From 86a214574d09c3f4a606cf5aac6d0871a204ee56 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sat, 12 Mar 2016 22:21:04 +0300 Subject: [PATCH 1/9] debian/ubuntu packages --- Makefile | 35 +++++++++++++++++++++--- README.md | 2 +- man/man1/git-secret.7.ronn | 2 +- src/_utils/_git_secret_tools.sh | 2 ++ src/main.sh | 18 ++++++++++--- utils/build-deb.sh | 47 +++++++++++++++++++++++++++++++++ utils/post-commit.sh | 9 ++++++- 7 files changed, 105 insertions(+), 10 deletions(-) create mode 100755 utils/build-deb.sh diff --git a/Makefile b/Makefile index 63552ca2..348a1aeb 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,7 @@ +# +# Building: +# + all: build git-secret: src/_utils/* src/commands/* src/main.sh @@ -9,6 +13,10 @@ clean: build: git-secret +# +# Testing: +# + install-test: git clone https://github.com/sstephenson/bats.git vendor/bats @@ -19,16 +27,24 @@ test: rm -rf temp; mkdir temp; cd temp; \ bats "../tests"; -install-man: - gem install ronn +# +# Manuals: +# + +install-ronn: + @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi build-man: - @if [ ! `gem list ronn -i` == "true" ]; then make install-man; fi + @make install-ronn ronn --roff man/man1/*.ronn build-gh-pages: @/usr/bin/env bash utils/gh-branch.sh +# +# Development: +# + install-hooks: @# pre-commit: @ln -fs "${PWD}/utils/pre-commit.sh" "${PWD}/.git/hooks/pre-commit" @@ -38,3 +54,16 @@ install-hooks: @chmod +x "${PWD}/.git/hooks/post-commit" develop: clean build install-hooks + +# +# Packaging: +# + +install-fpm: + @if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi + +build-deb: clean build + @make install-fpm + @chmod +x "${PWD}/utils/build-deb.sh" + @"./utils/build-deb.sh" + diff --git a/README.md b/README.md index 2850bff2..b48066b3 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ This project is still under development. Current objectives: ## Testing For testing this project uses [`bats`](1). You can install it by running `make install-test`. -To run tests call: `make test`. It will download and install `bats` into `vandor/bats` if it's not installed yet. +To run tests call: `make test`. It will download and install `bats` into `vendor/bats` if it's not installed yet. [1]: https://github.com/sstephenson/bats diff --git a/man/man1/git-secret.7.ronn b/man/man1/git-secret.7.ronn index f999c990..82914b9b 100644 --- a/man/man1/git-secret.7.ronn +++ b/man/man1/git-secret.7.ronn @@ -9,7 +9,7 @@ There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately? 1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit. -2. When building the automated deploment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. +2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. ### How does `git-secret` solve these problems? diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 21da88ca..d1a1adf8 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +GITSECRET_VERSION="0.1.0" + # Global variables: WORKING_DIRECTORY="$PWD" diff --git a/src/main.sh b/src/main.sh index 52573a46..011c88b4 100755 --- a/src/main.sh +++ b/src/main.sh @@ -29,19 +29,29 @@ function _incorrect_usage { } -function _init_script { - # checking for proper set-up: - _check_setup +function _show_version { + echo "$GITSECRET_VERSION" + exit 0 +} + +function _init_script { if [[ $# == 0 ]]; then _incorrect_usage "no input parameters provided." 126 fi + if [[ $1 == "--version" ]]; then + _show_version + fi + + # checking for proper set-up: + _check_setup + # load dependencies: # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done # routing the input command: - if [[ $(_function_exists "$1") == 0 ]] && [[ ! $1 == _* ]]; then + if [[ $(_function_exists $1) == 0 ]] && [[ ! $1 == _* ]]; then $1 "${@:2}" else _incorrect_usage "command $1 not found." 126 diff --git a/utils/build-deb.sh b/utils/build-deb.sh new file mode 100755 index 00000000..7a866849 --- /dev/null +++ b/utils/build-deb.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +set -e + +# Initializing and settings: +READ_PEM=0744 +EXEC_PEM=0755 + +SCRIPT_NAME="git-secret" +SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." +SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +: ${SCRIPT_EPOCH:=0} +: ${SCRIPT_ITERATION:=1} + +if [[ -z "$SCRIPT_BUILD_DIR" ]]; then + SCRIPT_BUILD_DIR="${HOME}/debbuild-${SCRIPT_NAME}" +fi + +SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/installroot" + +# Preparing the files +rm -rf "$SCRIPT_BUILD_DIR" +mkdir -p "$SCRIPT_DEST_DIR" + +# Coping the files inside the build folder: +install -b -m "$EXEC_PEM" "git-secret" "${SCRIPT_DEST_DIR}/git-secret" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/man/man1" +for file in man/man1/* ; do + if [[ "$file" == *.ronn ]]; then + continue + fi + + install -b -m "$READ_PEM" "$file" "${SCRIPT_DEST_DIR}/${file}" +done + +# Building .deb package: +cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ + -a all \ + -n "$SCRIPT_NAME" \ + -d git \ + -d gpg \ + --epoch "$SCRIPT_EPOCH" \ + --version "$SCRIPT_VERSION" \ + --iteration "$SCRIPT_ITERATION" \ + --description="$SCRIPT_DESCRIPTION" \ + -C "$SCRIPT_DEST_DIR" \ + . diff --git a/utils/post-commit.sh b/utils/post-commit.sh index 836d81a7..f37496e7 100755 --- a/utils/post-commit.sh +++ b/utils/post-commit.sh @@ -4,7 +4,14 @@ set -e BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') -if [[ $BRANCH_NAME == 'master' ]]; then +if [[ "$BRANCH_NAME" == 'master' ]]; then # Build new web documentation: make build-gh-pages + + # create new release: + NEWEST_TAG=$(git describe --abbrev=0 --tags) + SCRIPT_VERSION=$(git secret --version) + if [[ "$NEWEST_TAG" != "$SCRIPT_VERSION" ]]; then + git tag -a "$SCRIPT_VERSION" -m "version $SCRIPT_VERSION" + fi fi From 73a6e041fad238a0b6213ac077ef8a79594ff599 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 00:35:05 +0300 Subject: [PATCH 2/9] fixed .deb package creation --- Makefile | 2 ++ src/commands/git_secret_reveal.sh | 6 +++--- tests/test_main.bats | 6 ++++++ utils/build-deb.sh | 16 +++++++--------- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 348a1aeb..b1ed3bf2 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ +SHELL:=/usr/bin/env bash + # # Building: # diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 973ddab5..6143a0eb 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -32,11 +32,11 @@ function reveal { fi if [[ ! -z "$passphrase" ]]; then - base="$base --batch --yes --passphrase $passphrase" + echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 -o "$line" "$encrypted_filename" + else + $base -o "$line" "$encrypted_filename" fi - $base -o "$line" "$encrypted_filename" - counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" diff --git a/tests/test_main.bats b/tests/test_main.bats index f52e9daa..6a1d5838 100644 --- a/tests/test_main.bats +++ b/tests/test_main.bats @@ -23,3 +23,9 @@ function teardown { run git secret notacommand [ "$status" -eq 126 ] } + + +@test "run 'git secret --version'" { + run git secret --version + [ "$output" == "$GITSECRET_VERSION" ] +} diff --git a/utils/build-deb.sh b/utils/build-deb.sh index 7a866849..e62eaf4e 100755 --- a/utils/build-deb.sh +++ b/utils/build-deb.sh @@ -3,7 +3,7 @@ set -e # Initializing and settings: -READ_PEM=0744 +READ_PEM=0644 EXEC_PEM=0755 SCRIPT_NAME="git-secret" @@ -23,22 +23,20 @@ rm -rf "$SCRIPT_BUILD_DIR" mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: -install -b -m "$EXEC_PEM" "git-secret" "${SCRIPT_DEST_DIR}/git-secret" -install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/man/man1" +install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" for file in man/man1/* ; do - if [[ "$file" == *.ronn ]]; then - continue - fi + if [[ "$file" == *.ronn ]]; then + continue + fi - install -b -m "$READ_PEM" "$file" "${SCRIPT_DEST_DIR}/${file}" + install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/${file}" done # Building .deb package: cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ -a all \ -n "$SCRIPT_NAME" \ - -d git \ - -d gpg \ --epoch "$SCRIPT_EPOCH" \ --version "$SCRIPT_VERSION" \ --iteration "$SCRIPT_ITERATION" \ From 455cfc468b0f3e0855684fdb1af2c74b26442d62 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 12:14:28 +0300 Subject: [PATCH 3/9] man7 created & install.sh working --- Makefile | 11 ++++++--- man/{man1 => man7}/git-secret.7 | 4 +-- man/{man1 => man7}/git-secret.7.ronn | 0 utils/build-deb.sh | 3 +++ utils/install.sh | 37 ++++++++++++++++++++++++++++ 5 files changed, 50 insertions(+), 5 deletions(-) rename man/{man1 => man7}/git-secret.7 (95%) rename man/{man1 => man7}/git-secret.7.ronn (100%) create mode 100755 utils/install.sh diff --git a/Makefile b/Makefile index b1ed3bf2..f47438cf 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ SHELL:=/usr/bin/env bash +PREFIX?="/usr" # # Building: @@ -15,6 +16,10 @@ clean: build: git-secret +install: clean build + @chmod +x "./utils/install.sh" + @sudo "./utils/install.sh" "$(PREFIX)" + # # Testing: # @@ -38,10 +43,10 @@ install-ronn: build-man: @make install-ronn - ronn --roff man/man1/*.ronn + ronn --roff man/*/*.ronn build-gh-pages: - @/usr/bin/env bash utils/gh-branch.sh + @"./utils/gh-branch.sh" # # Development: @@ -66,6 +71,6 @@ install-fpm: build-deb: clean build @make install-fpm - @chmod +x "${PWD}/utils/build-deb.sh" + @chmod +x "./utils/build-deb.sh" @"./utils/build-deb.sh" diff --git a/man/man1/git-secret.7 b/man/man7/git-secret.7 similarity index 95% rename from man/man1/git-secret.7 rename to man/man7/git-secret.7 index 929c1aee..6b15b102 100644 --- a/man/man1/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "February 2016" "" "" +.TH "GIT\-SECRET" "7" "March 2016" "" "" . .SH "NAME" \fBgit\-secret\fR @@ -26,7 +26,7 @@ There\'s a known problem in server configuration and deploying, when you have to These files are not version controlled\. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed\. And you can not tell for sure which version of the configuration file was used with each commit\. . .IP "2." 4 -When building the automated deploment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. +When building the automated deployment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. . .IP "" 0 . diff --git a/man/man1/git-secret.7.ronn b/man/man7/git-secret.7.ronn similarity index 100% rename from man/man1/git-secret.7.ronn rename to man/man7/git-secret.7.ronn diff --git a/utils/build-deb.sh b/utils/build-deb.sh index e62eaf4e..e20af392 100755 --- a/utils/build-deb.sh +++ b/utils/build-deb.sh @@ -25,6 +25,7 @@ mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.ronn ]]; then continue @@ -32,6 +33,8 @@ for file in man/man1/* ; do install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/${file}" done +install -D -T -b -m "$READ_PEM" -T "man/man7/git-secret.7" \ + "${SCRIPT_DEST_DIR}/usr/share/man/man7/git-secret.7" # Building .deb package: cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ diff --git a/utils/install.sh b/utils/install.sh new file mode 100755 index 00000000..89e006d0 --- /dev/null +++ b/utils/install.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set -e + +# Credit goes to: +# https://github.com/sstephenson/bats/blob/master/install.sh +resolve_link() { + $(type -p greadlink readlink | head -1) "$1" +} + +abs_dirname() { + local cwd="$(pwd)" + local path="$1" + + while [ -n "$path" ]; do + cd "${path%/*}" + local name="${path##*/}" + path="$(resolve_link "$name" || true)" + done + + pwd + cd "$cwd" +} + +PREFIX="$1" +if [ -z "$PREFIX" ]; then + echo "usage: $0 " >&2 + exit 1 +fi + +SCRIPT_ROOT="$(dirname $(abs_dirname "$0"))" + +mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 +cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret +cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 +cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 + +echo "Installed git-secret to $PREFIX/bin/git-secret" From c78bc099a76604e1f0eb9317170473bf12c92d3e Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 13:06:18 +0300 Subject: [PATCH 4/9] prerelease --- README.md | 20 ++++++++++++++------ man/man7/git-secret.7.ronn | 23 ++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b48066b3..1869d6a8 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,14 @@ ![git-secret terminal preview](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/gitsecret_terminal.gif) -## Installation and Usage +## Usage See the [git-secret site](https://sobolevn.github.io/git-secret/). +## Installation + +See the [installation section](https://sobolevn.github.io/git-secret/#installation). + ## Status This project is still under development. Current objectives: @@ -17,15 +21,19 @@ This project is still under development. Current objectives: - add `trust-model` parameter to `git-secret-hide` - autocomplete for `zsh` plugin - extra tests -- precompiled distributions for `brew` and other package managers -- create `CONTRIBUTING.md` with custom styleguide, refactor code due to styleguide +- precompiled distribution for `RPM` +- integrate [`shellcheck`](https://github.com/koalaman/shellcheck) for code style tests +- create `CONTRIBUTING.md` with development process explained - сygwin support (?) - ## Testing -For testing this project uses [`bats`](1). You can install it by running `make install-test`. +For testing this project uses [`bats`](https://github.com/sstephenson/bats). You can install it by running `make install-test`. To run tests call: `make test`. It will download and install `bats` into `vendor/bats` if it's not installed yet. -[1]: https://github.com/sstephenson/bats +## Changelog + +### Version 0.1.0 + +- Initial release diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 82914b9b..67804e35 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -39,18 +39,31 @@ You can add you platform to this list, if all the tests passes for you. There are several ways to install `git-secret`: -**The hard way** +**Brew** -1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `cd git-secret && make build` -3. Move `git-secret` file and `man/` folder somewhere inside your `$PATH`, or extend your `$PATH` to contain `git-secret` file and `man/` folder +1. Run `brew install sobolevn/tap/git-secret` **`antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems)** 1. Add line `antigen bundle sobolevn/git-secret` to your `.zshrc` 2. Run `source ~/.zshrc` or reopen the terminal -`brew` and `fpm` support is planned. +**`make install`** + +1. Download the latest realease [here](https://github.com/sobolevn/git-secret/releases) +2. Unpack and run `make install PREFIX="your/installation/path"`, note that this command may require `sudo` + +**The hard way** + +1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` +2. Run `cd git-secret && make build` +3. Move `git-secret` file and `man/` folder somewhere inside your `$PATH`, or extend your `$PATH` to contain `git-secret` file and `man/` folder + +**Local `.deb` package** + +1. Download the latest realease [here](https://github.com/sobolevn/git-secret/releases) +2. Unpack, and run `make build-deb`, it is possible to set the output folder with `$SCRIPT_BUILD_DIR` variable. +3. Install the local `.deb` package with `dpkp -i git-secret-package-name.deb`, note that this command may require `sudo` and the package name will be different ## Usage These steps cover the basic process of using `git-secret`: From 255c9487550e923569e72844210bfdbb7959f677 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 13 Mar 2016 13:10:45 +0300 Subject: [PATCH 5/9] release --- Makefile | 1 + README.md | 1 + man/man1/git-secret-hide.1 | 4 +-- man/man1/git-secret-init.1 | 4 +-- man/man1/git-secret-reveal.1 | 4 +-- man/man1/git-secret-tell.1 | 8 +++--- man/man7/git-secret.7 | 52 ++++++++++++++++++++++++++++-------- utils/gh-branch.sh | 0 utils/post-commit.sh | 2 +- utils/pre-commit.sh | 1 + 10 files changed, 55 insertions(+), 22 deletions(-) mode change 100644 => 100755 utils/gh-branch.sh diff --git a/Makefile b/Makefile index f47438cf..38892c2d 100644 --- a/Makefile +++ b/Makefile @@ -46,6 +46,7 @@ build-man: ronn --roff man/*/*.ronn build-gh-pages: + @chmod +x "./utils/gh-branch.sh" @"./utils/gh-branch.sh" # diff --git a/README.md b/README.md index 1869d6a8..cff265b3 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ This project is still under development. Current objectives: - integrate [`shellcheck`](https://github.com/koalaman/shellcheck) for code style tests - create `CONTRIBUTING.md` with development process explained - сygwin support (?) +- add `CHANGELOG.md` with semantic versioning ## Testing diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 15dfc376..bf7e14f9 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-HIDE" "1" "March 2016" "" "" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. @@ -15,7 +15,7 @@ git secret hide [\-c] [\-v] .fi . .SH "DESCRIPTION" -\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone one from the \fBgit\-secret\fR\'s keyring can decrypt these files using the their secret key\. +\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone from the \fBgit\-secret\fR\'s keyring can decrypt these files using their secret key\. . .P It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\. diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 73910c1e..b9552171 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" "" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. @@ -15,7 +15,7 @@ git secret init .fi . .SH "DESCRIPTION" -\fBgit\-secret\-init\fR should be runned inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be runned, until the git\-secret repository is inited other commands are unavailable\. +\fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be run, until the git\-secret repository is inited other commands are unavailable\. . .SH "OPTIONS" . diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index 089ec596..7f8956ab 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REVEAL" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-REVEAL" "1" "March 2016" "" "" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. @@ -15,7 +15,7 @@ git secret reveal [\-d dir] [\-p password] .fi . .SH "DESCRIPTION" -\fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key for one of the public\-keys, which were used in the encryption\. +\fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key with one of the public\-keys, which were used in the encryption\. . .SH "OPTIONS" . diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 33eed09a..9368e4f7 100644 --- a/man/man1/git-secret-tell.1 +++ b/man/man1/git-secret-tell.1 @@ -1,10 +1,10 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-TELL" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" "" . .SH "NAME" -\fBgit\-secret\-tell\fR \- adds a person, who can access a private data\. +\fBgit\-secret\-tell\fR \- adds a person, who can access private data\. . .SH "SYNOPSIS" . @@ -15,10 +15,10 @@ git secret tell [\-m] [\-d dir] [email] .fi . .SH "DESCRIPTION" -\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then import a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. Since this moment this person can encrypt new files with the keyring which contains his key\. But he cannot decrypt the old files, which were already encrypted without his key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. +\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. . .P -\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyway, it won\'t work with any of the secret\-keys imported\. +\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. . .SH "OPTIONS" . diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 6b15b102..28db63f7 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -41,7 +41,7 @@ When building the automated deployment system there will be one extra step: down .IP "" 0 . .SS "What is git\-secret?" -\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why to deal with all these private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\. +\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why deal with all this private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\. . .SH "Installation" . @@ -60,12 +60,42 @@ gpg (GnuPG) 1\.4\.20 .IP "" 0 . .SS "Supported platforms" -\fBgit secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add you platform to this list, if all the tests passes for you\. \fBCygwin\fR support is planned\. +\fBgit secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add your platform to this list, if all the tests pass for you\. \fBCygwin\fR support is planned\. . .SS "Installation process" There are several ways to install \fBgit\-secret\fR: . .P +\fBBrew\fR +. +.IP "1." 4 +Run \fBbrew install sobolevn/tap/git\-secret\fR +. +.IP "" 0 +. +.P +\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR +. +.IP "1." 4 +Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB\.zshrc\fR +. +.IP "2." 4 +Run \fBsource ~/\.zshrc\fR or reopen the terminal +. +.IP "" 0 +. +.P +\fB\fBmake install\fR\fR +. +.IP "1." 4 +Download the latest realease here \fIhttps://github\.com/sobolevn/git\-secret/releases\fR +. +.IP "2." 4 +Unpack and run \fBmake install PREFIX="your/installation/path"\fR, note that this command may require \fBsudo\fR +. +.IP "" 0 +. +.P \fBThe hard way\fR . .IP "1." 4 @@ -80,18 +110,18 @@ Move \fBgit\-secret\fR file and \fBman/\fR folder somewhere inside your \fB$PATH .IP "" 0 . .P -\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR +\fBLocal \fB\.deb\fR package\fR . .IP "1." 4 -Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB\.zshrc\fR +Download the latest realease here \fIhttps://github\.com/sobolevn/git\-secret/releases\fR . .IP "2." 4 -Run \fBsource ~/\.zshrc\fR or reopen the terminal +Unpack, and run \fBmake build\-deb\fR, it is possible to set the output folder with \fB$SCRIPT_BUILD_DIR\fR variable\. . -.IP "" 0 +.IP "3." 4 +Install the local \fB\.deb\fR package with \fBdpkp \-i git\-secret\-package\-name\.deb\fR, note that this command may require \fBsudo\fR and the package name will be different . -.P -\fBbrew\fR and \fBfpm\fR support is planned\. +.IP "" 0 . .SH "Usage" These steps cover the basic process of using \fBgit\-secret\fR: @@ -109,7 +139,7 @@ Add first user to the system by running \fBgit secret tell your@gpg\.email\-id\f Now it\'s time to add files you wish to encrypt inside the \fBgit\-secret\fR repository\. It can be done by running \fBgit secret add \fR command\. Make sure these files are ignored, otherwise \fBgit secret\fR won\'t allow you to add them, as these files will be stored unencrypted\. . .IP "5." 4 -When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your cahnges\. \fBBut\fR\. It\'s recommened to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\. +When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your changes\. \fBBut\fR\. It\'s recommended to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\. . .IP "6." 4 Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for your password\. And you\'re done! @@ -119,7 +149,7 @@ Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for you .SS "I want to add someone to the repository" . .IP "1." 4 -Get his \fBgpg\fR public\-key\. \fBYou won\'t need his secret key\.\fR +Get his \fBgpg\fR public\-key\. \fBYou won\'t need their secret key\.\fR . .IP "2." 4 Import this key inside your \fBgpg\fR by running \fBgpg \-\-import KEY_NAME\fR @@ -128,7 +158,7 @@ Import this key inside your \fBgpg\fR by running \fBgpg \-\-import KEY_NAME\fR Now add this person to the \fBgit\-secret\fR by running \fBgit secret tell persons@email\.id\fR . .IP "4." 4 -Reencypt the files, now he will be able to decrypt them with his secret key\. +Reencypt the files, now they will be able to decrypt them with their secret key\. . .IP "" 0 . diff --git a/utils/gh-branch.sh b/utils/gh-branch.sh old mode 100644 new mode 100755 diff --git a/utils/post-commit.sh b/utils/post-commit.sh index f37496e7..ca3de926 100755 --- a/utils/post-commit.sh +++ b/utils/post-commit.sh @@ -10,7 +10,7 @@ if [[ "$BRANCH_NAME" == 'master' ]]; then # create new release: NEWEST_TAG=$(git describe --abbrev=0 --tags) - SCRIPT_VERSION=$(git secret --version) + SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) if [[ "$NEWEST_TAG" != "$SCRIPT_VERSION" ]]; then git tag -a "$SCRIPT_VERSION" -m "version $SCRIPT_VERSION" fi diff --git a/utils/pre-commit.sh b/utils/pre-commit.sh index ad705925..62c01a68 100755 --- a/utils/pre-commit.sh +++ b/utils/pre-commit.sh @@ -16,5 +16,6 @@ if [[ $BRANCH_NAME != '(no branch)' ]]; then # Add new files: git add man/man1/* + git add man/man7/* fi fi From 874a4468d78ac4669ec337a949f799ff14fab0aa Mon Sep 17 00:00:00 2001 From: "mail@sobolevn.me" Date: Sun, 13 Mar 2016 13:27:36 +0300 Subject: [PATCH 6/9] release --- .travis.yml | 1 + utils/post-commit.sh | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9457babe..57879b35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ sudo: false branches: only: - master + - develop install: - make install-test diff --git a/utils/post-commit.sh b/utils/post-commit.sh index ca3de926..bd128338 100755 --- a/utils/post-commit.sh +++ b/utils/post-commit.sh @@ -7,11 +7,12 @@ BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') if [[ "$BRANCH_NAME" == 'master' ]]; then # Build new web documentation: make build-gh-pages +fi +if [[ "$BRANCH_NAME" == 'develop' ]]; then # create new release: NEWEST_TAG=$(git describe --abbrev=0 --tags) SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) - if [[ "$NEWEST_TAG" != "$SCRIPT_VERSION" ]]; then - git tag -a "$SCRIPT_VERSION" -m "version $SCRIPT_VERSION" - fi + if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then + git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" fi From 1904ebdb86092f9c67674a0b6f34d600993d9c03 Mon Sep 17 00:00:00 2001 From: "mail@sobolevn.me" Date: Sun, 13 Mar 2016 14:07:30 +0300 Subject: [PATCH 7/9] pre-staging --- utils/post-commit.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/utils/post-commit.sh b/utils/post-commit.sh index bd128338..fedc1858 100755 --- a/utils/post-commit.sh +++ b/utils/post-commit.sh @@ -4,15 +4,16 @@ set -e BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') -if [[ "$BRANCH_NAME" == 'master' ]]; then +if [[ "$BRANCH_NAME" == 'develop' ]]; then # Build new web documentation: make build-gh-pages fi -if [[ "$BRANCH_NAME" == 'develop' ]]; then +if [[ "$BRANCH_NAME" == 'staging' ]]; then # create new release: NEWEST_TAG=$(git describe --abbrev=0 --tags) SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then - git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" + git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" + fi fi From 38983de6ee22de88b126c9c2637e76b832ae7a85 Mon Sep 17 00:00:00 2001 From: "mail@sobolevn.me" Date: Sun, 13 Mar 2016 14:09:47 +0300 Subject: [PATCH 8/9] staging --- utils/gh-branch.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/gh-branch.sh b/utils/gh-branch.sh index 8cace525..cf8a32db 100755 --- a/utils/gh-branch.sh +++ b/utils/gh-branch.sh @@ -4,12 +4,13 @@ set -e function update_gh_branch { + local branch_name=$(git branch | grep '*' | sed 's/* //') git checkout gh-pages make git add _posts git commit -m 'documentation update' - git checkout master + git checkout "$branch_name" } update_gh_branch From cbdd9b84144a131a7a6d80655158fe0232e4953e Mon Sep 17 00:00:00 2001 From: "mail@sobolevn.me" Date: Sun, 13 Mar 2016 14:11:38 +0300 Subject: [PATCH 9/9] release --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cff265b3..8697ae20 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ This project is still under development. Current objectives: - add `trust-model` parameter to `git-secret-hide` - autocomplete for `zsh` plugin - extra tests -- precompiled distribution for `RPM` +- precompiled distribution for `RPM`, add dependencies for `.deb` package - integrate [`shellcheck`](https://github.com/koalaman/shellcheck) for code style tests - create `CONTRIBUTING.md` with development process explained - сygwin support (?)