aee22fc99d
* Split out test helper functions into tools/test_functions.sh * bin/_blackbox_common_test.sh: Unit-tests for functions. * blackbox_postdeploy: Use cp_permissions instead of chmod --reference
41 lines
1006 B
Bash
Executable File
41 lines
1006 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
#
|
|
# blackbox_postdeploy -- Decrypt all blackbox files.
|
|
#
|
|
|
|
# Usage:
|
|
# blackbox_postdeploy.sh [GROUP]
|
|
# GROUP is optional. If supplied, the resulting files
|
|
# are chgrp'ed to that group.
|
|
|
|
# Since this is often run in a security-critical situation, we
|
|
# force /usr/bin and /bin to the front of the PATH.
|
|
export PATH=/usr/bin:/bin:"$PATH"
|
|
|
|
set -e
|
|
source "${0%/*}/_blackbox_common.sh"
|
|
|
|
if [[ "$1" == "" ]]; then
|
|
FILE_GROUP=""
|
|
else
|
|
FILE_GROUP="$1"
|
|
fi
|
|
|
|
change_to_vcs_root
|
|
prepare_keychain
|
|
|
|
# Decrypt:
|
|
echo '========== Decrypting new/changed files: START'
|
|
while IFS= read <&99 -r unencrypted_file; do
|
|
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
|
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
|
|
cp_permissions "$encrypted_file" "$unencrypted_file"
|
|
if [[ ! -z "$FILE_GROUP" ]]; then
|
|
chmod g+r "$unencrypted_file"
|
|
chgrp "$FILE_GROUP" "$unencrypted_file"
|
|
fi
|
|
done 99<"$BB_FILES"
|
|
|
|
echo '========== Decrypting new/changed files: DONE'
|