george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d74eeb33c791fd1645832323d623f779f332babc
blackbox/bin/blackbox_update_all_files
tlimoncelli@stackexchange.com d74eeb33c7 * Initialization for new repos AUTOMATED. 
* Adding new users AUTOMATED.
* Update docs for the new, more simplified installation processes.
* Remove dependency on any particular paths, etc.  Copy "bin" into a place along your path and everything should "just work".
* Add support for Mercurial (not tested).
* blackbox_addadmin now adds keys to the keyring for you.
* Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD.
* BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git.
* BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout.
* BUGFIX: Temporary files aren't deleted.
* NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore).
* NEW FILE: bin/blackbox_removeadmin: Automates removing an admit.
* NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations.
* NEW FILE: bin/Makefile: Automate package creation.
* NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00

59 lines
1.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# blackbox_edit_end.sh -- Re-encrypt file after edits.
#
. _blackbox_common.sh
if [[ -z $GPG_AGENT_INFO ]]; then
echo 'WARNING: You probably want to run gpg-agent as'
echo 'you will be asked for your passphrase many times.'
echo 'Example: $ eval $(gpg-agent --daemon)'
read -p 'Press CTRL-C now to stop. ENTER to continue: '
fi
disclose_admins
echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'
awk <"$BB_FILES" '{ print " " $1 ".gpg" }'
echo '========== FILES IN THE WAY:'
need_warning=false
for i in $(<$BB_FILES) ; do
unencrypted_file=$(get_unencrypted_filename "$i")
encrypted_file=$(get_encrypted_filename "$i")
if [[ -f "$unencrypted_file" ]]; then
need_warning=true
echo " $unencrypted_file"
fi
done
if $need_warning ; then
echo
echo 'WARNING: This will overwrite any unencrypted files laying about.'
read -p 'Press CTRL-C now to stop. ENTER to continue: '
else
echo 'All OK.'
fi
echo '========== RE-ENCRYPTING FILES:'
for i in $(<$BB_FILES) ; do
unencrypted_file=$(get_unencrypted_filename "$i")
encrypted_file=$(get_encrypted_filename "$i")
echo ========== PROCESSING "$unencrypted_file"
fail_if_not_on_cryptlist "$unencrypted_file"
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
encrypt_file "$unencrypted_file" "$encrypted_file"
shred_file "$unencrypted_file"
done
fail_if_keychain_has_secrets
echo '========== COMMITING TO HG:'
vcs_commit 'Re-encrypted keys' $(awk <$BB_FILES '{ print $1 ".gpg" }' )
VCSCMD=$(which_vcs)
echo '========== DONE.'
echo 'Likely next step:'
echo " ${VCSCMD} push"
Reference in New Issue View Git Blame Copy Permalink