Compare commits
10 Commits
v1.2015030
...
v1.2015060
| Author | SHA1 | Date | |
|---|---|---|---|
|
225d38ee11 | ||
|
|
ccba841cd8 | ||
|
|
6817724205 | ||
|
|
fcaceab817 | ||
|
b35c09609b | ||
|
e2defec756 | ||
|
|
65a1c938ab | ||
|
|
faa40c71c7 | ||
|
90dc874d56 | ||
|
|
c474e1f0a8 |
4
Makefile
4
Makefile
@@ -88,7 +88,7 @@ local-deb:
|
||||
confidence:
|
||||
@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg should not exist. If it does, bugs may polute your .gnupg configuration. If the code has no bugs everything will be fine. Do you feel lucky?'; false ; fi
|
||||
@if which >/dev/null gpg-agent ; then pkill gpg-agent ; rm -rf /tmp/tmp.* ; fi
|
||||
@export PATH=~/gitwork/blackbox/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin ; tools/confidence_test.sh
|
||||
cd ~/gitwork/blackbox && tools/confidence_test.sh
|
||||
@export PATH="$(PWD)/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:$(PATH)" ; tools/confidence_test.sh
|
||||
tools/confidence_test.sh
|
||||
@if which >/dev/null gpg-agent ; then pkill gpg-agent ; fi
|
||||
@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg was created which means the scripts might be poluting GnuPG configuration. Fix this bug.'; false ; fi
|
||||
|
||||
@@ -77,8 +77,9 @@ need to do.
|
||||
Installation Instructions:
|
||||
==========================
|
||||
|
||||
* *The RPM way*: `make packages-rpm` and now you have an RPM you can install.
|
||||
* *The MacPorts Way*: `sudo port install vcs_blackbox`
|
||||
* *The RPM way*: `make packages-rpm` and now you have an RPM you can install.
|
||||
* *The Debian/Ubuntu way*: `make packages-deb` and now you have a DEB you can install.
|
||||
* *The hard way*: Copy all the files in "bin" to your "bin".
|
||||
* *The Antigen Way*: Add `antigen bundle StackExchange/blackbox` to your .zshrc
|
||||
* *The Zgen Way*: Add `zgen load StackExchange/blackbox` to your .zshrc where you're loading your other plugins.
|
||||
@@ -195,7 +196,7 @@ What does this look like to the typical user?
|
||||
================================
|
||||
|
||||
* If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
|
||||
* Decrypt the file so it is editable: `blackbox_edit FILENAME`
|
||||
* Decrypt the file so it is editable: `blackbox_edit_start FILENAME`
|
||||
* (You will need to enter your GPG passphrase.)
|
||||
* Edit FILENAME as you desire: `vim FILENAME`
|
||||
* Re-encrypt the file: `blackbox_edit_end FILENAME`
|
||||
|
||||
@@ -27,7 +27,7 @@ function _determine_vcs_base_and_type() {
|
||||
#find topmost dir with .svn sub-dir
|
||||
parent=""
|
||||
grandparent="."
|
||||
mydir=$(pwd)
|
||||
mydir="$(pwd)"
|
||||
while [ -d "$grandparent/.svn" ]; do
|
||||
parent=$grandparent
|
||||
grandparent="$parent/.."
|
||||
@@ -35,7 +35,7 @@ function _determine_vcs_base_and_type() {
|
||||
|
||||
if [ ! -z "$parent" ]; then
|
||||
cd "$parent"
|
||||
echo "$(pwd)"
|
||||
pwd
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
@@ -256,6 +256,15 @@ function enumerate_subdirs() {
|
||||
done <"$listfile" | sort -u
|
||||
}
|
||||
|
||||
# chdir to the base of the repo.
|
||||
function change_to_vcs_root() {
|
||||
if [[ $REPOBASE = '' ]]; then
|
||||
echo 'ERROR: _determine_vcs_base_and_type failed to set REPOBASE.'
|
||||
exit 1
|
||||
fi
|
||||
cd "$REPOBASE"
|
||||
}
|
||||
|
||||
# Output the path of a file relative to the repo base
|
||||
function vcs_relative_path() {
|
||||
# Usage: vcs_relative_path file
|
||||
@@ -378,7 +387,6 @@ function vcs_commit_svn() {
|
||||
}
|
||||
|
||||
|
||||
|
||||
# Remove file from repo, even if it was deleted locally already.
|
||||
# If it doesn't exist yet in the repo, it should be a no-op.
|
||||
function vcs_remove() {
|
||||
@@ -396,17 +404,3 @@ function vcs_remove_git() {
|
||||
function vcs_remove_svn() {
|
||||
svn delete """$@"""
|
||||
}
|
||||
|
||||
function change_to_root() {
|
||||
# If BASEDIR is not set, use REPOBASE.
|
||||
if [[ "$BASEDIR" = "" ]]; then
|
||||
BASEDIR="$REPOBASE"
|
||||
fi
|
||||
|
||||
if [[ "$BASEDIR" = "/dev/null" ]]; then
|
||||
echo 'WARNING: Not in a VCS repo. Not changing directory.'
|
||||
else
|
||||
echo "CDing to $BASEDIR"
|
||||
cd "$BASEDIR"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ for param in """$@""" ; do
|
||||
shreddable=0
|
||||
unencrypted_file=$(get_unencrypted_filename "$param")
|
||||
if [[ ! -e "$unencrypted_file" ]]; then
|
||||
blackbox_edit_start "$param"
|
||||
"${blackbox_home}/blackbox_edit_start" "$param"
|
||||
shreddable=1
|
||||
fi
|
||||
cat "$unencrypted_file"
|
||||
|
||||
@@ -13,7 +13,7 @@ for param in """$@""" ; do
|
||||
read -r -p "Encrypt file $param? (y/n) " ans
|
||||
case "$ans" in
|
||||
y* | Y*)
|
||||
blackbox_register_new_file "$param"
|
||||
"${blackbox_home}/blackbox_register_new_file" "$param"
|
||||
;;
|
||||
*)
|
||||
echo 'Skipping...'
|
||||
@@ -21,7 +21,7 @@ for param in """$@""" ; do
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
blackbox_edit_start "$param"
|
||||
"${blackbox_home}/blackbox_edit_start" "$param"
|
||||
"$EDITOR" "$(get_unencrypted_filename "$param")"
|
||||
blackbox_edit_end "$param"
|
||||
"${blackbox_home}/blackbox_edit_end" "$param"
|
||||
done
|
||||
|
||||
@@ -22,15 +22,14 @@ if [[ $1 != 'yes' ]]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
echo cd "$REPOBASE"
|
||||
cd "$REPOBASE"
|
||||
change_to_vcs_root
|
||||
|
||||
echo VCS_TYPE: $VCS_TYPE
|
||||
|
||||
if [[ $VCS_TYPE = "git" || $VCS_TYPE = "hg" ]]; then
|
||||
# Update .gitignore or .hgignore
|
||||
|
||||
IGNOREFILE=".${VCS_TYPE}ignore"
|
||||
IGNOREFILE="${REPOBASE}/.${VCS_TYPE}ignore"
|
||||
if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
|
||||
echo 'pubring.gpg~' >>"$IGNOREFILE"
|
||||
fi
|
||||
|
||||
@@ -23,7 +23,7 @@ else
|
||||
FILE_GROUP="$1"
|
||||
fi
|
||||
|
||||
change_to_root
|
||||
change_to_vcs_root
|
||||
prepare_keychain
|
||||
|
||||
# Decrypt:
|
||||
|
||||
@@ -43,28 +43,28 @@ VCSCMD=$(which_vcs)
|
||||
if "$SECRETSEXPOSED" ; then
|
||||
vcs_remove "$unencrypted_file"
|
||||
vcs_add "$encrypted_file"
|
||||
COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file"
|
||||
COMMIT_FILES=("$BB_FILES" "$encrypted_file" "$unencrypted_file")
|
||||
else
|
||||
COMMIT_FILES="$BB_FILES $encrypted_file"
|
||||
# FIXME(tal): This should be an array so that filenames with
|
||||
# spaces aren't a problem.
|
||||
COMMIT_FILES=("$BB_FILES" "$encrypted_file")
|
||||
fi
|
||||
|
||||
# TODO(tlim): This should be moved to _blackbox_common.sh in a
|
||||
# VCS-independent way.
|
||||
IGNOREFILE=".${VCS_TYPE}ignore"
|
||||
IGNOREFILE="${REPOBASE}/.${VCS_TYPE}ignore"
|
||||
if [[ $VCS_TYPE = 'git' ]]; then
|
||||
ignored_file="$(echo "$unencrypted_file" | sed 's/\([\*\?]\)/\\\1/g' | sed 's/^\([!#]\)/\\\1/')"
|
||||
relfile="$(vcs_relative_path "$unencrypted_file")"
|
||||
relfileb="${relfile/\$\//}"
|
||||
ignored_file="$(echo "${relfileb}" | sed 's/\([\*\?]\)/\\\1/g' | sed 's/^\([!#]\)/\\\1/')"
|
||||
if ! grep -Fsx >/dev/null "$ignored_file" "$IGNOREFILE"; then
|
||||
echo "$ignored_file" >>"$IGNOREFILE"
|
||||
COMMIT_FILES="$COMMIT_FILES $IGNOREFILE"
|
||||
COMMIT_FILES+=("$IGNOREFILE")
|
||||
fi
|
||||
vcs_add "$IGNOREFILE"
|
||||
fi
|
||||
|
||||
echo 'NOTE: "already tracked!" messages are safe to ignore.'
|
||||
vcs_add "$BB_FILES" $encrypted_file
|
||||
vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES
|
||||
vcs_add "$BB_FILES" "$encrypted_file"
|
||||
vcs_commit "registered in blackbox: ${unencrypted_file}" "${COMMIT_FILES[@]}"
|
||||
echo "========== UPDATING VCS: DONE"
|
||||
echo "Local repo updated. Please push when ready."
|
||||
echo " $VCSCMD push"
|
||||
|
||||
@@ -19,7 +19,7 @@ set -e
|
||||
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
||||
source "${blackbox_home}/_blackbox_common.sh"
|
||||
|
||||
change_to_root
|
||||
change_to_vcs_root
|
||||
|
||||
echo '========== FILES BEING SHREDDED:'
|
||||
for i in $(<"$BB_FILES") ; do
|
||||
|
||||
@@ -214,6 +214,7 @@ PHASE 'She enrolls secrets.txt.'
|
||||
blackbox_register_new_file secret.txt
|
||||
assert_file_missing secret.txt
|
||||
assert_file_exists secret.txt.gpg
|
||||
assert_line_exists 'secret.txt' .gitignore
|
||||
|
||||
PHASE 'She decrypts secrets.txt.'
|
||||
blackbox_edit_start secret.txt
|
||||
@@ -297,6 +298,7 @@ blackbox_register_new_file mistake.txt
|
||||
assert_file_missing mistake.txt
|
||||
assert_file_exists mistake.txt.gpg
|
||||
# NOTE: It is still in the history. That should be corrected someday.
|
||||
assert_line_exists 'mistake.txt' .gitignore
|
||||
|
||||
PHASE 'Bob enrolls my/path/to/relsecrets.txt.'
|
||||
mkdir my my/path my/path/to
|
||||
@@ -305,6 +307,9 @@ cd my/path/to
|
||||
blackbox_register_new_file relsecrets.txt
|
||||
assert_file_missing relsecrets.txt
|
||||
assert_file_exists relsecrets.txt.gpg
|
||||
assert_file_missing .gitignore
|
||||
assert_file_exists ../../../.gitignore
|
||||
assert_line_exists 'my/path/to/relsecrets.txt' ../../../.gitignore
|
||||
|
||||
PHASE 'Bob decrypts relsecrets.txt.'
|
||||
cd ..
|
||||
@@ -335,6 +340,13 @@ assert_file_missing 'stars*bars?.txt'
|
||||
assert_file_exists 'stars*bars?.txt'.gpg
|
||||
assert_line_exists 'stars\*bars\?.txt' .gitignore
|
||||
|
||||
PHASE 'Bob enrolls stars bars.txt'
|
||||
echo A very commented file >'stars bars.txt'
|
||||
blackbox_register_new_file 'stars bars.txt'
|
||||
assert_file_missing 'stars bars.txt'
|
||||
assert_file_exists 'stars bars.txt'.gpg
|
||||
assert_line_exists 'stars bars.txt' .gitignore
|
||||
|
||||
# TODO(tlim): Add test to make sure that now alice can NOT decrypt.
|
||||
|
||||
#
|
||||
@@ -348,5 +360,5 @@ fi
|
||||
|
||||
find .git?* * -type f -ls
|
||||
echo cd "$test_repository"
|
||||
echo rm "$test_repository"
|
||||
echo rm -rf "$test_repository"
|
||||
echo DONE.
|
||||
|
||||
Reference in New Issue
Block a user