d74eeb33c7
* Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
53 lines
1.7 KiB
Bash
Executable File
53 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
#
|
|
# blackbox_register_new_file.sh -- Enroll a new file in the blackbox system.
|
|
#
|
|
# Takes a previously unencrypted file and enrolls it into the blackbox
|
|
# system. It will be kept in the repo as an encrypted file. On deployment
|
|
# to systems that need the plaintext (unencrypted) versions, run
|
|
# blackbox_postdeploy.sh to decrypt all the files.
|
|
|
|
# TODO(tlim): Add the unencrypted file to .gitignore
|
|
|
|
. _blackbox_common.sh
|
|
|
|
unencrypted_file=$(get_unencrypted_filename "$1")
|
|
encrypted_file=$(get_encrypted_filename "$1")
|
|
|
|
if [[ $1 == $encrypted_file ]]; then
|
|
echo ERROR: Please only register unencrypted files.
|
|
exit 1
|
|
fi
|
|
|
|
echo ========== PLAINFILE "$unencrypted_file"
|
|
echo ========== ENCRYPTED "$encrypted_file"
|
|
|
|
fail_if_not_exists "$unencrypted_file" "Please specify an existing file."
|
|
fail_if_exists "$encrypted_file" "Will not overwrite."
|
|
|
|
prepare_keychain
|
|
encrypt_file "$unencrypted_file" "$encrypted_file"
|
|
add_filename_to_cryptlist "$unencrypted_file"
|
|
|
|
# Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
|
|
SECRETSEXPOSED=$(is_in_vcs ${unencrypted_file})
|
|
echo "========== CREATED: ${encrypted_file}"
|
|
echo "========== UPDATING REPO:"
|
|
shred_file "$unencrypted_file"
|
|
|
|
VCSCMD=$(which_vcs)
|
|
if $SECRETSEXPOSED ; then
|
|
vcs_remove "$unencrypted_file"
|
|
vcs_add "$encrypted_file"
|
|
COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file"
|
|
else
|
|
COMMIT_FILES="$BB_FILES $encrypted_file"
|
|
fi
|
|
echo 'NOTE: "already tracked!" messages are safe to ignore.'
|
|
vcs_add $BB_FILES $encrypted_file
|
|
vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES
|
|
echo "========== UPDATING VCS: DONE"
|
|
echo "Local repo updated. Please push when ready."
|
|
echo " $VCSCMD push"
|