Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

Add support for SECRETS_VERBOSE env var (#393)

Browse Source 
* Support SECRETS_VERBOSE env var in addition to -v
* don't use --quiet when decrypting in verbose mode
* show output of gpg encryption in verbose mode
* add tests for SECRETS_VERBOSE env var set to 0 and 1
* update changelog, reorder entries.
* add tests for 'cat' and 'hide' with SECRETS_VERBOSE=1
pull/398/head
Josh Rabinowitz 5 years ago committed by GitHub
parent c4331693f3
commit 22fe1ed2d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 92 additions and 41 deletions
Show Stats Download Patch File Download Diff File

4
CHANGELOG.md
Unescape Escape View File

@ -2,12 +2,14 @@
## {{Next Version}}
- Support SECRETS_VERBOSE env var to enable verbosity (#323)
- Use gpg without --quiet when decrypting in verbose mode (#394)
- Add -v 'verbose' option to 'tell', showing gpg output (#320)
- Fix link to homebrew's git-secret in README.md (#310)
- Update CHANGELOG.md to mention fix for #281 in v0.2.5 (#311)
- Remove diagnostic output from test results (#324)
- Remove un-needed redirection in 'reveal' (#325)
- Remove unused functions from _git_secret_tools.sh
- Add -v 'verbose' option to 'tell', showing gpg output (#320)
- Fix link to current contributors in CONTRIBUTING.md (#331)
- Fix tests when running from git hooks (#334)
- Fix typo, remove temp directory in utils/tests.sh (#347)

36
src/_utils/_git_secret_tools.sh
Unescape Escape View File

@ -13,6 +13,14 @@ _SECRETS_DIR_KEYS_TRUSTDB="${_SECRETS_DIR_KEYS}/trustdb.gpg"
_SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg"
# _SECRETS_VERBOSE is expected to be empty or '1'.
# Empty means 'off', any other value means 'on'.
# shellcheck disable=SC2153
if [[ -n "$SECRETS_VERBOSE" ]] && [[ "$SECRETS_VERBOSE" -ne 0 ]]; then
# shellcheck disable=SC2034
_SECRETS_VERBOSE='1'
fi
: "${SECRETS_EXTENSION:=".secret"}"
# Commands:
@ -438,14 +446,16 @@ function _find_and_clean {
# required:
local pattern="$1" # can be any string pattern
# optional:
local verbose=${2:-""} # can be empty or should be equal to "v"
local verbose_opt=''
if [[ -n "$_SECRETS_VERBOSE" ]]; then
verbose_opt='v';
fi
local root
root=$(_get_git_root_path)
# shellcheck disable=2086
find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose
find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose_opt
}
@ -453,17 +463,13 @@ function _find_and_clean_formatted {
# required:
local pattern="$1" # can be any string pattern
# optional:
local verbose=${2:-""} # can be empty or should be equal to "v"
local message=${3:-"cleaning:"} # can be any string
if [[ -n "$verbose" ]]; then
echo && echo "$message"
if [[ -n "$_SECRETS_VERBOSE" ]]; then
echo && echo "cleaning:"
fi
_find_and_clean "$pattern" "$verbose"
_find_and_clean "$pattern"
if [[ -n "$verbose" ]]; then
if [[ -n "$_SECRETS_VERBOSE" ]]; then
echo
fi
}
@ -685,16 +691,20 @@ function _decrypt {
args+=( "--pinentry-mode" "loopback" )
fi
if [[ -z "$_SECRETS_VERBOSE" ]]; then
args+=( "--quiet" )
fi
set +e # disable 'set -e' so we can capture exit_code
#echo "# gpg passphrase: $passphrase" >&3
local exit_code
if [[ -n "$passphrase" ]]; then
echo "$passphrase" | $SECRETS_GPG_COMMAND "${args[@]}" --quiet --batch --yes --no-tty --passphrase-fd 0 \
echo "$passphrase" | $SECRETS_GPG_COMMAND "${args[@]}" --batch --yes --no-tty --passphrase-fd 0 \
"$encrypted_filename"
exit_code=$?
else
$SECRETS_GPG_COMMAND "${args[@]}" "--quiet" "$encrypted_filename"
$SECRETS_GPG_COMMAND "${args[@]}" "$encrypted_filename"
exit_code=$?
fi

7
src/commands/git_secret_clean.sh
Unescape Escape View File

@ -2,13 +2,12 @@
function clean {
local verbose=''
OPTIND=1
# shellcheck disable=2034
while getopts 'vh' opt; do
case "$opt" in
v) verbose="v";;
v) _SECRETS_VERBOSE=1;;
h) _show_manual_for 'clean';;
@ -22,5 +21,5 @@ function clean {
_user_required
# User should see properly formatted output:
_find_and_clean_formatted "*$SECRETS_EXTENSION" "$verbose"
_find_and_clean_formatted "*$SECRETS_EXTENSION"
}

33
src/commands/git_secret_hide.sh
Unescape Escape View File

@ -17,24 +17,22 @@ BEGIN { FS=":"; OFS=":"; }
function _optional_clean {
local clean="$1"
local verbose=${2:-""}
if [[ $clean -eq 1 ]]; then
_find_and_clean_formatted "*$SECRETS_EXTENSION" "$verbose"
_find_and_clean_formatted "*$SECRETS_EXTENSION"
fi
}
function _optional_delete {
local delete="$1"
local verbose=${2:-""}
if [[ $delete -eq 1 ]]; then
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
# We use custom formatting here:
if [[ -n "$verbose" ]]; then
if [[ -n "$_SECRETS_VERBOSE" ]]; then
echo && echo 'removing unencrypted files:'
fi
@ -42,10 +40,10 @@ function _optional_delete {
# So the formatting would not be repeated several times here:
local filename
filename=$(_get_record_filename "$line")
_find_and_clean "*$filename" "$verbose"
_find_and_clean "*$filename"
done < "$path_mappings"
if [[ -n "$verbose" ]]; then
if [[ -n "$_SECRETS_VERBOSE" ]]; then
echo
fi
fi
@ -83,7 +81,6 @@ function hide {
local preserve=0
local delete=0
local fsdb_update_hash=0 # add checksum hashes to fsdb
local verbose=''
local force_continue=0
OPTIND=1
@ -100,7 +97,7 @@ function hide {
m) fsdb_update_hash=1;;
v) verbose='v';;
v) _SECRETS_VERBOSE=1;;
h) _show_manual_for 'hide';;
@ -116,7 +113,7 @@ function hide {
# If -c option was provided, it would clean the hidden files
# before creating new ones.
_optional_clean "$clean" "$verbose"
_optional_clean "$clean"
# Encrypting files:
@ -161,12 +158,20 @@ function hide {
# encrypt file only if required
if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
set +e # disable 'set -e' so we can capture exit_code
local args=( --homedir "$secrets_dir_keys" "--no-permission-warning" --use-agent --yes "--trust-model=always" --encrypt )
# we depend on $recipients being split on whitespace
# shellcheck disable=SC2086
$SECRETS_GPG_COMMAND --homedir "$secrets_dir_keys" "--no-permission-warning" --use-agent --yes --trust-model=always --encrypt \
$recipients -o "$output_path" "$input_path" > /dev/null 2>&1
# shellcheck disable=SC2206
args+=( $recipients -o "$output_path" "$input_path" )
set +e # disable 'set -e' so we can capture exit_code
if [[ -n "$_SECRETS_VERBOSE" ]]; then
# on at least some platforms, this doesn't output anything unless there's a warning or error
$SECRETS_GPG_COMMAND "${args[@]}"
else
$SECRETS_GPG_COMMAND "${args[@]}" > /dev/null 2>&1
fi
local exit_code=$?
set -e # re-enable set -e
@ -196,7 +201,7 @@ function hide {
# If -d option was provided, it would delete the source files
# after we have already hidden them.
_optional_delete "$delete" "$verbose"
_optional_delete "$delete"
echo "done. $counter of $num_mappings files are hidden."
}

9
src/commands/git_secret_tell.sh
Unescape Escape View File

@ -21,7 +21,6 @@ function tell {
local emails
local self_email=0
local homedir
local verbose=0
# A POSIX variable
# Reset in case getopts has been used previously in the shell.
@ -29,7 +28,7 @@ function tell {
while getopts "vhmd:" opt; do
case "$opt" in
v) verbose=1;;
v) _SECRETS_VERBOSE=1;;
h) _show_manual_for "tell";;
@ -100,10 +99,10 @@ function tell {
secrets_dir_keys=$(_get_secrets_dir_keys)
local args=( --homedir "$secrets_dir_keys" --no-permission-warning --import "$keyfile" )
if [[ "$verbose" -ne 0 ]]; then
$SECRETS_GPG_COMMAND "${args[@]}"
else
if [[ -z "$_SECRETS_VERBOSE" ]]; then
$SECRETS_GPG_COMMAND "${args[@]}" > /dev/null 2>&1
else
$SECRETS_GPG_COMMAND "${args[@]}"
fi
exit_code=$?
if [[ "$exit_code" -ne 0 ]]; then

10
tests/test_cat.bats
Unescape Escape View File

@ -36,6 +36,16 @@ function teardown {
[ "$FILE_CONTENTS" == "$output" ]
}
@test "run 'cat' with password argument and SECRETS_VERBOSE=1" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
SECRETS_VERBOSE=1 run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
[ "$status" -eq 0 ]
# $output _contains_ the output from 'git secret cat', may have extra output from gpg
[[ "$output" == *"$FILE_CONTENTS"* ]]
}
@test "run 'cat' with wrong filename" {
run git secret cat -d "$TEST_GPG_HOMEDIR" -p "$password" NO_SUCH_FILE
[ "$status" -eq 2 ]

21
tests/test_clean.bats
Unescape Escape View File

@ -65,3 +65,24 @@ function _secret_files_exists {
[[ "$output" == *"$first_filename"* ]]
[[ "$output" == *"$second_filename"* ]]
}
# this test is like above, but uses SECRETS_VERBOSE env var
@test "run 'clean' with 'SECRETS_VERBOSE=1'" {
export SECRETS_VERBOSE=1
run git secret clean
[ "$status" -eq 0 ]
# Output must be verbose:
[[ "$output" == *"cleaning"* ]]
}
# this test is like above, but sets SECRETS_VERBOSE env var to 0
# and expected non-verbose output
@test "run 'clean' with 'SECRETS_VERBOSE=0'" {
export SECRETS_VERBOSE=0
run git secret clean
[ "$status" -eq 0 ]
# Output must not be verbose:
[[ "$output" != *"cleaning"* ]]
}

12
tests/test_hide.bats
Unescape Escape View File

@ -39,6 +39,14 @@ function teardown {
[ -f "$encrypted_file" ]
}
@test "run 'hide' normally with SECRETS_VERBOSE=1" {
SECRETS_VERBOSE=1 run git secret hide
# Command must execute normally.
[ "$status" -eq 0 ]
[[ "$output" == "done. 1 of 1 files are hidden." ]]
}
@test "run 'hide' with '-P'" {
# attempt to alter permissions on input file
@ -199,8 +207,6 @@ function teardown {
run git secret hide -d
[ "$status" -eq 0 ]
ls && pwd
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
}
@ -210,8 +216,6 @@ function teardown {
run git secret hide -v -d
[ "$status" -eq 0 ]
ls && pwd
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]

1
utils/tests.sh
Unescape Escape View File

@ -10,6 +10,7 @@ cd "${SECRET_PROJECT_ROOT}"; rm -rf 'tempdir with spaces'; mkdir 'tempdir with s
# test with non-standard SECRETS_DIR (normally .gitsecret) and SECRETS_EXTENSION (normally .secret)
export SECRETS_DIR=.gitsecret-testdir
export SECRETS_EXTENSION=.secret2
#export SECRETS_VERBOSE=''
# bats expects diagnostic lines to be sent to fd 3, matching regex '^ #' (IE, like: `echo '# message here' >&3`)
# bats ... 3>&1 shows diagnostic output when errors occur.

Write Preview
Loading…
Cancel
Save