we can only use commands
-  # that work for both git and hg.
+  vcs_remove "$unencrypted_file"
+  vcs_add "$encrypted_file"
   COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file"
 else
   COMMIT_FILES="$BB_FILES $encrypted_file"
 fi
 echo 'NOTE: "already tracked!" messages are safe to ignore.'
-$VCSCMD add $BB_FILES $encrypted_file
-$VCSCMD commit -m"registered in blackbox: ${unencrypted_file}" $COMMIT_FILES
+vcs_add $BB_FILES $encrypted_file
+vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES
 echo "========== UPDATING VCS: DONE"
 echo "Local repo updated.  Please push when ready."
 echo "    $VCSCMD push"

bin/blackbox_removeadmin

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+#
+# blackbox_removeadmin -- Remove an admin to the system
+#  NOTE: Does not remove admin from the keyring.
+#
+
+# Example:
+#    blackbox_removeadmin tal@example.com
+#
+
+. _blackbox_common.sh
+. _stack_lib.sh
+
+fail_if_not_in_repo
+
+KEYNAME="$1"
+: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ;
+
+# Remove the email address from the BB_ADMINS file.
+make_self_deleting_tempfile bbtemp
+cp "$BB_ADMINS" "$bbtemp"
+fgrep -v -x "$KEYNAME" <"$bbtemp" >"$BB_ADMINS"
+
+# Make a suggestion:
+echo
+echo
+echo 'NEXT STEP: Check these into the repo.  Probably with a command like...'
+echo $VCS_TYPE commit -m\'REMOVED ADMIN: $KEYNAME\' "$BLACKBOXDATA/$BB_ADMINS_FILE"

bin/blackbox_start

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #
 # blackbox_edit_start.sh -- Decrypt a file for editing.

bin/blackbox_update_all_files

@@ -50,12 +50,9 @@ done
 fail_if_keychain_has_secrets
 
 echo '========== COMMITING TO HG:'
-VCSCMD=$(which_vcs)
-$VCSCMD commit -m'Re-encrypted keys' $(awk <$BB_FILES '{ print $1 ".gpg" }' )
-# NOTE(tlim): Because we use $VCSCMD as a command, we can only use commands
-# that work for both git and hg. That's pretty lazy. We should add
-# a function to _blackbox_common.sh that commits a file.
+vcs_commit 'Re-encrypted keys' $(awk <$BB_FILES '{ print $1 ".gpg" }' )
 
+VCSCMD=$(which_vcs)
 echo '========== DONE.'
 echo 'Likely next step:'
 echo "    ${VCSCMD} push"

tools/confidence_test.sh

@@ -0,0 +1,225 @@
+#!/usr/bin/env bash
+
+export PATH=/home/tlimoncelli/gitwork/blackbox/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
+
+. _stack_lib.sh
+
+set -e
+
+function PHASE() {
+  echo '===================='
+  echo '===================='
+  echo '=========' """$@"""
+  echo '===================='
+  echo '===================='
+}
+
+function assert_file_missing() {
+  if [[ -e "$1" ]]; then
+    echo "ASSERT FAILED: ${1} should not exist."
+    exit 1
+  fi
+}
+
+function assert_file_exists() {
+  if [[ ! -e "$1" ]]; then
+    echo "ASSERT FAILED: ${1} should exist."
+    exit 1
+  fi
+}
+function assert_file_md5hash() {
+  local file="$1"
+  local wanted="$2"
+  local found=$(md5sum <"$file" | cut -d' ' -f1 )
+  assert_file_exists "$file"
+  if [[ "$wanted" != "$found" ]]; then
+    echo "ASSERT FAILED: $file hash wanted=$desired found=$found"
+    exit 1
+  fi
+}
+
+make_tempdir test_repository
+cd "$test_repository"
+
+make_self_deleting_tempdir fake_alice_home
+make_self_deleting_tempdir fake_bob_home
+export GNUPGHOME="$fake_alice_home"
+eval $(gpg-agent --homedir "$fake_alice_home" --daemon)
+GPG_AGENT_INFO_ALICE="$GPG_AGENT_INFO"
+
+export GNUPGHOME="$fake_bob_home"
+eval $(gpg-agent --homedir "$fake_alice_home" --daemon)
+GPG_AGENT_INFO_BOB="$GPG_AGENT_INFO"
+
+function become_alice() {
+  export GNUPGHOME="$fake_alice_home"
+  export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE"
+  echo BECOMING ALICE: GNUPGHOME=$GNUPGHOME AGENT=$GPG_AGENT_INFO
+  git config --global user.name "Alice Example"
+  git config --global user.email alice@example.com
+}
+
+function become_bob() {
+  export GNUPGHOME="$fake_alice_home"
+  export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE"
+  git config --global user.name "Bob Example"
+  git config --global user.email bob@example.com
+}
+
+
+PHASE 'Alice creates a repo.  She creates secret.txt.'
+
+become_alice
+git init
+echo 'this is my secret' >secret.txt
+
+
+PHASE 'Alice wants to be part of the secret system.'
+PHASE 'She creates a GPG key...'
+
+make_self_deleting_tempfile gpgconfig
+cat >"$gpgconfig" <<EOF
+%echo Generating a basic OpenPGP key
+Key-Type: default
+Subkey-Type: default
+Name-Real: Alice Example
+Name-Comment: with weak passphrase
+Name-Email: alice@example.com
+Expire-Date: 0
+Passphrase: a
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+gpg --no-permission-warning --batch --gen-key "$gpgconfig"
+
+#gpg --delete-key bob@example.com || true
+#gpg --delete-key alice@example.com || true
+
+
+PHASE 'Initializes BB...'
+
+blackbox_initialize yes
+git commit -m'INITIALIZE BLACKBOX' keyrings .gitignore
+
+
+PHASE 'and adds herself as an admin.'
+
+blackbox_addadmin alice@example.com
+git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+
+
+PHASE 'Bob arrives.'
+
+become_bob
+
+
+PHASE 'Bob creates a gpg key.'
+
+cat >"$gpgconfig" <<EOF
+%echo Generating a basic OpenPGP key
+Key-Type: default
+Subkey-Type: default
+Name-Real: Bob Example
+Name-Comment: with weak passphrase
+Name-Email: bob@example.com
+Expire-Date: 0
+Passphrase: b
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+gpg --no-permission-warning --batch --gen-key "$gpgconfig"
+
+echo '========== Bob enrolls himself too.'
+
+blackbox_addadmin bob@example.com
+git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+
+PHASE 'Alice does the second part to enroll bob.'
+become_alice
+
+PHASE 'She enrolls bob.'
+gpg --import keyrings/live/pubring.gpg
+# TODO(tlim) That --import can be eliminated... maybe?
+
+PHASE 'She enrolls secrets.txt.'
+blackbox_register_new_file secret.txt
+assert_file_missing secret.txt
+assert_file_exists secret.txt.gpg
+
+PHASE 'She decrypts secrets.txt.'
+blackbox_edit_start secret.txt
+assert_file_exists secret.txt
+assert_file_exists secret.txt.gpg
+assert_file_md5hash secret.txt "69923af35054e09cff786424e7b287aa"
+
+PHASE 'She edits secrets.txt.'
+echo 'this is MY NEW SECRET' >secret.txt
+blackbox_edit_end secret.txt
+assert_file_missing secret.txt
+assert_file_exists secret.txt.gpg
+
+
+PHASE 'Bob appears.'
+become_bob
+
+PHASE 'Bob makes sure he has all new keys.'
+
+gpg --import keyrings/live/pubring.gpg
+
+PHASE 'Bob postdeploys.'
+blackbox_postdeploy
+assert_file_exists secret.txt
+assert_file_exists secret.txt.gpg
+assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7"
+
+PHASE 'Bob cleans up the secret.'
+rm secret.txt
+
+PHASE 'Bob removes alice.'
+blackbox_removeadmin alice@example.com
+if grep -xs >dev/null 'alice@example.com' keyrings/live/blackbox-admins.txt ; then
+  echo "ASSERT FAILED: alice@example.com should be removed from keyrings/live/blackbox-admins.txt"
+  echo ==== file start
+  cat keyrings/live/blackbox-admins.txt
+  echo ==== file end
+  exit 1
+fi
+
+PHASE 'Bob reencrypts files so alice can not access them.'
+blackbox_update_all_files
+
+PHASE 'Bob decrypts secrets.txt.'
+blackbox_edit_start secret.txt
+assert_file_exists secret.txt
+assert_file_exists secret.txt.gpg
+assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7"
+
+PHASE 'Bob edits secrets.txt.'
+echo 'BOB BOB BOB BOB' >secret.txt
+blackbox_edit_end secret.txt
+assert_file_missing secret.txt
+assert_file_exists secret.txt.gpg
+
+PHASE 'Bob decrypts secrets.txt VERSION 3.'
+blackbox_edit_start secret.txt
+assert_file_exists secret.txt
+assert_file_exists secret.txt.gpg
+assert_file_md5hash secret.txt "beb0b0fd5701afb6f891de372abd35ed"
+
+# TODO(tlim): Add test to make sure that now alice can NOT decrypt.
+
+#
+# ASSERTIONS
+#
+
+if [[ -e $HOME/.gnupg ]]; then
+  echo "ASSERT FAILED: $HOME/.gnupg should not exist."
+  exit 1
+fi
+
+find * -ls
+echo cd "$test_repository"
+echo rm "$test_repository"
+echo DONE.

tools/rpm_filelist.txt

@@ -1,9 +1,12 @@
-exec /usr/blackbox/bin/blackbox_addadmin          bin/blackbox_addadmin
+read /etc/profile.d/usrblackbox.sh                tools/profile.d-usrblackbox.sh
 exec /usr/blackbox/bin/_blackbox_common.sh        bin/_blackbox_common.sh
+exec /usr/blackbox/bin/_stack_lib.sh              bin/_stack_lib.sh
+exec /usr/blackbox/bin/blackbox_addadmin          bin/blackbox_addadmin
 exec /usr/blackbox/bin/blackbox_edit_end          bin/blackbox_edit_end
 exec /usr/blackbox/bin/blackbox_edit_start        bin/blackbox_edit_start
+exec /usr/blackbox/bin/blackbox_initialize        bin/blackbox_initialize
 exec /usr/blackbox/bin/blackbox_postdeploy        bin/blackbox_postdeploy
 exec /usr/blackbox/bin/blackbox_register_new_file bin/blackbox_register_new_file
-exec /usr/blackbox/bin/blackbox_update_all_files  bin/blackbox_update_all_files
+exec /usr/blackbox/bin/blackbox_removeadmin       bin/blackbox_removeadmin
 exec /usr/blackbox/bin/blackbox_start             bin/blackbox_start
-read /etc/profile.d/usrblackbox.sh                tools/profile.d-usrblackbox.sh
+exec /usr/blackbox/bin/blackbox_update_all_files  bin/blackbox_update_all_files