Archives/git-secret
2
1
Fork 0
mirror of https://github.com/sobolevn/git-secret synced 2024-10-31 21:20:29 +00:00
Code Issues Projects Releases Wiki Activity

cleanups and renames (#784)

Browse Source 
* rename _append_* functions to _prepend_*
* improve code flow
* be more standard with shellcheck disables
This commit is contained in:
Josh Rabinowitz 2022-02-27 08:30:27 -05:00 committed by GitHub
parent 898d9ae53c
commit 50734fd364
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 43 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/_utils/_git_secret_tools.sh
View File

@ -33,7 +33,7 @@ fi
: "${TMPDIR:=/tmp}" : "${TMPDIR:=/tmp}"
# AWK scripts: # AWK scripts:
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_FSDB_HAS_RECORD=' AWK_FSDB_HAS_RECORD='
BEGIN { FS=":"; OFS=":"; cnt=0; } BEGIN { FS=":"; OFS=":"; cnt=0; }
{ {
@ -45,7 +45,7 @@ BEGIN { FS=":"; OFS=":"; cnt=0; }
END { if ( cnt > 0 ) print "0"; else print "1"; } END { if ( cnt > 0 ) print "0"; else print "1"; }
' '
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_FSDB_RM_RECORD=' AWK_FSDB_RM_RECORD='
BEGIN { FS=":"; OFS=":"; } BEGIN { FS=":"; OFS=":"; }
{ {
@ -56,7 +56,7 @@ BEGIN { FS=":"; OFS=":"; }
} }
' '
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_FSDB_CLEAR_HASHES=' AWK_FSDB_CLEAR_HASHES='
BEGIN { FS=":"; OFS=":"; } BEGIN { FS=":"; OFS=":"; }
{ {
@ -64,7 +64,7 @@ BEGIN { FS=":"; OFS=":"; }
} }
' '
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_GPG_VER_CHECK=' AWK_GPG_VER_CHECK='
/^gpg/{ /^gpg/{
version=$3 version=$3
@ -103,6 +103,7 @@ GPG_VER_MIN_21="$($SECRETS_GPG_COMMAND --version | gawk "$AWK_GPG_VER_CHECK")"
# Bash: # Bash:
# echos 0 if function exists, otherwise non-zero
function _function_exists { function _function_exists {
local function_name="$1" # required local function_name="$1" # required
@ -306,7 +307,7 @@ function _maybe_create_gitignore {
# This function creates '.gitignore' if it was missing. # This function creates '.gitignore' if it was missing.
local full_path local full_path
full_path=$(_append_root_path '.gitignore') full_path=$(_prepend_root_path '.gitignore')
if [[ ! -f "$full_path" ]]; then if [[ ! -f "$full_path" ]]; then
touch "$full_path" touch "$full_path"
@ -323,7 +324,7 @@ function _add_ignored_file {
_maybe_create_gitignore _maybe_create_gitignore
local full_path local full_path
full_path=$(_append_root_path '.gitignore') full_path=$(_prepend_root_path '.gitignore')
printf '%q\n' "$filename" >> "$full_path" printf '%q\n' "$filename" >> "$full_path"
} }
@ -366,7 +367,7 @@ function _get_git_root_path {
# Relative paths: # Relative paths:
function _append_root_path { function _prepend_root_path {
# This function adds root path to any other path. # This function adds root path to any other path.
local path="$1" # required local path="$1" # required
@ -380,11 +381,11 @@ function _append_root_path {
# if passed a name like 'filename.txt', returns a full path in the repo # if passed a name like 'filename.txt', returns a full path in the repo
# For #710: if we are in a subdir, fixup the path with the subdir # For #710: if we are in a subdir, fixup the path with the subdir
function _append_relative_root_path { function _prepend_relative_root_path {
local path="$1" # required local path="$1" # required
local full_path local full_path
full_path=$(_append_root_path "$path") full_path=$(_prepend_root_path "$path")
local subdir local subdir
subdir=$(git rev-parse --show-prefix) # get the subdir of repo, like "subdir/" subdir=$(git rev-parse --show-prefix) # get the subdir of repo, like "subdir/"
@ -396,27 +397,27 @@ function _append_relative_root_path {
} }
function _get_secrets_dir { function _get_secrets_dir {
_append_root_path "${_SECRETS_DIR}" _prepend_root_path "${_SECRETS_DIR}"
} }
function _get_secrets_dir_keys { function _get_secrets_dir_keys {
_append_root_path "${_SECRETS_DIR_KEYS}" _prepend_root_path "${_SECRETS_DIR_KEYS}"
} }
function _get_secrets_dir_path { function _get_secrets_dir_path {
_append_root_path "${_SECRETS_DIR_PATHS}" _prepend_root_path "${_SECRETS_DIR_PATHS}"
} }
function _get_secrets_dir_keys_trustdb { function _get_secrets_dir_keys_trustdb {
_append_root_path "${_SECRETS_DIR_KEYS_TRUSTDB}" _prepend_root_path "${_SECRETS_DIR_KEYS_TRUSTDB}"
} }
function _get_secrets_dir_paths_mapping { function _get_secrets_dir_paths_mapping {
_append_root_path "${_SECRETS_DIR_PATHS_MAPPING}" _prepend_root_path "${_SECRETS_DIR_PATHS_MAPPING}"
} }
@ -475,7 +476,7 @@ function _find_and_clean {
local root local root
root=$(_get_git_root_path) root=$(_get_git_root_path)
# shellcheck disable=2086 # shellcheck disable=SC2086
find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose_opt find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose_opt
} }
@ -710,15 +711,15 @@ function _get_users_in_gpg_keyring {
result=$($SECRETS_GPG_COMMAND "${args[@]}" --no-permission-warning --list-public-keys --with-colon --fixed-list-mode | \ result=$($SECRETS_GPG_COMMAND "${args[@]}" --no-permission-warning --list-public-keys --with-colon --fixed-list-mode | \
gawk -F: '$1=="uid"' ) gawk -F: '$1=="uid"' )
local emails
emails=$(_extract_emails_from_gpg_output "$result")
# For #508 / #552: warn user if gpg indicates keys are one of: # For #508 / #552: warn user if gpg indicates keys are one of:
# i=invalid, d=disabled, r=revoked, e=expired, n=not valid # i=invalid, d=disabled, r=revoked, e=expired, n=not valid
# See https://github.com/gpg/gnupg/blob/master/doc/DETAILS#field-2---validity # for more on gpg 'validity codes'. # See https://github.com/gpg/gnupg/blob/master/doc/DETAILS#field-2---validity # for more on gpg 'validity codes'.
local invalid_lines local invalid_lines
invalid_lines=$(echo "$result" | gawk -F: '$2=="i" || $2=="d" || $2=="r" || $2=="e" || $2=="n"') invalid_lines=$(echo "$result" | gawk -F: '$2=="i" || $2=="d" || $2=="r" || $2=="e" || $2=="n"')
local emails
emails=$(_extract_emails_from_gpg_output "$result")
local emails_with_invalid_keys local emails_with_invalid_keys
emails_with_invalid_keys=$(_extract_emails_from_gpg_output "$invalid_lines") emails_with_invalid_keys=$(_extract_emails_from_gpg_output "$invalid_lines")

2
src/_utils/_git_secret_tools_freebsd.sh
View File

@ -3,7 +3,7 @@
# support for freebsd. Mostly the same as MacOS. # support for freebsd. Mostly the same as MacOS.
# shellcheck disable=1117 # shellcheck disable=SC1117
function __replace_in_file_freebsd { function __replace_in_file_freebsd {
sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3" sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
} }

2
src/_utils/_git_secret_tools_linux.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=1117 # shellcheck disable=SC1117
function __replace_in_file_linux { function __replace_in_file_linux {
sed -i.bak "s/^\($1\s*=\s*\).*\$/\1$2/" "$3" sed -i.bak "s/^\($1\s*=\s*\).*\$/\1$2/" "$3"
} }

2
src/_utils/_git_secret_tools_osx.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=1117 # shellcheck disable=SC1117
function __replace_in_file_osx { function __replace_in_file_osx {
sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3" sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
} }

2
src/commands/git_secret_add.sh
View File

@ -32,7 +32,7 @@ function add {
local path # absolute path local path # absolute path
local normalized_path # relative to the .git dir local normalized_path # relative to the .git dir
normalized_path=$(_git_normalize_filename "$item") normalized_path=$(_git_normalize_filename "$item")
path=$(_append_root_path "$normalized_path") path=$(_prepend_root_path "$normalized_path")
# check that the file is not tracked # check that the file is not tracked
local in_git local in_git

2
src/commands/git_secret_cat.sh
View File

@ -32,7 +32,7 @@ function cat {
local path local path
filename=$(_get_record_filename "$line") filename=$(_get_record_filename "$line")
path=$(_append_relative_root_path "$filename") # this uses the _relative version because of #710 path=$(_prepend_relative_root_path "$filename") # this uses the _relative version because of #710
# The parameters are: filename, write-to-file, force, homedir, passphrase # The parameters are: filename, write-to-file, force, homedir, passphrase
_decrypt "$path" "0" "0" "$homedir" "$passphrase" _decrypt "$path" "0" "0" "$homedir" "$passphrase"

4
src/commands/git_secret_changes.sh
View File

@ -42,10 +42,10 @@ function changes {
_abort "cannot find encrypted version of file: $filename" _abort "cannot find encrypted version of file: $filename"
fi fi
if [[ -n "$normalized_path" ]]; then if [[ -n "$normalized_path" ]]; then
path=$(_append_root_path "$normalized_path") path=$(_prepend_root_path "$normalized_path")
else else
# Path was already normalized # Path was already normalized
path=$(_append_root_path "$filename") path=$(_prepend_root_path "$filename")
fi fi
if [[ ! -f "$path" ]]; then if [[ ! -f "$path" ]]; then

2
src/commands/git_secret_clean.sh
View File

@ -4,7 +4,7 @@
function clean { function clean {
OPTIND=1 OPTIND=1
# shellcheck disable=2034 # shellcheck disable=SC2034
while getopts 'vh' opt; do while getopts 'vh' opt; do
case "$opt" in case "$opt" in
v) _SECRETS_VERBOSE=1;; v) _SECRETS_VERBOSE=1;;

6
src/commands/git_secret_hide.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_FSDB_UPDATE_HASH=' AWK_FSDB_UPDATE_HASH='
BEGIN { FS=":"; OFS=":"; } BEGIN { FS=":"; OFS=":"; }
{ {
@ -149,8 +149,8 @@ function hide {
local input_path local input_path
local output_path local output_path
input_path=$(_append_root_path "$filename") input_path=$(_prepend_root_path "$filename")
output_path=$(_append_root_path "$encrypted_filename") output_path=$(_prepend_root_path "$encrypted_filename")
# Checking that file is valid: # Checking that file is valid:
if [[ ! -f "$input_path" ]]; then if [[ ! -f "$input_path" ]]; then

4
src/commands/git_secret_init.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_ADD_TO_GITIGNORE=' AWK_ADD_TO_GITIGNORE='
BEGIN { BEGIN {
cnt=0 cnt=0
@ -33,7 +33,7 @@ function gitignore_add_pattern {
local gitignore_file_path local gitignore_file_path
pattern="$1" pattern="$1"
gitignore_file_path=$(_append_root_path '.gitignore') gitignore_file_path=$(_prepend_root_path '.gitignore')
_maybe_create_gitignore _maybe_create_gitignore
_gawk_inplace -v pattern="$pattern" "'$AWK_ADD_TO_GITIGNORE'" "$gitignore_file_path" _gawk_inplace -v pattern="$pattern" "'$AWK_ADD_TO_GITIGNORE'" "$gitignore_file_path"

2
src/commands/git_secret_remove.sh
View File

@ -31,7 +31,7 @@ function remove {
local path # absolute path local path # absolute path
local normalized_path # relative to .git folder local normalized_path # relative to .git folder
normalized_path=$(_git_normalize_filename "$item") normalized_path=$(_git_normalize_filename "$item")
path=$(_append_root_path "$normalized_path") path=$(_prepend_root_path "$normalized_path")
# Checking if file exists: # Checking if file exists:
if [[ ! -f "$path" ]]; then if [[ ! -f "$path" ]]; then

2
src/commands/git_secret_reveal.sh
View File

@ -55,7 +55,7 @@ function reveal {
local filename local filename
local path local path
filename=$(_get_record_filename "$line") filename=$(_get_record_filename "$line")
path=$(_append_relative_root_path "$filename") # this uses the _relative version because of #710 path=$(_prepend_relative_root_path "$filename") # this uses the _relative version because of #710
if [[ "$filename" == *"$SECRETS_EXTENSION" ]]; then if [[ "$filename" == *"$SECRETS_EXTENSION" ]]; then
_abort "cannot decrypt to secret version of file: $filename" _abort "cannot decrypt to secret version of file: $filename"

4
src/commands/git_secret_tell.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=2016 # shellcheck disable=SC2016
AWK_GPG_KEY_CNT=' AWK_GPG_KEY_CNT='
BEGIN { cnt=0; OFS=":"; FS=":"; } BEGIN { cnt=0; OFS=":"; FS=":"; }
flag=0; $1 == "pub" { cnt++ } flag=0; $1 == "pub" { cnt++ }
@ -77,7 +77,7 @@ function tell {
start_key_cnt=$(get_gpg_key_count) start_key_cnt=$(get_gpg_key_count)
for email in "${emails[@]}"; do for email in "${emails[@]}"; do
_temporary_file # note that `_temporary_file` will export `temporary_filename` var. _temporary_file # note that `_temporary_file` will export `temporary_filename` var.
# shellcheck disable=2154 # shellcheck disable=SC2154
local keyfile="$temporary_filename" local keyfile="$temporary_filename"
# 3>&- closes fd 3 for bats, see https://github.com/bats-core/bats-core#file-descriptor-3-read-this-if-bats-hangs # 3>&- closes fd 3 for bats, see https://github.com/bats-core/bats-core#file-descriptor-3-read-this-if-bats-hangs

2
src/version.sh
View File

@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=2034 # shellcheck disable=SC2034
GITSECRET_VERSION='0.5.0-alpha1' GITSECRET_VERSION='0.5.0-alpha1'

12
tests/test_changes.bats
View File

@ -57,7 +57,7 @@ function teardown {
# Testing that output has both filename and changes: # Testing that output has both filename and changes:
local fullpath local fullpath
fullpath=$(_append_root_path "$FILE_TO_HIDE") fullpath=$(_prepend_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"hidden content юникод"* ]] [[ "$output" == *"hidden content юникод"* ]]
[[ "$output" == *"+$new_content"* ]] [[ "$output" == *"+$new_content"* ]]
@ -102,7 +102,7 @@ function teardown {
# Testing that output has both filename and changes: # Testing that output has both filename and changes:
local fullpath local fullpath
fullpath=$(_append_root_path "$FILE_TO_HIDE") fullpath=$(_prepend_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"-$FILE_CONTENTS"* ]] [[ "$output" == *"-$FILE_CONTENTS"* ]]
[[ "$output" == *"+$new_content"* ]] [[ "$output" == *"+$new_content"* ]]
@ -137,13 +137,13 @@ function teardown {
# Testing that output has both filename and changes: # Testing that output has both filename and changes:
local fullpath local fullpath
fullpath=$(_append_root_path "$FILE_TO_HIDE") fullpath=$(_prepend_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"+$new_content"* ]] [[ "$output" == *"+$new_content"* ]]
local second_path local second_path
second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE") second_path=$(_prepend_root_path "$SECOND_FILE_TO_HIDE")
[[ "$output" == *"changes in $second_path"* ]] [[ "$output" == *"changes in $second_path"* ]]
[[ "$output" == *"+$second_new_content"* ]] [[ "$output" == *"+$second_new_content"* ]]
} }
@ -165,12 +165,12 @@ function teardown {
# Testing that output has both filename and changes: # Testing that output has both filename and changes:
local fullpath local fullpath
fullpath=$(_append_root_path "$FILE_TO_HIDE") fullpath=$(_prepend_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"+$new_content"* ]] [[ "$output" == *"+$new_content"* ]]
local second_path local second_path
second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE") second_path=$(_prepend_root_path "$SECOND_FILE_TO_HIDE")
[[ "$output" == *"changes in $second_path"* ]] [[ "$output" == *"changes in $second_path"* ]]
[[ "$output" == *"+$second_new_content"* ]] [[ "$output" == *"+$second_new_content"* ]]
} }