Merge pull request #26 from bendra/master

Subversion support

.gitignore

@@ -5,6 +5,9 @@ __pycache__/
 # C extensions
 *.so
 
+# backup shell files
+*~
+
 # Distribution / packaging
 .Python
 env/

README.md

@@ -7,7 +7,7 @@ git/mercurial server unless you trust everyone with root access and access to yo
 BlackBox
 ========
 
-Safely store secrets in a VCS repo (i.e. Git or Mercurial). These
+Safely store secrets in a VCS repo (i.e. Git, Mercurial, or Subversion). These
 commands make it easy
 for you to Gnu Privacy Guard (GPG) encrypt specific files in a repo so they are
 "encrypted at rest" in your repository. However, the scripts
@@ -48,12 +48,17 @@ files.  Simply set up a GPG key for the Puppet master (or the role
 account that pushes new files to the Puppet master) and have that
 user run `blackbox_postdeploy` after any files are updated.
 
-Getting started is easy.  Just `cd` into a Git or Mercurial repository
+Getting started is easy.  Just `cd` into a Git, Mercurial or Subversion
-and run `blackbox_initialize`.  After that, if a file is to be
+repository and run `blackbox_initialize`.  After that, if a file is to 
-encrypted, run `blackbox_register_new_file` and you are done.  Add
+be encrypted, run `blackbox_register_new_file` and you are done.  Add
 and remove keys with `blackbox_addadmin` and `blackbox_removeadmin`.
-To view and/or edit a file, run `blackbox_edit_start`. Run
+To view and/or edit a file, run `blackbox_edit`; this will decrypt the
-`blackbox_edit_end` when you want to "put it back in the box."
+file and open with whatever is specified by your $EDITOR environment
+variable.  When you close the editor the file will automatically be 
+encrypted again and the temporary plaintext file will be shredded.  If
+you need to leave the file decrypted while you update you can use the
+`blackbox_edit_start` to decrypt the file and  `blackbox_edit_end` when 
+you want to "put it back in the box."
 
 
 Why is this important?

bin/_blackbox_common.sh

@@ -14,10 +14,28 @@
  
 # Outputs a string that is the base directory of this VCS repo.
 # By side-effect, sets the variable VCS_TYPE to either 'git', 'hg',
-# or 'unknown'.
+# 'svn' or 'unknown'.
 function _determine_vcs_base_and_type() {
   if git rev-parse --show-toplevel 2>/dev/null ; then
     VCS_TYPE=git
+  elif [ -d ".svn" ] ; then
+    #find topmost dir with .svn sub-dir
+    parent=""
+    grandparent="."
+    mydir=`pwd`
+    while [ -d "$grandparent/.svn" ]; do
+      parent=$grandparent
+      grandparent="$parent/.."
+    done
+
+    if [ ! -z "$parent" ]; then
+      cd $parent
+      echo `pwd`
+    else
+      exit 1
+    fi
+    cd $mydir
+    VCS_TYPE=svn
   elif hg root 2>/dev/null ; then
     # NOTE: hg has to be tested last because it always "succeeds".
     VCS_TYPE=hg
@@ -69,7 +87,7 @@ function fail_if_not_exists() {
 function fail_if_not_in_repo() {
   _determine_vcs_base_and_type
   if [[ $VCS_TYPE = "unknown" ]]; then
-    echo "ERROR: This must be run in a VCS repo such as git or hg."
+    echo "ERROR: This must be run in a VCS repo: git, hg, or svn."
     echo Exiting...
     exit 1
   fi
@@ -302,6 +320,17 @@ function is_in_git() {
     echo false
   fi
 }
+# Subversion
+function is_in_svn() {
+  local filename
+  filename="$1"
+
+  if svn list "$filename" ; then
+    echo true
+  else
+    echo false
+  fi 
+}
 
 
 # Add a file to the repo (but don't commit it).
@@ -316,6 +345,10 @@ function vcs_add_hg() {
 function vcs_add_git() {
   git add """$@"""
 }
+# Subversion
+function vcs_add_svn() {
+  svn add --parents """$@"""
+}
 
 
 # Commit a file to the repo
@@ -330,6 +363,11 @@ function vcs_commit_hg() {
 function vcs_commit_git() {
   git commit -m"""$@"""
 }
+# Subversion
+function vcs_commit_svn() {
+  svn commit -m"""$@"""
+}
+
 
 
 # Remove file from repo, even if it was deleted locally already.
@@ -345,3 +383,7 @@ function vcs_remove_hg() {
 function vcs_remove_git() {
   git rm --ignore-unmatch -f -- """$@"""
 }
+# Subversion
+function vcs_remove_svn() {
+  svn delete """$@"""
+}

bin/blackbox_edit

@@ -7,7 +7,8 @@ set -e
 . _blackbox_common.sh
 
 for param in """$@""" ; do
-  if ! is_on_cryptlist "$param" ; then
+  unencrypted_file=$(get_unencrypted_filename "$param")
+  if  [[! is_on_cryptlist "$param" ]] && [[! is_on_cryptlist "$unencrypted_file" ]] ; then
     read -p "Encrypt file $param? (y/n) " ans
     case "$ans" in
       y* | Y*)

bin/blackbox_edit_end

@@ -19,6 +19,8 @@ fail_if_keychain_has_secrets
 encrypt_file "$unencrypted_file" "$encrypted_file"
 shred_file "$unencrypted_file"
 
+_determine_vcs_base_and_type
+
 echo "========== UPDATED ${encrypted_file}"
 echo "Likely next step:"
-echo "    git commit -m\"${encrypted_file} updated\" $encrypted_file"
+echo "    $VCS_TYPE commit -m\"${encrypted_file} updated\" $encrypted_file"

bin/blackbox_initialize

@@ -24,14 +24,24 @@ fi
 echo cd "$REPOBASE"
 cd "$REPOBASE"
 
-# Update .gitignore or .hgignore
+echo VCS_TYPE: $VCS_TYPE
 
-IGNOREFILE=".${VCS_TYPE}ignore"
+if [[ $VCS_TYPE = "git" || $VCS_TYPE = "hg" ]]; then
-if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
+  # Update .gitignore or .hgignore
+
+  IGNOREFILE=".${VCS_TYPE}ignore"
+  if ! grep -sx >/dev/null 'pubring.gpg~' "$IGNOREFILE" ; then
     echo 'pubring.gpg~' >>"$IGNOREFILE"
-fi
+  fi
-if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then
+  if ! grep -sx >/dev/null 'secring.gpg' "$IGNOREFILE" ; then
     echo 'secring.gpg' >>"$IGNOREFILE"
+  fi
+elif [[ $VCS_TYPE = "svn" ]]; then
+  # add file to svn ignore propset
+  IGNOREFILE="";
+  svn propset svn:ignore 'pubring.gpg~
+secring.gpg' .
+  svn commit -m "ignore file list"
 fi
 
 # Make directories