george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: george:master
Branches Tags
george:master george:tlim_quoted
george:v1.20220610 george:stable george:production george:v1.20200429 george:v1.20181219 george:v1.20180618 george:v1.20180615 george:v1.20170611 george:v1.20170309 george:v1.20160122 george:v1.20151111 george:v1.20150730 george:v1.20150609 george:v1.20150318 george:v1.20150304 george:v1.20150222 george:v1.20150216 george:v1.20150203 george:v1.20151110 george:release
...
pull from: george:tlim_quoted
Branches Tags
george:master george:tlim_quoted
george:v1.20220610 george:stable george:production george:v1.20200429 george:v1.20181219 george:v1.20180618 george:v1.20180615 george:v1.20170611 george:v1.20170309 george:v1.20160122 george:v1.20151111 george:v1.20150730 george:v1.20150609 george:v1.20150318 george:v1.20150304 george:v1.20150222 george:v1.20150216 george:v1.20150203 george:v1.20151110 george:release

81 Commits
master ... tlim_quote

Author SHA1 Message Date
Tom Limoncelli
15a0fa9490 merge 2018-12-09 07:30:49 -05:00
Ben Tullis
e01f740504 Ensure that git commits the changes to pubring.gpg when running blackbox_removeadmin 
This relates to https://github.com/StackExchange/blackbox/issues/247 where it has been observed that the blackbox_removeadmin script prompts the user to run an incorrect command after running blackbox_removeadmin. This commit simply adds pubring.gpg to the list of files to be committed.
 2018-04-13 13:31:53 -04:00
jciskey
4cf6fc53a8 Fix typo (#246) 2018-04-13 13:31:53 -04:00
Tom Limoncelli
308cf06c15 Improve installation instructions (#244) 
* Clarify manual-install -> symlinks-install
 2018-04-13 13:31:53 -04:00
Tom Limoncelli
b5fe156b5f Add missing library: libffi-dev 2018-04-13 13:31:53 -04:00
Kwok-kuen Cheung
f71466f49d Fix replacing-expired-keys link in README (#241) 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
e17e80eb19 quick corrections 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
96950da9ec Corrections on new section 2018-04-13 13:31:53 -04:00
Pim Snel
efda6e25ec Fix problems when gpg2 is installed next to gpg (#237) 
* implement fixes from https://stackoverflow.com/questions/44247308/blackbox-gpg-decrypt-fails-dont-know-ctb-00
* fix problems when working with gpg2 next to gpg. Add's readme section
* fix anchor
 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
d9c1b2ef60 Update license year 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
7f144fdfc9 BlackBox vs Blackbox 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
e3c214567f "BlackBox" vs "blackbox" 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
24fa4d1e8b BlackBox vs Blackbox or blackbox 
consistency
 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
018d2274dd Spelling 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
f359f8adb8 Spelling (#229) 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
c06ee80778 Doc: fix typos (#228) 
And another one :)
 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
6c46834309 Misspelling (#227) 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
45fc12c062 Spelling (#226) 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
87efc79af4 docs: Fix spacing (#225) 
tiny spacing correction
 2018-04-13 13:31:53 -04:00
Ben Holden-Crowther
f95df2cdb7 Improve formatting 
link
 2018-04-13 13:31:53 -04:00
Jinn Koriech
8b944f3ac9 Exclude our default keyring from import 
By default GPG will continue to perform actions against our default keyring.

During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist.  If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.

To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase.  The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
 2018-04-13 13:31:53 -04:00
Tom Limoncelli
60cfa8a8e7 .gitattributes not created in some situations 
Replaces https://github.com/StackExchange/blackbox/pull/146
 2018-04-13 13:31:53 -04:00
Jon Bardin
9b5e91c57c Fixes issue were .gitignore is not included in the commit when you register new file (#206) 
* this should fix the .gitignore not be including in the commit when registering a new file
 2018-04-13 13:31:53 -04:00
Tom Limoncelli
b5dfb744f5 CI 2018-04-13 13:31:53 -04:00
Aymeric Beaumet
0386308e4e Store keys in .blackbox directory (#218) 2018-04-13 13:31:53 -04:00
Tom Limoncelli
d4d0992151 "make clean" should be idempotent. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
0918d76b52 Revert redundant circleci badge 2018-04-13 13:31:53 -04:00
Tom Limoncelli
4b9595788e Add CircleCI badge 2018-04-13 13:31:53 -04:00
Tom Limoncelli
03fda67945 Fixing circleci 2018-04-13 13:31:53 -04:00
Paul Romero
e12f55b5b5 Corrected English in README (#209) 
Nonsensical English corrected
 2018-04-13 13:31:53 -04:00
Aymeric Beaumet
890b1ce628 Update readme with CircleCI link (#216) 2018-04-13 13:31:53 -04:00
Aymeric Beaumet
d7b4fd544d Run the tests on a CI (#215) 
* Add CircleCI and make tests pass on ubuntu:16.04
* Add badge to readme
* Add debian stable to CircleCI
* Fix pkill on CircleCI debian
 2018-04-13 13:31:53 -04:00
James Gregory
9165a77d15 Fixed Alpine compatibility (chmod) (#212) 2018-04-13 13:31:53 -04:00
Jessica Evans
74c6d34721 Made LICENSE link (#210) 2018-04-13 13:31:53 -04:00
Paul Romero
25c135ac29 Formatting improvements (#208) 
Converted raw URLs to links
 2018-04-13 13:31:53 -04:00
BHC
245e1b2750 Update license year (#205) 
to 2017
 2018-04-13 13:31:53 -04:00
Patrick Sanders
25bc3e64b7 direct repobase message to stderr (#204) 2018-04-13 13:31:53 -04:00
Tom Limoncelli
6831a83196 Improve tip about storing GPG keys 2018-04-13 13:31:53 -04:00
Tom Limoncelli
3784c0551c NEW: .gitattributes Set Unix-only files to eol=lf 2018-04-13 13:31:53 -04:00
Jinn Koriech
620f77fbe9 Silence 'not changed' output during keychain import (#200) 
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout.  This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
 2018-04-13 13:31:53 -04:00
Tom Limoncelli
bdd983b96d Improve info about expired GPG keys. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
e1f03e4a74 Blackbox should work with Windows better WRT crlf. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
ddda729b7f Update CHANGELOG.md 2018-04-13 13:31:53 -04:00
Tom Limoncelli
aa2e2a4dc6 tools/confidence_test.sh: Add explicit test for external tools. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
4e0bba8756 tools/auto_system_test: Add comments. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
9ee69f7f5a "gpg --export" should export LANG=C.UTF-8 to be safe. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
e99e9056ad tools/confidence_test.sh: "export LANG=C.UTF-8" to be safe. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
4435e577ff "make test" now uses "expect" to not prompt for passwords. 2018-04-13 13:31:53 -04:00
Tom Limoncelli
63ac594751 tools/confidence_test.sh: Set pinentry program to pinentry-tty 2018-04-13 13:31:53 -04:00
Robert Taylor
3e60c0c80e Fixing physical_directory_of function for cases when target directory lives in root. (#194) 2018-04-13 13:31:53 -04:00
Tom Limoncelli
d81cc6653f Fix https://github.com/StackExchange/blackbox/issues/193 
Add unit tests to tools/confidence_test.sh to verify admin operations work.
 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
0002c97878 Improve FreeBSD compatibility 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
3b0f0194a0 tools/confidence_test.sh: now works with gnupg-2.0 and gnupg-2.1 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
ca1d10ba80 tools/confidence_test.sh: now works with gnupg-2.0 again 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
d9f1c9ef1f tools/confidence_test.sh: Handle gpg 2.1's new pubring filename. 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
836657ebdf blackbox_shred_all_files: BUGFIX: Does not shred files with spaces. 2018-04-13 13:31:52 -04:00
tlimoncelli@stackoverflow.com
5767f22445 blackbox_removeadmin: Disable gpg's confirmation. 2018-04-13 13:31:52 -04:00
Tom Limoncelli
c2ce39b719 Sync mk_rpm_fpmdir from master 2018-04-13 13:31:52 -04:00
Tom Limoncelli
fa0b4c6087 Update CHANGELOG.md 2018-04-13 13:31:52 -04:00
Matthew
415f7664b5 shred_file() outputs warning message to stderr. (#192) 2018-04-13 13:31:52 -04:00
Simon Gate
5a05be06c7 Don't complain about GPG_AGENT_INFO if using newer gpg-agent (#189) 2018-04-13 13:31:52 -04:00
William Belle
dd0234874b Fix typo on README (#187) 
Thanks!
 2018-04-13 13:31:52 -04:00
Graham Lyons
bb9f8584c3 Use the rm command with -P as a shred fallback (#179) 
* Use the `rm` command with `-P` as a shred fallback

The newer versions of OSX (Sierra) have neither `shred` nor `srm`.
They do have `rm` with the `-P` option, so we can fall back to that
before resorting to plain old `rm`.

* Add double-quotes and braces to the shell variable.

We should treat the variable as a string, and we should also be safe
when interpolating it.
 2018-04-13 13:31:52 -04:00
Tom Limoncelli
1ce8546efa "make test" should be an alias for "make confidence". 2018-04-13 13:31:52 -04:00
Tom Limoncelli
c89951c3db make_tempdir must create shorter paths. 2018-04-13 13:31:52 -04:00
Tom Limoncelli
ba2bfcc0de Fixing "make confidence" (HT to 98b928c0e8) 2018-04-13 13:31:52 -04:00
Tom Limoncelli
f3d27240e2 README.md: Add info about our new mailing list. 2018-04-13 13:31:52 -04:00
Tom Limoncelli
24c9a22bae Add a CHANGELOG.md 2018-04-13 13:31:52 -04:00
Tino Breddin
653cfb618e [FreeBSD] Fix use of chmod (#180) 
LGTM

Thanks for the fix!
 2018-04-13 13:31:52 -04:00
Ben Watson
d7ed89da4c Requiring a file to be entered to finish editing (#175) 
* Requiring a file to be entered to finish editing

Running blackbox_edit_end without an argument doesn't currently print out a warning that no files are being changed. A developer in my team who was new to Blackbox committed a decrypted file (and made no changes to the GPG file) as they didn't realise the command hadn't worked.

The check I've added should help to avoid these errors.

* Adding argument check to start editing
 2018-04-13 13:31:52 -04:00
Joseph Herlant
7e3eb624f5 Remove the key from the keyring when removing an admin (#173) 
Thanks for the submission!
 2018-04-13 13:31:52 -04:00
Tino Breddin
d4e8acd5ef Add FreeBSD support (#172) 2018-04-13 13:31:52 -04:00
Jason Price
7ca433361e Add list admins commandline tool. (#170) 
* adding a list_admins command

* updating README and V2 ideas to include list_admins

* fix documentation misses

* add list_admins to the toolchain
 2018-04-13 13:31:52 -04:00
Dave Jachimiak
2f3dc405f1 ignore backup files and secring.gpg in $BLACKBOXDATA (#169) 2018-04-13 13:31:52 -04:00
Tom Limoncelli
ad0673841e merged 2018-04-13 13:31:24 -04:00
Jose Diaz-Gonzalez
05c87ad601 Check return value contents 
Closes #156
 2018-04-13 13:30:16 -04:00
Amos Shapira
1aba4d8503 Added instructions to make "git diff" work 
Added a paragraph about configuring `git` to decrypt files for diff/log
 2018-04-13 13:30:16 -04:00
Yves Dorfsman
21cdc52355 Tilde doesn't get expanded when in between quotes. 2018-04-13 13:30:16 -04:00
Yves Dorfsman
05df9fdb52 Use PKGNAME variable defined above. 2018-04-13 13:30:16 -04:00
jonathan vanasco
689952582d added blackbox_listadmins, which just displays active admins via cat "$BB_ADMINS" 2018-04-13 13:30:16 -04:00
tlimoncelli@stackexchange.com
180ee4076e Random 2016-05-17 12:58:13 -04:00
7 changed files with 94 additions and 30 deletions
Expand all files Collapse all files

65
bin/_blackbox_common.sh
View File

@@ -92,6 +92,10 @@ SECRING="${KEYRINGDIR}/secring.gpg"
: "${DECRYPT_UMASK:=0022}" ;
# : ${DECRYPT_UMASK:=o=} ;
# $BB_FILES file format:
# Filenames are listed one per line, relative to the base directory of the repo.
# Each line is listed in "printf %q" format, which escapes special chars.
# Checks if $1 is 0 bytes, and if $1/keyrings
# is a directory
function is_blackbox_repo() {
@@ -102,10 +106,18 @@ function is_blackbox_repo() {
fi
}
# Return error if not on cryptlist.
# is_on_cryptlist resturns an error if $1 not on cryptlist.
function is_on_cryptlist() {
# $1: The filename.
# Assumes $1 does NOT have the .gpg extension
file_contains_line "$BB_FILES" "$(vcs_relative_path "$1")"
# https://github.com/koalaman/shellcheck/wiki/SC2155
local name
name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
file_contains_line "$BB_FILES" "$encodedname"
}
# Exit with error if a file exists.
@@ -167,16 +179,33 @@ function get_pubring_path() {
fi
}
# Output the unencrypted filename.
function get_unencrypted_filename() {
echo "$(dirname "$1")/$(basename "$1" .gpg)" | sed -e 's#^\./##'
# normalize_filename_arg takes a filename from the command line and
# outputs the non-encrypted filename.
function normalize_filename() {
# $1: the input from a user
# Use this if the user may have entered the encrypted or
# non-encrypted filename.
local name
name=$(vcs_relative_path "$1")
echo "$(dirname "$name")/$(basename "$name" .gpg)" | sed -e 's#^\./##'
}
# Output the encrypted filename.
function get_encrypted_filename() {
echo "$(dirname "$1")/$(basename "$1" .gpg).gpg" | sed -e 's#^\./##'
function get_gpg_filename() {
# $1: normalized file path
echo "$1".gpg
}
## Output the unencrypted filename.
#function get_unencrypted_filename() {
# echo "$(dirname "$1")/$(basename "$1" .gpg)" | sed -e 's#^\./##'
#}
#
## Output the encrypted filename.
#function get_encrypted_filename() {
# echo "$(dirname "$1")/$(basename "$1" .gpg).gpg" | sed -e 's#^\./##'
#}
# Prepare keychain for use.
function prepare_keychain() {
local keyringasc
@@ -199,37 +228,43 @@ function prepare_keychain() {
echo '========== Importing keychain: DONE' >&2
}
# Add file to list of encrypted files.
# add_filename_to_cryptlist adds $1 to the list of encrypted files.
function add_filename_to_cryptlist() {
# $1: The filename.
# If the name is already on the list, this is a no-op.
# However no matter what the datestamp is updated.
# https://github.com/koalaman/shellcheck/wiki/SC2155
local name
name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
if file_contains_line "$BB_FILES" "$name" ; then
if file_contains_line "$BB_FILES" "$encodedname" ; then
echo "========== File is registered. No need to add to list."
else
echo "========== Adding file to list."
touch "$BB_FILES"
sort -u -o "$BB_FILES" <(echo "$name") "$BB_FILES"
sort -u -o "$BB_FILES" <(printf "%q\n" "$name") "$BB_FILES"
fi
}
# Removes a file from the list of encrypted files
# remove_filename_from_cryptlist removes $1 from the list of encrypted files.
function remove_filename_from_cryptlist() {
# $1: The filename.
# If the name is not already on the list, this is a no-op.
# https://github.com/koalaman/shellcheck/wiki/SC2155
local name
name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
if ! file_contains_line "$BB_FILES" "$name" ; then
if ! file_contains_line "$BB_FILES" "$encodedname" ; then
echo "========== File is not registered. No need to remove from list."
else
echo "========== Removing file from list."
remove_line "$BB_FILES" "$name"
remove_line "$BB_FILES" "$encodedname"
fi
}

16
bin/_blackbox_common_test.sh
View File

@@ -6,7 +6,7 @@
set -e
. "${0%/*}/_blackbox_common.sh"
. tools/test_functions.sh
. /Users/tlimoncelli/gitwork/blackbox/tools/test_functions.sh
PHASE 'Test cp-permissions: TestA'
touch TestA TestB TestC TestD
@@ -22,4 +22,18 @@ assert_file_perm '--wxr--rwx' TestC
assert_file_perm '----rwx---' TestD # TestD doesn't change.
rm -f TestA TestB TestC TestD
PHASE 'Test vcs_relative_path: TestA'
export REPOBASE='/Users/tlimoncelli/Applications (Parallels)/{fd3049c8-9fdd-48d5-aa16-d31daf3a6879} Applications.localized'
FILE='Microsoft Windows Fax and Scan.app/Contents'
result=$(vcs_relative_path Contents)
echo result=XXX${result}XXX
if [[ $FILE != $result ]] ; then
echo FAIL
fi
unencrypted_file=$(get_unencrypted_filename "${result}.gpg")
echo un=XXX${unencrypted_file}XXX
encrypted_file=$(get_encrypted_filename "${result}")
echo en=XXX${encrypted_file}XXX
echo '========== DONE.'

2
bin/blackbox_cat
View File

@@ -8,7 +8,7 @@ source "${0%/*}/_blackbox_common.sh"
for param in "$@" ; do
shreddable=0
unencrypted_file=$(get_unencrypted_filename "$param")
unencrypted_file=$(normalize_filename "$param")
if [[ ! -e "$unencrypted_file" ]]; then
"${BLACKBOX_HOME}/blackbox_edit_start" "$param"
shreddable=1

6
bin/blackbox_diff
View File

@@ -13,8 +13,10 @@ prepare_keychain
modified_files=()
modifications=()
echo '========== DIFFING FILES: START'
while IFS= read <&99 -r unencrypted_file; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
while IFS= read <&99 -r encodedname; do
local name
name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
fail_if_not_on_cryptlist "$unencrypted_file"
if [[ -f "$unencrypted_file" ]]; then

5
bin/blackbox_list_files
View File

@@ -5,4 +5,7 @@
#
set -e
source "${0%/*}/_blackbox_common.sh"
cat "$BB_FILES"
while IFS= read <&99 -r encodedname; do
echo $encodedname
done 99<"$BB_FILES"

8
bin/blackbox_postdeploy
View File

@@ -27,8 +27,12 @@ prepare_keychain
# Decrypt:
echo '========== Decrypting new/changed files: START'
while IFS= read <&99 -r unencrypted_file; do
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
while IFS= read <&99 -r encodedname; do
local name
name=$(echo $name)
encrypted_file=$(get_encrypted_filename "$name")
unencrypted_file=$(get_unencrypted_filename "$name")
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
cp_permissions "$encrypted_file" "$unencrypted_file"
if [[ ! -z "$FILE_GROUP" ]]; then

22
bin/blackbox_update_all_files
View File

@@ -12,15 +12,19 @@ disclose_admins
prepare_keychain
echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'
while IFS= read <&99 -r unencrypted_file; do
echo " $unencrypted_file.gpg"
while IFS= read <&99 -r encodedname; do
local name
name=$(echo $encodedname)
echo " $name.gpg"
done 99<"$BB_FILES"
echo '========== FILES IN THE WAY:'
need_warning=false
while IFS= read <&99 -r unencrypted_file; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
while IFS= read <&99 -r encodedname; do
local name
name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$name")
if [[ -f "$unencrypted_file" ]]; then
need_warning=true
echo " $unencrypted_file"
@@ -35,9 +39,11 @@ else
fi
echo '========== RE-ENCRYPTING FILES:'
while IFS= read <&99 -r unencrypted_file; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
while IFS= read <&99 -r encodedname; do
local name
name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$name")
echo ========== PROCESSING '"'$unencrypted_file'"'
fail_if_not_on_cryptlist "$unencrypted_file"
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"