BACKWARDS INCOMPATIBLE CHANGES:

* Using $BASEDIR to pass the location of the repo hasn't worked for a
  while. It has been removed.  Simply cd into the vcs repo before
  running a command.
BUG FIXES:
* .gitignore was being created in subdirectories instead of VCS root.
MINOR CHANGES
* _blackbox_common.sh: Replace change_to_root with change_to_vcs_root
* confidence_test.sh: Added more assertions and tests.

Makefile

@@ -5,6 +5,7 @@ PKGNAME=stack_blackbox
 all:
 	@echo 'Menu:'
 	@echo '  make packages          Make RPM packages'
+	@echo '  make packages-deb      Make DEB packages'
 	@echo '  make install           (incomplete)'
 
 install:
@@ -24,13 +25,12 @@ packages: packages-rpm
 tools/mk_macports.vcs_blackbox.txt: tools/mk_rpm_fpmdir.stack_blackbox.txt
 	sed -e 's@/usr/blackbox/bin/@bin/@g' -e '/profile.d-usrblackbox.sh/d' <tools/mk_rpm_fpmdir.stack_blackbox.txt >$@
 
-check-destdir:
-	ifndef DESTDIR
-	  $(error DESTDIR is undefined)
-	endif
+# Make mk_deb_fpmdir.vcs_blackbox.txt from mk_rpm_fpmdir.stack_blackbox.txt:
+tools/mk_deb_fpmdir.stack_blackbox.txt: tools/mk_rpm_fpmdir.stack_blackbox.txt
+	sed -e 's@/usr/blackbox/bin/@/usr/bin/@g' -e '/profile.d-usrblackbox.sh/d' <tools/mk_deb_fpmdir.stack_blackbox.txt >$@
 
 # MacPorts expects to run: make packages-macports DESTDIR=${destroot}
-packages-macports: tools/mk_macports.vcs_blackbox.txt check-destdir
+packages-macports: tools/mk_macports.vcs_blackbox.txt
 	mkdir -p $(DESTDIR)/bin
 	cd tools && ./mk_macports mk_macports.vcs_blackbox.txt
 
@@ -60,16 +60,35 @@ lock-rpm:
 unlock-rpm:
 	sudo yum versionlock clear
 
+#
+# DEB builds
+#
+
+packages-deb:	tools/mk_deb_fpmdir.stack_blackbox.txt
+	cd tools && PKGRELEASE="$${PKGRELEASE}" PKGDESCRIPTION="Safely store secrets in git/hg/svn repos using GPG encryption" ./mk_deb_fpmdir stack_blackbox mk_deb_fpmdir.stack_blackbox.txt
+
+packages-deb-debug:	tools/mk_deb_fpmdir.stack_blackbox.txt
+	@echo BUILD:
+	@PKGRELEASE=99 make packages-deb
+	@echo ITEMS TO BE PACKAGED:
+	find ~/debbuild-$(PKGNAME)/installroot -type f
+	@echo ITEMS ACTUALLY IN PACKAGE:
+	@dpkg --contents $$(cat ~/debbuild-$(PKGNAME)/bin-packages.txt)
+
+local-deb:
+	@PKGRELEASE=1 make packages
+	-@sudo dpkg -e $(PKGNAME)
+	sudo dpkg -i $$(cat ~/rpmbuild-$(PKGNAME)/bin-packages.txt)
+
 # Add other package types here.
 
 #
 # System Test:
 #
-
 confidence:
-	@if [[ -e ~/.gnupg ]]; then echo ERROR: '~/.gnupg should not exist. If it does, bugs may polute your .gnupg configuration. If the code has no bugs everything will be fine. Do you feel lucky?'; false ; fi
+	@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg should not exist. If it does, bugs may polute your .gnupg configuration. If the code has no bugs everything will be fine. Do you feel lucky?'; false ; fi
 	@if which >/dev/null gpg-agent ; then pkill gpg-agent ; rm -rf /tmp/tmp.* ; fi
-	@export PATH=~/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin ; 
-		cd ~/gitwork/blackbox && tools/confidence_test.sh
+	@export PATH="$(PWD)/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:$(PATH)" ; tools/confidence_test.sh
+		tools/confidence_test.sh
 	@if which >/dev/null gpg-agent ; then pkill gpg-agent ; fi
-	@if [[ -e ~/.gnupg ]]; then echo ERROR: '~/.gnupg was created which means the scripts might be poluting GnuPG configuration.  Fix this bug.'; false ; fi
+	@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg was created which means the scripts might be poluting GnuPG configuration.  Fix this bug.'; false ; fi

README.md

@@ -74,6 +74,17 @@ exception of a few specific files, is key to the kind of
 collaboration that DevOps and modern IT practitioniers
 need to do.
 
+Installation Instructions:
+==========================
+
+  * *The MacPorts Way*: `sudo port install vcs_blackbox`
+  * *The RPM way*: `make packages-rpm` and now you have an RPM you can install.
+  * *The Debian/Ubuntu way*: `make packages-deb` and now you have a DEB you can install.
+  * *The hard way*: Copy all the files in "bin" to your "bin".
+  * *The Antigen Way*: Add `antigen bundle StackExchange/blackbox` to your .zshrc
+  * *The Zgen Way*: Add `zgen load StackExchange/blackbox` to your .zshrc where you're loading your other plugins.
+
+
 Commands:
 ============================
 
@@ -90,7 +101,7 @@ Commands:
 | `blackbox_register_new_file` | Encrypt a file for the first time |
 | `blackbox_removeadmin` | Remove someone from the list of people that can encrypt/decrypt secrets |
 | `blackbox_shred_all_files` | Safely delete any decrypted files |
-| `blackbox_update_all_file` | Decrypt then re-encrypt all files. Useful after keys are changed |
+| `blackbox_update_all_files` | Decrypt then re-encrypt all files. Useful after keys are changed |
 
 Compatibility:
 ============================
@@ -185,7 +196,7 @@ What does this look like to the typical user?
 ================================
 
 *  If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
-*  Decrypt the file so it is editable: `blackbox_edit FILENAME`
+*  Decrypt the file so it is editable: `blackbox_edit_start FILENAME`
 *  (You will need to enter your GPG passphrase.)
 *  Edit FILENAME as you desire: `vim FILENAME`
 *  Re-encrypt the file: `blackbox_edit_end FILENAME`

RELEASE_ENGINEERING.TXT

@@ -1,45 +0,0 @@
-# Branches and Tags:
-
-There are 3 branches/tags:
-
-* **HEAD:** The cutting edge of development.
-* **tag stable:** Stable enough for use by most people.
-* **tag production:** Burned in long enough that we are confident it can be widely adopted.
-
-If you are packaging Blackbox for distribution, you should track the *tag production*.  You might also want to provide a separate package that tracks *tag stable:* for early adopters.
-
-# Build Tasks
-
-# Stable Releases
-
-Marking the software to be "stable":
-
-Step 1. Tag it.
-
-```
-git pull
-git tag -d stable
-git push origin :stable
-git tag stable
-git push origin tag stable
-```
-
-Step 2. Mark your calendar 1 week from today to check
-to see if this should be promoted to production.
-
-
-# Production Releases
-
-If no bugs have been reported a full week after a stable tag has been pushed, mark the release to be "production".
-
-```
-git fetch
-git checkout stable
-git tag -d production
-git push origin :production
-git tag production
-git push origin tag production
-R="v1.$(date +%Y%m%d)"
-git tag "$R"
-git push origin tag "$R"
-```

RELEASE_ENGINEERING.txt

@@ -0,0 +1,119 @@
+# Branches and Tags:
+
+There are 3 branches/tags:
+
+* **HEAD:** The cutting edge of development.
+* **tag stable:** Stable enough for use by most people.
+* **tag production:** Burned in long enough that we are confident it can be widely adopted.
+
+If you are packaging Blackbox for distribution, you should track the *tag production*.  You might also want to provide a separate package that tracks *tag stable:* for early adopters.
+
+# Build Tasks
+
+# Stable Releases
+
+Marking the software to be "stable":
+
+Step 1. Tag it.
+
+```
+git pull
+git tag -d stable
+git push origin :stable
+git tag stable
+git push origin tag stable
+```
+
+Step 2. Mark your calendar 1 week from today to check
+to see if this should be promoted to production.
+
+
+# Production Releases
+
+If no bugs have been reported a full week after a stable tag has been pushed, mark the release to be "production".
+
+```
+git fetch
+git checkout stable
+git tag -d production
+git push origin :production
+git tag production
+git push origin tag production
+R="v1.$(date +%Y%m%d)"
+git tag "$R"
+git push origin tag "$R"
+```
+
+# Updating MacPorts (automatic)
+
+Step 1: Generate the Portfile
+
+```
+tools/macports_report_upgrade.sh  1.20150222
+```
+
+This script will generate a file called `Portfile-vcs_blackbox.diff` and instructions on how to submit it as a update request.
+
+Step 2: Submit the update request.
+
+Submit the diff file as a bug as instructed. The instructions should look like this:
+
+* PLEASE OPEN A TICKET WITH THIS INFORMATION:
+    https://trac.macports.org/newticket
+* Summary: `vcs_blackbox @1.20150222 Update to latest upstream`
+* Description: ```New upstream of vcs_blackbox.
+github.setup and checksums updated.```
+* Type: `update`
+* Component: `ports`
+* Port: `vcs_blackbox`
+* Keywords: `maintainer`
+* Attach this file: `Portfile-vcs_blackbox.diff`
+
+Step 3: Watch for the update to happen.
+
+# Updating MacPorts (manual)
+
+This is the old, manual, procedure.  If the automated procedure work, these notes may or may not be helpful.
+
+The ultimate result of the script should be a `diff -u Portfile.orig Portfile`.  The new `Portfile` should have these changes:
+
+1. The `github.setup` line should have a new version number.
+2. The `checksums` line(s) should have updated checksums.
+
+How to generate the checksums?
+
+The easiest way is to to make a Portfile with incorrect checksums, then run `sudo port -v checksum vcs_blackbox` to see what they should have been.  Fix the file, and try again.
+
+When the the checksum command works, run `port lint vcs_blackbox` and make sure it has no errors.
+
+Some useful commands:
+
+Change repos in sources.conf:
+```
+sudo vi /opt/local/etc/macports/sources.conf
+  Add this line early in the file:
+  file:///var/tmp/ports
+```
+
+Add a local repo in an automated manner:
+```
+fgrep >/dev/null -x 'file:///var/tmp/ports' /opt/local/etc/macports/sources.conf || sudo sed -i -e '1s@^@file:///var/tmp/ports\'$'\n@' /opt/local/etc/macports/sources.conf
+```
+
+Remove the local repo in an automated manner:
+```
+sudo sed -i -e '\@^file:///var/tmp/ports@d' /opt/local/etc/macports/sources.conf
+```
+
+Test a Portfile:
+``` 
+sudo port uninstall vcs_blackbox
+sudo port clean --all vcs_blackbox
+rm -rf ~/.macports/opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/security/vcs_blackbox/
+rm -rf /var/tmp/ports
+mkdir -p /var/tmp/ports/security/vcs_blackbox
+cp Portfile /var/tmp/ports/security/vcs_blackbox
+cd /var/tmp/ports && portindex
+sudo port -v checksum vcs_blackbox
+sudo port install vcs_blackbox
+```

bin/_blackbox_common.sh

@@ -10,11 +10,11 @@
 #   . _blackbox_common.sh
 
 # Where in the VCS repo should the blackbox data be found?
-: ${BLACKBOXDATA:=keyrings/live} ;   # If BLACKBOXDATA not set, set it.
+: "${BLACKBOXDATA:=keyrings/live}" ;   # If BLACKBOXDATA not set, set it.
 
 
 # If $EDITOR is not set, set it to "vi":
-: ${EDITOR:=vi} ;
+: "${EDITOR:=vi}" ;
 
 
 # Outputs a string that is the base directory of this VCS repo.
@@ -27,19 +27,19 @@ function _determine_vcs_base_and_type() {
     #find topmost dir with .svn sub-dir
     parent=""
     grandparent="."
-    mydir=`pwd`
+    mydir="$(pwd)"
     while [ -d "$grandparent/.svn" ]; do
       parent=$grandparent
       grandparent="$parent/.."
     done
 
     if [ ! -z "$parent" ]; then
-      cd $parent
-      echo `pwd`
+      cd "$parent"
+      pwd
     else
       exit 1
     fi
-    cd $mydir
+    cd "$mydir"
     VCS_TYPE=svn
   elif hg root 2>/dev/null ; then
     # NOTE: hg has to be tested last because it always "succeeds".
@@ -61,7 +61,7 @@ BB_FILES_FILE="blackbox-files.txt"
 BB_FILES="${KEYRINGDIR}/${BB_FILES_FILE}"
 SECRING="${KEYRINGDIR}/secring.gpg"
 PUBRING="${KEYRINGDIR}/pubring.gpg"
-: ${DECRYPT_UMASK:=0022} ;
+: "${DECRYPT_UMASK:=0022}" ;
 # : ${DECRYPT_UMASK:=o=} ;
 
 # Return error if not on cryptlist.
@@ -184,9 +184,9 @@ function decrypt_file() {
   echo "========== EXTRACTING $unencrypted"
 
   old_umask=$(umask)
-  umask $DECRYPT_UMASK
+  umask "$DECRYPT_UMASK"
   gpg -q --decrypt -o "$unencrypted" "$encrypted"
-  umask $old_umask
+  umask "$old_umask"
 }
 
 # Decrypt .gpg file, overwriting unencrypted file if it exists.
@@ -206,12 +206,12 @@ function decrypt_file_overwrite() {
   fi
 
   old_umask=$(umask)
-  umask $DECRYPT_UMASK
+  umask "$DECRYPT_UMASK"
   gpg --yes -q --decrypt -o "$unencrypted" "$encrypted"
-  umask $old_umask
+  umask "$old_umask"
 
   new_hash=$(md5sum_file "$unencrypted")
-  if [[ $old_hash != $new_hash ]]; then
+  if [[ "$old_hash" != "$new_hash" ]]; then
     echo "========== EXTRACTED $unencrypted"
   fi
 }
@@ -250,17 +250,26 @@ function enumerate_subdirs() {
   while read filename; do
     dir=$(dirname "$filename")
     while [[ $dir != '.' && $dir != '/' ]]; do
-      echo $dir
-      dir=$(dirname $dir)
+      echo "$dir"
+      dir=$(dirname "$dir")
     done
   done <"$listfile" | sort -u
 }
 
+# chdir to the base of the repo.
+function change_to_vcs_root() {
+  if [[ $REPOBASE = '' ]]; then
+    echo 'ERROR: _determine_vcs_base_and_type failed to set REPOBASE.'
+    exit 1
+  fi
+  cd "$REPOBASE"
+}
+
 # Output the path of a file relative to the repo base
 function vcs_relative_path() {
   # Usage: vcs_relative_path file
   local name="$1"
-  python -c 'import os ; print(os.path.relpath("'$(pwd -P)'/'"$name"'", "'"$REPOBASE"'"))'
+  python -c 'import os ; print(os.path.relpath("'"$(pwd -P)"'/'"$name"'", "'"$REPOBASE"'"))'
 }
 
 #
@@ -378,7 +387,6 @@ function vcs_commit_svn() {
 }
 
 
-
 # Remove file from repo, even if it was deleted locally already.
 # If it doesn't exist yet in the repo, it should be a no-op.
 function vcs_remove() {
@@ -396,17 +404,3 @@ function vcs_remove_git() {
 function vcs_remove_svn() {
   svn delete """$@"""
 }
-
-function change_to_root() {
-    # If BASEDIR is not set, use REPOBASE.
-    if [[ "$BASEDIR" = "" ]]; then
-      BASEDIR="$REPOBASE"
-    fi
-
-    if [[ "$BASEDIR" = "/dev/null" ]]; then
-      echo 'WARNING: Not in a VCS repo.  Not changing directory.'
-    else
-      echo "CDing to $BASEDIR"
-      cd "$BASEDIR"
-    fi
-}

bin/_stack_lib.sh

@@ -79,7 +79,7 @@ function make_tempdir() {
 
   case $(uname -s) in
     Darwin )
-      : ${TMPDIR:=/tmp} ;
+      : "${TMPDIR:=/tmp}" ;
       name=$(mktemp -d -t _stacklib_ )
       ;;
     Linux )

bin/blackbox_addadmin

@@ -16,17 +16,7 @@ source ${blackbox_home}/_stack_lib.sh
 fail_if_not_in_repo
 
 KEYNAME="$1"
-: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ;
-
-# The second argument, if present, is the directory to find the GPG keys to be imported.
-if [[ "$2" == "" ]]; then
-  GPGEXPORTOPTIONS=""
-else
-  GPGEXPORTOPTIONS=--homedir="${2}"
-fi
-# TODO(tlim): This could probably be done with GNUPGHOME
-# but that affects all commands; we just want it to affect the key export.
-
+: "${KEYNAME:?ERROR: First argument must be a keyname (email address)}" ;
 
 # Add the email address to the BB_ADMINS file.  Remove any duplicates.
 # The file must exist for sort to act as we expect.
@@ -38,7 +28,16 @@ sort  -fdu -o "$BB_ADMINS" <(echo "$1") "$BB_ADMINS"
 
 # Extract it:
 make_self_deleting_tempfile pubkeyfile
-gpg $GPGEXPORTOPTIONS --export -a "$KEYNAME" >"$pubkeyfile"
+
+# The second argument, if present, is the directory to find the GPG keys to be imported.
+if [[ -z $2 ]]; then
+  gpg --export -a "$KEYNAME" >"$pubkeyfile"
+else
+  # TODO(tlim): This could probably be done with GNUPGHOME
+  # but that affects all commands; we just want it to affect the key export.
+  gpg --homedir="$2" --export -a "$KEYNAME" >"$pubkeyfile"
+fi
+
 if [[ $(wc -l < "$pubkeyfile") = 0 ]]; then
   fail_out "GPG key '$KEYNAME' not found.  Please create it with: gpg --gen-key"
   exit 1

bin/blackbox_cat

@@ -5,13 +5,13 @@
 #
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 for param in """$@""" ; do
   shreddable=0
   unencrypted_file=$(get_unencrypted_filename "$param")
   if [[ ! -e "$unencrypted_file" ]]; then
-    blackbox_edit_start "$param"
+    "${blackbox_home}/blackbox_edit_start" "$param"
     shreddable=1
   fi
   cat "$unencrypted_file"

bin/blackbox_edit

@@ -5,7 +5,7 @@
 #
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 for param in """$@""" ; do
   unencrypted_file=$(get_unencrypted_filename "$param")
@@ -13,7 +13,7 @@ for param in """$@""" ; do
     read -r -p "Encrypt file $param? (y/n) " ans
     case "$ans" in
       y* | Y*)
-        blackbox_register_new_file "$param"
+        "${blackbox_home}/blackbox_register_new_file" "$param"
         ;;
       *)
         echo 'Skipping...'
@@ -21,7 +21,7 @@ for param in """$@""" ; do
         ;;
     esac
   fi
-  blackbox_edit_start "$param"
-  $EDITOR $(get_unencrypted_filename $param)
-  blackbox_edit_end "$param"
+  "${blackbox_home}/blackbox_edit_start" "$param"
+  "$EDITOR" "$(get_unencrypted_filename "$param")"
+  "${blackbox_home}/blackbox_edit_end" "$param"
 done

bin/blackbox_edit_end

@@ -6,7 +6,7 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 unencrypted_file=$(get_unencrypted_filename "$1")
 encrypted_file=$(get_encrypted_filename "$1")

bin/blackbox_edit_start

@@ -6,7 +6,7 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 for param in """$@""" ; do
   unencrypted_file=$(get_unencrypted_filename "$param")

bin/blackbox_initialize

@@ -10,7 +10,7 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 _determine_vcs_base_and_type  # Sets VCS_TYPE
 
@@ -22,15 +22,14 @@ if [[ $1 != 'yes' ]]; then
   fi
 fi
 
-echo cd "$REPOBASE"
-cd "$REPOBASE"
+change_to_vcs_root
 
 echo VCS_TYPE: $VCS_TYPE
 
 if [[ $VCS_TYPE = "git" || $VCS_TYPE = "hg" ]]; then
   # Update .gitignore or .hgignore
 
-  IGNOREFILE=".${VCS_TYPE}ignore"
+  IGNOREFILE="${REPOBASE}/.${VCS_TYPE}ignore"
   if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
     echo 'pubring.gpg~' >>"$IGNOREFILE"
   fi

bin/blackbox_list_files

@@ -5,5 +5,5 @@
 #
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 cat "$BB_FILES"

bin/blackbox_postdeploy

@@ -15,7 +15,7 @@ export PATH=/usr/bin:/bin:"$PATH"
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 if [[ "$1" == "" ]]; then
   FILE_GROUP=""
@@ -23,7 +23,7 @@ else
   FILE_GROUP="$1"
 fi
 
-change_to_root
+change_to_vcs_root
 prepare_keychain
 
 # Decrypt:
@@ -33,7 +33,7 @@ while IFS= read <&99 -r unencrypted_file; do
   decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
   chmod g+r "$unencrypted_file"
   if [[ ! -z "$FILE_GROUP" ]]; then
-    chgrp $FILE_GROUP "$unencrypted_file"
+    chgrp "$FILE_GROUP" "$unencrypted_file"
   fi
 done 99<"$BB_FILES"
 echo '========== Decrypting new/changed files: DONE'

bin/blackbox_register_new_file

@@ -12,13 +12,13 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 _determine_vcs_base_and_type
 
 unencrypted_file=$(get_unencrypted_filename "$1")
 encrypted_file=$(get_encrypted_filename "$1")
 
-if [[ $1 == $encrypted_file ]]; then
+if [[ "$1" == "$encrypted_file" ]]; then
   echo ERROR: Please only register unencrypted files.
   exit 1
 fi
@@ -34,37 +34,37 @@ encrypt_file "$unencrypted_file" "$encrypted_file"
 add_filename_to_cryptlist "$unencrypted_file"
 
 # Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
-SECRETSEXPOSED=$(is_in_vcs ${unencrypted_file})
+SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
 echo "========== CREATED: ${encrypted_file}"
 echo "========== UPDATING REPO:"
 shred_file "$unencrypted_file"
 
 VCSCMD=$(which_vcs)
-if $SECRETSEXPOSED ; then
+if "$SECRETSEXPOSED" ; then
   vcs_remove "$unencrypted_file"
   vcs_add "$encrypted_file"
-  COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file"
+  COMMIT_FILES=("$BB_FILES" "$encrypted_file" "$unencrypted_file")
 else
-  COMMIT_FILES="$BB_FILES $encrypted_file"
-  # FIXME(tal): This should be an array so that filenames with
-  # spaces aren't a problem.
+  COMMIT_FILES=("$BB_FILES" "$encrypted_file")
 fi
 
 # TODO(tlim): This should be moved to _blackbox_common.sh in a
 # VCS-independent way.
-IGNOREFILE=".${VCS_TYPE}ignore"
+IGNOREFILE="${REPOBASE}/.${VCS_TYPE}ignore"
 if [[ $VCS_TYPE = 'git' ]]; then
-  ignored_file="$(echo "$unencrypted_file" |  sed 's/\([\*\?]\)/\\\1/g' | sed 's/^\([!#]\)/\\\1/')"
+  relfile="$(vcs_relative_path "$unencrypted_file")"
+  relfileb="${relfile/\$\//}"
+  ignored_file="$(echo "${relfileb}" |  sed 's/\([\*\?]\)/\\\1/g' | sed 's/^\([!#]\)/\\\1/')"
   if ! grep -Fsx >/dev/null "$ignored_file" "$IGNOREFILE"; then
     echo "$ignored_file" >>"$IGNOREFILE"
-    COMMIT_FILES="$COMMIT_FILES $IGNOREFILE"
+    COMMIT_FILES+=("$IGNOREFILE")
   fi
   vcs_add "$IGNOREFILE"
 fi
 
 echo 'NOTE: "already tracked!" messages are safe to ignore.'
-vcs_add "$BB_FILES" $encrypted_file
-vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES
+vcs_add "$BB_FILES" "$encrypted_file"
+vcs_commit "registered in blackbox: ${unencrypted_file}" "${COMMIT_FILES[@]}"
 echo "========== UPDATING VCS: DONE"
 echo "Local repo updated.  Please push when ready."
 echo "    $VCSCMD push"

bin/blackbox_removeadmin

@@ -11,13 +11,13 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
-source ${blackbox_home}/_stack_lib.sh
+source "${blackbox_home}/_blackbox_common.sh"
+source "${blackbox_home}/_stack_lib.sh"
 
 fail_if_not_in_repo
 
 KEYNAME="$1"
-: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ;
+: "${KEYNAME:?ERROR: First argument must be a keyname (email address)}" ;
 
 # Remove the email address from the BB_ADMINS file.
 make_self_deleting_tempfile bbtemp

bin/blackbox_shred_all_files

@@ -17,9 +17,9 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
-change_to_root
+change_to_vcs_root
 
 echo '========== FILES BEING SHREDDED:'
 for i in $(<"$BB_FILES") ; do

bin/blackbox_update_all_files

@@ -6,7 +6,7 @@
 
 set -e
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source ${blackbox_home}/_blackbox_common.sh
+source "${blackbox_home}/_blackbox_common.sh"
 
 if [[ -z $GPG_AGENT_INFO ]]; then
   echo 'WARNING: You probably want to run gpg-agent as'
@@ -31,7 +31,7 @@ for i in $(<"$BB_FILES") ; do
     echo "    $unencrypted_file"
   fi
 done
-if $need_warning ; then
+if "$need_warning" ; then
   echo
   echo 'WARNING: This will overwrite any unencrypted files laying about.'
   read -r -p 'Press CTRL-C now to stop. ENTER to continue: '

tools/Portfile.template

@@ -0,0 +1,31 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
+# $Id: Portfile 132962 2015-02-16 10:33:02Z ryandesign@macports.org $
+
+PortSystem          1.0
+PortGroup           github 1.0
+
+github.setup        StackExchange blackbox @@VERSION@@ v
+name                vcs_blackbox
+categories          security
+platforms           darwin
+maintainers         whatexit.org:tal openmaintainer
+license             BSD
+supported_archs     noarch
+
+description         Safely store secrets in git/hg/svn repos using GPG encryption
+
+long_description    Storing secrets such as passwords, certificates and private keys \
+                    in Git/Mercurial/SubVersion is dangerous. Blackbox makes it easy \
+                    to store secrets safely using GPG encryption. They can be easily \
+                    decrypted for editing or use in production.
+
+checksums           rmd160  @@RMD160@@ \
+                    sha256  @@SHA256@@
+
+use_configure       no
+
+build               {}
+
+# This project's Makefile uses DESTDIR incorrectly.
+destroot.destdir    DESTDIR=${destroot}${prefix}
+destroot.target     packages-macports

tools/confidence_test.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/../bin
-export PATH=${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
+export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin"
 
 . _stack_lib.sh
 
@@ -15,6 +15,25 @@ function PHASE() {
   echo '********************'
 }
 
+function md5sum_file() {
+  # Portably generate the MD5 hash of file $1.
+  case $(uname -s) in
+    Darwin )
+      md5 -r "$1" | awk '{ print $1 }'
+      ;;
+    Linux )
+      md5sum "$1" | awk '{ print $1 }'
+      ;;
+    CYGWIN* )
+      md5sum "$1" | awk '{ print $1 }'
+      ;;
+    * )
+      echo 'ERROR: Unknown OS. Exiting.'
+      exit 1
+      ;;
+  esac
+}
+
 function assert_file_missing() {
   if [[ -e "$1" ]]; then
     echo "ASSERT FAILED: ${1} should not exist."
@@ -36,7 +55,7 @@ function assert_file_md5hash() {
   local file="$1"
   local wanted="$2"
   assert_file_exists "$file"
-  local found=$(md5sum <"$file" | cut -d' ' -f1 )
+  local found=$(md5sum_file "$file")
   if [[ "$wanted" != "$found" ]]; then
     echo "ASSERT FAILED: $file hash wanted=$wanted found=$found"
     exit 1
@@ -54,7 +73,7 @@ function assert_file_group() {
       ;;
   esac
 
-  local found=$(ls -l "$file" | awk '{ print $4 }')
+  local found=$(ls -lg "$file" | awk '{ print $3 }')
   # NB(tlim): We could do this with 'stat' but it would break on BSD-style OSs.
   if [[ "$wanted" != "$found" ]]; then
     echo "ASSERT FAILED: $file chgrp wanted=$wanted found=$found"
@@ -96,7 +115,7 @@ eval $(gpg-agent --homedir "$fake_alice_home" --daemon)
 GPG_AGENT_INFO_ALICE="$GPG_AGENT_INFO"
 
 export GNUPGHOME="$fake_bob_home"
-eval $(gpg-agent --homedir "$fake_alice_home" --daemon)
+eval $(gpg-agent --homedir "$fake_bob_home" --daemon)
 GPG_AGENT_INFO_BOB="$GPG_AGENT_INFO"
 
 function become_alice() {
@@ -108,8 +127,8 @@ function become_alice() {
 }
 
 function become_bob() {
-  export GNUPGHOME="$fake_alice_home"
-  export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE"
+  export GNUPGHOME="$fake_bob_home"
+  export GPG_AGENT_INFO="$GPG_AGENT_INFO_BOB"
   git config --global user.name "Bob Example"
   git config --global user.email bob@example.com
 }
@@ -195,6 +214,7 @@ PHASE 'She enrolls secrets.txt.'
 blackbox_register_new_file secret.txt
 assert_file_missing secret.txt
 assert_file_exists secret.txt.gpg
+assert_line_exists 'secret.txt' .gitignore
 
 PHASE 'She decrypts secrets.txt.'
 blackbox_edit_start secret.txt
@@ -217,12 +237,14 @@ PHASE 'Bob makes sure he has all new keys.'
 gpg --import keyrings/live/pubring.gpg
 
 # Pick a GID to use:
+# This users's default group:
+DEFAULT_GID_NAME=$(id -gn)
+# Pick a group that is not the default group:
 TEST_GID_NUM=$(id -G | fmt -1 | tail -n +2 | grep -xv $(id -u) | head -n 1)
-TEST_GID_NAME=$(getent group "$TEST_GID_NUM" | cut -d: -f1)
-DEFAULT_GID_NAME=$(getent group $(id -u) | cut -d: -f1)
+TEST_GID_NAME=$(python -c 'import grp; print grp.getgrgid('"$TEST_GID_NUM"').gr_name')
+echo DEFAULT_GID_NAME=$DEFAULT_GID_NAME
 echo TEST_GID_NUM=$TEST_GID_NUM
 echo TEST_GID_NAME=$TEST_GID_NAME
-echo DEFAULT_GID_NAME=$DEFAULT_GID_NAME
 
 PHASE 'Bob postdeploys... default.'
 blackbox_postdeploy
@@ -276,6 +298,7 @@ blackbox_register_new_file mistake.txt
 assert_file_missing mistake.txt
 assert_file_exists mistake.txt.gpg
 # NOTE: It is still in the history. That should be corrected someday.
+assert_line_exists 'mistake.txt' .gitignore
 
 PHASE 'Bob enrolls my/path/to/relsecrets.txt.'
 mkdir my my/path my/path/to
@@ -284,6 +307,9 @@ cd my/path/to
 blackbox_register_new_file relsecrets.txt
 assert_file_missing relsecrets.txt
 assert_file_exists relsecrets.txt.gpg
+assert_file_missing .gitignore
+assert_file_exists ../../../.gitignore
+assert_line_exists 'my/path/to/relsecrets.txt' ../../../.gitignore
 
 PHASE 'Bob decrypts relsecrets.txt.'
 cd ..
@@ -314,6 +340,13 @@ assert_file_missing 'stars*bars?.txt'
 assert_file_exists 'stars*bars?.txt'.gpg
 assert_line_exists 'stars\*bars\?.txt' .gitignore
 
+PHASE 'Bob enrolls stars bars.txt'
+echo A very commented file >'stars bars.txt'
+blackbox_register_new_file 'stars bars.txt'
+assert_file_missing 'stars bars.txt'
+assert_file_exists 'stars bars.txt'.gpg
+assert_line_exists 'stars bars.txt' .gitignore
+
 # TODO(tlim): Add test to make sure that now alice can NOT decrypt.
 
 #
@@ -327,5 +360,5 @@ fi
 
 find .git?* * -type f -ls
 echo cd "$test_repository"
-echo rm "$test_repository"
+echo rm -rf "$test_repository"
 echo DONE.

tools/macports_report_upgrade.sh

@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# Turn the Portfile.template into a Portfile.
+# Usage:
+#   mk_portfile.sh TEMPLATE OUTPUTFILE VERSION
+
+set -e
+blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source ${blackbox_home}/../bin/_stack_lib.sh
+
+TEMPLATEFILE=tools/Portfile.template
+OUTPUTFILE=Portfile
+PORTVERSION=${1?"Arg 1 must be a version number like 1.20150222 (with no v)"} ; shift
+
+# Add the version number to the template.
+sed <"$TEMPLATEFILE" >"$OUTPUTFILE" -e 's/@@VERSION@@/'"$PORTVERSION"'/g'
+
+# Test it. Record the failure in $checksumout
+fgrep >/dev/null -x 'file:///var/tmp/ports' /opt/local/etc/macports/sources.conf || sudo sed -i -e '1s@^@file:///var/tmp/ports\'$'\n@' /opt/local/etc/macports/sources.conf
+rm -rf /var/tmp/ports
+mkdir -p /var/tmp/ports/security/vcs_blackbox
+cp Portfile /var/tmp/ports/security/vcs_blackbox
+( cd /var/tmp/ports && sudo portindex )
+make_self_deleting_tempfile checksumout
+set +e
+sudo port -v checksum vcs_blackbox > "$checksumout" 2>/dev/null
+ret=$?
+
+# If it failed, grab the checksums. Then re-process the template with them.
+if [[ $ret != 0 ]]; then
+  RMD160=$(awk <"$checksumout" '/^Distfile checksum: .*rmd160/ { print $NF }')
+  SHA256=$(awk <"$checksumout" '/^Distfile checksum: .*sha256/ { print $NF }')
+  echo RMD160=$RMD160
+  echo SHA256=$SHA256
+  echo
+  if [[ $RMD160 != '' && $SHA256 != '' ]]; then
+    sed <"$TEMPLATEFILE" >"$OUTPUTFILE" -e 's/@@VERSION@@/'"$PORTVERSION"'/g' -e 's/@@RMD160@@/'"$RMD160"'/g' -e 's/@@SHA256@@/'"$SHA256"'/g'
+    cp Portfile /var/tmp/ports/security/vcs_blackbox
+    ( cd /var/tmp/ports && sudo portindex )
+    sudo port -v checksum vcs_blackbox
+  fi
+fi
+
+# Generate the diff
+cp /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/security/vcs_blackbox/Portfile /var/tmp/ports/security/vcs_blackbox/Portfile.orig
+( cd /var/tmp/ports/security/vcs_blackbox && diff -u Portfile.orig Portfile ) > Portfile-vcs_blackbox.diff
+open -R Portfile-vcs_blackbox.diff
+
+echo
+echo 'portfile is in:'
+echo '                /var/tmp/ports/security/vcs_blackbox/Portfile'
+echo 'cleanup:'
+echo '                sudo vi /opt/local/etc/macports/sources.conf'
+
+echo "
+PLEASE OPEN A TICKET WITH THIS INFORMATION:
+    https://trac.macports.org/newticket
+    Summary: vcs_blackbox @$PORTVERSION Update to latest upstream
+    Description: 
+New upstream of vcs_blackbox.
+github.setup and checksums updated.
+    Type: update
+    Component: ports
+    Port: vcs_blackbox
+    Keywords: maintainer
+"
+echo 'Attach: Portfile-vcs_blackbox.diff'

tools/mk_deb_fpmdir

@@ -0,0 +1,76 @@
+#! /usr/bin/env bash
+
+# Use fpm to package up files into a DEB .
+
+# Usage:
+#   mk_deb_fpmdir PACKAGENAME MANIFEST1 MANIFEST2 ...
+
+# Example:
+#   Make a package foopkg manifest.txt
+# Where "manifest.txt" contains:
+#   exec /usr/bin/stack_makefqdn  misc/stack_makefqdn.py
+#   exec /usr/bin/bar             bar/bar.sh
+#   read /usr/man/man1/bar.1      bar/bar.1.man
+#   0444 /etc/foo.conf            bar/foo.conf
+
+set -e
+
+# Parameters for this DEB:
+PACKAGENAME=${1?"First arg must be the package name."}
+shift
+
+# Defaults that can be overridden:
+# All packages are 1.0 unless otherwise specifed:
+: ${PKGVERSION:=1.0} ;
+# If there is no iteration setting, assume "1":
+: ${PKGRELEASE:=1}
+# If there is no epoch, assume 0
+: ${PKGEPOCH:=0}
+
+# The DEB is output here: (should be a place that can be wiped)
+OUTPUTDIR="${HOME}/debbuild-$PACKAGENAME"
+# The TeamCity templates expect to find the list of artifacts here:
+DEB_BIN_LIST="${OUTPUTDIR}/bin-packages.txt"
+
+# -- Now the real work can be done.
+
+# Clean the output dir.
+rm -rf "$OUTPUTDIR"
+mkdir -p "$OUTPUTDIR/installroot"
+
+# Copy the files into place:
+set -o pipefail  # Error out if any manifest is not found.
+cat """$@""" | while read -a arr ; do
+  PERM="${arr[0]}"
+  case $PERM in
+    \#*)  continue ;;   # Skip comments.
+    exec) PERM=0755 ;;
+    read) PERM=0744 ;;
+    *) ;;
+  esac
+  DST="$OUTPUTDIR/installroot/${arr[1]}"
+  SRC="${arr[2]}"
+  if [[ $SRC == "cmd/"* || $SRC == *"/cmd/"* ]]; then
+    ( cd $(dirname "$SRC" ) && go build -a -v ) 
+  fi
+  install -D -T -b -m "$PERM" -T "$SRC" "$DST"
+done
+
+# Build the DEB:
+cd "$OUTPUTDIR" && fpm -s dir -t deb \
+  -a x86_64 \
+  -n "${PACKAGENAME}" \
+  --epoch "${PKGEPOCH}" \
+  --version "${PKGVERSION}" \
+  --iteration "${PKGRELEASE}" \
+  ${PKGDESCRIPTION:+ --description="${PKGDESCRIPTION}"} \
+  ${PKGVENDOR:+ --vendor="${PKGVENDOR}"} \
+  -C "$OUTPUTDIR/installroot" \
+  .
+
+# TeamCity templates for DEBS expect to find
+# the list of all packages created in bin-packages.txt.
+# Generate that list:
+find "$OUTPUTDIR" -maxdepth 1 -name '*.deb' >"$DEB_BIN_LIST"
+# Output it for debugging purposes:
+cat "$DEB_BIN_LIST"

tools/mk_deb_fpmdir.stack_blackbox.txt

@@ -0,0 +1,14 @@
+exec /usr/bin/_blackbox_common.sh       ../bin/_blackbox_common.sh
+exec /usr/bin/_stack_lib.sh             ../bin/_stack_lib.sh
+exec /usr/bin/blackbox_addadmin         ../bin/blackbox_addadmin
+exec /usr/bin/blackbox_cat              ../bin/blackbox_cat
+exec /usr/bin/blackbox_edit             ../bin/blackbox_edit
+exec /usr/bin/blackbox_edit_end         ../bin/blackbox_edit_end
+exec /usr/bin/blackbox_edit_start       ../bin/blackbox_edit_start
+exec /usr/bin/blackbox_initialize       ../bin/blackbox_initialize
+exec /usr/bin/blackbox_postdeploy       ../bin/blackbox_postdeploy
+exec /usr/bin/blackbox_register_new_file ../bin/blackbox_register_new_file
+exec /usr/bin/blackbox_removeadmin      ../bin/blackbox_removeadmin
+exec /usr/bin/blackbox_shred_all_files  ../bin/blackbox_shred_all_files
+exec /usr/bin/blackbox_update_all_files ../bin/blackbox_update_all_files
+exec /usr/bin/blackbox_list_files       ../bin/blackbox_list_files