From 0c3886df6525f631b50274f77b7c5563822ad213 Mon Sep 17 00:00:00 2001
From: bendra <bdrasin@gmail.com>
Date: Wed, 15 Oct 2014 11:01:52 -0700
Subject: [PATCH 1/6] inital checkin of svn support

---
 .gitignore              |  3 +++
 bin/_blackbox_common.sh | 31 +++++++++++++++++++++++++++++--
 bin/blackbox_initialize | 24 +++++++++++++++++-------
 3 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 03b2136..f2d9497 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,9 @@ __pycache__/
 # C extensions
 *.so
 
+# backup shell files
+*~
+
 # Distribution / packaging
 .Python
 env/
diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh
index 5c26371..216b227 100755
--- a/bin/_blackbox_common.sh
+++ b/bin/_blackbox_common.sh
@@ -14,10 +14,13 @@
  
 # Outputs a string that is the base directory of this VCS repo.
 # By side-effect, sets the variable VCS_TYPE to either 'git', 'hg',
-# or 'unknown'.
+# 'svn' or 'unknown'.
 function _determine_vcs_base_and_type() {
   if git rev-parse --show-toplevel 2>/dev/null ; then
     VCS_TYPE=git
+  elif [ -d ".svn" ] ; then
+    echo `pwd`
+    VCS_TYPE=svn
   elif hg root 2>/dev/null ; then
     # NOTE: hg has to be tested last because it always "succeeds".
     VCS_TYPE=hg
@@ -69,7 +72,7 @@ function fail_if_not_exists() {
 function fail_if_not_in_repo() {
   _determine_vcs_base_and_type
   if [[ $VCS_TYPE = "unknown" ]]; then
-    echo "ERROR: This must be run in a VCS repo such as git or hg."
+    echo "ERROR: This must be run in a VCS repo: git, hg, or svn."
     echo Exiting...
     exit 1
   fi
@@ -302,6 +305,17 @@ function is_in_git() {
     echo false
   fi
 }
+# Subversion
+function is_in_svn() {
+  local filename
+  filename="$1"
+
+  if svn list "$filename" ; then
+    echo true
+  else
+    echo false
+  fi 
+}
 
 
 # Add a file to the repo (but don't commit it).
@@ -316,6 +330,10 @@ function vcs_add_hg() {
 function vcs_add_git() {
   git add """$@"""
 }
+# Subversion
+function vcs_add_svn() {
+  svn add --parents """$@"""
+}
 
 
 # Commit a file to the repo
@@ -330,6 +348,11 @@ function vcs_commit_hg() {
 function vcs_commit_git() {
   git commit -m"""$@"""
 }
+# Subversion
+function vcs_commit_svn() {
+  svn commit -m"""$@"""
+}
+
 
 
 # Remove file from repo, even if it was deleted locally already.
@@ -345,3 +368,7 @@ function vcs_remove_hg() {
 function vcs_remove_git() {
   git rm --ignore-unmatch -f -- """$@"""
 }
+# Subversion
+function vcs_remove_svn() {
+  svn delete """$@"""
+}
diff --git a/bin/blackbox_initialize b/bin/blackbox_initialize
index 1b1ce9c..80b88ef 100755
--- a/bin/blackbox_initialize
+++ b/bin/blackbox_initialize
@@ -24,14 +24,24 @@ fi
 echo cd "$REPOBASE"
 cd "$REPOBASE"
 
-# Update .gitignore or .hgignore
+echo VCS_TYPE: $VCS_TYPE
 
-IGNOREFILE=".${VCS_TYPE}ignore"
-if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
-  echo 'pubring.gpg~' >>"$IGNOREFILE"
-fi
-if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then
-  echo 'secring.gpg' >>"$IGNOREFILE"
+if [[ $VCS_TYPE = "git" || $VCS_TYPE = "hg" ]]; then
+  # Update .gitignore or .hgignore
+
+  IGNOREFILE=".${VCS_TYPE}ignore"
+  if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
+    echo 'pubring.gpg~' >>"$IGNOREFILE"
+  fi
+  if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then
+    echo 'secring.gpg' >>"$IGNOREFILE"
+  fi
+elif [[ $VCS_TYPE = "svn" ]]; then
+  # add file to svn ignore propset
+  IGNOREFILE="";
+  svn propset svn:ignore 'pubring.gpg~
+secring.gpg' .
+  svn commit -m "ignore file list"
 fi
 
 # Make directories

From f94b8a3764b986ad0268a09469e5876816ae578f Mon Sep 17 00:00:00 2001
From: bendra <bdrasin@gmail.com>
Date: Sat, 18 Oct 2014 10:21:17 -0700
Subject: [PATCH 2/6] give proper commit command

---
 bin/blackbox_edit_end | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/blackbox_edit_end b/bin/blackbox_edit_end
index ab4bf6f..cbc12fd 100755
--- a/bin/blackbox_edit_end
+++ b/bin/blackbox_edit_end
@@ -19,6 +19,8 @@ fail_if_keychain_has_secrets
 encrypt_file "$unencrypted_file" "$encrypted_file"
 shred_file "$unencrypted_file"
 
+_determine_vcs_base_and_type
+
 echo "========== UPDATED ${encrypted_file}"
 echo "Likely next step:"
-echo "    git commit -m\"${encrypted_file} updated\" $encrypted_file"
+echo "    $VCS_TYPE commit -m\"${encrypted_file} updated\" $encrypted_file"

From 47b9c1a4f283accb63cf8f5800bc93e45135e3a9 Mon Sep 17 00:00:00 2001
From: bendra <bdrasin@gmail.com>
Date: Sat, 18 Oct 2014 23:30:38 -0700
Subject: [PATCH 3/6] fix for svnroot

---
 bin/_blackbox_common.sh | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh
index 216b227..8bc9457 100755
--- a/bin/_blackbox_common.sh
+++ b/bin/_blackbox_common.sh
@@ -19,7 +19,22 @@ function _determine_vcs_base_and_type() {
   if git rev-parse --show-toplevel 2>/dev/null ; then
     VCS_TYPE=git
   elif [ -d ".svn" ] ; then
-    echo `pwd`
+    #find topmost dir with .svn sub-dir
+    parent=""
+    grandparent="."
+    mydir=`pwd`
+    while [ -d "$grandparent/.svn" ]; do
+      parent=$grandparent
+      grandparent="$parent/.."
+    done
+
+    if [ ! -z "$parent" ]; then
+      cd $parent
+      echo `pwd`
+    else
+      exit 1
+    fi
+    cd $mydir
     VCS_TYPE=svn
   elif hg root 2>/dev/null ; then
     # NOTE: hg has to be tested last because it always "succeeds".

From 2f9dd2054468a421cf06118ecb70e643477de53c Mon Sep 17 00:00:00 2001
From: bendra <bdrasin@gmail.com>
Date: Sun, 19 Oct 2014 20:55:47 -0700
Subject: [PATCH 4/6] allow blackbox_edit to work with either encrypted or
 plaintext file name

---
 bin/blackbox_edit | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/blackbox_edit b/bin/blackbox_edit
index 0997fd5..2d2b3f3 100755
--- a/bin/blackbox_edit
+++ b/bin/blackbox_edit
@@ -7,7 +7,8 @@ set -e
 . _blackbox_common.sh
 
 for param in """$@""" ; do
-  if ! is_on_cryptlist "$param" ; then
+  unencrypted_file=$(get_unencrypted_filename "$param")
+  if  [[! is_on_cryptlist "$param" ]] && [[! is_on_cryptlist "$unencrypted_file" ]] ; then
     read -p "Encrypt file $param? (y/n) " ans
     case "$ans" in
       y* | Y*)

From 8d04df1faa4cfdd33bcfc55291d20739f932d3ce Mon Sep 17 00:00:00 2001
From: Benjamin Drasin <livinglaser@hotmail.com>
Date: Mon, 20 Oct 2014 10:37:34 -0700
Subject: [PATCH 5/6] Update README.md

mention subversion support, mention blackbox_edit more prominently
---
 README.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index abecf41..4590e9c 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ git/mercurial server unless you trust everyone with root access and access to yo
 BlackBox
 ========
 
-Safely store secrets in a VCS repo (i.e. Git or Mercurial). These
+Safely store secrets in a VCS repo (i.e. Git, Mercurial, or Subversion). These
 commands make it easy
 for you to Gnu Privacy Guard (GPG) encrypt specific files in a repo so they are
 "encrypted at rest" in your repository. However, the scripts
@@ -52,8 +52,13 @@ Getting started is easy.  Just `cd` into a Git or Mercurial repository
 and run `blackbox_initialize`.  After that, if a file is to be
 encrypted, run `blackbox_register_new_file` and you are done.  Add
 and remove keys with `blackbox_addadmin` and `blackbox_removeadmin`.
-To view and/or edit a file, run `blackbox_edit_start`. Run
-`blackbox_edit_end` when you want to "put it back in the box."
+To view and/or edit a file, run `blackbox_edit`; this will decrypt the
+file and open with whatever is specified by your $EDITOR environment
+variable.  When you close the editor the file will automatically be 
+encrypted again and the temporary plaintext file will be shredded.  If
+you need to leave the file decrypted while you update you can use the
+`blackbox_edit_start` to decrypt the file and  `blackbox_edit_end` when 
+you want to "put it back in the box."
 
 
 Why is this important?

From 6cf8dfc594b856b85d6fe3b6c2e38d9f8d5aeff9 Mon Sep 17 00:00:00 2001
From: Benjamin Drasin <livinglaser@hotmail.com>
Date: Mon, 20 Oct 2014 10:39:01 -0700
Subject: [PATCH 6/6] Update README.md

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 4590e9c..b9f190b 100644
--- a/README.md
+++ b/README.md
@@ -48,9 +48,9 @@ files.  Simply set up a GPG key for the Puppet master (or the role
 account that pushes new files to the Puppet master) and have that
 user run `blackbox_postdeploy` after any files are updated.
 
-Getting started is easy.  Just `cd` into a Git or Mercurial repository
-and run `blackbox_initialize`.  After that, if a file is to be
-encrypted, run `blackbox_register_new_file` and you are done.  Add
+Getting started is easy.  Just `cd` into a Git, Mercurial or Subversion
+repository and run `blackbox_initialize`.  After that, if a file is to 
+be encrypted, run `blackbox_register_new_file` and you are done.  Add
 and remove keys with `blackbox_addadmin` and `blackbox_removeadmin`.
 To view and/or edit a file, run `blackbox_edit`; this will decrypt the
 file and open with whatever is specified by your $EDITOR environment