Update CHANGELOG.md

Add unit tests to tools/confidence_test.sh to verify admin operations work.

CHANGELOG.md

@@ -9,3 +9,18 @@ Release v1.20170309
 * macOS: make_tempdir must create shorter paths
 * Fix "make confidence" for newer version of Git
 * README.md: Add info about our new mailing list
+
+Release v1.20170611
+
+* confidence_test.sh verifies external tools exist
+* confidence_test.sh more reliable for non-UTF8 users
+* "make test" no longer prompts for passwords
+* blackbox works better when target directory lives in root (#194)
+* Add confidence_test.sh tests for admin operations
+* blackbox_list_admins fails (#193)
+* confidence_test.sh works better on FreeBSD
+* tools/confidence_test.sh: now works with gnupg-2.0 and gnupg-2.1
+* Blackbox now officially supports both gnupg-2.0 and gnupg-2.1
+* blackbox_shred_all_files: BUGFIX: Does not shred files with spaces
+* blackbox_removeadmin: disable gpg's confirmation
+* Sync mk_rpm_fpmdir from master

Makefile

@@ -127,7 +127,6 @@ test: confidence
 confidence:
 	@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg should not exist. If it does, bugs may polute your .gnupg configuration. If the code has no bugs everything will be fine. Do you feel lucky?'; false ; fi
 	@if which >/dev/null gpg-agent ; then pkill gpg-agent ; rm -rf /tmp/tmp.* ; fi
-	@export PATH="$(PWD)/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:$(PATH)" ; tools/confidence_test.sh
-		tools/confidence_test.sh
+	@export PATH="$(PWD)/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:$(PATH)" ; tools/auto_system_test
 	@if which >/dev/null gpg-agent ; then pkill gpg-agent ; fi
 	@if [ -e ~/.gnupg ]; then echo ERROR: '~/.gnupg was created which means the scripts might be poluting GnuPG configuration.  Fix this bug.'; false ; fi

README.md

@@ -58,7 +58,7 @@ OBVIOUSLY we don't want secret things like SSL private keys and passwords to be
 
 NOT SO OBVIOUSLY when we store "secrets" in a VCS repo like Git or Mercurial, suddenly we are less able to share our code with other people. Communication between subteams of an organization is hurt. You can't collaborate as well. Either you find yourself emailing individual files around (yuck!), making a special repo with just the files needed by your collaborators (yuck!!), or just deciding that collaboration isn't worth all that effort (yuck!!!).
 
-The ability to be open and transparent about our code, with the exception of a few specific files, is key to the kind of collaboration that DevOps and modern IT practitioniers need to do.
+The ability to be open and transparent about our code, with the exception of a few specific files, is key to the kind of collaboration that DevOps and modern IT practitioners need to do.
 
 Installation Instructions:
 ==========================

bin/_blackbox_common.sh

@@ -28,7 +28,7 @@ source "${0%/*}"/_stack_lib.sh
 function physical_directory_of() {
   local d=$(dirname "$1")
   local f=$(basename "$1")
-  (cd "$d" && echo "$(pwd -P)/$f" )
+  (cd "$d" && echo "$(pwd -P | sed 's/\/$//')/$f" )
 }
 
 # Set REPOBASE to the top of the repository
@@ -163,8 +163,16 @@ function get_encrypted_filename() {
 
 # Prepare keychain for use.
 function prepare_keychain() {
+  local keyringasc
   echo '========== Importing keychain: START' >&2
-  $GPG --import "$(get_pubring_path)" 2>&1 | egrep -v 'not changed$' >&2
+  # Works with gpg 2.0
+  #$GPG --import "$(get_pubring_path)" 2>&1 | egrep -v 'not changed$' >&2
+  # Works with gpg 2.0 and 2.1
+  # NB: We must export the keys to a format that can be imported.
+  make_self_deleting_tempfile keyringasc
+  export LANG="C.UTF-8"
+  $GPG --export --keyring "$(get_pubring_path)" >"$keyringasc"
+  $GPG --import "$keyringasc"
   echo '========== Importing keychain: DONE' >&2
 }
 
@@ -277,8 +285,11 @@ function shred_file() {
     #NOTE: srm by default uses 35-pass Gutmann algorithm
     CMD=srm
     OPT=-f
+  elif _F=$(mktemp); rm -P "${_F}" >/dev/null 2>/dev/null ; then
+    CMD=rm
+    OPT=-Pf
   else
-    echo "shred_file: WARNING: No secure deletion utility (shred or srm) present; using insecure rm"
+    echo "shred_file: WARNING: No secure deletion utility (shred or srm) present; using insecure rm" >&2
     CMD=rm
     OPT=-f
   fi
@@ -643,3 +654,20 @@ function vcs_notice_generic_file() {
     echo "WARNING:  If so, manually update the ignore file"
   fi
 }
+
+function gpg_agent_version_check() {
+  if ! hash 'gpg-agent' &> /dev/null; then
+    return 1
+  fi
+  local gpg_agent_version=$(gpg-agent --version | head -1 | awk '{ print $3 }' | tr -d '\n')
+  semverLT $gpg_agent_version "2.1.0"
+}
+
+function gpg_agent_notice() {
+  if [[ $(gpg_agent_version_check) == '0' && -z $GPG_AGENT_INFO ]];then
+    echo 'WARNING: You probably want to run gpg-agent as'
+    echo 'you will be asked for your passphrase many times.'
+    echo 'Example: $ eval $(gpg-agent --daemon)'
+    read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
+  fi
+}

bin/_stack_lib.sh

@@ -180,3 +180,109 @@ function fail_if_in_root_directory() {
       ;;
   esac
 }
+
+function semverParseInto() {
+    local RE='[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)\([0-9A-Za-z-]*\)'
+    #MAJOR
+    eval $2=`echo $1 | sed -e "s#$RE#\1#"`
+    #MINOR
+    eval $3=`echo $1 | sed -e "s#$RE#\2#"`
+    #MINOR
+    eval $4=`echo $1 | sed -e "s#$RE#\3#"`
+    #SPECIAL
+    eval $5=`echo $1 | sed -e "s#$RE#\4#"`
+}
+
+function semverEQ() {
+    local MAJOR_A=0
+    local MINOR_A=0
+    local PATCH_A=0
+    local SPECIAL_A=0
+
+    local MAJOR_B=0
+    local MINOR_B=0
+    local PATCH_B=0
+    local SPECIAL_B=0
+
+    semverParseInto $1 MAJOR_A MINOR_A PATCH_A SPECIAL_A
+    semverParseInto $2 MAJOR_B MINOR_B PATCH_B SPECIAL_B
+
+    if [ $MAJOR_A -ne $MAJOR_B ]; then
+        return 1
+    fi
+
+    if [ $MINOR_A -ne $MINOR_B ]; then
+        return 1
+    fi
+
+    if [ $PATCH_A -ne $PATCH_B ]; then
+        return 1
+    fi
+
+    if [[ "_$SPECIAL_A" != "_$SPECIAL_B" ]]; then
+        return 1
+    fi
+
+
+    return 0
+
+}
+
+function semverLT() {
+    local MAJOR_A=0
+    local MINOR_A=0
+    local PATCH_A=0
+    local SPECIAL_A=0
+
+    local MAJOR_B=0
+    local MINOR_B=0
+    local PATCH_B=0
+    local SPECIAL_B=0
+
+    semverParseInto $1 MAJOR_A MINOR_A PATCH_A SPECIAL_A
+    semverParseInto $2 MAJOR_B MINOR_B PATCH_B SPECIAL_B
+
+    if [ $MAJOR_A -lt $MAJOR_B ]; then
+        return 0
+    fi
+
+    if [[ $MAJOR_A -le $MAJOR_B  && $MINOR_A -lt $MINOR_B ]]; then
+        return 0
+    fi
+
+    if [[ $MAJOR_A -le $MAJOR_B  && $MINOR_A -le $MINOR_B && $PATCH_A -lt $PATCH_B ]]; then
+        return 0
+    fi
+
+    if [[ "_$SPECIAL_A"  == "_" ]] && [[ "_$SPECIAL_B"  == "_" ]] ; then
+        return 1
+    fi
+    if [[ "_$SPECIAL_A"  == "_" ]] && [[ "_$SPECIAL_B"  != "_" ]] ; then
+        return 1
+    fi
+    if [[ "_$SPECIAL_A"  != "_" ]] && [[ "_$SPECIAL_B"  == "_" ]] ; then
+        return 0
+    fi
+
+    if [[ "_$SPECIAL_A" < "_$SPECIAL_B" ]]; then
+        return 0
+    fi
+
+    return 1
+
+}
+
+function semverGT() {
+    semverEQ $1 $2
+    local EQ=$?
+
+    semverLT $1 $2
+    local LT=$?
+
+    if [ $EQ -ne 0 ] && [ $LT -ne 0 ]; then
+        return 0
+    else
+        return 1
+    fi
+}
+

bin/blackbox_decrypt_all_files

@@ -14,9 +14,7 @@
 export PATH=/usr/bin:/bin:"$PATH"
 
 set -e
+source "${0%/*}/_blackbox_common.sh"
 
-if [[ -z $GPG_AGENT_INFO ]]; then
-  eval $(gpg-agent --daemon)
-fi
-
+gpg_agent_notice
 exec blackbox_postdeploy "$@"

bin/blackbox_diff

@@ -7,13 +7,7 @@
 set -e
 source "${0%/*}/_blackbox_common.sh"
 
-if [[ -z $GPG_AGENT_INFO ]]; then
-  echo 'WARNING: You probably want to run gpg-agent as'
-  echo 'you will be asked for your passphrase many times.'
-  echo 'Example: $ eval $(gpg-agent --daemon)'
-  read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
-fi
-
+gpg_agent_notice
 prepare_keychain
 
 modified_files=()

bin/blackbox_list_admins

@@ -5,4 +5,4 @@
 #
 set -e
 source "${0%/*}/_blackbox_common.sh"
-cat "$BB_ADMINS_FILE"
+cat "$BB_ADMINS"

bin/blackbox_removeadmin

@@ -22,7 +22,7 @@ remove_line "$BB_ADMINS" "$KEYNAME"
 
 
 # remove the admin key from the pubring
-$GPG --no-permission-warning --homedir="$KEYRINGDIR" --delete-key "$KEYNAME"
+$GPG --no-permission-warning --homedir="$KEYRINGDIR" --batch --yes --delete-key "$KEYNAME" || true
 pubring_path=$(get_pubring_path)
 vcs_add "$pubring_path" "$KEYRINGDIR/trustdb.gpg" "$BB_ADMINS"
 

bin/blackbox_shred_all_files

@@ -24,11 +24,12 @@ echo '========== FILES BEING SHREDDED:'
 
 exported_internal_shred_file() {
   source "$1/_blackbox_common.sh"
-  unencrypted_file=$(get_unencrypted_filename "$2")
-  encrypted_file=$(get_encrypted_filename "$unencrypted_file")
+  unencrypted_file="$2"
   if [[ -f "$unencrypted_file" ]]; then
-    echo "    $unencrypted_file"
+    echo "    SHRED: $unencrypted_file"
     shred_file "$unencrypted_file"
+  else
+    echo "NOT FOUND: $unencrypted_file"
   fi
 }
 
@@ -38,6 +39,6 @@ DEREFERENCED_BIN_DIR="${0%/*}"
 MAX_PARALLEL_SHRED=10
 
 export IFS=
-xargs -I{} -n 1 -P $MAX_PARALLEL_SHRED bash -c "exported_internal_shred_file $DEREFERENCED_BIN_DIR {}" $DEREFERENCED_BIN_DIR/fake <"$BB_FILES"
+tr '\n' '\0' <"$BB_FILES" | xargs -0 -I{} -n 1 -P $MAX_PARALLEL_SHRED bash -c "exported_internal_shred_file $DEREFERENCED_BIN_DIR \"{}\"" $DEREFERENCED_BIN_DIR/fake
 
 echo '========== DONE.'

bin/blackbox_update_all_files

@@ -7,13 +7,7 @@
 set -e
 source "${0%/*}/_blackbox_common.sh"
 
-if [[ -z $GPG_AGENT_INFO ]]; then
-  echo 'WARNING: You probably want to run gpg-agent as'
-  echo 'you will be asked for your passphrase many times.'
-  echo 'Example: $ eval $(gpg-agent --daemon)'
-  read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
-fi
-
+gpg_agent_notice
 disclose_admins
 prepare_keychain
 

bin/blackbox_whatsnew

@@ -14,13 +14,7 @@ then
 fi
 
 fail_if_not_in_repo
-
-if [[ -z $GPG_AGENT_INFO ]]; then
-  echo 'WARNING: You probably want to run gpg-agent as'
-  echo 'you will be asked for your passphrase many times.'
-  echo 'Example: $ eval $(gpg-agent --daemon)'
-  read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
-fi
+gpg_agent_notice
 
 COLUMNS=`tput cols`
 FILE=$1

tools/auto_system_test

@@ -0,0 +1,25 @@
+#!/usr/bin/env expect
+
+# Run the confidence test non-interactively.  Since the script
+# asks for passphrases, we use "expect" to simulate keyboard data entry.
+
+# Run the test:
+spawn tools/confidence_test.sh
+
+# As we run the confidence test, respond with the right password.
+# We do this for up to 300 times to prevent an infinite loop.
+
+set times 0;
+while { $times < 300 } {
+   expect {
+       # The script outputs what the password will be, and we save
+       # that info in $pw any time we see the text.
+       "my password is the lowercase letter a" { set pw "a\n" ; exp_continue }
+       "my password is the lowercase letter b" { set pw "b\n" ; exp_continue }
+       # If the passphrase is requested, send it.
+       "Passphrase:" { send $pw ; exp_continue }
+       # If we reach EOF, exit this loop.
+       eof { break }
+   }
+   set times [ expr $times+1];
+}

tools/confidence_test.sh

@@ -1,7 +1,27 @@
 #!/usr/bin/env bash
 
 blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/../bin
-export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin"
+export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:${blackbox_home}"
+
+export LANG=C.UTF-8  # Required ro "gpg --export" to work properly.
+
+# This script requires many utilities, some are not
+# required by the usual blackbox scripts.  Test to make
+# sure we have them all.
+e=false
+for i in blackbox_addadmin blackbox_list_admins blackbox_register_new_file \
+  cat git gpg gpg-agent mkdir pinentry pinentry-tty rm tar which ; do
+  if ! which >/dev/null 2>&1  $i ; then
+    echo ERROR: Command not in PATH: $i
+    e=true
+  fi
+done
+if $e ; then
+  echo 'Exiting. Please install the above commands.'
+  echo 'This script requires many utilities not required by blackbox itself.'
+  echo PATH="$PATH"
+  exit 1
+fi
 
 set -e
 . _stack_lib.sh
@@ -19,10 +39,15 @@ cd "$test_repository"
 make_self_deleting_tempdir fake_alice_home
 make_self_deleting_tempdir fake_bob_home
 export GNUPGHOME="$fake_alice_home"
+#echo 'pinentry-program' "$(which pinentry-insecure-fake)" >> "$GNUPGHOME/gpg-agent.conf"
+echo 'pinentry-program' "$(which pinentry-tty)" >> "$GNUPGHOME/gpg-agent.conf"
+#pinentry-program "${blackbox_home}/pinentry-fake-insecure"
 eval "$(gpg-agent --homedir "$fake_alice_home" --daemon)"
 GPG_AGENT_INFO_ALICE="$GPG_AGENT_INFO"
 
 export GNUPGHOME="$fake_bob_home"
+#echo 'pinentry-program' "$(which pinentry-insecure-fake)" >> "$GNUPGHOME/gpg-agent.conf"
+echo 'pinentry-program' "$(which pinentry-tty)" >> "$GNUPGHOME/gpg-agent.conf"
 eval "$(gpg-agent --homedir "$fake_bob_home" --daemon)"
 GPG_AGENT_INFO_BOB="$GPG_AGENT_INFO"
 
@@ -82,7 +107,11 @@ git commit -m'INITIALIZE BLACKBOX' keyrings .gitignore
 PHASE 'and adds herself as an admin.'
 
 blackbox_addadmin alice@example.com
-git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.??? keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+
+make_self_deleting_tempfile adminlist1
+blackbox_list_admins >"$adminlist1"
+assert_file_md5hash "$adminlist1" "aa1db827772e1d51d453b844394b7617"
 
 
 PHASE 'Bob arrives.'
@@ -110,14 +139,18 @@ gpg --no-permission-warning --batch --gen-key "$gpgconfig"
 echo '========== Bob enrolls himself too.'
 
 blackbox_addadmin bob@example.com
-git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.??? keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
+
+make_self_deleting_tempfile adminlist2
+blackbox_list_admins >"$adminlist2"
+assert_file_md5hash "$adminlist2" "0b82b0b3c96e6e5dd5faf60493fe5cf7"
 
 PHASE 'Alice does the second part to enroll bob.'
 become_alice
 
 PHASE 'She enrolls bob.'
-gpg --import keyrings/live/pubring.gpg
-# TODO(tlim) That --import can be eliminated... maybe?
+#gpg --import $(get_pubring_path)
+## TODO(tlim) That --import can be eliminated... maybe?
 
 PHASE 'She enrolls secrets.txt.'
 blackbox_register_new_file secret.txt
@@ -185,15 +218,14 @@ assert_file_md5hash secret.txt "d3e6bbdfc76fae7fd0a921f3408db1d1"
 PHASE 'appears.'
 become_bob
 
-PHASE 'Bob makes sure he has all new keys.'
-
-gpg --import keyrings/live/pubring.gpg
+#PHASE 'Bob makes sure he has all new keys.'
+#gpg --import keyrings/live/pubring.???
 
 # Pick a GID to use:
 # This users's default group:
 DEFAULT_GID_NUM=$(id -g)
 # Pick a group that is not the default group:
-TEST_GID_NUM=$(id -G | fmt -1 |  grep -xv "$(id -u)" | grep -xv "$(id -g)" | head -1)
+TEST_GID_NUM=$(id -G | fmt -1 | sort -rn | grep -xv "$(id -u)" | grep -xv "$(id -g)" | head -1)
 echo "DEFAULT_GID_NUM=$DEFAULT_GID_NUM"
 echo "TEST_GID_NUM=$TEST_GID_NUM"
 
@@ -218,6 +250,10 @@ PHASE 'Bob removes Alice.'
 blackbox_removeadmin alice@example.com
 assert_line_not_exists 'alice@example.com' keyrings/live/blackbox-admins.txt
 
+make_self_deleting_tempfile adminlist3
+blackbox_list_admins >"$adminlist3"
+assert_file_md5hash "$adminlist3" "aadbfafd76ea66ff40dbfd239a69067f"
+
 PHASE 'Bob reencrypts files so alice can not access them.'
 blackbox_update_all_files
 
@@ -314,6 +350,7 @@ PHASE 'Bob shreds all exposed files.'
 assert_file_exists 'my/path/to/relsecrets.txt'
 assert_file_exists 'secret.txt'
 blackbox_shred_all_files
+which blackbox_shred_all_files
 assert_file_missing '!important!.txt'
 assert_file_missing '#andpounds.txt'
 assert_file_missing 'mistake.txt'
@@ -391,6 +428,10 @@ fi
 # Cleanup:
 blackbox_removeadmin abba@notarealuser.com
 
+make_self_deleting_tempfile adminlist4
+blackbox_list_admins >"$adminlist4"
+assert_file_md5hash "$adminlist4" "aadbfafd76ea66ff40dbfd239a69067f"
+
 
 # TODO: Create a new directory. "git clone" the repo into it.
 

tools/mk_rpm_fpmdir

@@ -107,7 +107,7 @@ cat "$@" | while read -a arr ; do
   fi
   if $GO_COMPILE && [[ $SRC == "cmd/"* || $SRC == *"/cmd/"* ]]; then
     echo "========== BUILD&COPY $SRC"
-    ( cd $(dirname "$SRC" ) && go get -d && go build -a ) 
+    ( cd $(dirname "$SRC" ) && go get -d && go build ) 
     PKGARCH=native
   else
     echo "==========       COPY $SRC"

tools/test_functions.sh

@@ -1,5 +1,15 @@
 #!/usr/bin/env bash
 
+# NB: This is copied from _blackbox_common.sh
+function get_pubring_path() {
+  : "${KEYRINGDIR:=keyrings/live}" ;
+  if [[ -f "${KEYRINGDIR}/pubring.gpg" ]]; then
+    echo "${KEYRINGDIR}/pubring.gpg"
+  else
+    echo "${KEYRINGDIR}/pubring.kbx"
+  fi
+}
+
 function PHASE() {
   echo '********************'
   echo '********************'
@@ -11,7 +21,7 @@ function PHASE() {
 function md5sum_file() {
   # Portably generate the MD5 hash of file $1.
   case $(uname -s) in
-    Darwin )
+    Darwin | FreeBSD )
       md5 -r "$1" | awk '{ print $1 }'
       ;;
     Linux )