Remove ".sh" from file names.
Refactor so it does not rely on PWD being the repo basedir. Fix assumptions about HG and GIT use.
This commit is contained in:
tlimoncelli@stackexchange.com
28
bin/blackbox_postdeploy
Executable file
28
bin/blackbox_postdeploy
Executable file
@@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# blackbox_postdeploy.sh -- Decrypt all blackbox files.
|
||||
#
|
||||
|
||||
# Since this is often run in a security-critical situation, we
|
||||
# force /usr/bin and /bin to the front of the PATH.
|
||||
export PATH=/usr/bin:/bin:"$PATH"
|
||||
|
||||
. _blackbox_common.sh
|
||||
|
||||
# If we aren't in a repo, assume /etc/puppet.
|
||||
if [[ "$REPOBASE" = "/dev/null" ]]; then
|
||||
REPOBASE=/etc/puppet
|
||||
fi
|
||||
|
||||
prepare_keychain
|
||||
|
||||
# Decrypt:
|
||||
echo '========== Decrypting new/changed files: START'
|
||||
while read unencrypted_file; do
|
||||
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
||||
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
|
||||
chmod g+r,o-rwx "$unencrypted_file"
|
||||
$CHGRP puppet "$unencrypted_file"
|
||||
done <"$BB_FILES"
|
||||
echo '========== Decrypting new/changed files: DONE'
|
||||
Reference in New Issue
Block a user