george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: george:v1.20170611
Branches Tags
george:master george:tlim_quoted
george:v1.20220610 george:stable george:production george:v1.20200429 george:v1.20181219 george:v1.20180618 george:v1.20180615 george:v1.20170611 george:v1.20170309 george:v1.20160122 george:v1.20151111 george:v1.20150730 george:v1.20150609 george:v1.20150318 george:v1.20150304 george:v1.20150222 george:v1.20150216 george:v1.20150203 george:v1.20151110 george:release
...
compare: george:v1.20181219
Branches Tags
george:master george:tlim_quoted
george:v1.20220610 george:stable george:production george:v1.20200429 george:v1.20181219 george:v1.20180618 george:v1.20180615 george:v1.20170611 george:v1.20170309 george:v1.20160122 george:v1.20151111 george:v1.20150730 george:v1.20150609 george:v1.20150318 george:v1.20150304 george:v1.20150222 george:v1.20150216 george:v1.20150203 george:v1.20151110 george:release

78 Commits
v1.2017061 ... v1.2018121

Author SHA1 Message Date
Tom Limoncelli
49606c19f7 Update RELEASE_ENGINEERING.md 2018-12-19 14:20:19 -05:00
Tom Limoncelli
ccd4f92e0b Update CHANGELOG.md 2018-12-19 14:20:05 -05:00
Tom Limoncelli
70e8c625e5 Add support for NetBSD and SunOS (SmartOS) 
Add support for NetBSD and SunOS (SmartOS)
 2018-12-09 07:32:44 -05:00
Tom Limoncelli
d6f997e8df README.md: Minor fixes 2018-12-07 13:49:38 -05:00
Travis Paul
e17c44aa61 Add NetBSD and SmartOS to list of supported OSes. 2018-12-03 09:19:27 -06:00
Travis Paul
f681872c4d Remove -n 1 argument from the xargs invocation in blackbox_shred_all_files. 
The -I and -n options are mutually-exclusive, don't work as
expected with xargs from SunOS, and appear to be unecessary anyway.
 2018-11-30 13:51:01 +08:00
Travis Paul
3594a3124e Bash from pkgsrc has a flag to disable importing functions unless explicitly enabled. 
The patch was created in response to ShellShock and still remains:
https://www.mail-archive.com/smartos-discuss@lists.smartos.org/msg01247.html
https://github.com/NetBSD/pkgsrc/blob/trunk/shells/bash/patches/patch-shell.c
 2018-11-30 13:49:15 +08:00
Travis Paul
fd3ad2fcea Add better support for NetBSD and SunOS in test scripts. 2018-11-30 10:59:21 +08:00
Travis Paul
3a491aad01 Add NetBSD and SunOS (SmartOS) support to _stack_lib.sh. 2018-11-29 14:01:54 +08:00
Travis Paul
b3b0604be7 Add NetBSD and SunOS support to cp_permissions. 
Note that this likely won't work on Solaris without Coreutils as
Solaris lacks stat(1). SmartOS has stat from Coreutils in base
and the chmod(1) from it's OpenSolaris heritage. Using the chmod
from either Coreutils or Solaris will work the same (in this case)
on SmartOS.
 2018-11-29 13:31:47 +08:00
Travis Paul
6408b622bf Add NetBSD and SunOS support to md5sum_file. 2018-11-29 12:47:37 +08:00
Tom Limoncelli
ab1430b74d Testing: Fix confidence test. 2018-10-03 10:46:07 -04:00
Kamil Wilczek
17ce90125b .blackbox is now the default config directory for new repos. (#272) 
- _blackbox_common.sh sets the default Blackbox directory
  for the new repositories using the first entry of the
  BLACKBOX_CANDIDATES array. This small change sets the
  first entry to the new .blackbox dir (instead of the keyring/live)
 2018-10-03 09:09:11 -04:00
Tobias Dubois
9d305233ca Add blackbox_decrypt_file (#270) 
Add a command for decrypting single files. It is currently just an alias
for blackbox_edit_start.
It is meant to be a more obvious command for decrypting a single file
without editing it.

Fixes #268
 2018-09-27 07:31:03 -04:00
r-savu
dc9fa326f4 Improved compatibility: change"/bin/[x]" to "/usr/bin/env [x]" (#265) 
changed paths of the form "/bin/[x]" into "/usr/bin/env [x]" (#265)
 2018-08-13 10:39:15 -04:00
winter0mute
74de17a4f6 Add blackbox_less. (#263) 
* Add blackbox_view and use PAGER (default to less)
 2018-07-26 10:24:32 -04:00
Ben Creasy
ebaa22a981 add nix method of install (#261) 2018-07-10 10:44:34 -07:00
Tom Limoncelli
0b8c3df70b Linked setting up of GPG key (#260) 2018-07-05 08:26:19 -07:00
Tom Limoncelli
918632436a Reformat README.md 2018-07-05 10:31:14 -04:00
Tom Limoncelli
d268a9e16a Release v1.20180615 2018-06-18 21:17:11 -04:00
Tom Limoncelli
ad2bc19b33 Merge branch 'master' of work-github.com:StackExchange/blackbox 2018-06-18 21:15:25 -04:00
Ben Limmer
1988a883a0 Restore make manual-install with warning. (#258) 2018-06-15 20:04:07 -04:00
Tom Limoncelli
a7f5e717eb Update CHANGELOG.md 2018-06-15 09:37:05 -04:00
Tom Limoncelli
4cf649f4cf Merge pull request #257 from StackExchange/docfix 
Fix #256: Clarify .blackbox vs keyrings/live in README.md
 2018-06-15 09:23:54 -04:00
Tom Limoncelli
69c0360a99 Clarify .blackbox vs keyrings/live in README.md 2018-06-15 09:22:05 -04:00
Tom Limoncelli
07546c6205 Whitespace 2018-05-31 17:01:24 -04:00
Tom Limoncelli
17d1a1a98b Fix whitespace. 2018-04-30 13:50:00 -04:00
Tom Limoncelli
8f6bef8542 Merge pull request #248 from tullis/fix-removeadmin-suggested-command 
Suggest committing changes to pubring.gpg when running blackbox_removeadmin
 2018-04-11 07:56:11 -04:00
Ben Tullis
7cebec9450 Ensure that git commits the changes to pubring.gpg when running blackbox_removeadmin 
This relates to https://github.com/StackExchange/blackbox/issues/247 where it has been observed that the blackbox_removeadmin script prompts the user to run an incorrect command after running blackbox_removeadmin. This commit simply adds pubring.gpg to the list of files to be committed.
 2018-04-11 11:06:14 +01:00
jciskey
906ecd0f82 Fix typo (#246) 2018-03-12 06:45:32 -04:00
Tom Limoncelli
6efbd24c58 Improve installation instructions (#244) 
* Clarify manual-install -> symlinks-install
 2018-02-22 13:46:42 -05:00
Tom Limoncelli
b9e456019b Add missing library: libffi-dev 2018-02-12 08:06:55 -05:00
Kwok-kuen Cheung
5162cb1cac Fix replacing-expired-keys link in README (#241) 2018-02-06 06:08:29 -05:00
Tom Limoncelli
6a04a6599f Merge pull request #239 from benhc123/patch-15 
quick corrections
 2018-01-07 13:58:21 -05:00
Ben Holden-Crowther
cbfce0b9f0 quick corrections 2018-01-07 18:42:07 +00:00
Tom Limoncelli
f94f2e339e Merge pull request #238 from benhc123/patch-14 
Corrections on new section
 2018-01-06 11:12:42 -05:00
Ben Holden-Crowther
34c132b713 Corrections on new section 2018-01-06 15:13:35 +00:00
Pim Snel
0c4cdace10 Fix problems when gpg2 is installed next to gpg (#237) 
* implement fixes from https://stackoverflow.com/questions/44247308/blackbox-gpg-decrypt-fails-dont-know-ctb-00
* fix problems when working with gpg2 next to gpg. Add's readme section
* fix anchor
 2018-01-05 08:05:57 -05:00
Mike Newswanger
5f6e91659e Merge pull request #231 from benhc123/patch-10 
BlackBox vs Blackbox or blackbox
 2018-01-02 10:03:53 -05:00
Mike Newswanger
001915dacb Merge pull request #232 from benhc123/patch-11 
"BlackBox" vs "blackbox"
 2018-01-02 10:03:30 -05:00
Mike Newswanger
7d8979ea1b Merge pull request #233 from benhc123/patch-12 
BlackBox vs Blackbox
 2018-01-02 10:03:07 -05:00
Mike Newswanger
8656b10d44 Merge pull request #236 from benhc123/patch-13 
Update license year
 2018-01-02 10:02:42 -05:00
Ben Holden-Crowther
058d765a07 Update license year 2017-12-31 16:17:44 +00:00
Ben Holden-Crowther
0028fa49fb BlackBox vs Blackbox 2017-12-15 21:49:48 +00:00
Ben Holden-Crowther
b70a215c61 "BlackBox" vs "blackbox" 2017-12-15 21:48:26 +00:00
Ben Holden-Crowther
90c34b5e0c BlackBox vs Blackbox or blackbox 
consistency
 2017-12-15 21:46:47 +00:00
Tom Limoncelli
292eb07768 Merge pull request #230 from benhc123/patch-9 
Spelling
 2017-12-15 14:51:43 -05:00
Ben Holden-Crowther
3203a7aa10 Spelling 2017-12-15 12:35:20 +00:00
Ben Holden-Crowther
242c34955e Spelling (#229) 2017-12-14 21:08:44 -05:00
Ben Holden-Crowther
8e0e96be5e Doc: fix typos (#228) 
And another one :)
 2017-12-14 17:31:34 -05:00
Ben Holden-Crowther
eb4ad38548 Misspelling (#227) 2017-12-14 17:30:16 -05:00
Ben Holden-Crowther
7f085fc32c Spelling (#226) 2017-12-14 06:01:19 -05:00
Ben Holden-Crowther
0f0d813392 docs: Fix spacing (#225) 
tiny spacing correction
 2017-12-12 14:38:35 -05:00
Tom Limoncelli
174b0d5ba5 Improve README.md formatting 
Improve formatting
 2017-12-10 07:28:48 -05:00
Ben Holden-Crowther
6a9bc745f1 Improve formatting 
link
 2017-12-10 12:15:36 +00:00
Tom Limoncelli
89566f7dd2 Merge pull request #223 from jinnko/master 
Exclude our default keyring from import
 2017-11-11 08:47:21 -08:00
Jinn Koriech
3fda14fd23 Exclude our default keyring from import 
By default GPG will continue to perform actions against our default keyring.

During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist.  If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.

To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase.  The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
 2017-11-11 09:34:59 +00:00
Tom Limoncelli
9ff5892ddf .gitattributes not created in some situations 
Replaces https://github.com/StackExchange/blackbox/pull/146
 2017-11-07 10:57:08 -05:00
Jon Bardin
043b66dc50 Fixes issue were .gitignore is not included in the commit when you register new file (#206) 
* this should fix the .gitignore not be including in the commit when registering a new file
 2017-11-07 07:52:34 -08:00
Tom Limoncelli
972abfc03f CI 2017-09-18 17:31:02 -04:00
Aymeric Beaumet
60e782a09e Store keys in .blackbox directory (#218) 2017-09-17 18:13:36 -04:00
Tom Limoncelli
103106e08f "make clean" should be idempotent. 2017-09-17 17:39:14 -04:00
Tom Limoncelli
ca99a1ebb4 Revert redundant circleci badge 2017-09-16 11:07:51 -04:00
Tom Limoncelli
318e21b4c8 Add CircleCI badge 2017-09-16 10:54:11 -04:00
Tom Limoncelli
57b5f59ca7 Fixing circleci 2017-09-16 10:40:12 -04:00
Paul Romero
53cc02e419 Corrected English in README (#209) 
Nonsensical English corrected
 2017-09-15 12:00:30 -04:00
Aymeric Beaumet
3cbfb2ba8c Update readme with CircleCI link (#216) 2017-09-15 11:40:39 -04:00
Aymeric Beaumet
2e894ea86f Run the tests on a CI (#215) 
* Add CircleCI and make tests pass on ubuntu:16.04
* Add badge to readme
* Add debian stable to CircleCI
* Fix pkill on CircleCI debian
 2017-09-15 11:15:12 -04:00
James Gregory
0626efa7e8 Fixed Alpine compatibility (chmod) (#212) 2017-09-01 05:01:20 -07:00
Jessica Evans
c60ca184f3 Made LICENSE link (#210) 2017-08-28 04:24:27 -07:00
Paul Romero
0ec0cd3762 Formatting improvements (#208) 
Converted raw URLs to links
 2017-08-24 04:23:09 -07:00
BHC
4528796279 Update license year (#205) 
to 2017
 2017-08-22 10:29:15 -07:00
Patrick Sanders
b483f65c0b direct repobase message to stderr (#204) 2017-08-17 08:57:04 -07:00
Tom Limoncelli
ced82815cf Improve tip about storing GPG keys 2017-08-08 09:56:23 -04:00
Tom Limoncelli
a3032aec07 NEW: .gitattributes Set Unix-only files to eol=lf 2017-07-14 14:38:00 -04:00
Jinn Koriech
c91b29be12 Silence 'not changed' output during keychain import (#200) 
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout.  This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
 2017-07-04 10:32:48 -04:00
Tom Limoncelli
9468ea69ec Improve info about expired GPG keys. 2017-06-16 12:04:08 -04:00
Tom Limoncelli
9966283368 Blackbox should work with Windows better WRT crlf. 2017-06-16 08:16:07 -04:00
20 changed files with 541 additions and 182 deletions
Expand all files Collapse all files

56
.circleci/config.yml Normal file
View File

@@ -0,0 +1,56 @@
version: 2
workflows:
version: 2
build_and_test:
jobs:
- debian
- ubuntu
jobs:
debian:
docker:
- image: debian:9.1
steps:
- checkout
- run:
name: 'Installing'
command: |
apt-get update -y
apt-get install -y build-essential expect git gnupg2 pinentry-tty procps rpm ruby-dev libffi-dev
gem install fpm
- run:
name: 'Cleaning'
command: |
rm -rf ~/.gpnupg
make clean
- run:
name: 'Testing'
command: |
GPG=gpg2 make test
make packages-deb
make packages-rpm
ubuntu:
docker:
- image: ubuntu:16.04
steps:
- checkout
- run:
name: 'Installing'
command: |
apt-get update -y
apt-get install -y build-essential expect git gnupg2 pinentry-tty procps rpm ruby-dev libffi-dev
gem install fpm
- run:
name: 'Cleaning'
command: |
rm -rf ~/.gpnupg
make clean
- run:
name: 'Testing'
command: |
GPG=gpg2 make test
make packages-deb
make packages-rpm

5
.gitattributes vendored Normal file
View File

@@ -0,0 +1,5 @@
bin/** text eol=lf
tools/** text eol=lf
Makefile text eol=lf
Portfile text eol=lf
blackbox.plugin.zsh text eol=lf

53
CHANGELOG.md
View File

@@ -1,8 +1,53 @@
Release v1.20170127
Release v1.20181219
* Starting CHANGELOG.
* New OS support: Add support for NetBSD and SunOS (SmartOS)
* Testing: Improve confidence test.
* .blackbox is now the default config directory for new repos. (#272)
* Add blackbox_decrypt_file (#270)
* Improved compatibility: change"/bin/[x]" to "/usr/bin/env [x]" (#265)
* Add blackbox_less. (#263)
* add nix method of install (#261)
* Linked setting up of GPG key (#260)
Release v1.20180618
* Restore `make manual-install` with warning. (#258)
Release v1.20180615
* Standardize on .blackbox for config. Use keyrings/live for backwards compatibility.
* Store keys in .blackbox directory (#218)
* Suggest committing changes to pubring.gpg when running blackbox_removeadmin (#248)
* Fix typo (#246)
* Improve installation instructions (#244)
* Fix replacing-expired-keys link in README (#241)
* Fix problems when gpg2 is installed next to gpg (#237)
* Many documentation corrections, updates, etc.
* Exclude default keyring from import (#223)
* .gitattributes not always updated (PR#146)
* Fix bugs related to updating .gitattributes (PR#146)
* Update readme with CircleCI link (#216)
* Run the tests on a CI (#215)
* Fixed Alpine compatibility (chmod) (#212)
* direct repobase message to stderr (#204)
* Improve Windows compatibility
* NEW: .gitattributes Set Unix-only files to eol=lf
* Silence 'not changed' output during keychain import (#200)
* Improve FreeBSD compatibility
* shred_file() outputs warning message to stderr. (#192)
* Don't complain about GPG_AGENT_INFO if using newer gpg-agent (#189)
* [FreeBSD] Fix use of chmod (#180)
* Requiring a file to be entered to finish editing (#175)
* Remove the key from the keyring when removing an admin (#173)
* Add FreeBSD support (#172)
* Add list admins commandline tool. (#170)
ignore backup files and secring.gpg in $BLACKBOXDATA (#169)
Allow parallel shredding of files (#167)
* Add/improve Mingw support
* Make "make confidence" less fragile
* And a lot, lot more.
Release v1.20170309
* "make test" is an alias for "make confidence"
@@ -24,3 +69,7 @@ Release v1.20170611
* blackbox_shred_all_files: BUGFIX: Does not shred files with spaces
* blackbox_removeadmin: disable gpg's confirmation
* Sync mk_rpm_fpmdir from master
Release v1.20170127
* Starting CHANGELOG.

2
LICENSE.txt
View File

@@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2014-2016 Stack Exchange, Inc.
Copyright (c) 2014-2018 Stack Exchange, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

33
Makefile
View File

@@ -6,15 +6,18 @@ OUTPUTDIR?="$(BASEDIR)/debbuild-${PKGNAME}"
all:
@echo 'Menu:'
@echo ' make update Update any generated files'
@echo ' make packages Make RPM packages'
@echo ' make packages-deb Make DEB packages'
@echo ' make test Run tests'
@echo ' make install (incomplete)'
@echo ' make update Update any generated files'
@echo ' make packages-rpm Make RPM packages'
@echo ' make packages-deb Make DEB packages'
@echo ' make symlinks-install Make symlinks in /usr/local/bin/'
@echo ' make copy-install Copy "bin" files to /usr/local/bin/'
@echo ' make usrlocal-uninstall Remove blackbox files from /usr/local/bin/'
@echo ' make test Run tests'
install:
@echo 'To install, copy the files from bin to somewhere in your PATH.'
@echo 'Or, if you use RPMs, "make packages" and install the result.'
@echo 'The README.md document gives more details.'
@echo 'Or run "make" (with no options) for more info.'
# The default package type is RPM.
packages: packages-rpm
@@ -51,12 +54,24 @@ unlock-rpm:
#
# Manual install
#
manual-install:
symlinks-install:
@echo 'Symlinking files from ./bin to /usr/local/bin'
@cd bin && for f in `find . -type f -iname "*" ! -iname "Makefile"`; do ln -fs `pwd`/$$f /usr/local/bin/$$f; done
@echo 'Done.'
manual-uninstall:
manual-install:
@echo '***************************************************************'
@echo '* DEPRECATED *'
@echo '* `make manual-install` is now called `make symlinks-install` *'
@echo '***************************************************************'
$(MAKE) symlinks-install
copy-install:
@echo 'Copying files from ./bin to /usr/local/bin'
@cd bin && for f in `find . -type f -iname "*" ! -iname "Makefile"`; do cp `pwd`/$$f /usr/local/bin/$$f; done
@echo 'Done.'
usrlocal-uninstall:
@echo 'Removing blackbox files from /usr/local/bin'
@cd bin && for f in `find . -type f -iname "*" ! -iname "Makefile"`; do rm /usr/local/bin/$$f; done
@echo 'Done.'
@@ -118,7 +133,7 @@ uninstall-stow:
update: tools/mk_deb_fpmdir.stack_blackbox.txt tools/mk_macports.vcs_blackbox.txt
clean:
rm tools/mk_deb_fpmdir.stack_blackbox.txt tools/mk_macports.vcs_blackbox.txt
rm -f tools/mk_deb_fpmdir.stack_blackbox.txt tools/mk_macports.vcs_blackbox.txt
#
# System Test:

394
README.md
View File

@@ -1,4 +1,4 @@
BlackBox
BlackBox [![CircleCI](https://circleci.com/gh/StackExchange/blackbox.svg?style=shield)](https://circleci.com/gh/StackExchange/workflows/blackbox)
========
Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce). These commands make it easy for you to Gnu Privacy Guard (GPG) encrypt specific files in a repo so they are "encrypted at rest" in your repository. However, the scripts make it easy to decrypt them when you need to view or edit them, and decrypt them for use in production. Originally written for Puppet, BlackBox now works with any Git or Mercurial repository.
@@ -14,30 +14,34 @@ Table of Contents
- [Table of Contents](#table-of-contents)
- [Overview](#overview)
- [Why is this important?](#why-is-this-important)
- [Installation Instructions:](#installation-instructions)
- [Commands:](#commands)
- [Compatibility:](#compatibility)
- [Installation Instructions](#installation-instructions)
- [Commands](#commands)
- [Compatibility](#compatibility)
- [How is the encryption done?](#how-is-the-encryption-done)
- [What does this look like to the typical user?](#what-does-this-look-like-to-the-typical-user)
- [How to use the secrets with Puppet?](#how-to-use-the-secrets-with-puppet)
- [Entire files:](#entire-files)
- [Small strings:](#small-strings)
- [How to enroll a new file into the system?](#how-to-enroll-a-new-file-into-the-system)
- [How to remove a file from the system?](#how-to-remove-a-file-from-the-system)
- [How to indoctrinate a new user into the system?](#how-to-indoctrinate-a-new-user-into-the-system)
- [How to remove a user from the system?](#how-to-remove-a-user-from-the-system)
- [Enabling Blackbox For a Repo](#enabling-blackbox-for-a-repo)
- [Entire files](#entire-files)
- [Small strings](#small-strings)
- File Management
- [How to enroll a new file into the system?](#how-to-enroll-a-new-file-into-the-system)
- [How to remove a file from the system?](#how-to-remove-a-file-from-the-system)
- User Management
- [How to indoctrinate a new user into the system?](#how-to-indoctrinate-a-new-user-into-the-system)
- [How to remove a user from the system?](#how-to-remove-a-user-from-the-system)
- Repo Management
- [Enabling BlackBox For a Repo](#enabling-blackbox-for-a-repo)
- [Set up automated users or “role accounts”](#set-up-automated-users-or-role-accounts)
- [Replace expired keys:](#replace-expired-keys)
- [Some common errors:](#some-common-errors)
- [Using Blackbox without a repo](#using-blackbox-without-a-repo)
- [Some Subversion gotchas:](#some-subversion-gotchas)
- [Replacing expired keys](#replacing-expired-keys)
- [Some common errors](#some-common-errors)
- [Using BlackBox on Windows](#using-blackbox-on-windows)
- [Using BlackBox without a repo](#using-blackbox-without-a-repo)
- [Some Subversion gotchas](#some-subversion-gotchas)
- [Using Blackbox when gpg2 is installed next to gpg](#using-blackbox-when-gpg2-is-installed-next-to-gpg)
- [How to submit bugs or ask questions?](#how-to-submit-bugs-or-ask-questions)
- [Developer Info](#developer-info)
- [Alternatives](#alternatives)
- [License](#license)
Overview
========
@@ -49,7 +53,22 @@ Rather than one GPG passphrase for all the files, each person with access has th
Automated processes often need access to all the decrypted files. This is easy too. For example, suppose Git is being used for Puppet files. The master needs access to the decrypted version of all the files. Simply set up a GPG key for the Puppet master (or the role account that pushes new files to the Puppet master) and have that user run `blackbox_postdeploy` after any files are updated.
Getting started is easy. Just `cd` into a Git, Mercurial, Subversion or Perforce repository and run `blackbox_initialize`. After that, if a file is to be encrypted, run `blackbox_register_new_file` and you are done. Add and remove keys with `blackbox_addadmin` and `blackbox_removeadmin`. To view and/or edit a file, run `blackbox_edit`; this will decrypt the file and open with whatever is specified by your $EDITOR environment variable. When you close the editor the file will automatically be encrypted again and the temporary plaintext file will be shredded. If you need to leave the file decrypted while you update you can use the`blackbox_edit_start` to decrypt the file and `blackbox_edit_end` when you want to "put it back in the box."
Getting started is looks like this.
First, if you don't have a GPG key, set it up using instructions
such as:
[Set up GPG key](https://help.github.com/articles/generating-a-new-gpg-key/).
Now you are ready to go.
`cd` into a Git, Mercurial, Subversion
or Perforce repository and run `blackbox_initialize`. After that,
if a file is to be encrypted, run `blackbox_register_new_file` and
you are done. Add and remove keys with `blackbox_addadmin` and
`blackbox_removeadmin`. To view and/or edit a file, run `blackbox_edit`;
this will decrypt the file and open with whatever is specified by
your $EDITOR environment variable. When you close the editor the
file will automatically be encrypted again and the temporary plaintext
file will be shredded. If you need to leave the file decrypted while
you update you can use the`blackbox_edit_start` to decrypt the file
and `blackbox_edit_end` when you want to "put it back in the box."
Why is this important?
======================
@@ -60,20 +79,22 @@ NOT SO OBVIOUSLY when we store "secrets" in a VCS repo like Git or Mercurial, su
The ability to be open and transparent about our code, with the exception of a few specific files, is key to the kind of collaboration that DevOps and modern IT practitioners need to do.
Installation Instructions:
==========================
Installation Instructions
=========================
- *The MacPorts Way*: `sudo port install vcs_blackbox`
- *The Homebrew Way*: `brew install blackbox`
- *The RPM way*: Check out the repo and make an RPM via `make packages-rpm`; now you can distribute the RPM via local methods.
- *The Debian/Ubuntu way*: Check out the repo and install [fpm](https://github.com/jordansissel/fpm). Now you can make a DEB `make packages-deb` that can be distributed via local methods.
- *The hard way*: Copy all the files in "bin" to your "bin".
- *The manual way*: `make manual-install` to install. `make manual-uninstall` to uninstall.
- *The Antigen Way*: Add `antigen bundle StackExchange/blackbox` to your .zshrc
- *The Zgen Way*: Add `zgen load StackExchange/blackbox` to your .zshrc where you're loading your other plugins.
- *The hard way (manual*: Copy all the files in "bin" to your "bin".
- *The hard way (automatic)*: `make copy-install` will copy the bin files into /usr/local/bin (uninstall with `make usrlocal-uninstall`).
- *The symlinks way*: `make symlinks-install` will make symlinks of the bin files into /usr/local/bin (uninstall with `make usrlocal-uninstall`) (useful when doing development)
- *The MacPorts Way*: `sudo port install vcs_blackbox`
- *The Homebrew Way*: `brew install blackbox`
- *The RPM way*: Check out the repo and make an RPM via `make packages-rpm`; now you can distribute the RPM via local methods. (Requires [fpm](https://github.com/jordansissel/fpm).)
- *The Debian/Ubuntu way*: Check out the repo and make a DEB via `make packages-deb`; now you can distribute the DEB via local methods. (Requires [fpm](https://github.com/jordansissel/fpm).)
- *The Antigen Way*: Add `antigen bundle StackExchange/blackbox` to your .zshrc
- *The Zgen Way*: Add `zgen load StackExchange/blackbox` to your .zshrc where you're loading your other plugins.
- *The Nix Way*: `nix-env -i blackbox`
Commands:
=========
Commands
========
| Name: | Description: |
|-------------------------------------|-------------------------------------------------------------------------|
@@ -81,12 +102,14 @@ Commands:
| `blackbox_edit_start <file>` | Decrypt a file so it can be updated |
| `blackbox_edit_end <file>` | Encrypt a file after blackbox_edit_start was used |
| `blackbox_cat <file>` | Decrypt and view the contents of a file |
| `blackbox_view <file>` | Like blackbox_cat but pipes to `less` or $PAGER |
| `blackbox_diff` | Diff decrypted files against their original crypted version |
| `blackbox_initialize` | Enable blackbox for a GIT or HG repo |
| `blackbox_register_new_file <file>` | Encrypt a file for the first time |
| `blackbox_deregister_file <file>` | Remove a file from blackbox |
| `blackbox_list_files` | List the files maintained by blackbox |
| `blackbox_list_admins` | List admins currently authorized for blackbox |
| `blackbox_decrypt_file <file>` | Decrypt a file |
| `blackbox_decrypt_all_files` | Decrypt all managed files (INTERACTIVE) |
| `blackbox_postdeploy` | Decrypt all managed files (batch) |
| `blackbox_addadmin <gpg-key>` | Add someone to the list of people that can encrypt/decrypt secrets |
@@ -95,52 +118,84 @@ Commands:
| `blackbox_update_all_files` | Decrypt then re-encrypt all files. Useful after keys are changed |
| `blackbox_whatsnew <file>` | show what has changed in the last commit for a given file |
Compatibility:
==============
Compatibility
=============
Blackbox automatically determines which VCS you are using and does the right thing. It has a plug-in architecture to make it easy to extend to work with other systems. It has been tested to work with many operating systems.
BlackBox automatically determines which VCS you are using and does the right thing. It has a plug-in architecture to make it easy to extend to work with other systems. It has been tested to work with many operating systems.
- Version Control systems
- `git` -- The Git
- `hg` -- Mercurial
- `svn` -- SubVersion (Thanks, Ben Drasin!)
- `p4` -- Perforce
- none -- The files can be decrypted outside of a repo if the keyrings directory is intact
- Operating system
- CentOS / RedHat
- MacOS X
- Cygwin (Thanks, Ben Drasin!)
- MinGW (git bash on windows) **See Note Below**
- Version Control systems
- `git` -- The Git
- `hg` -- Mercurial
- `svn` -- SubVersion (Thanks, Ben Drasin!)
- `p4` -- Perforce
- none -- The files can be decrypted outside of a repo if the `.blackbox` directory is intact
- Operating system
- CentOS / RedHat
- MacOS X
- Cygwin (Thanks, Ben Drasin!) **See Note Below**
- MinGW (git bash on windows) **See Note Below**
- NetBSD
- SmartOS
To add or fix support for a VCS system, look for code at the end of `bin/_blackbox_common.sh`
To add or fix support for a new operating system, look for the case statements in `bin/_blackbox_common.sh` and `bin/_stack_lib.sh` and maybe `tools/confidence_test.sh`
Note: Cywin support requires the following packages:
Using BlackBox on Windows
=========================
- Normal operation:
- gnupg
- git or mercurial or subversion or perforce (as appropriate)
- Development (if you will be adding code and want to run the confidence test)
- procps
- make
- git (the confidence test currently only tests git)
BlackBox can be used with Cygwin or MinGW.
Note: MinGW (comes with Git for Windows) support requires the following additional installations
- Normal operation:
- [Git for Windows](https://git-scm.com/) (not tested with Mercurial)
- Git Bash MINTTY returns a MinGW console. So when you install make sure you pick `MINTTY` instead of windows console. You'll be executing blackbox from the Git Bash prompt.
- You need at least version 2.8.1 of Git for Windows.
- [GnuWin32](https://sourceforge.net/projects/getgnuwin32/files/) - needed for various tools not least of which is mktemp which is used by blackbox
- after downloading the install just provides you with some batch files. Because of prior issues at sourceforge and to make sure you get the latest version of each package the batch files handle the brunt of the work of getting the correct packages and installing them for you.
- from a **windows command prompt** run `download.bat` once it has completed run `install.bat` then add the path for those tools to your PATH (ex: `PATH=%PATH%;c:\GnuWin32\bin`)
- Development:
- unknown
### Protect the line endings
BlackBox assumes that `blackbox-admins.txt` and `blackbox-files.txt` will have
LF line endings. Windows users should be careful to configure Git or other systems
to not convert or "fix" those files.
If you use Git, add the following lines to your `.gitattributes` file:
**/blackbox-admins.txt text eol=lf
**/blackbox-files.txt text eol=lf
The latest version of `blackbox_initialize` will create a `.gitattributes` file in the `$BLACKBOXDATA`
directory (usually `.blackbox`) for you.
### Cygwin
Cygwin support requires the following packages:
Normal operation:
- gnupg
- git or mercurial or subversion or perforce (as appropriate)
Development (if you will be adding code and want to run the confidence test)
- procps
- make
- git (the confidence test currently only tests git)
### MinGW
MinGW (comes with Git for Windows) support requires the following:
Normal operation:
- [Git for Windows](https://git-scm.com/) (not tested with Mercurial)
- Git Bash MINTTY returns a MinGW console. So when you install make sure you pick `MINTTY` instead of windows console. You'll be executing blackbox from the Git Bash prompt.
- You need at least version 2.8.1 of Git for Windows.
- [GnuWin32](https://sourceforge.net/projects/getgnuwin32/files/) - needed for various tools not least of which is mktemp which is used by blackbox
- after downloading the install just provides you with some batch files. Because of prior issues at sourceforge and to make sure you get the latest version of each package the batch files handle the brunt of the work of getting the correct packages and installing them for you.
- from a **windows command prompt** run `download.bat` once it has completed run `install.bat` then add the path for those tools to your PATH (ex: `PATH=%PATH%;c:\GnuWin32\bin`)
Development:
- unknown (if you develop Blackbox under MinGW, please let us know if any additional packages are required to run `make test`)
How is the encryption done?
===========================
GPG has many different ways to encrypt a file. BlackBox uses the mode that lets you specify a list of keys that can decrypt the messsage.
GPG has many different ways to encrypt a file. BlackBox uses the mode that lets you specify a list of keys that can decrypt the message.
If you have 5 people ("admins") that should be able to access the secrets, each creates a GPG key and adds their public key to the keychain. The GPG command used to encrypt the file lists all 5 key names, and therefore any 1 key can decrypt the file.
@@ -154,20 +209,20 @@ To remove someone's access, remove that admin's key name (i.e. email address) fr
*If you use Puppet, why didn't you just use hiera-eyaml?* There are 4 reasons:
1. This works with any Git or Mercurial repo, even if you aren't using Puppet.
2. hiera-eyaml decrypts "on demand" which means your Puppet Master now uses a lot of CPU to decrypt keys every time it is contacted. It slows down your master, which, in my case, is already slow enough.
3. This works with binary files, without having to ASCIIify them and paste them into a YAML file. Have you tried to do this with a cert that is 10K long and changes every few weeks? Ick.
4. hiera-eyaml didn't exist when I wrote this.
1. This works with any Git or Mercurial repo, even if you aren't using Puppet.
2. hiera-eyaml decrypts "on demand" which means your Puppet Master now uses a lot of CPU to decrypt keys every time it is contacted. It slows down your master, which, in my case, is already slow enough.
3. This works with binary files, without having to ASCIIify them and paste them into a YAML file. Have you tried to do this with a cert that is 10K long and changes every few weeks? Ick.
4. hiera-eyaml didn't exist when I wrote this.
What does this look like to the typical user?
=============================================
- If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
- Decrypt the file so it is editable: `blackbox_edit_start FILENAME`
- (You will need to enter your GPG passphrase.)
- Edit FILENAME as you desire: `vim FILENAME`
- Re-encrypt the file: `blackbox_edit_end FILENAME`
- Commit the changes. `git commit -a` or `hg commit`
- If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
- Decrypt the file so it is editable: `blackbox_edit_start FILENAME`
- (You will need to enter your GPG passphrase.)
- Edit FILENAME as you desire: `vim FILENAME`
- Re-encrypt the file: `blackbox_edit_end FILENAME`
- Commit the changes. `git commit -a` or `hg commit`
Wait... it can be even easier than that! Run `blackbox_edit FILENAME`, and it'll decrypt the file in a temp file and call `$EDITOR` on it, re-encrypting again after the editor is closed.
@@ -228,8 +283,8 @@ The variable `$the_password` will contain "my secret password" and can be used a
How to enroll a new file into the system?
=========================================
- If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
- Add the file to the system:
- If you need to, start the GPG Agent: `eval $(gpg-agent --daemon)`
- Add the file to the system:
```
blackbox_register_new_file path/to/file.name.key
@@ -261,7 +316,9 @@ blackbox_deregister_file path/to/file.name.key
How to indoctrinate a new user into the system?
===============================================
`keyrings/live/blackbox-admins.txt` is a file that lists which users are able to decrypt files. (More pedantically, it is a list of the GnuPG key names that the file is encrypted for.)
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
`.blackbox/blackbox-admins.txt` is a file that lists which users are able to decrypt files. (More pedantically, it is a list of the GnuPG key names that the file is encrypted for.)
To join the list of people that can edit the file requires three steps; You create a GPG key and add it to the key ring. Then, someone that already has access adds you to the system. Lastly, you should test your access.
@@ -273,7 +330,7 @@ If you don't already have a GPG key, here's how to generate one:
gpg --gen-key
```
Pick defaults for encryption settings, 0 expiration. Pick a VERY GOOD passphrase. Store the private key securely. Tip: Store it on a secure machine, or one with little or no internet access, with full-disk-encryption, etc. Your employer problably has rules about how to store such things.
Pick defaults for encryption settings, 0 expiration. Pick a VERY GOOD passphrase. Store a backup of the private key someplace secure. For example, keep the backup copy on a USB drive that is locked in safe. Or, at least put it on a machine secure machine with little or no internet access, full-disk-encryption, etc. Your employer probably has rules about how to store such things.
Now that you have a GPG key, add yourself as an admin:
@@ -290,7 +347,7 @@ blackbox_addadmin tal@example.com
When the command completes successfully, instructions on how to commit these changes will be output. Run the command as given to commit the changes. It will look like this:
```
git commit -m'NEW ADMIN: tal@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
git commit -m'NEW ADMIN: tal@example.com' .blackbox/pubring.gpg .blackbox/trustdb.gpg .blackbox/blackbox-admins.txt
```
Then push it to the repo:
@@ -314,7 +371,8 @@ Ask someone that already has access to re-encrypt the data files. This gives you
Pre-check: Verify the new keys look good.
```
$ gpg --homedir=keyrings/live --list-keys
git pull # Or whatever is required for your system
gpg --homedir=.blackbox --list-keys
```
For example, examine the key name (email address) to make sure it conforms to corporate standards.
@@ -322,7 +380,7 @@ For example, examine the key name (email address) to make sure it conforms to co
Import the keychain into your personal keychain and reencrypt:
```
gpg --import keyrings/live/pubring.gpg
gpg --import .blackbox/pubring.gpg
blackbox_update_all_files
```
@@ -358,27 +416,61 @@ When the command completes, you will be given a reminder to check in the change
Note that their keys will still be in the key ring, but they will go unused. If you'd like to clean up the keyring, use the normal GPG commands and check in the file.
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
```
gpg --homedir=keyrings/live --list-keys
gpg --homedir=keyrings/live --delete-key olduser@example.com
git commit -m'Cleaned olduser@example.com from keyring' keyrings/live/*
gpg --homedir=.blackbox --list-keys
gpg --homedir=.blackbox --delete-key olduser@example.com
git commit -m'Cleaned olduser@example.com from keyring' .blackbox/*
```
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
The key ring only has public keys. There are no secret keys to delete.
Remember that this person did have access to all the secrets at one time. They could have made a copy. Therefore, to be completely secure, you should change all passwords, generate new SSL keys, and so on just like when anyone that had privileged access leaves an organization.
Enabling Blackbox For a Repo
Where is the configuration stored? .blackbox vs. keyrings/live
==============================================================
Blackbox stores its configuration data in the `.blackbox` subdirectory. Older
repos use `keyrings/live`. For backwards compatibility either will work.
All documentation refers to `.blackbox`.
You can convert an old repo by simply renaming the directory:
```
mv keyrings/live .blackbox
rmdir keyrings
```
There is no technical reason to convert old repos except that it is less
confusing to users.
This change was made in commit 60e782a0, release v1.20180615.
The details:
- First Blackbox checks `$BLACKBOXDATA`. If this environment variable is set, this is the directory that will be used. If it lists a directory that does not exist, Blackbox will print an error and exit.
- If `$BLACKBOXDATA` is not set: (which is the typical use case)
- Blackbox will first try `keyrings/live` and use it if it exists.
- Otherwise the default `.blackbox` will be used. If `.blackbox` does not exist, Blackbox will print an error and exit.
Enabling BlackBox For a Repo
============================
Overview:
To add "blackbox" to a git or mercurial repo, you'll need to do the following:
1. Run the initialize script. This adds a few files to your repo in a directory called "keyrings".
2. For the first user, create a GPG key and add it to the key ring.
3. Encrypt the files you want to be "secret".
4. For any automated user (one that must be able to decrypt without a passphrase), create a GPG key and create a subkey with an empty passphrase.
1. Run the initialize script. This adds a few files to your repo in a directory called ".blackbox".
2. For the first user, create a GPG key and add it to the key ring.
3. Encrypt the files you want to be "secret".
4. For any automated user (one that must be able to decrypt without a passphrase), create a GPG key and create a subkey with an empty passphrase.
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
### Run the initialize script.
@@ -429,6 +521,8 @@ Set up automated users or "role accounts"
i.e. This is how a Puppet Master can have access to the unencrypted data.
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
An automated user (a "role account") is one that that must be able to decrypt without a passphrase. In general you'll want to do this for the user that pulls the files from the repo to the master. This may be automated with Jenkins CI or other CI system.
GPG keys have to have a passphrase. However, passphrases are optional on subkeys. Therefore, we will create a key with a passphrase then create a subkey without a passphrase. Since the subkey is very powerful, it should be created on a very secure machine.
@@ -441,9 +535,9 @@ ProTip: If asked to generate entropy, consider running this on the same machine
For the rest of this doc, you'll need to make the following substitutions:
- ROLEUSER: svc_deployacct or whatever your role account's name is.
- NEWMASTER: the machine this role account exists on.
- SECUREHOST: The machine you use to create the keys.
- ROLEUSER: svc_deployacct or whatever your role account's name is.
- NEWMASTER: the machine this role account exists on.
- SECUREHOST: The machine you use to create the keys.
NOTE: This should be more automated/scripted. Patches welcome.
@@ -491,9 +585,9 @@ Command> save
Now securely export this directory to NEWMASTER:
```
$ gpg --homedir . --export -a svc_sadeploy >/tmp/NEWMASTER/pubkey.txt
$ tar cvf /tmp/keys.tar .
$ rsync -avP /tmp/keys.tar NEWMASTER:/tmp/.
gpg --homedir . --export -a svc_sadeploy >/tmp/NEWMASTER/pubkey.txt
tar cvf /tmp/keys.tar .
rsync -avP /tmp/keys.tar NEWMASTER:/tmp/.
```
On NEWMASTER, receive the new GnuPG config:
@@ -508,12 +602,12 @@ cd ~/.gnupg && tar xpvf /tmp/keys.tar
Back on SECUREHOST, import the pubkey into the repository.
```
$ cd keyrings/live
$ cd .blackbox
$ gpg --homedir . --import /tmp/NEWMASTER/pubkey.txt
```
-->
Back on SECUREHOST, add the new email address to keyrings/live/blackbox-admins.txt:
Back on SECUREHOST, add the new email address to .blackbox/blackbox-admins.txt:
```
cd /path/to/the/repo
@@ -523,14 +617,14 @@ blackbox_addadmin $KEYNAME /tmp/NEWMASTER
Verify that secring.gpg is a zero-length file. If it isn't, you have somehow added a private key to the keyring. Start over.
```
$ cd keyrings/live
$ ls -l secring.gpg
cd .blackbox
ls -l secring.gpg
```
Commit the recent changes:
```
$ cd keyrings/live
cd .blackbox
git commit -m"Adding key for KEYNAME" pubring.gpg trustdb.gpg blackbox-admins.txt
```
@@ -547,7 +641,7 @@ On NEWMASTER, import the keys and decrypt the files:
```
sudo -u svc_sadeploy bash # Become the role account.
gpg --import /etc/puppet/keyrings/live/pubring.gpg
gpg --import /etc/puppet/.blackbox/pubring.gpg
export PATH=$PATH:/path/to/blackbox/bin
blackbox_postdeploy
sudo -u puppet cat /etc/puppet/hieradata/blackbox.yaml # or any encrypted file.
@@ -555,7 +649,7 @@ sudo -u puppet cat /etc/puppet/hieradata/blackbox.yaml # or any encrypted file.
ProTip: If you get "gpg: decryption failed: No secret key" then you forgot to re-encrypt blackbox.yaml with the new key.
On SECUREHOST, securerly delete your files:
On SECUREHOST, securely delete your files:
```
cd /tmp/NEWMASTER
@@ -568,19 +662,30 @@ rm -rf /tmp/NEWMASTER
Also shred any other temporary files you may have made.
Replace expired keys:
=====================
Replacing expired keys
======================
If any one admin's key expires, you can no longer encrypt files. You will need to replace the key and re-encrypt.
- Step 0: You see this error:
If someone's key has already expired, blackbox will stop
encrypting. You see this error:
```
$ blackbox_edit_end modified_file.txt
--> Error: can't re-encrypt because a key has expired.
```
- Step 1. Administrator removes expired user:
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
You can also detect keys that are about to expire by issuing this command and manually reviewing the "expired:" dates:
gpg --homedir=.blackbox --list-keys
or... list UIDs that will expire within 1 month from today: (Warning: this also lists keys without an expiration date)
gpg --homedir=.blackbox --list-keys --with-colons --fixed-list-mode | grep ^uid | awk -F: '$6 < '$(( $(date +%s) + 2592000))
Here's how to replace the key:
- Step 1. Administrator removes expired user:
Warning: This process will erase any unencrypted files that you were in the process of editing. Copy them elsewhere and restore the changes when done.
@@ -589,31 +694,31 @@ blackbox_removeadmin expired_user@example.com
# This next command overwrites any changed unencrypted files. See warning above.
blackbox_update_all_files
git commit -m "Re-encrypt all files"
gpg --homedir=keyrings/live --delete-key expired_user@example.com
git commit -m 'Cleaned expired_user@example.com from keyring' keyrings/live/*
gpg --homedir=.blackbox --delete-key expired_user@example.com
git commit -m 'Cleaned expired_user@example.com from keyring' .blackbox/*
git push
```
- Step 2. Expired user adds an updated key:
- Step 2. Expired user adds an updated key:
```
git pull
blackbox_addadmin updated_user@example.com
git commit -m'NEW ADMIN: updated_user@example.com keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
git commit -m'NEW ADMIN: updated_user@example.com .blackbox/pubring.gpg .blackbox/trustdb.gpg .blackbox/blackbox-admins.txt
git push
```
- Step 3. Administrator re-encrypts all files with the updated key of the expired user:
- Step 3. Administrator re-encrypts all files with the updated key of the expired user:
```
git pull
gpg --import keyrings/live/pubring.gpg
gpg --import .blackbox/pubring.gpg
blackbox_update_all_files
git commit -m "Re-encrypt all files"
git push
```
- Step 4: Clean up:
- Step 4: Clean up:
Any files that were temporarily copied in the first step so as to not be overwritten can now be copied back and re-encrypted with the `blackbox_edit_end` command.
@@ -624,11 +729,13 @@ Any files that were temporarily copied in the first step so as to not be overwri
It's possible to tell Git to decrypt versions of the file before running them through `git diff` or `git log`. To achieve this do:
- Add the following to `.gitattributes` at the top of the git repository:
```
*.gpg diff=blackbox
```
- Add the following to `.git/config`:
```
[diff "blackbox"]
textconv = gpg --use-agent -q --batch --decrypt
@@ -636,33 +743,50 @@ It's possible to tell Git to decrypt versions of the file before running them th
And now commands like `git log -p file.gpg` will show a nice log of the changes in the encrypted file.
Some common errors:
===================
Some common errors
==================
`gpg: filename: skipped: No public key` -- Usually this means there is an item in `keyrings/live/blackbox-admins.txt` that is not the name of the key. Either something invalid was inserted (like a filename instead of a username) or a user has left the organization and their key was removed from the keychain, but their name wasn't removed from the blackbox-admins.txt file.
`gpg: filename: skipped: No public key` -- Usually this means there is an item in `.blackbox/blackbox-admins.txt` that is not the name of the key. Either something invalid was inserted (like a filename instead of a username) or a user has left the organization and their key was removed from the keychain, but their name wasn't removed from the blackbox-admins.txt file.
`gpg: decryption failed: No secret key` -- Usually means you forgot to re-encrypt the file with the new key.
`Error: can't re-encrypt because a key has expired.` -- A user's key has expired and can't be used to encrypt any more. Follow the[Replace expired keys](#replace-expired-keys) tip.
`Error: can't re-encrypt because a key has expired.` -- A user's key has expired and can't be used to encrypt any more. Follow the [Replace expired keys](#replace-expired-keys) tip.
FYI: Your repo may use `keyrings/live` instead of `.blackbox`. See "Where is the configuration stored?"
Using Blackbox without a repo
=============================
If the files are copied out of a repo they can still be decrypted and edited. Obviously edits, changes to keys, and such will be lost if they are made outside the repo. Also note that commands are most likely to only work if run from the base directory (i.e. the parent to the keyrings directory).
If the files are copied out of a repo they can still be decrypted and edited. Obviously edits, changes to keys, and such will be lost if they are made outside the repo. Also note that commands are most likely to only work if run from the base directory (i.e. the parent to the .blackbox directory).
The following commands have been tested outside a repo:
- `blackbox_postdeploy`
- `blackbox_edit_start`
- `blackbox_edit_end`
- `blackbox_postdeploy`
- `blackbox_edit_start`
- `blackbox_edit_end`
Some Subversion gotchas:
========================
Some Subversion gotchas
=======================
The current implementation will store the blackbox in `/keyrings` at the root of the entire repo. this will create an issue between environments that have different roots (ie, checking out `/` on development vs `/releases/foo` in production). To get around this, you can `export BLACKBOX_REPOBASE=/path/to/repo` and set a specific base for your repo.
The current implementation will store the blackbox in `/keyrings` at the root of the entire repo. This will create an issue between environments that have different roots (i.e. checking out `/` on development vs `/releases/foo` in production). To get around this, you can `export BLACKBOX_REPOBASE=/path/to/repo` and set a specific base for your repo.
This was originally written for git and supports a two-phase commit, in which `commit` is a local commit and "push" sends the change upstream to the version control server when something is registered or deregistered with the system. The current implementation will immediately `commit` a file (to the upstream subversion server) when you execute a `blackbox_*` command.
Using Blackbox when gpg2 is installed next to gpg
=================================================
In some situations, team members or automated roles need to install gpg
2.x alongside the system gpg version 1.x to catch up with the team's gpg
version. On Ubuntu 16, you can ```apt-get install gnupg2``` which
installs the binary gpg2. If you want to use this gpg2 binary, run every
blackbox command with GPG=gpg2.
For example:
```
GPG=gpg2 blackbox_postdeploy
```
How to submit bugs or ask questions?
====================================
@@ -670,9 +794,7 @@ We welcome questions, bug reports and feedback!
The best place to start is to join the [blackbox-project mailing list](https://groups.google.com/d/forum/blackbox-project) and ask there.
Bugs are tracked here in Github. Please feel free to files bugs yourself:
- https://github.com/StackExchange/blackbox/issues
Bugs are tracked here in Github. Please feel free to [report bugs](https://github.com/StackExchange/blackbox/issues) yourself.
Developer Info
==============
@@ -695,24 +817,26 @@ This runs through a number of system tests. It creates a repo, encrypts files, d
Please submit tests with code changes:
The best way to change Blackbox is via Test Driven Development. First add a test to `tools/confidence.sh`. This test should fail, and demonstrate the need for the change you are about to make. Then fix the bug or add the feature you want. When you are done, `make confidence` should pass all tests. The PR you submit should include your code as well as the new test. This way the confidence tests accumulate as the system grows as we know future changes don't break old features.
The best way to change BlackBox is via Test Driven Development. First add a test to `tools/confidence.sh`. This test should fail, and demonstrate the need for the change you are about to make. Then fix the bug or add the feature you want. When you are done, `make confidence` should pass all tests. The PR you submit should include your code as well as the new test. This way the confidence tests accumulate as the system grows as we know future changes don't break old features.
Note: The tests currently assume "git" and have been tested only on CentOS, Mac OS X, and Cygwin. Patches welcome!
Alternatives
============
Here are other open source packages that do something similar to Blackbox. If you like them better than Blackbox, please use them.
Here are other open source packages that do something similar to BlackBox. If you like them better than BlackBox, please use them.
- git-crypt: https://www.agwa.name/projects/git-crypt/
- Pass: http://www.zx2c4.com/projects/password-store/
- Transcrypt: https://github.com/elasticdog/transcrypt
- Keyringer: https://keyringer.pw/
- git-secret: https://github.com/sobolevn/git-secret
- [git-crypt](https://www.agwa.name/projects/git-crypt/)
- [Pass](http://www.zx2c4.com/projects/password-store/)
- [Transcrypt](https://github.com/elasticdog/transcrypt)
- [Keyringer](https://keyringer.pw/)
- [git-secret](https://github.com/sobolevn/git-secret)
git-crypt has the best git integration. Once set up it is nearly transparent to the users. However it only works with git.
License
=======
This content is released under the MIT License. See the LICENSE.txt file.
This content is released under the MIT License.
See the [LICENSE.txt](LICENSE.txt) file.

14
RELEASE_ENGINEERING.md
View File

@@ -17,7 +17,7 @@ There are 3 branches/tags:
- **tag stable:** Stable enough for use by most people.
- **tag production:** Burned in long enough that we are confident it can be widely adopted.
If you are packaging Blackbox for distribution, you should track the *tag production*. You might also want to provide a separate package that tracks *tag stable:* for early adopters.
If you are packaging BlackBox for distribution, you should track the *tag production*. You might also want to provide a separate package that tracks *tag stable:* for early adopters.
Build Tasks
===========
@@ -25,6 +25,17 @@ Build Tasks
Stable Releases
===============
Step 0. Test the software
Run this command to run the unit and system tests:
```
make test
```
NOTE: The tests require pinentry-tty. On macOS with NIX this
can be installed via: `nix-env -i pinentry`
Marking the software to be "stable":
Step 1. Update CHANGELOG.md
@@ -99,6 +110,7 @@ Submit the diff file as a bug as instructed. The instructions should look like t
Step 3: Watch for the update to happen.
Updating MacPorts (manual)
==========================

10
Version2-Ideas.md
View File

@@ -1,12 +1,12 @@
# Ideas for blackbox Version 2
# Ideas for BlackBox Version 2
I'm writing this to solicit feedback and encourage discussion.
Here are my thoughts on a "verison 2" of blackbox. This is where
Here are my thoughts on a "version 2" of BlackBox. This is where
I list ideas that would require major changes to the system. They
might break backwards compatibility, though usually not.
Blackbox grew from a few simple shell scripts used at StackOverflow.com
BlackBox grew from a few simple shell scripts used at StackOverflow.com
to a larger system used by dozens (hundreds?) of organizations. Not
all the design decisions were "forward looking".
@@ -75,7 +75,7 @@ Backwards compatibility: This would add a "none" VCS, not remove any existing fu
`bash` is fairly universal. It even exists on Windows. However it is not the right language for large systems. Writing the acceptance tests is quite a bear. Managing ".gitignore" files in bash is impossible and the current implementation fails in many cases.
`python` is my second favorite langauge. It would make the code cleaner and more testable. However it is not installed everywhere. I would also want to write it in Python3 (why start a new project in Python2?) but sadly Python3 is less common. It is a chicken vs. egg situation.
`python` is my second favorite language. It would make the code cleaner and more testable. However it is not installed everywhere. I would also want to write it in Python3 (why start a new project in Python2?) but sadly Python3 is less common. It is a chicken vs. egg situation.
`go` is my favorite language. I could probably rewrite this in go in a weekend. However, now the code is compiled, not interpreted. Therefore we lose the ability to just "git clone" and have the tools you want. Not everyone has a Go compiler installed on every machine.
@@ -94,4 +94,4 @@ However, I've never used it so I don't have any idea whether git-crypt is any be
Of course, git-crypt doesn't work with SVN, HG, or any other VCS. Is blackbox's strong point the fact that it support so many VCS systems? To be honest, it originally only supported HG and GIT because I was at a company that used HG but then changed to GIT. Supporting anything else was thanks to contributors. Heck, HG support hasn't even been tested recently (by me) since we've gone all git where I work.
How important is this to blackbox users?
How important is this to BlackBox users?

56
bin/_blackbox_common.sh
View File

@@ -15,9 +15,15 @@ source "${0%/*}"/_stack_lib.sh
# Where are we?
: "${BLACKBOX_HOME:="$(cd "${0%/*}" ; pwd)"}" ;
# Where in the VCS repo should the blackbox data be found?
: "${BLACKBOXDATA:=keyrings/live}" ; # If BLACKBOXDATA not set, set it.
# What are the candidates for the blackbox data directory?
#
# The order of candidates matter. The first entry of the array
# sets the default Blackbox directory for all new repositories.
declare -a BLACKBOXDATA_CANDIDATES
BLACKBOXDATA_CANDIDATES=(
'.blackbox'
'keyrings/live'
)
# If $EDITOR is not set, set it to "vi":
: "${EDITOR:=vi}" ;
@@ -63,10 +69,20 @@ export REPOBASE=$(physical_directory_of "$REPOBASE")
# after determining what we believe to be the answer.
if [[ -n "$BLACKBOX_REPOBASE" ]]; then
echo "Using custom repobase: $BLACKBOX_REPOBASE"
echo "Using custom repobase: $BLACKBOX_REPOBASE" >&2
export REPOBASE="$BLACKBOX_REPOBASE"
fi
if [ -z "$BLACKBOXDATA" ] ; then
BLACKBOXDATA="${BLACKBOXDATA_CANDIDATES[0]}"
for candidate in ${BLACKBOXDATA_CANDIDATES[@]} ; do
if [ -d "$REPOBASE/$candidate" ] ; then
BLACKBOXDATA="$candidate"
break
fi
done
fi
KEYRINGDIR="$REPOBASE/$BLACKBOXDATA"
BB_ADMINS_FILE="blackbox-admins.txt"
BB_ADMINS="${KEYRINGDIR}/${BB_ADMINS_FILE}"
@@ -127,7 +143,7 @@ function fail_if_not_on_cryptlist() {
if ! is_on_cryptlist "$name" ; then
echo "ERROR: $name not found in $BB_FILES" >&2
echo "PWD=$(/bin/pwd)" >&2
echo "PWD=$(/usr/bin/env pwd)" >&2
echo 'Exiting...' >&2
exit 1
fi
@@ -171,8 +187,15 @@ function prepare_keychain() {
# NB: We must export the keys to a format that can be imported.
make_self_deleting_tempfile keyringasc
export LANG="C.UTF-8"
$GPG --export --keyring "$(get_pubring_path)" >"$keyringasc"
$GPG --import "$keyringasc"
#if gpg2 is installed next to gpg like on ubuntu 16
if [[ "$GPG" != "gpg2" ]]; then
$GPG --export --no-default-keyring --keyring "$(get_pubring_path)" >"$keyringasc"
$GPG --import "$keyringasc" 2>&1 | egrep -v 'not changed$' >&2
else
$GPG --keyring "$(get_pubring_path)" --export | $GPG --import
fi
echo '========== Importing keychain: DONE' >&2
}
@@ -388,6 +411,12 @@ function md5sum_file() {
Darwin | FreeBSD )
md5 -r "$1" | awk '{ print $1 }'
;;
NetBSD )
md5 -q "$1"
;;
SunOS )
digest -a md5 "$1"
;;
Linux | CYGWIN* | MINGW* )
md5sum "$1" | awk '{ print $1 }'
;;
@@ -404,11 +433,18 @@ function cp_permissions() {
Darwin )
chmod $( stat -f '%p' "$1" ) "${@:2}"
;;
FreeBSD )
FreeBSD | NetBSD )
chmod $( stat -f '%p' "$1" | sed -e "s/^100//" ) "${@:2}"
;;
Linux | CYGWIN* | MINGW* )
chmod --reference "$1" "${@:2}"
SunOS )
chmod $( stat -c '%a' "$1" ) "${@:2}"
;;
Linux | CYGWIN* | MINGW* | SunOS )
if [[ -e /etc/alpine-release ]]; then
chmod $( stat -c '%a' "$1" ) "${@:2}"
else
chmod --reference "$1" "${@:2}"
fi
;;
* )
echo 'ERROR: Unknown OS. Exiting. (cp_permissions)'

12
bin/_stack_lib.sh
View File

@@ -57,7 +57,7 @@ function create_self_deleting_tempfile() {
: "${TMPDIR:=/tmp}" ;
filename=$(mktemp -t _stacklib_.XXXXXXXX )
;;
Linux | CYGWIN* | MINGW* )
Linux | CYGWIN* | MINGW* | NetBSD | SunOS )
filename=$(mktemp)
;;
* )
@@ -78,7 +78,7 @@ function create_self_deleting_tempdir() {
: "${TMPDIR:=/tmp}" ;
filename=$(mktemp -d -t _stacklib_.XXXXXXXX )
;;
Linux | CYGWIN* | MINGW* )
Linux | CYGWIN* | MINGW* | NetBSD | SunOS )
filename=$(mktemp -d)
;;
* )
@@ -102,7 +102,7 @@ function make_self_deleting_tempfile() {
: "${TMPDIR:=/tmp}" ;
name=$(mktemp -t _stacklib_.XXXXXXXX )
;;
Linux | CYGWIN* | MINGW* )
Linux | CYGWIN* | MINGW* | NetBSD | SunOS )
name=$(mktemp)
;;
* )
@@ -127,7 +127,7 @@ function make_tempdir() {
# which needs to fit within sockaddr_un.sun_path (see unix(7)).
name=$(mktemp -d -t SO )
;;
Linux | CYGWIN* | MINGW* )
Linux | CYGWIN* | MINGW* | NetBSD | SunOS )
name=$(mktemp -d)
;;
* )
@@ -160,14 +160,14 @@ function fail_if_not_running_as_root() {
function fail_if_in_root_directory() {
# Verify nobody has tricked us into being in "/".
case $(uname -s) in
Darwin | FreeBSD )
Darwin | FreeBSD | NetBSD )
if [[ $(stat -f'%i' / ) == $(stat -f'%i' . ) ]] ; then
echo 'SECURITY ALERT: The current directory is the root directory.'
echo 'Exiting...'
exit 1
fi
;;
Linux | CYGWIN* | MINGW* )
Linux | CYGWIN* | MINGW* | SunOS )
if [[ $(stat -c'%i' / ) == $(stat -c'%i' . ) ]] ; then
echo 'SECURITY ALERT: The current directory is the root directory.'
echo 'Exiting...'

15
bin/blackbox_decrypt_file Executable file
View File

@@ -0,0 +1,15 @@
#!/usr/bin/env bash
#
# blackbox_decrypt_file -- Decrypt one or more blackbox files.
#
set -e
source "${0%/*}/_blackbox_common.sh"
if [ $# -eq 0 ]; then
echo >&2 "Please provide at least one file to decrypt"
exit 1
fi
"${BLACKBOX_HOME}/blackbox_edit_start" "$@"

12
bin/blackbox_initialize
View File

@@ -35,6 +35,18 @@ vcs_add "${KEYRINGDIR}"
touch "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE"
vcs_add "$BLACKBOXDATA/$BB_ADMINS_FILE" "$BLACKBOXDATA/$BB_FILES_FILE"
if [[ $VCS_TYPE = "git" ]]; then
# Set .gitattributes so that Windows users don't break the admin files.
FILE="$BLACKBOXDATA/.gitattributes"
touch "$FILE"
LINE='blackbox-admins.txt text eol=lf'
grep -qF "$LINE" "$FILE" || echo "$LINE" >> "$FILE"
LINE='blackbox-files.txt text eol=lf'
grep -qF "$LINE" "$FILE" || echo "$LINE" >> "$FILE"
fi
if [[ $VCS_TYPE = "svn" ]]; then
echo
echo

2
bin/blackbox_register_new_file
View File

@@ -44,7 +44,7 @@ function register_new_file() {
vcs_ignore "$unencrypted_file"
echo 'NOTE: "already tracked!" messages are safe to ignore.'
vcs_add "$BB_FILES" "$encrypted_file"
vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file"
vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file" "$(vcs_ignore_file_path)"
}
for target in "$@"; do

2
bin/blackbox_removeadmin
View File

@@ -31,4 +31,4 @@ vcs_add "$pubring_path" "$KEYRINGDIR/trustdb.gpg" "$BB_ADMINS"
echo
echo
echo 'NEXT STEP: Check these into the repo. Probably with a command like...'
echo $VCS_TYPE commit -m\'REMOVED ADMIN: $KEYNAME\' "$BLACKBOXDATA/trustdb.gpg" "$BLACKBOXDATA/$BB_ADMINS_FILE"
echo $VCS_TYPE commit -m\'REMOVED ADMIN: $KEYNAME\' "$BLACKBOXDATA/$(basename ${pubring_path})" "$BLACKBOXDATA/trustdb.gpg" "$BLACKBOXDATA/$BB_ADMINS_FILE"

8
bin/blackbox_shred_all_files
View File

@@ -24,6 +24,7 @@ echo '========== FILES BEING SHREDDED:'
exported_internal_shred_file() {
source "$1/_blackbox_common.sh"
#unencrypted_file=$(get_unencrypted_filename "$2")
unencrypted_file="$2"
if [[ -f "$unencrypted_file" ]]; then
echo " SHRED: $unencrypted_file"
@@ -38,7 +39,12 @@ export -f exported_internal_shred_file
DEREFERENCED_BIN_DIR="${0%/*}"
MAX_PARALLEL_SHRED=10
bash_args=
if bash --help | grep import-functions >/dev/null 2>/dev/null; then
bash_args=--import-functions
fi
export IFS=
tr '\n' '\0' <"$BB_FILES" | xargs -0 -I{} -n 1 -P $MAX_PARALLEL_SHRED bash -c "exported_internal_shred_file $DEREFERENCED_BIN_DIR \"{}\"" $DEREFERENCED_BIN_DIR/fake
tr '\n' '\0' <"$BB_FILES" | xargs -0 -I{} -P $MAX_PARALLEL_SHRED bash $bash_args -c "exported_internal_shred_file $DEREFERENCED_BIN_DIR \"{}\"" $DEREFERENCED_BIN_DIR/fake
echo '========== DONE.'

20
bin/blackbox_view Executable file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env bash
#
# blackbox_view -- Decrypt a file, view it, shred it
#
set -e
source "${0%/*}/_blackbox_common.sh"
for param in "$@" ; do
shreddable=0
unencrypted_file=$(get_unencrypted_filename "$param")
if [[ ! -e "$unencrypted_file" ]]; then
"${BLACKBOX_HOME}/blackbox_edit_start" "$param"
shreddable=1
fi
${PAGER:-less} "$unencrypted_file"
if [[ $shreddable = 1 ]]; then
shred_file "$unencrypted_file"
fi
done

2
blackbox.plugin.zsh
View File

@@ -1,4 +1,4 @@
#!/bin/zsh
#!/usr/bin/env zsh
# The MIT License (MIT)
# Copyright (c) 2014 Stack Exchange, Inc.

7
tools/confidence_test.sh
View File

@@ -1,10 +1,13 @@
#!/usr/bin/env bash
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/../bin
export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:${blackbox_home}"
export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin:/usr/pkg/bin:/usr/pkg/gnu/bin:${blackbox_home}"
export LANG=C.UTF-8 # Required ro "gpg --export" to work properly.
# TODO(tlim): The tests are hardcoded to this directory. This should be fixed.
export BLACKBOXDATA=keyrings/live
# This script requires many utilities, some are not
# required by the usual blackbox scripts. Test to make
# sure we have them all.
@@ -225,7 +228,7 @@ become_bob
# This users's default group:
DEFAULT_GID_NUM=$(id -g)
# Pick a group that is not the default group:
TEST_GID_NUM=$(id -G | fmt -1 | sort -rn | grep -xv "$(id -u)" | grep -xv "$(id -g)" | head -1)
TEST_GID_NUM=$(grep -v "$DEFAULT_GID_NUM" /etc/group | cut -d: -f3 | sort -rn | head -1)
echo "DEFAULT_GID_NUM=$DEFAULT_GID_NUM"
echo "TEST_GID_NUM=$TEST_GID_NUM"

2
tools/profile.d-usrblackbox-test.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env sh
# Test profile.d-usrblackbox.sh

16
tools/test_functions.sh
View File

@@ -24,6 +24,12 @@ function md5sum_file() {
Darwin | FreeBSD )
md5 -r "$1" | awk '{ print $1 }'
;;
NetBSD )
md5 -q "$1"
;;
SunOS )
digest -a md5 "$1"
;;
Linux )
md5sum "$1" | awk '{ print $1 }'
;;
@@ -47,7 +53,7 @@ function assert_file_missing() {
function assert_file_exists() {
if [[ ! -e "$1" ]]; then
echo "ASSERT FAILED: ${1} should exist."
echo "PWD=$(/bin/pwd -P)"
echo "PWD=$(/usr/bin/env pwd -P)"
#echo "LS START"
#ls -la
#echo "LS END"
@@ -72,10 +78,10 @@ function assert_file_group() {
assert_file_exists "$file"
case $(uname -s) in
Darwin|FreeBSD )
Darwin | FreeBSD | NetBSD )
found=$(stat -f '%Dg' "$file")
;;
Linux )
Linux | SunOS )
found=$(stat -c '%g' "$file")
;;
CYGWIN* )
@@ -102,11 +108,11 @@ function assert_file_perm() {
assert_file_exists "$file"
case $(uname -s) in
Darwin|FreeBSD )
Darwin | FreeBSD | NetBSD )
found=$(stat -f '%Sp' "$file")
;;
# NB(tlim): CYGWIN hasn't been tested. It might be more like Darwin.
Linux | CYGWIN* )
Linux | CYGWIN* | SunOS )
found=$(stat -c '%A' "$file")
;;
* )