- _blackbox_common.sh sets the default Blackbox directory
for the new repositories using the first entry of the
BLACKBOX_CANDIDATES array. This small change sets the
first entry to the new .blackbox dir (instead of the keyring/live)
By default GPG will continue to perform actions against our default keyring.
During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist. If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.
To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase. The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout. This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
* Use the `rm` command with `-P` as a shred fallback
The newer versions of OSX (Sierra) have neither `shred` nor `srm`.
They do have `rm` with the `-P` option, so we can fall back to that
before resorting to plain old `rm`.
* Add double-quotes and braces to the shell variable.
We should treat the variable as a string, and we should also be safe
when interpolating it.
By default GPG will continue to perform actions against our default keyring.
During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist. If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.
To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase. The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout. This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
* Use the `rm` command with `-P` as a shred fallback
The newer versions of OSX (Sierra) have neither `shred` nor `srm`.
They do have `rm` with the `-P` option, so we can fall back to that
before resorting to plain old `rm`.
* Add double-quotes and braces to the shell variable.
We should treat the variable as a string, and we should also be safe
when interpolating it.
Otherwise, somebody with neither shred nor srm installed could blithely
go on using Blackbox assuming that their working copies are getting
securely deleted.
If you install Git for Windows (https://git-for-windows.github.io/) you get a console
,either CMD or MINTT, which returns MINGW* for uname -s. So if you run blackbox_addadmin
or the other commands, you'll get: "ERROR: Unknown OS. Exiting."
I've simply added MINGW* to the Linux and CYGWIN checks and it seems to work fine.
NOTE: I didn't touch tools/test_functions.sh allthough it should probably be updated as well.
* Split out test helper functions into tools/test_functions.sh
* bin/_blackbox_common_test.sh: Unit-tests for functions.
* blackbox_postdeploy: Use cp_permissions instead of chmod --reference
