- _blackbox_common.sh sets the default Blackbox directory
for the new repositories using the first entry of the
BLACKBOX_CANDIDATES array. This small change sets the
first entry to the new .blackbox dir (instead of the keyring/live)
Add a command for decrypting single files. It is currently just an alias
for blackbox_edit_start.
It is meant to be a more obvious command for decrypting a single file
without editing it.
Fixes#268
This relates to https://github.com/StackExchange/blackbox/issues/247 where it has been observed that the blackbox_removeadmin script prompts the user to run an incorrect command after running blackbox_removeadmin. This commit simply adds pubring.gpg to the list of files to be committed.
By default GPG will continue to perform actions against our default keyring.
During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist. If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.
To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase. The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout. This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
* Use the `rm` command with `-P` as a shred fallback
The newer versions of OSX (Sierra) have neither `shred` nor `srm`.
They do have `rm` with the `-P` option, so we can fall back to that
before resorting to plain old `rm`.
* Add double-quotes and braces to the shell variable.
We should treat the variable as a string, and we should also be safe
when interpolating it.
* Requiring a file to be entered to finish editing
Running blackbox_edit_end without an argument doesn't currently print out a warning that no files are being changed. A developer in my team who was new to Blackbox committed a decrypted file (and made no changes to the GPG file) as they didn't realise the command hadn't worked.
The check I've added should help to avoid these errors.
* Adding argument check to start editing
This relates to https://github.com/StackExchange/blackbox/issues/247 where it has been observed that the blackbox_removeadmin script prompts the user to run an incorrect command after running blackbox_removeadmin. This commit simply adds pubring.gpg to the list of files to be committed.
By default GPG will continue to perform actions against our default keyring.
During the keychain import stage this results in the export of both the
keyring for the repository we're working on, plus our own default keyring.
The import phase then continues to import all these exported keys, which
include the entries from our default keyring, for which all those entries
already exist. If you have a lot of keys in your default keyring this takes a
long time, and can be noisy due to validation, yet offers absolutely no value.
To avoid all this overhead we only need to pass the `--no-default-keyring`
option to GPG during this export phase. The result will still be what we're
expecting - i.e. that all entries from the repository pubring are imported
into our default keyring.
Previously the keychain import appears to have redirected stderr to stdout,
silenced lines that indicate a key has 'not changed' then send the output back
to stdout. This behaviour has been carried over to the new GnuPG-2.1
compatible implementation.
Tom Limoncelli
Kamil Wilczek
Tobias Dubois
r-savu
winter0mute
Ben Tullis
Pim Snel
Jinn Koriech
Jon Bardin
Aymeric Beaumet
James Gregory
Patrick Sanders
Jinn Koriech
Robert Taylor
Matthew
Simon Gate
Graham Lyons
Tino Breddin
Ben Watson
Joseph Herlant
Jason Price
Dave Jachimiak
Jose Diaz-Gonzalez
jonathan vanasco