cc1d7a1851
This removed the subshell from _determine_vcs_base_and_type so it can set environment variables. Because this always runs at the beginning of the scripts, there's no need to do checking if REPOBASE is unset or if VCS_TYPE is not yet determined, thus I simplified one function and eliminated which_vcs. Conflicts: bin/blackbox_deregister_file I found this easier to just cherry pick since there was a merge and the merge was reverted.
65 lines
1.9 KiB
Bash
Executable File
65 lines
1.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
#
|
|
# blackbox_update_all_files -- Decrypt then re-encrypt all files. Useful after keys are changed.
|
|
#
|
|
|
|
set -e
|
|
source "${0%/*}/_blackbox_common.sh"
|
|
|
|
if [[ -z $GPG_AGENT_INFO ]]; then
|
|
echo 'WARNING: You probably want to run gpg-agent as'
|
|
echo 'you will be asked for your passphrase many times.'
|
|
echo 'Example: $ eval $(gpg-agent --daemon)'
|
|
read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
|
|
fi
|
|
|
|
disclose_admins
|
|
prepare_keychain
|
|
|
|
echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'
|
|
while IFS= read <&99 -r unencrypted_file; do
|
|
echo " $unencrypted_file.gpg"
|
|
done 99<"$BB_FILES"
|
|
|
|
echo '========== FILES IN THE WAY:'
|
|
need_warning=false
|
|
while IFS= read <&99 -r unencrypted_file; do
|
|
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
|
|
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
|
if [[ -f "$unencrypted_file" ]]; then
|
|
need_warning=true
|
|
echo " $unencrypted_file"
|
|
fi
|
|
done 99<"$BB_FILES"
|
|
if "$need_warning" ; then
|
|
echo
|
|
echo 'WARNING: This will overwrite any unencrypted files laying about.'
|
|
read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
|
|
else
|
|
echo 'All OK.'
|
|
fi
|
|
|
|
echo '========== RE-ENCRYPTING FILES:'
|
|
while IFS= read <&99 -r unencrypted_file; do
|
|
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
|
|
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
|
echo ========== PROCESSING '"'$unencrypted_file'"'
|
|
fail_if_not_on_cryptlist "$unencrypted_file"
|
|
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
|
|
encrypt_file "$unencrypted_file" "$encrypted_file"
|
|
shred_file "$unencrypted_file"
|
|
done 99<"$BB_FILES"
|
|
|
|
fail_if_keychain_has_secrets
|
|
|
|
echo '========== COMMITING TO VCS:'
|
|
while IFS= read <&99 -r unencrypted_file; do
|
|
vcs_add "$unencrypted_file.gpg"
|
|
done 99<"$BB_FILES"
|
|
vcs_commit 'Re-encrypted keys'
|
|
|
|
echo '========== DONE.'
|
|
echo 'Likely next step:'
|
|
echo " $VCS_TYPE push"
|