d74eeb33c7
* Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
29 lines
755 B
Bash
Executable File
29 lines
755 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
#
|
|
# blackbox_postdeploy.sh -- Decrypt all blackbox files.
|
|
#
|
|
|
|
# Since this is often run in a security-critical situation, we
|
|
# force /usr/bin and /bin to the front of the PATH.
|
|
export PATH=/usr/bin:/bin:"$PATH"
|
|
|
|
. _blackbox_common.sh
|
|
|
|
# If we aren't in a repo, assume /etc/puppet.
|
|
if [[ "$REPOBASE" = "/dev/null" ]]; then
|
|
REPOBASE=/etc/puppet
|
|
fi
|
|
|
|
prepare_keychain
|
|
|
|
# Decrypt:
|
|
echo '========== Decrypting new/changed files: START'
|
|
while read unencrypted_file; do
|
|
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
|
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
|
|
chmod g+r,o-rwx "$unencrypted_file"
|
|
$CHGRP puppet "$unencrypted_file"
|
|
done <"$BB_FILES"
|
|
echo '========== Decrypting new/changed files: DONE'
|