xaked/blackbox
1
0
Fork 0
mirror of https://github.com/StackExchange/blackbox.git synced 2025-12-16 19:42:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Random

Browse Source
This commit is contained in:
tlimoncelli@stackexchange.com
2016-05-17 12:58:13 -04:00
parent eaadca8871
commit 180ee4076e
8 changed files with 99 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
bin/_blackbox_common.sh
View File

@@ -76,6 +76,10 @@ SECRING="${KEYRINGDIR}/secring.gpg"
: "${DECRYPT_UMASK:=0022}" ; : "${DECRYPT_UMASK:=0022}" ;
# : ${DECRYPT_UMASK:=o=} ; # : ${DECRYPT_UMASK:=o=} ;
# $BB_FILES file format:
# Filenames are listed one per line, relative to the base directory of the repo.
# Each line is listed in "printf %q" format, which escapes special chars.
# Checks if $1 is 0 bytes, and if $1/keyrings # Checks if $1 is 0 bytes, and if $1/keyrings
# is a directory # is a directory
function is_blackbox_repo() { function is_blackbox_repo() {
@@ -86,10 +90,18 @@ function is_blackbox_repo() {
fi fi
} }
# Return error if not on cryptlist. # is_on_cryptlist resturns an error if $1 not on cryptlist.
function is_on_cryptlist() { function is_on_cryptlist() {
# $1: The filename.
# Assumes $1 does NOT have the .gpg extension # Assumes $1 does NOT have the .gpg extension
file_contains_line "$BB_FILES" "$(vcs_relative_path "$1")"
# https://github.com/koalaman/shellcheck/wiki/SC2155
local name
name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
file_contains_line "$BB_FILES" "$encodedname"
} }
# Exit with error if a file exists. # Exit with error if a file exists.
@@ -151,16 +163,33 @@ function get_pubring_path() {
fi fi
} }
# Output the unencrypted filename. # normalize_filename_arg takes a filename from the command line and
function get_unencrypted_filename() { # outputs the non-encrypted filename.
echo "$(dirname "$1")/$(basename "$1" .gpg)" | sed -e 's#^\./##' function normalize_filename() {
# $1: the input from a user
# Use this if the user may have entered the encrypted or
# non-encrypted filename.
local name
name=$(vcs_relative_path "$1")
echo "$(dirname "$name")/$(basename "$name" .gpg)" | sed -e 's#^\./##'
} }
# Output the encrypted filename. # Output the encrypted filename.
function get_encrypted_filename() { function get_gpg_filename() {
echo "$(dirname "$1")/$(basename "$1" .gpg).gpg" | sed -e 's#^\./##' # $1: normalized file path
echo "$1".gpg
} }
## Output the unencrypted filename.
#function get_unencrypted_filename() {
# echo "$(dirname "$1")/$(basename "$1" .gpg)" | sed -e 's#^\./##'
#}
#
## Output the encrypted filename.
#function get_encrypted_filename() {
# echo "$(dirname "$1")/$(basename "$1" .gpg).gpg" | sed -e 's#^\./##'
#}
# Prepare keychain for use. # Prepare keychain for use.
function prepare_keychain() { function prepare_keychain() {
echo '========== Importing keychain: START' >&2 echo '========== Importing keychain: START' >&2
@@ -168,37 +197,43 @@ function prepare_keychain() {
echo '========== Importing keychain: DONE' >&2 echo '========== Importing keychain: DONE' >&2
} }
# Add file to list of encrypted files. # add_filename_to_cryptlist adds $1 to the list of encrypted files.
function add_filename_to_cryptlist() { function add_filename_to_cryptlist() {
# $1: The filename.
# If the name is already on the list, this is a no-op. # If the name is already on the list, this is a no-op.
# However no matter what the datestamp is updated.
# https://github.com/koalaman/shellcheck/wiki/SC2155 # https://github.com/koalaman/shellcheck/wiki/SC2155
local name local name
name=$(vcs_relative_path "$1") name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
if file_contains_line "$BB_FILES" "$name" ; then
if file_contains_line "$BB_FILES" "$encodedname" ; then
echo "========== File is registered. No need to add to list." echo "========== File is registered. No need to add to list."
else else
echo "========== Adding file to list." echo "========== Adding file to list."
touch "$BB_FILES" touch "$BB_FILES"
sort -u -o "$BB_FILES" <(echo "$name") "$BB_FILES" sort -u -o "$BB_FILES" <(printf "%q\n" "$name") "$BB_FILES"
fi fi
} }
# Removes a file from the list of encrypted files # remove_filename_from_cryptlist removes $1 from the list of encrypted files.
function remove_filename_from_cryptlist() { function remove_filename_from_cryptlist() {
# $1: The filename.
# If the name is not already on the list, this is a no-op. # If the name is not already on the list, this is a no-op.
# https://github.com/koalaman/shellcheck/wiki/SC2155 # https://github.com/koalaman/shellcheck/wiki/SC2155
local name local name
name=$(vcs_relative_path "$1") name=$(vcs_relative_path "$1")
local encodedname
encodedname=$(printf "%q" "$name")
if ! file_contains_line "$BB_FILES" "$name" ; then if ! file_contains_line "$BB_FILES" "$encodedname" ; then
echo "========== File is not registered. No need to remove from list." echo "========== File is not registered. No need to remove from list."
else else
echo "========== Removing file from list." echo "========== Removing file from list."
remove_line "$BB_FILES" "$name" remove_line "$BB_FILES" "$encodedname"
fi fi
} }

16
bin/_blackbox_common_test.sh
View File

@@ -6,7 +6,7 @@
set -e set -e
. "${0%/*}/_blackbox_common.sh" . "${0%/*}/_blackbox_common.sh"
. tools/test_functions.sh . /Users/tlimoncelli/gitwork/blackbox/tools/test_functions.sh
PHASE 'Test cp-permissions: TestA' PHASE 'Test cp-permissions: TestA'
touch TestA TestB TestC TestD touch TestA TestB TestC TestD
@@ -22,4 +22,18 @@ assert_file_perm '--wxr--rwx' TestC
assert_file_perm '----rwx---' TestD # TestD doesn't change. assert_file_perm '----rwx---' TestD # TestD doesn't change.
rm -f TestA TestB TestC TestD rm -f TestA TestB TestC TestD
PHASE 'Test vcs_relative_path: TestA'
export REPOBASE='/Users/tlimoncelli/Applications (Parallels)/{fd3049c8-9fdd-48d5-aa16-d31daf3a6879} Applications.localized'
FILE='Microsoft Windows Fax and Scan.app/Contents'
result=$(vcs_relative_path Contents)
echo result=XXX${result}XXX
if [[ $FILE != $result ]] ; then
echo FAIL
fi
unencrypted_file=$(get_unencrypted_filename "${result}.gpg")
echo un=XXX${unencrypted_file}XXX
encrypted_file=$(get_encrypted_filename "${result}")
echo en=XXX${encrypted_file}XXX
echo '========== DONE.' echo '========== DONE.'

2
bin/blackbox_cat
View File

@@ -8,7 +8,7 @@ source "${0%/*}/_blackbox_common.sh"
for param in "$@" ; do for param in "$@" ; do
shreddable=0 shreddable=0
unencrypted_file=$(get_unencrypted_filename "$param") unencrypted_file=$(normalize_filename "$param")
if [[ ! -e "$unencrypted_file" ]]; then if [[ ! -e "$unencrypted_file" ]]; then
"${BLACKBOX_HOME}/blackbox_edit_start" "$param" "${BLACKBOX_HOME}/blackbox_edit_start" "$param"
shreddable=1 shreddable=1

6
bin/blackbox_diff
View File

@@ -19,8 +19,10 @@ prepare_keychain
modified_files=() modified_files=()
modifications=() modifications=()
echo '========== DIFFING FILES: START' echo '========== DIFFING FILES: START'
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") local name
name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$unencrypted_file") encrypted_file=$(get_encrypted_filename "$unencrypted_file")
fail_if_not_on_cryptlist "$unencrypted_file" fail_if_not_on_cryptlist "$unencrypted_file"
if [[ -f "$unencrypted_file" ]]; then if [[ -f "$unencrypted_file" ]]; then

5
bin/blackbox_list_files
View File

@@ -5,4 +5,7 @@
# #
set -e set -e
source "${0%/*}/_blackbox_common.sh" source "${0%/*}/_blackbox_common.sh"
cat "$BB_FILES"
while IFS= read <&99 -r encodedname; do
echo $encodedname
done 99<"$BB_FILES"

8
bin/blackbox_postdeploy
View File

@@ -27,8 +27,12 @@ prepare_keychain
# Decrypt: # Decrypt:
echo '========== Decrypting new/changed files: START' echo '========== Decrypting new/changed files: START'
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
encrypted_file=$(get_encrypted_filename "$unencrypted_file") local name
name=$(echo $name)
encrypted_file=$(get_encrypted_filename "$name")
unencrypted_file=$(get_unencrypted_filename "$name")
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file" decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
cp_permissions "$encrypted_file" "$unencrypted_file" cp_permissions "$encrypted_file" "$unencrypted_file"
if [[ ! -z "$FILE_GROUP" ]]; then if [[ ! -z "$FILE_GROUP" ]]; then

8
bin/blackbox_shred_all_files
View File

@@ -21,9 +21,11 @@ source "${0%/*}/_blackbox_common.sh"
change_to_vcs_root change_to_vcs_root
echo '========== FILES BEING SHREDDED:' echo '========== FILES BEING SHREDDED:'
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") local name
encrypted_file=$(get_encrypted_filename "$unencrypted_file") name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$name")
if [[ -f "$unencrypted_file" ]]; then if [[ -f "$unencrypted_file" ]]; then
echo " $unencrypted_file" echo " $unencrypted_file"
shred_file "$unencrypted_file" shred_file "$unencrypted_file"

22
bin/blackbox_update_all_files
View File

@@ -18,15 +18,19 @@ disclose_admins
prepare_keychain prepare_keychain
echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:' echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
echo " $unencrypted_file.gpg" local name
name=$(echo $encodedname)
echo " $name.gpg"
done 99<"$BB_FILES" done 99<"$BB_FILES"
echo '========== FILES IN THE WAY:' echo '========== FILES IN THE WAY:'
need_warning=false need_warning=false
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") local name
encrypted_file=$(get_encrypted_filename "$unencrypted_file") name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$name")
if [[ -f "$unencrypted_file" ]]; then if [[ -f "$unencrypted_file" ]]; then
need_warning=true need_warning=true
echo " $unencrypted_file" echo " $unencrypted_file"
@@ -41,9 +45,11 @@ else
fi fi
echo '========== RE-ENCRYPTING FILES:' echo '========== RE-ENCRYPTING FILES:'
while IFS= read <&99 -r unencrypted_file; do while IFS= read <&99 -r encodedname; do
unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") local name
encrypted_file=$(get_encrypted_filename "$unencrypted_file") name=$(echo $encodedname)
unencrypted_file=$(get_unencrypted_filename "$name")
encrypted_file=$(get_encrypted_filename "$name")
echo ========== PROCESSING '"'$unencrypted_file'"' echo ========== PROCESSING '"'$unencrypted_file'"'
fail_if_not_on_cryptlist "$unencrypted_file" fail_if_not_on_cryptlist "$unencrypted_file"
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file" decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"