From fdf24baf57ce230e690882b44c43137afa2a5ff0 Mon Sep 17 00:00:00 2001 From: Ferry Boender Date: Mon, 6 Jun 2016 11:51:08 +0200 Subject: [PATCH 01/24] build-deb target: Create man dirs with execute permissions --- utils/build-deb.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/build-deb.sh b/utils/build-deb.sh index e20af392..e59531eb 100755 --- a/utils/build-deb.sh +++ b/utils/build-deb.sh @@ -24,8 +24,8 @@ mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" -install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" -install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" +install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" +install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.ronn ]]; then continue From 8b1a01f1f602ea452524594eea40af2c4ef25482 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 16 Jun 2016 22:34:25 +0300 Subject: [PATCH 02/24] This commit is pretty large. A lot of changes. The full list of changes: 1. Added `.docker/` folder with Dockerfiles 2. Now `travis` runs integrational tests inside these containers 3. Now `travis` runs tests with `mac os x` 4. Now there are new ways to autodeploy `deb` and `rpm` packages 5. Fixed some issues 6. Also added `.ci/` folder, where utility scripts for travis are stored 7. Moved `git-hooks` into the separate folder: `utils/hooks/` 8. Added new target to the `Makefile` 9. `.gitignore` is updated to ignore `build/` folder and inner files --- .ci/before_deploy.sh | 15 ++++++ .ci/before_script.sh | 24 +++++++++ .ci/script.sh | 22 ++++++++ .docker/deb/debian/Dockerfile | 23 ++++++++ .docker/deb/ubuntu/Dockerfile | 23 ++++++++ .docker/rpm/fedora/Dockerfile | 22 ++++++++ .gitignore | 8 +++ .travis.yml | 71 +++++++++++++++++++----- Makefile | 92 ++++++++++++++++++++++---------- man/dest/git-secret-add.1 | 36 +++++++++++++ man/dest/git-secret-changes.1 | 31 +++++++++++ man/dest/git-secret-clean.1 | 30 +++++++++++ man/dest/git-secret-hide.1 | 34 ++++++++++++ man/dest/git-secret-init.1 | 29 ++++++++++ man/dest/git-secret-killperson.1 | 29 ++++++++++ man/dest/git-secret-list.1 | 29 ++++++++++ man/dest/git-secret-remove.1 | 30 +++++++++++ man/dest/git-secret-reveal.1 | 32 +++++++++++ man/dest/git-secret-tell.1 | 34 ++++++++++++ man/dest/git-secret-usage.1 | 29 ++++++++++ man/dest/git-secret-whoknows.1 | 29 ++++++++++ src/_utils/_git_secret_tools.sh | 5 +- src/version.sh | 3 ++ tests/_test_base.bash | 18 ++++--- tests/test_remove.bats | 3 ++ utils/build-deb.sh | 48 ----------------- utils/build-utils.sh | 81 ++++++++++++++++++++++++++++ utils/deb/deb-build.sh | 13 +++++ utils/deb/deb-ci.sh | 36 +++++++++++++ utils/deb/deb-deploy.sh | 35 ++++++++++++ utils/{ => hooks}/post-commit.sh | 4 +- utils/{ => hooks}/pre-commit.sh | 0 utils/install.sh | 14 +++-- utils/rpm/rpm-build.sh | 14 +++++ utils/rpm/rpm-ci.sh | 33 ++++++++++++ utils/rpm/rpm-deploy.sh | 30 +++++++++++ utils/tests.sh | 9 ++++ 37 files changed, 911 insertions(+), 107 deletions(-) create mode 100644 .ci/before_deploy.sh create mode 100644 .ci/before_script.sh create mode 100644 .ci/script.sh create mode 100644 .docker/deb/debian/Dockerfile create mode 100644 .docker/deb/ubuntu/Dockerfile create mode 100644 .docker/rpm/fedora/Dockerfile create mode 100644 man/dest/git-secret-add.1 create mode 100644 man/dest/git-secret-changes.1 create mode 100644 man/dest/git-secret-clean.1 create mode 100644 man/dest/git-secret-hide.1 create mode 100644 man/dest/git-secret-init.1 create mode 100644 man/dest/git-secret-killperson.1 create mode 100644 man/dest/git-secret-list.1 create mode 100644 man/dest/git-secret-remove.1 create mode 100644 man/dest/git-secret-reveal.1 create mode 100644 man/dest/git-secret-tell.1 create mode 100644 man/dest/git-secret-usage.1 create mode 100644 man/dest/git-secret-whoknows.1 create mode 100644 src/version.sh delete mode 100755 utils/build-deb.sh create mode 100644 utils/build-utils.sh create mode 100755 utils/deb/deb-build.sh create mode 100644 utils/deb/deb-ci.sh create mode 100755 utils/deb/deb-deploy.sh rename utils/{ => hooks}/post-commit.sh (85%) rename utils/{ => hooks}/pre-commit.sh (100%) create mode 100644 utils/rpm/rpm-build.sh create mode 100644 utils/rpm/rpm-ci.sh create mode 100644 utils/rpm/rpm-deploy.sh create mode 100755 utils/tests.sh diff --git a/.ci/before_deploy.sh b/.ci/before_deploy.sh new file mode 100644 index 00000000..78c54f85 --- /dev/null +++ b/.ci/before_deploy.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -e + +if [[ "$GITSECRET_DIST" == "rpm" ]]; then + # To deploy `rpm`-packages this utility is needed: + sudo apt-get install -y rpm; +fi + + +if [[ ! -z "$DOCKER_DIST" ]]; then + # When making a non-container build, this step will generate + # proper manifest files: + make deploy-${GITSECRET_DIST}; +fi diff --git a/.ci/before_script.sh b/.ci/before_script.sh new file mode 100644 index 00000000..2478c032 --- /dev/null +++ b/.ci/before_script.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -e + +# Docker: +if [[ ! -z "$DOCKER_DIST" ]]; then + TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST" + DOCKERFILE_PATH=".docker/${GITSECRET_DIST}/${DOCKER_DIST}" + + # Building the local image: + docker build -t "$TEMPLATE" "$DOCKERFILE_PATH" +fi + +# Mac: +if [[ "$GITSECRET_DIST" == "brew" ]]; then + brew install $GITSECRET_GPG_DEP +fi + +# Local linux (standart build): +if [[ "$GITSECRET_DIST" == "none" ]] && + [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then + # Installing custom GPG version: + sudo apt-get install -y gnupg2 +fi diff --git a/.ci/script.sh b/.ci/script.sh new file mode 100644 index 00000000..c3ad174e --- /dev/null +++ b/.ci/script.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +set -e + +# Docker-baised builds: +if [[ ! -z "$DOCKER_DIST" ]]; then + TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST" + # Passing the `TRAVIS_COMMIT` into the container: + COMMAND="if [ ! -z "${TRAVIS_COMMIT}" ]; then git checkout "${TRAVIS_COMMIT}"; fi; make test-${GITSECRET_DIST}-ci" + + # This will run the full intergration check inside the `docker` container: + # see `test-deb-ci` and `test-rpm-ci` in `Makefile` + docker run "$TEMPLATE" /bin/bash -c "$COMMAND" + docker ps -a +fi + +# Local builds: +if [[ -z "$DOCKER_DIST" ]]; then + # Only running `make test` on standard (non-docker) build, + # since it is called inside the docker container anyway. + make test +fi diff --git a/.docker/deb/debian/Dockerfile b/.docker/deb/debian/Dockerfile new file mode 100644 index 00000000..1ea5e015 --- /dev/null +++ b/.docker/deb/debian/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +# Dependencies and project initialization: + +RUN apt-get update && \ + apt-get install -y man make git apt-transport-https && \ + apt-get install -y ruby ruby-dev ruby-build && \ + apt-get autoremove && apt-get autoclean + +# This will increase the container size, but speed up the build, +# since this part will change, while the dependencies won't: + +RUN mkdir /code +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.docker/deb/ubuntu/Dockerfile b/.docker/deb/ubuntu/Dockerfile new file mode 100644 index 00000000..72b03ef6 --- /dev/null +++ b/.docker/deb/ubuntu/Dockerfile @@ -0,0 +1,23 @@ +FROM ubuntu:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +# Dependencies and project initialization: + +RUN apt-get update && \ + apt-get install -y man make git apt-transport-https && \ + apt-get install -y ruby ruby-dev ruby-build && \ + apt-get autoremove && apt-get autoclean && \ + mkdir /code + +# This will increase the container size, but speed up the build, +# since this part will change, while the dependencies won't: + +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.docker/rpm/fedora/Dockerfile b/.docker/rpm/fedora/Dockerfile new file mode 100644 index 00000000..2a528688 --- /dev/null +++ b/.docker/rpm/fedora/Dockerfile @@ -0,0 +1,22 @@ +FROM fedora:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +ENV HOME /root + +RUN dnf update -y && \ + dnf install -y gnupg man make gcc git tar > /dev/null && \ + dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \ + dnf -y group install 'Development tools' && \ + dnf install -y ruby ruby-devel rubygems && \ + dnf -y autoremove && \ + mkdir /code + +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.gitignore b/.gitignore index 8135a88a..309b6085 100644 --- a/.gitignore +++ b/.gitignore @@ -121,7 +121,15 @@ _site/ .sass-cache/ #####=== Custom ===##### +# Logic files: .gitsecret/ git-secret + +# Temporary packages: vendor/ temp/ + +# Packaging: +build/ +*.deb +*.fpm diff --git a/.travis.yml b/.travis.yml index ebe541c7..2c23c971 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,20 +1,63 @@ -language: c +matrix: + include: + - os: linux + env: GITSECRET_DIST="deb"; DOCKER_DIST="debian"; + services: docker + sudo: required + language: ruby + - os: linux + env: GITSECRET_DIST="deb"; DOCKER_DIST="ubuntu" + services: docker + sudo: required + language: ruby + - os: linux + env: GITSECRET_DIST="rpm"; DOCKER_DIST="fedora" + services: docker + sudo: required + language: ruby + - os: linux + env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" + sudo: required + language: ruby + - os: linux + env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" + sudo: required + language: ruby + - os: osx + env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" + sudo: false + language: generic + - os: osx + env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" + sudo: false + language: generic -env: - - SECRETS_GPG_COMMAND=gpg - - SECRETS_GPG_COMMAND=gpg2 - -branches: - only: - - master - - develop - -install: - - test $SECRETS_GPG_COMMAND = gpg2 && sudo apt-get install gnupg2 || echo 0 - - make install-test +before_script: + - chmod +x ".ci/before_script.sh" && ".ci/before_script.sh" script: - - make test + - chmod +x ".ci/script.sh" && ".ci/script.sh" + +before_deploy: + - chmod +x ".ci/before_deploy.sh" && ".ci/before_deploy.sh" + +deploy: + - provider: bintray + on: + branch: master + condition: "$GITSECRET_DIST == deb" + file: "build/deb_descriptor.json" + user: "sobolevn" + key: "$BINTRAY_API_KEY" + passphrase: "$BINTRAY_GPG_PASS" + - provider: bintray + on: + branch: master + condition: "$GITSECRET_DIST == rpm" + file: "build/rpm_descriptor.json" + user: "sobolevn" + key: "$BINTRAY_API_KEY" + passphrase: "$BINTRAY_GPG_PASS" notifications: email: diff --git a/Makefile b/Makefile index f6b305c5..40df4e2b 100644 --- a/Makefile +++ b/Makefile @@ -5,13 +5,13 @@ PREFIX?="/usr" # Building: # +git-secret: src/version.sh src/_utils/* src/commands/* src/main.sh + @cat $^ > "$@"; \ + chmod +x git-secret; sync + .PHONY: all all: build -git-secret: src/_utils/* src/commands/* src/main.sh - @cat $^ > "$@" - @chmod +x git-secret - .PHONY: clean clean: @rm -f git-secret @@ -21,8 +21,8 @@ build: git-secret .PHONY: install install: - @chmod +x "./utils/install.sh" - @"./utils/install.sh" "${PREFIX}" + @chmod +x "./utils/install.sh"; sync; \ + "./utils/install.sh" "${PREFIX}" # # Testing: @@ -30,15 +30,15 @@ install: .PHONY: install-test install-test: - git clone https://github.com/sstephenson/bats.git vendor/bats + @if [ ! -d "vendor/bats" ]; then \ + git clone https://github.com/sstephenson/bats.git vendor/bats; fi .PHONY: test -test: - @if [ ! -d "vendor/bats" ]; then make install-test; fi - @export SECRET_PROJECT_ROOT="${PWD}"; export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \ - make develop; \ - rm -rf temp; mkdir temp; cd temp; \ - bats "../tests"; +test: install-test clean build + @chmod +x "./utils/tests.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \ + "./utils/tests.sh" # # Manuals: @@ -49,14 +49,13 @@ install-ronn: @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi .PHONY: build-man -build-man: - @make install-ronn - ronn --roff man/*/*.ronn +build-man: install-ronn + @ronn --roff man/*/*.ronn .PHONY: build-gh-pages build-gh-pages: - @chmod +x "./utils/gh-branch.sh" - @"./utils/gh-branch.sh" + @chmod +x "./utils/gh-branch.sh"; sync; \ + "./utils/gh-branch.sh" # # Development: @@ -64,12 +63,10 @@ build-gh-pages: .PHONY: install-hooks install-hooks: - @# pre-commit: - @ln -fs "${PWD}/utils/pre-commit.sh" "${PWD}/.git/hooks/pre-commit" - @chmod +x "${PWD}/.git/hooks/pre-commit" - @# post-commit: - @ln -fs "${PWD}/utils/post-commit.sh" "${PWD}/.git/hooks/post-commit" - @chmod +x "${PWD}/.git/hooks/post-commit" + @ln -fs "${PWD}/utils/hooks/pre-commit.sh" "${PWD}/.git/hooks/pre-commit"; \ + chmod +x "${PWD}/.git/hooks/pre-commit"; sync; \ + ln -fs "${PWD}/utils/hooks/post-commit.sh" "${PWD}/.git/hooks/post-commit"; \ + chmod +x "${PWD}/.git/hooks/post-commit"; sync .PHONY: develop develop: clean build install-hooks @@ -82,9 +79,46 @@ develop: clean build install-hooks install-fpm: @if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi -.PHONY: build-deb -build-deb: clean build - @make install-fpm - @chmod +x "./utils/build-deb.sh" - @"./utils/build-deb.sh" +# .deb: +.PHONY: build-deb +build-deb: clean build install-fpm + @chmod +x "./utils/build-utils.sh"; sync; \ + chmod +x "./utils/deb/deb-build.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + "./utils/deb/deb-build.sh" + +.PHONY: test-deb-ci +test-deb-ci: install-test build-deb + @chmod +x "./utils/deb/deb-ci.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ + "./utils/deb/deb-ci.sh" + +.PHONY: deploy-deb +deploy-deb: build-deb + @chmod +x "./utils/deb/deb-deploy.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + "./utils/deb/deb-deploy.sh" + +# .rpm: + +.PHONY: build-rpm +build-rpm: clean build install-fpm + @chmod +x "./utils/build-utils.sh"; sync; \ + chmod +x "./utils/rpm/rpm-build.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + "./utils/rpm/rpm-build.sh" + +.PHONY: test-rpm-ci +test-rpm-ci: install-test build-rpm + @chmod +x "./utils/rpm/rpm-ci.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ + "./utils/rpm/rpm-ci.sh" + +.PHONY: deploy-rpm +deploy-rpm: build-rpm + @chmod +x "./utils/rpm/rpm-deploy.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + "./utils/rpm/rpm-deploy.sh" diff --git a/man/dest/git-secret-add.1 b/man/dest/git-secret-add.1 new file mode 100644 index 00000000..313253bc --- /dev/null +++ b/man/dest/git-secret-add.1 @@ -0,0 +1,36 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-ADD" "1" "May 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-add\fR \- starts to track added files\. +. +.SH "SYNOPSIS" +. +.nf + +git secret add [\-i] \.\.\. +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-add\fR adds a filepath(es) into the \fB\.gitsecret/paths/mapping\.cfg\fR\. When adding files, ensure that they are ignored by \fBgit\fR, since they must be secure and not be commited into the remote repository unencrypted\. +. +.P +If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\. +. +.P +It is not recommened to add filenames directly into the \fB\.gitsecret/paths/mapping\.cfg\fR, use the command\. +. +.SH "OPTIONS" +. +.nf + +\-i \- auto adds given files to the `\.gitignore` if they are unignored at the moment\. +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-changes.1 b/man/dest/git-secret-changes.1 new file mode 100644 index 00000000..eee5f776 --- /dev/null +++ b/man/dest/git-secret-changes.1 @@ -0,0 +1,31 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-CHANGES" "1" "May 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-changes\fR \- view diff of the hidden files\. +. +.SH "SYNOPSIS" +. +.nf + +git secret changes [\-h] [\-d dir] [\-p password] \.\.\. +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. +. +.SH "OPTIONS" +. +.nf + +\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. +\-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. +\-h \- shows help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-add(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-clean.1 b/man/dest/git-secret-clean.1 new file mode 100644 index 00000000..6de1440e --- /dev/null +++ b/man/dest/git-secret-clean.1 @@ -0,0 +1,30 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-CLEAN" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-clean\fR \- removes all the hidden files\. +. +.SH "SYNOPSIS" +. +.nf + +git secret clean [\-v] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-clean\fR deletes all the encrypted files\. This command can produce a verbose output, printing which files are deleted\. +. +.SH "OPTIONS" +. +.nf + +\-v \- shows which files are deleted\. +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-hide.1 b/man/dest/git-secret-hide.1 new file mode 100644 index 00000000..bf7e14f9 --- /dev/null +++ b/man/dest/git-secret-hide.1 @@ -0,0 +1,34 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-HIDE" "1" "March 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. +. +.SH "SYNOPSIS" +. +.nf + +git secret hide [\-c] [\-v] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone from the \fBgit\-secret\fR\'s keyring can decrypt these files using their secret key\. +. +.P +It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\. +. +.SH "OPTIONS" +. +.nf + +\-v \- verbose, shows extra information\. +\-c \- deletes encrypted files before creating new ones\. +\-h \- shows help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-init.1 b/man/dest/git-secret-init.1 new file mode 100644 index 00000000..b9552171 --- /dev/null +++ b/man/dest/git-secret-init.1 @@ -0,0 +1,29 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-init\fR \- initializes git\-secret repository\. +. +.SH "SYNOPSIS" +. +.nf + +git secret init +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be run, until the git\-secret repository is inited other commands are unavailable\. +. +.SH "OPTIONS" +. +.nf + +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-init(1), git\-secret\-tell(1) diff --git a/man/dest/git-secret-killperson.1 b/man/dest/git-secret-killperson.1 new file mode 100644 index 00000000..4fe16d8e --- /dev/null +++ b/man/dest/git-secret-killperson.1 @@ -0,0 +1,29 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. +. +.SH "SYNOPSIS" +. +.nf + +git secret killperson [email] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-killperson\fR makes it impossible for given user to decrypt the hidden file in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring\. +. +.SH "OPTIONS" +. +.nf + +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-list.1 b/man/dest/git-secret-list.1 new file mode 100644 index 00000000..8c07ad3b --- /dev/null +++ b/man/dest/git-secret-list.1 @@ -0,0 +1,29 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-LIST" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-list\fR \- prints all the added files\. +. +.SH "SYNOPSIS" +. +.nf + +git secret list +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-list\fR prints all the currently added tracked files from the \fB\.gitsecret/paths/mapping\.cfg\fR\. +. +.SH "OPTIONS" +. +.nf + +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-remove.1 b/man/dest/git-secret-remove.1 new file mode 100644 index 00000000..dcb7863a --- /dev/null +++ b/man/dest/git-secret-remove.1 @@ -0,0 +1,30 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-REMOVE" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-remove\fR \- removes files from index\. +. +.SH "SYNOPSIS" +. +.nf + +git secret remove [\-c] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-remove\fR deletes files from \fB\.gitsecret/paths/mapping\.cfg\fR, so they won\'t be encrypted or decrypted in the future\. There\'s also an option to delete existing encrypted versions of the files provided\. +. +.SH "OPTIONS" +. +.nf + +\-c \- deletes existing real encrypted files\. +\-h \- shows help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-add(1), git\-secret\-reveal(1), git\-secret\-hide(1) diff --git a/man/dest/git-secret-reveal.1 b/man/dest/git-secret-reveal.1 new file mode 100644 index 00000000..1125954f --- /dev/null +++ b/man/dest/git-secret-reveal.1 @@ -0,0 +1,32 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-REVEAL" "1" "May 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-reveal\fR \- decrypts all added files\. +. +.SH "SYNOPSIS" +. +.nf + +git secret reveal [\-f] [\-d dir] [\-p password] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key with one of the public\-keys, which were used in the encryption\. +. +.SH "OPTIONS" +. +.nf + +\-f \- forces to overwrite exisiting files without prompt\. +\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. +\-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. +\-h \- shows help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1) diff --git a/man/dest/git-secret-tell.1 b/man/dest/git-secret-tell.1 new file mode 100644 index 00000000..9368e4f7 --- /dev/null +++ b/man/dest/git-secret-tell.1 @@ -0,0 +1,34 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-tell\fR \- adds a person, who can access private data\. +. +.SH "SYNOPSIS" +. +.nf + +git secret tell [\-m] [\-d dir] [email] +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. +. +.P +\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. +. +.SH "OPTIONS" +. +.nf + +\-m \- takes your current `git config user\.email` as an identifier for the key\. +\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. +\-h \- shows help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-usage.1 b/man/dest/git-secret-usage.1 new file mode 100644 index 00000000..d6071a5c --- /dev/null +++ b/man/dest/git-secret-usage.1 @@ -0,0 +1,29 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-USAGE" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-usage\fR \- prints all the available commands\. +. +.SH "SYNOPSIS" +. +.nf + +git secret usage +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-usage\fR is used to print all the available commands\. +. +.SH "OPTIONS" +. +.nf + +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-whoknows.1 b/man/dest/git-secret-whoknows.1 new file mode 100644 index 00000000..3c4c3935 --- /dev/null +++ b/man/dest/git-secret-whoknows.1 @@ -0,0 +1,29 @@ +.\" generated with Ronn/v0.7.3 +.\" http://github.com/rtomayko/ronn/tree/0.7.3 +. +.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2016" "" "" +. +.SH "NAME" +\fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. +. +.SH "SYNOPSIS" +. +.nf + +git secret whoknows +. +.fi +. +.SH "DESCRIPTION" +\fBgit\-secret\-whokowns\fR prints list of email addresses which are used as labels for currently public keys added to the local keyring\. +. +.SH "OPTIONS" +. +.nf + +\-h \- shows this help\. +. +.fi +. +.SH "SEE ALSO" +git\-secret\-list(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 2080b4b7..7e45b1b8 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,7 +1,5 @@ #!/usr/bin/env bash -GITSECRET_VERSION="0.1.2" - # Global variables: WORKING_DIRECTORY="$PWD" @@ -177,7 +175,8 @@ function _get_raw_filename { function _get_encrypted_filename { - echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")$SECRETS_EXTENSION" | sed -e 's#^\./##' + local filename="$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" + echo "${filename}${SECRETS_EXTENSION}" | sed -e 's#^\./##' } diff --git a/src/version.sh b/src/version.sh new file mode 100644 index 00000000..4af4e143 --- /dev/null +++ b/src/version.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +GITSECRET_VERSION="0.2.0" diff --git a/tests/_test_base.bash b/tests/_test_base.bash index f62b85c5..0ea845a6 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -3,6 +3,7 @@ # This file is following a name convention defined in: # https://github.com/sstephenson/bats +source "$SECRET_PROJECT_ROOT/src/version.sh" source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" # Constants: @@ -36,7 +37,7 @@ function test_user_email { # GPG: -function _get_gpg_fingerprint_by_email { +function get_gpg_fingerprint_by_email { local email="$1" local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \ @@ -108,17 +109,20 @@ function git_set_config_email { } -function git_restore_default_email { - git config --local user.email "$1" -} - - function git_commit { git_set_config_email "$1" - git config --local user.name "Your Name" + + local user_name=$(git config user.name) + local commit_gpgsign=$(git config commit.gpgsign) + + git config --local user.name "$TEST_DEFAULT_USER" + git config --local commit.gpgsign false git add --all git commit -m "$2" + + git config --local user.name "$user_name" + git config --local commit.gpgsign "$commit_gpgsign" } diff --git a/tests/test_remove.bats b/tests/test_remove.bats index b54cd823..0135e259 100644 --- a/tests/test_remove.bats +++ b/tests/test_remove.bats @@ -26,6 +26,9 @@ function teardown { uninstall_fixture_full_key "$TEST_DEFAULT_USER" unset_current_state rm -f "$FIRST_FILE" "$SECOND_FILE" + + # This needs to be cleaned + rm -rf "$FOLDER" } diff --git a/utils/build-deb.sh b/utils/build-deb.sh deleted file mode 100755 index e59531eb..00000000 --- a/utils/build-deb.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Initializing and settings: -READ_PEM=0644 -EXEC_PEM=0755 - -SCRIPT_NAME="git-secret" -SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." -SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) -: ${SCRIPT_EPOCH:=0} -: ${SCRIPT_ITERATION:=1} - -if [[ -z "$SCRIPT_BUILD_DIR" ]]; then - SCRIPT_BUILD_DIR="${HOME}/debbuild-${SCRIPT_NAME}" -fi - -SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/installroot" - -# Preparing the files -rm -rf "$SCRIPT_BUILD_DIR" -mkdir -p "$SCRIPT_DEST_DIR" - -# Coping the files inside the build folder: -install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" -install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" -install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" -for file in man/man1/* ; do - if [[ "$file" == *.ronn ]]; then - continue - fi - - install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/${file}" -done -install -D -T -b -m "$READ_PEM" -T "man/man7/git-secret.7" \ - "${SCRIPT_DEST_DIR}/usr/share/man/man7/git-secret.7" - -# Building .deb package: -cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ - -a all \ - -n "$SCRIPT_NAME" \ - --epoch "$SCRIPT_EPOCH" \ - --version "$SCRIPT_VERSION" \ - --iteration "$SCRIPT_ITERATION" \ - --description="$SCRIPT_DESCRIPTION" \ - -C "$SCRIPT_DEST_DIR" \ - . diff --git a/utils/build-utils.sh b/utils/build-utils.sh new file mode 100644 index 00000000..d9d06e63 --- /dev/null +++ b/utils/build-utils.sh @@ -0,0 +1,81 @@ +#!/usr/bin/env bash + +set -e + +# Initializing and settings: +READ_PEM=0644 +EXEC_PEM=0755 + +SCRIPT_NAME="git-secret" +SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." +SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) + +# This might be overridden someday: +: ${SCRIPT_EPOCH:=0} +: ${SCRIPT_ITERATION:=1} + +# This may be overridden: +if [[ -z "$SCRIPT_BUILD_DIR" ]]; then + SCRIPT_BUILD_DIR="${PWD}/build" +fi + +SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/buildroot" + + +function locate_deb { + ls $SCRIPT_DEST_DIR/*.deb | head -1 +} + + +function locate_rpm { + ls $SCRIPT_DEST_DIR/*.rpm | head -1 +} + + +function preinstall_files { + # Preparing the files: + rm -rf "$SCRIPT_BUILD_DIR" + mkdir -p "$SCRIPT_DEST_DIR" + + # Coping the files inside the build folder: + install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" + install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" + install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" + for file in man/man1/* ; do + if [[ "$file" == *.ronn ]]; then + continue + fi + + install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/$file" + done + install -D -T -b -m "$READ_PEM" -T "man/man7/git-secret.7" \ + "${SCRIPT_DEST_DIR}/usr/share/man/man7/git-secret.7" +} + + +function build_package { + # Only requires `rpm` or `deb` as first argument: + local build_type="$1" + + # See https://github.com/jordansissel/fpm for docs: + fpm \ + -s dir \ + -t "$build_type" \ + -a all \ + -n "$SCRIPT_NAME" \ + --version "$SCRIPT_VERSION" \ + --description "$SCRIPT_DESCRIPTION" \ + --url "https://sobolevn.github.io/git-secret/" \ + --maintainer "Nikita Sobolev (mail@sobolevn.me)" \ + --license "MIT" \ + -C "$SCRIPT_DEST_DIR" \ + -d "git" \ + -d "gnupg" \ + --deb-no-default-config-files \ + . +} + + +function clean_up_files { + rm -rf "${SCRIPT_DEST_DIR}/usr" +} diff --git a/utils/deb/deb-build.sh b/utils/deb/deb-build.sh new file mode 100755 index 00000000..8cf586bc --- /dev/null +++ b/utils/deb/deb-build.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +set -e + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +preinstall_files + +# Building .deb package: +cd "$SCRIPT_DEST_DIR" && build_package "deb" + +# Cleaning up: +clean_up_files && cd "${SECRET_PROJECT_ROOT}" diff --git a/utils/deb/deb-ci.sh b/utils/deb/deb-ci.sh new file mode 100644 index 00000000..fd88c84e --- /dev/null +++ b/utils/deb/deb-ci.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +set -e + +# Note that this file is created for test purposes: +# 1. It runs inside the Docker container +# 2. It does not use `sudo` or anything +# 3. If you would like to install `.deb` package on your system, see `Installation` + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +# This folder should contain just one .deb file: +DEB_FILE_LOCATION=$(locate_deb) + + +# Integration tests +function integration_tests { + # Installing the package: + dpkg -i "$DEB_FILE_LOCATION" + + # Configuring the dependencies: + apt-get -f -y install + + # Testing the installation: + dpkg --get-selections | grep "git-secret" + which "git-secret" + + # Test the manuals: + man --where "git-secret" # .7 + man --where "git-secret-init" # .1 +} + +integration_tests + +# Unit tests: +source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/deb/deb-deploy.sh b/utils/deb/deb-deploy.sh new file mode 100755 index 00000000..a93afce5 --- /dev/null +++ b/utils/deb/deb-deploy.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +set -e + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +# Variables, which will be used in `bintray.json`: +SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +RELEASE_DATE=$(date +%Y-%m-%d) + +# add `\"override\": 1 \` into the `matrixParams`, if needed: +echo "{ \ + \"package\": { \ + \"name\": \"git-secret\", \ + \"repo\": \"deb\", \ + \"subject\": \"sobolevn\" \ + }, \ + \"version\": { + \"name\": \"${SCRIPT_VERSION}\", \ + \"desc\": \"Version ${SCRIPT_VERSION}\", \ + \"released\": \"${RELEASE_DATE}\", \ + \"vcs_tag\": \"v${SCRIPT_VERSION}\", \ + \"gpgSign\": true \ + }, \ + \"files\": [{ \ + \"includePattern\": \"build/buildroot/(.*\.deb)\", \ + \"uploadPattern\": \"/git-secret_${SCRIPT_VERSION}_all.deb\", \ + \"matrixParams\": { \ + \"deb_distribution\": \"stable\", \ + \"deb_component\": \"main\", \ + \"deb_architecture\": \"all\" \ + } \ + }], \ + \"publish\": true \ +}" > "${SECRET_PROJECT_ROOT}/build/deb_descriptor.json" diff --git a/utils/post-commit.sh b/utils/hooks/post-commit.sh similarity index 85% rename from utils/post-commit.sh rename to utils/hooks/post-commit.sh index e07d0543..e43f1708 100755 --- a/utils/post-commit.sh +++ b/utils/hooks/post-commit.sh @@ -10,10 +10,12 @@ if [[ "$BRANCH_NAME" == 'master' ]]; then fi if [[ "$BRANCH_NAME" == 'staging' ]]; then - # create new release: + # Compare script version and the latest tag: NEWEST_TAG=$(git describe --abbrev=0 --tags) SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) + if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then + # Create new release: git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" fi fi diff --git a/utils/pre-commit.sh b/utils/hooks/pre-commit.sh similarity index 100% rename from utils/pre-commit.sh rename to utils/hooks/pre-commit.sh diff --git a/utils/install.sh b/utils/install.sh index b328704b..7f6f53ea 100755 --- a/utils/install.sh +++ b/utils/install.sh @@ -3,11 +3,11 @@ set -e # Credit goes to: # https://github.com/sstephenson/bats/blob/master/install.sh -resolve_link() { +function resolve_link { $(type -p greadlink readlink | head -1) "$1" } -abs_dirname() { +function abs_dirname { local cwd="$(pwd)" local path="$1" @@ -30,8 +30,12 @@ fi SCRIPT_ROOT="$(dirname $(abs_dirname "$0"))" mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 -cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret -cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 -cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 +# cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret + +# There was an issue with this line: +# cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 +# see https://github.com/sobolevn/git-secret/issues/35 for reference. +find "$SCRIPT_ROOT"/man/man1 -name *.1 -print0 | xargs -0 -I {} cp -a {} "$PREFIX"/share/man/man1 +# cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 echo "Installed git-secret to ${PREFIX}/bin/git-secret" diff --git a/utils/rpm/rpm-build.sh b/utils/rpm/rpm-build.sh new file mode 100644 index 00000000..74957e13 --- /dev/null +++ b/utils/rpm/rpm-build.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -e + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +# Copying all the required files to the build directory: +preinstall_files + +# Building .rpm package: +cd "$SCRIPT_DEST_DIR" && build_package "rpm" + +# Cleaning up: +clean_up_files && cd "${SECRET_PROJECT_ROOT}" diff --git a/utils/rpm/rpm-ci.sh b/utils/rpm/rpm-ci.sh new file mode 100644 index 00000000..8958605a --- /dev/null +++ b/utils/rpm/rpm-ci.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +set -e + +# Note that this file is created for test purposes: +# 1. It runs inside the Docker container +# 2. It does not use `sudo` or anything +# 3. If you would like to install `.rpm` package on your system, see `Installation` + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +# This folder should contain just one .rpm file: +RPM_FILE_LOCATION=$(locate_rpm) + + +# Integration tests +function integration_tests { + # Installing the package: + dnf install -y "$RPM_FILE_LOCATION" + + # Testing the installation: + dnf info "git-secret" + which "git-secret" + + # Test the manuals: + man --where "git-secret" # .7 + man --where "git-secret-init" # .1 +} + +integration_tests + +# Unit tests: +source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/rpm/rpm-deploy.sh b/utils/rpm/rpm-deploy.sh new file mode 100644 index 00000000..341febab --- /dev/null +++ b/utils/rpm/rpm-deploy.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -e + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + +# Variables, which will be used in `bintray.json`: +SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +RELEASE_DATE=$(date +%Y-%m-%d) + +# add `\"override\": 1 \` into the `matrixParams`, if needed: +echo "{ \ + \"package\": { \ + \"name\": \"git-secret\", \ + \"repo\": \"rpm\", \ + \"subject\": \"sobolevn\" \ + }, \ + \"version\": { + \"name\": \"${SCRIPT_VERSION}\", \ + \"desc\": \"Version ${SCRIPT_VERSION}\", \ + \"released\": \"${RELEASE_DATE}\", \ + \"vcs_tag\": \"v${SCRIPT_VERSION}\", \ + \"gpgSign\": true \ + }, \ + \"files\": [{ \ + \"includePattern\": \"build/buildroot/(.*\.rpm)\", \ + \"uploadPattern\": \"/git-secret-${SCRIPT_VERSION}-1.noarch.rpm\" + }], \ + \"publish\": true \ +}" > "${SECRET_PROJECT_ROOT}/build/rpm_descriptor.json" diff --git a/utils/tests.sh b/utils/tests.sh new file mode 100755 index 00000000..eadf43b4 --- /dev/null +++ b/utils/tests.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# `SECRET_PROJECT_ROOT` must be set before running the script. + +set -e + +# Running all the bats-tests: +cd "${SECRET_PROJECT_ROOT}"; rm -rf temp; mkdir temp; cd temp; +bats "${SECRET_PROJECT_ROOT}/tests" From cce852ca2dd6e6a44544447e40ae995d38cf1299 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Wed, 29 Jun 2016 00:00:15 +0300 Subject: [PATCH 03/24] Added `uninstall` target to the `Makefile`. Removed `man/dest` folder, since it was an error. --- Makefile | 5 +++++ man/dest/git-secret-add.1 | 36 -------------------------------- man/dest/git-secret-changes.1 | 31 --------------------------- man/dest/git-secret-clean.1 | 30 -------------------------- man/dest/git-secret-hide.1 | 34 ------------------------------ man/dest/git-secret-init.1 | 29 ------------------------- man/dest/git-secret-killperson.1 | 29 ------------------------- man/dest/git-secret-list.1 | 29 ------------------------- man/dest/git-secret-remove.1 | 30 -------------------------- man/dest/git-secret-reveal.1 | 32 ---------------------------- man/dest/git-secret-tell.1 | 34 ------------------------------ man/dest/git-secret-usage.1 | 29 ------------------------- man/dest/git-secret-whoknows.1 | 29 ------------------------- utils/install.sh | 6 ++++-- utils/uninstall.sh | 17 +++++++++++++++ 15 files changed, 26 insertions(+), 374 deletions(-) delete mode 100644 man/dest/git-secret-add.1 delete mode 100644 man/dest/git-secret-changes.1 delete mode 100644 man/dest/git-secret-clean.1 delete mode 100644 man/dest/git-secret-hide.1 delete mode 100644 man/dest/git-secret-init.1 delete mode 100644 man/dest/git-secret-killperson.1 delete mode 100644 man/dest/git-secret-list.1 delete mode 100644 man/dest/git-secret-remove.1 delete mode 100644 man/dest/git-secret-reveal.1 delete mode 100644 man/dest/git-secret-tell.1 delete mode 100644 man/dest/git-secret-usage.1 delete mode 100644 man/dest/git-secret-whoknows.1 create mode 100644 utils/uninstall.sh diff --git a/Makefile b/Makefile index 40df4e2b..202caf10 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,11 @@ install: @chmod +x "./utils/install.sh"; sync; \ "./utils/install.sh" "${PREFIX}" +.PHONY: uninstall +uninstall: + @chmod +x "./utils/uninstall.sh"; sync; \ + "./utils/uninstall.sh" "${PREFIX}" + # # Testing: # diff --git a/man/dest/git-secret-add.1 b/man/dest/git-secret-add.1 deleted file mode 100644 index 313253bc..00000000 --- a/man/dest/git-secret-add.1 +++ /dev/null @@ -1,36 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-ADD" "1" "May 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-add\fR \- starts to track added files\. -. -.SH "SYNOPSIS" -. -.nf - -git secret add [\-i] \.\.\. -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-add\fR adds a filepath(es) into the \fB\.gitsecret/paths/mapping\.cfg\fR\. When adding files, ensure that they are ignored by \fBgit\fR, since they must be secure and not be commited into the remote repository unencrypted\. -. -.P -If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\. -. -.P -It is not recommened to add filenames directly into the \fB\.gitsecret/paths/mapping\.cfg\fR, use the command\. -. -.SH "OPTIONS" -. -.nf - -\-i \- auto adds given files to the `\.gitignore` if they are unignored at the moment\. -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-changes.1 b/man/dest/git-secret-changes.1 deleted file mode 100644 index eee5f776..00000000 --- a/man/dest/git-secret-changes.1 +++ /dev/null @@ -1,31 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-CHANGES" "1" "May 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-changes\fR \- view diff of the hidden files\. -. -.SH "SYNOPSIS" -. -.nf - -git secret changes [\-h] [\-d dir] [\-p password] \.\.\. -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. -. -.SH "OPTIONS" -. -.nf - -\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. -\-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. -\-h \- shows help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-clean.1 b/man/dest/git-secret-clean.1 deleted file mode 100644 index 6de1440e..00000000 --- a/man/dest/git-secret-clean.1 +++ /dev/null @@ -1,30 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-CLEAN" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-clean\fR \- removes all the hidden files\. -. -.SH "SYNOPSIS" -. -.nf - -git secret clean [\-v] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-clean\fR deletes all the encrypted files\. This command can produce a verbose output, printing which files are deleted\. -. -.SH "OPTIONS" -. -.nf - -\-v \- shows which files are deleted\. -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-hide.1 b/man/dest/git-secret-hide.1 deleted file mode 100644 index bf7e14f9..00000000 --- a/man/dest/git-secret-hide.1 +++ /dev/null @@ -1,34 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-HIDE" "1" "March 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. -. -.SH "SYNOPSIS" -. -.nf - -git secret hide [\-c] [\-v] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone from the \fBgit\-secret\fR\'s keyring can decrypt these files using their secret key\. -. -.P -It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\. -. -.SH "OPTIONS" -. -.nf - -\-v \- verbose, shows extra information\. -\-c \- deletes encrypted files before creating new ones\. -\-h \- shows help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-init.1 b/man/dest/git-secret-init.1 deleted file mode 100644 index b9552171..00000000 --- a/man/dest/git-secret-init.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-init\fR \- initializes git\-secret repository\. -. -.SH "SYNOPSIS" -. -.nf - -git secret init -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be run, until the git\-secret repository is inited other commands are unavailable\. -. -.SH "OPTIONS" -. -.nf - -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-init(1), git\-secret\-tell(1) diff --git a/man/dest/git-secret-killperson.1 b/man/dest/git-secret-killperson.1 deleted file mode 100644 index 4fe16d8e..00000000 --- a/man/dest/git-secret-killperson.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. -. -.SH "SYNOPSIS" -. -.nf - -git secret killperson [email] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-killperson\fR makes it impossible for given user to decrypt the hidden file in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring\. -. -.SH "OPTIONS" -. -.nf - -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-list.1 b/man/dest/git-secret-list.1 deleted file mode 100644 index 8c07ad3b..00000000 --- a/man/dest/git-secret-list.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-LIST" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-list\fR \- prints all the added files\. -. -.SH "SYNOPSIS" -. -.nf - -git secret list -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-list\fR prints all the currently added tracked files from the \fB\.gitsecret/paths/mapping\.cfg\fR\. -. -.SH "OPTIONS" -. -.nf - -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-remove.1 b/man/dest/git-secret-remove.1 deleted file mode 100644 index dcb7863a..00000000 --- a/man/dest/git-secret-remove.1 +++ /dev/null @@ -1,30 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-REMOVE" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-remove\fR \- removes files from index\. -. -.SH "SYNOPSIS" -. -.nf - -git secret remove [\-c] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-remove\fR deletes files from \fB\.gitsecret/paths/mapping\.cfg\fR, so they won\'t be encrypted or decrypted in the future\. There\'s also an option to delete existing encrypted versions of the files provided\. -. -.SH "OPTIONS" -. -.nf - -\-c \- deletes existing real encrypted files\. -\-h \- shows help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-reveal(1), git\-secret\-hide(1) diff --git a/man/dest/git-secret-reveal.1 b/man/dest/git-secret-reveal.1 deleted file mode 100644 index 1125954f..00000000 --- a/man/dest/git-secret-reveal.1 +++ /dev/null @@ -1,32 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-REVEAL" "1" "May 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-reveal\fR \- decrypts all added files\. -. -.SH "SYNOPSIS" -. -.nf - -git secret reveal [\-f] [\-d dir] [\-p password] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key with one of the public\-keys, which were used in the encryption\. -. -.SH "OPTIONS" -. -.nf - -\-f \- forces to overwrite exisiting files without prompt\. -\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. -\-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. -\-h \- shows help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1) diff --git a/man/dest/git-secret-tell.1 b/man/dest/git-secret-tell.1 deleted file mode 100644 index 9368e4f7..00000000 --- a/man/dest/git-secret-tell.1 +++ /dev/null @@ -1,34 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-tell\fR \- adds a person, who can access private data\. -. -.SH "SYNOPSIS" -. -.nf - -git secret tell [\-m] [\-d dir] [email] -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. -. -.P -\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. -. -.SH "OPTIONS" -. -.nf - -\-m \- takes your current `git config user\.email` as an identifier for the key\. -\-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. -\-h \- shows help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-usage.1 b/man/dest/git-secret-usage.1 deleted file mode 100644 index d6071a5c..00000000 --- a/man/dest/git-secret-usage.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-USAGE" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-usage\fR \- prints all the available commands\. -. -.SH "SYNOPSIS" -. -.nf - -git secret usage -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-usage\fR is used to print all the available commands\. -. -.SH "OPTIONS" -. -.nf - -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/man/dest/git-secret-whoknows.1 b/man/dest/git-secret-whoknows.1 deleted file mode 100644 index 3c4c3935..00000000 --- a/man/dest/git-secret-whoknows.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" generated with Ronn/v0.7.3 -.\" http://github.com/rtomayko/ronn/tree/0.7.3 -. -.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2016" "" "" -. -.SH "NAME" -\fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. -. -.SH "SYNOPSIS" -. -.nf - -git secret whoknows -. -.fi -. -.SH "DESCRIPTION" -\fBgit\-secret\-whokowns\fR prints list of email addresses which are used as labels for currently public keys added to the local keyring\. -. -.SH "OPTIONS" -. -.nf - -\-h \- shows this help\. -. -.fi -. -.SH "SEE ALSO" -git\-secret\-list(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) diff --git a/utils/install.sh b/utils/install.sh index 7f6f53ea..a1499b39 100755 --- a/utils/install.sh +++ b/utils/install.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash + set -e + # Credit goes to: # https://github.com/sstephenson/bats/blob/master/install.sh function resolve_link { @@ -30,12 +32,12 @@ fi SCRIPT_ROOT="$(dirname $(abs_dirname "$0"))" mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 -# cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret +cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret # There was an issue with this line: # cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 # see https://github.com/sobolevn/git-secret/issues/35 for reference. find "$SCRIPT_ROOT"/man/man1 -name *.1 -print0 | xargs -0 -I {} cp -a {} "$PREFIX"/share/man/man1 -# cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 +cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 echo "Installed git-secret to ${PREFIX}/bin/git-secret" diff --git a/utils/uninstall.sh b/utils/uninstall.sh new file mode 100644 index 00000000..fe54bc09 --- /dev/null +++ b/utils/uninstall.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -e + + +PREFIX="$1" +if [ -z "$PREFIX" ]; then + echo "usage: $0 " >&2 + exit 1 +fi + +# Binary: +rm -f "$PREFIX"/bin/git-secret + +# Manuals: +find "$PREFIX"/share/man/man1 -type f -name "git-secret-*.1" -exec rm -f {} \; +rm -f "$PREFIX"/share/man/man7/git-secret.7 From a1cd887101117648ddb8ca73f1ff21f86efc6008 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 17:38:02 +0300 Subject: [PATCH 04/24] refactoring started, shellcheck is now supported --- src/_utils/_git_secret_tools.sh | 57 ++++++++++++++++----------- src/_utils/_git_secret_tools_linux.sh | 3 +- src/_utils/_git_secret_tools_osx.sh | 3 +- src/commands/git_secret_add.sh | 27 +++++++------ src/commands/git_secret_clean.sh | 11 ++++-- src/commands/git_secret_hide.sh | 23 ++++++----- src/commands/git_secret_init.sh | 11 +++--- src/commands/git_secret_list.sh | 6 +-- src/commands/git_secret_remove.sh | 16 ++++---- src/main.sh | 11 +++--- src/version.sh | 2 +- tests/test_clean.bats | 3 ++ 12 files changed, 102 insertions(+), 71 deletions(-) create mode 100644 tests/test_clean.bats diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 7e45b1b8..6daf26b4 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Global variables: -WORKING_DIRECTORY="$PWD" +WORKING_DIRECTORY="$PWD" # shellcheck disable=2034 # Folders: SECRETS_DIR=".gitsecret" @@ -9,15 +9,15 @@ SECRETS_DIR_KEYS="$SECRETS_DIR/keys" SECRETS_DIR_PATHS="$SECRETS_DIR/paths" # Files: -SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg" -SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg" +SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg" # shellcheck disable=2034 +SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg" # shellcheck disable=2034 -SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" +SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable=2034 -: ${SECRETS_EXTENSION:=".secret"} +: "${SECRETS_EXTENSION:=".secret"}" # Commands: -: ${SECRETS_GPG_COMMAND:="gpg"} +: "${SECRETS_GPG_COMMAND:="gpg"}" GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning" @@ -38,11 +38,11 @@ function _os_based { case "$(uname -s)" in Darwin) - $1_osx ${@:2} + "$1_osx" "${@:2}" ;; Linux) - $1_linux ${@:2} + "$1_linux" "${@:2}" ;; # TODO: add MS Windows support. @@ -63,10 +63,11 @@ function _set_config { # First parameter is the KEY, second is VALUE, third is filename. # The exit status is 0 (true) if the name was found, 1 (false) if not: - local contains=$(grep -Fq "$1" $3; echo $?) + local contains + contains=$(grep -Fq "$1" "$3"; echo "$?") if [[ "$contains" -eq 0 ]]; then - _os_based __replace_in_file $@ + _os_based __replace_in_file "$@" elif [[ "$contains" -eq 1 ]]; then echo "$1 = $2" >> "$3" fi @@ -76,14 +77,16 @@ function _set_config { function _file_has_line { # First parameter is the KEY, second is the filename. - local contains=$(grep -qw "$1" "$2"; echo $?) + local contains + contains=$(grep -qw "$1" "$2"; echo $?) # 0 on contains, 1 for error. echo "$contains"; } function _delete_line { - local escaped_path=$(echo "$1" | sed -e 's/[\/&]/\\&/g') + local escaped_path + escaped_path=$(echo "$1" | sed -e 's/[\/&]/\\&/g') sed -i.bak "/$escaped_path/d" "$2" } @@ -93,7 +96,7 @@ function _temporary_file { # which will be removed on system exit. filename=$(_os_based __temp_file) # is not `local` on purpose. - trap "echo 'cleaning up...'; rm -f $filename;" EXIT + trap 'echo "cleaning up..."; rm -f "$filename";' EXIT } @@ -101,15 +104,15 @@ function _unique_filename { # First parameter is base-path, second is filename, # third is optional extension. local n=0 result=$2 - while [[ 1 ]]; do + while true; do if [[ ! -f "$1/$result" ]]; then break fi - n=$(( $n + 1 )) - result="$2-$n" + n=$(( n + 1 )) + result="${2}-${n}" done - echo $result + echo "$result" } @@ -162,7 +165,8 @@ function _user_required { _abort "$error_message" fi - local keys_exist=$($GPGLOCAL -n --list-keys --with-colon) + local keys_exist + keys_exist=$($GPGLOCAL -n --list-keys --with-colon) if [[ -z "$keys_exist" ]]; then _abort "$error_message" fi @@ -175,19 +179,22 @@ function _get_raw_filename { function _get_encrypted_filename { - local filename="$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" + local filename + filename="$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" echo "${filename}${SECRETS_EXTENSION}" | sed -e 's#^\./##' } function _get_users_in_keyring { - local result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/\1/p') + local result + result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/\1/p') echo "$result" } function _get_recepients { - local result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/-r\1/p') + local result + result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/-r\1/p') echo "$result" } @@ -202,12 +209,13 @@ function _decrypt { local homedir=${4:-""} local passphrase=${5:-""} - local encrypted_filename=$(_get_encrypted_filename "$filename") + local encrypted_filename + encrypted_filename=$(_get_encrypted_filename "$filename") local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt" if [[ "$write_to_file" -eq 1 ]]; then - base="$base -o "${filename}"" + base="$base -o $filename" fi if [[ "$force" -eq 1 ]]; then @@ -219,7 +227,8 @@ function _decrypt { fi if [[ ! -z "$passphrase" ]]; then - echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 "$encrypted_filename" + echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \ + "$encrypted_filename" else $base "$encrypted_filename" fi diff --git a/src/_utils/_git_secret_tools_linux.sh b/src/_utils/_git_secret_tools_linux.sh index 514eb069..072787bd 100644 --- a/src/_utils/_git_secret_tools_linux.sh +++ b/src/_utils/_git_secret_tools_linux.sh @@ -7,6 +7,7 @@ function __replace_in_file_linux { function __temp_file_linux { - local filename=$(mktemp) + local filename + filename=$(mktemp) echo "$filename" } diff --git a/src/_utils/_git_secret_tools_osx.sh b/src/_utils/_git_secret_tools_osx.sh index 7dcc23a2..582bb0a3 100644 --- a/src/_utils/_git_secret_tools_osx.sh +++ b/src/_utils/_git_secret_tools_osx.sh @@ -8,6 +8,7 @@ function __replace_in_file_osx { function __temp_file_osx { : "${TMPDIR:=/tmp}" - local filename=$(mktemp -t _gitsecrets_XXX ) + local filename + filename=$(mktemp -t _gitsecrets_XXX ) echo "$filename"; } diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh index 69714ba1..29da19d1 100644 --- a/src/commands/git_secret_add.sh +++ b/src/commands/git_secret_add.sh @@ -18,29 +18,33 @@ function add { _user_required local not_ignored=() + local items=( "$@" ) - for item in $@; do + for item in "${items[@]}"; do # Checking if all files in options are ignored: if [[ ! -f "$item" ]]; then _abort "$item is not a file." fi - local ignored=$(_check_ignore "$item") + local ignored + ignored=$(_check_ignore "$item") if [[ ! "$ignored" -eq 0 ]]; then - # collect unignored files. + # Collect unignored files. not_ignored+=("$item") fi done if [[ ! "${#not_ignored[@]}" -eq 0 ]]; then - # and show them all at once. - local message="these files are not ignored: ${not_ignored[@]} ;" + # And show them all at once. + local message + message="these files are not ignored: $* ;" + if [[ "$auto_add" -eq 0 ]]; then - # this file is not ignored. user don't want it to be added automatically. - # raise the exception, since all files, which will be hidden, must be ignored. + # This file is not ignored. user don't want it to be added automatically. + # Raise the exception, since all files, which will be hidden, must be ignored. _abort "$message" else - # in this case these files should be added to the `.gitignore` automatically: + # In this case these files should be added to the `.gitignore` automatically: # see https://github.com/sobolevn/git-secret/issues/18 for more. echo "$message" echo "auto adding them to .gitignore" @@ -50,9 +54,10 @@ function add { fi fi - for item in $@; do - # adding files into system, skipping duplicates. - local already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING") + for item in "${items[@]}"; do + # Adding files into system, skipping duplicates. + local already_in + already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING") if [[ "$already_in" -eq 1 ]]; then echo "$item" >> "$SECRETS_DIR_PATHS_MAPPING" fi diff --git a/src/commands/git_secret_clean.sh b/src/commands/git_secret_clean.sh index f0061685..9b503cc4 100644 --- a/src/commands/git_secret_clean.sh +++ b/src/commands/git_secret_clean.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash + function clean { OPTIND=1 @@ -15,10 +16,14 @@ function clean { shift $((OPTIND-1)) [ "$1" = "--" ] && shift - [[ ! -z "$verbose" ]] && echo && echo "cleaing:" || : # bug with custom bash on OSX + if [[ ! -z "$verbose" ]]; then + echo && echo "cleaing:" + fi - find . -name *$SECRETS_EXTENSION -type f | xargs rm -f$verbose + find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose - [[ ! -z "$verbose" ]] && echo || : # bug with custom bash on OSX + if [[ ! -z "$verbose" ]]; then + echo + fi } diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index a602e085..6c4ae669 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -4,20 +4,20 @@ function _optional_clean { OPTIND=1 local clean=0 - local opt_string="" + local opt_string='' - while getopts "cvh" opt; do + while getopts 'cvh' opt; do case "$opt" in c) clean=1;; - h) _show_manual_for "hide";; + h) _show_manual_for 'hide';; v) opt_string="-v";; esac done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift _user_required @@ -28,14 +28,19 @@ function _optional_clean { function hide { - _optional_clean $@ + _optional_clean "$@" local counter=0 - while read line; do - local encrypted_filename=$(_get_encrypted_filename $line) + while read -r line; do + local encrypted_filename + encrypted_filename=$(_get_encrypted_filename "$line") - local recipients=$(_get_recepients) - $GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line" + local recipients + recipients=$(_get_recepients) + + # shellcheck disable=2086 + $GPGLOCAL --use-agent --yes --trust-model=always --encrypt \ + $recipients -o "$encrypted_filename" "$line" counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" diff --git a/src/commands/git_secret_init.sh b/src/commands/git_secret_init.sh index d49f4583..850f6893 100644 --- a/src/commands/git_secret_init.sh +++ b/src/commands/git_secret_init.sh @@ -4,20 +4,21 @@ function init { OPTIND=1 - while getopts "h" opt; do + while getopts 'h' opt; do case "$opt" in - h) _show_manual_for "init";; + h) _show_manual_for 'init';; esac done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift if [[ -d "$SECRETS_DIR" ]]; then - _abort "already inited." + _abort 'already inited.' fi - local ignores=$(_check_ignore "$SECRETS_DIR"/) + local ignores + ignores=$(_check_ignore "$SECRETS_DIR"/) if [[ ! $ignores -eq 1 ]]; then _abort "'${SECRETS_DIR}/' is ignored." diff --git a/src/commands/git_secret_list.sh b/src/commands/git_secret_list.sh index 7e7ff0ab..eb522fad 100644 --- a/src/commands/git_secret_list.sh +++ b/src/commands/git_secret_list.sh @@ -4,9 +4,9 @@ function list { OPTIND=1 - while getopts "h?" opt; do + while getopts 'h?' opt; do case "$opt" in - h) _show_manual_for "list";; + h) _show_manual_for 'list';; esac done @@ -19,7 +19,7 @@ function list { _abort "$SECRETS_DIR_PATHS_MAPPING is missing." fi - while read line; do + while read -r line; do echo "$line" done < "$SECRETS_DIR_PATHS_MAPPING" } diff --git a/src/commands/git_secret_remove.sh b/src/commands/git_secret_remove.sh index 455e6f1c..de0f1ab2 100644 --- a/src/commands/git_secret_remove.sh +++ b/src/commands/git_secret_remove.sh @@ -5,11 +5,11 @@ function remove { OPTIND=1 local clean=0 - while getopts "ch" opt; do + while getopts 'ch' opt; do case "$opt" in c) clean=1;; - h) _show_manual_for "remove";; + h) _show_manual_for 'remove';; esac done @@ -19,7 +19,7 @@ function remove { # validate if user exist: _user_required - for item in $@; do + for item in "$@"; do if [[ ! -f "$item" ]]; then _abort "$item is not a file." fi @@ -28,14 +28,14 @@ function remove { rm -f "${SECRETS_DIR_PATHS_MAPPING}.bak" if [[ "$clean" == 1 ]]; then - local encrypted_filename=$(_get_encrypted_filename "$item") + local encrypted_filename + encrypted_filename=$(_get_encrypted_filename "$item") + rm -f "$encrypted_filename" fi done - local all=${@} - - echo "removed from index." - echo "ensure that files: [$all] are now not ignored." + echo 'removed from index.' + echo "ensure that files: [$*] are now not ignored." } diff --git a/src/main.sh b/src/main.sh index 7c7964eb..f7bbc70b 100755 --- a/src/main.sh +++ b/src/main.sh @@ -9,7 +9,8 @@ function _check_setup { fi # Checking if the '.gitsecret' is not ignored: - local ignored=$(_check_ignore ".gitsecret/") + local ignored + ignored=$(_check_ignore ".gitsecret/") if [[ ! $ignored -eq 1 ]]; then _abort ".gitsecret folder is ignored." fi @@ -44,7 +45,7 @@ function _init_script { # Parse plugin-level options: local dry_run=0 - while [[ $# > 0 ]]; do + while [[ $# -gt 0 ]]; do local opt="$1" case "$opt" in @@ -61,13 +62,13 @@ function _init_script { if [[ "$dry_run" == 0 ]]; then # checking for proper set-up: - _check_setup + _check_setup # load dependencies: # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done # routing the input command: - if [[ $(_function_exists $1) == 0 ]] && [[ ! $1 == _* ]]; then + if [[ $(_function_exists "$1") == 0 ]] && [[ ! $1 == _* ]]; then $1 "${@:2}" else # TODO: elif [[ $(_plugin_exists $1) == 0 ]]; then _incorrect_usage "command $1 not found." 126 @@ -76,4 +77,4 @@ function _init_script { } -_init_script $@ +_init_script "$@" diff --git a/src/version.sh b/src/version.sh index 4af4e143..b1fa3f16 100644 --- a/src/version.sh +++ b/src/version.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -GITSECRET_VERSION="0.2.0" +GITSECRET_VERSION="0.2.0" # shellcheck disable=2034 diff --git a/tests/test_clean.bats b/tests/test_clean.bats new file mode 100644 index 00000000..882527c1 --- /dev/null +++ b/tests/test_clean.bats @@ -0,0 +1,3 @@ +#!/usr/bin/env bats + +# TODO: create tests for this command. From 67218994f3dc1ccc64d06bf279f715f347bc990c Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 22:32:42 +0300 Subject: [PATCH 05/24] refactored all src folder --- .ci/before_deploy.sh | 2 +- .ci/before_script.sh | 14 ++++++++----- .ci/script.sh | 7 ++++++- .gitignore | 1 + git-secret.plugin.zsh | 4 +++- src/_utils/_git_secret_tools.sh | 2 +- src/commands/git_secret_changes.sh | 29 ++++++++++++++++----------- src/commands/git_secret_clean.sh | 11 +++++----- src/commands/git_secret_hide.sh | 2 +- src/commands/git_secret_killperson.sh | 4 ++-- src/commands/git_secret_list.sh | 4 ++-- src/commands/git_secret_remove.sh | 9 +++++---- src/commands/git_secret_reveal.sh | 16 +++++++-------- src/commands/git_secret_tell.sh | 17 +++++++++------- src/commands/git_secret_whoknows.sh | 6 +++++- src/main.sh | 17 +++++++--------- tests/test_changes.bats | 24 ++++++++++++++-------- tests/test_killperson.bats | 4 ---- 18 files changed, 100 insertions(+), 73 deletions(-) diff --git a/.ci/before_deploy.sh b/.ci/before_deploy.sh index 78c54f85..960ec326 100644 --- a/.ci/before_deploy.sh +++ b/.ci/before_deploy.sh @@ -11,5 +11,5 @@ fi if [[ ! -z "$DOCKER_DIST" ]]; then # When making a non-container build, this step will generate # proper manifest files: - make deploy-${GITSECRET_DIST}; + make "deploy-${GITSECRET_DIST}"; fi diff --git a/.ci/before_script.sh b/.ci/before_script.sh index 2478c032..39c15ca0 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -13,12 +13,16 @@ fi # Mac: if [[ "$GITSECRET_DIST" == "brew" ]]; then - brew install $GITSECRET_GPG_DEP + brew install "$GITSECRET_GPG_DEP" fi # Local linux (standart build): -if [[ "$GITSECRET_DIST" == "none" ]] && - [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then - # Installing custom GPG version: - sudo apt-get install -y gnupg2 +if [[ "$GITSECRET_DIST" == "none" ]]; then + # Installing linter: + sudo apt-get install -y shellcheck + + if [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then + # Installing custom GPG version: + sudo apt-get install -y gnupg2 + fi fi diff --git a/.ci/script.sh b/.ci/script.sh index c3ad174e..7d201e03 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -6,7 +6,7 @@ set -e if [[ ! -z "$DOCKER_DIST" ]]; then TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST" # Passing the `TRAVIS_COMMIT` into the container: - COMMAND="if [ ! -z "${TRAVIS_COMMIT}" ]; then git checkout "${TRAVIS_COMMIT}"; fi; make test-${GITSECRET_DIST}-ci" + COMMAND="if [ ! -z ${TRAVIS_COMMIT} ]; then git checkout ${TRAVIS_COMMIT}; fi; make test-${GITSECRET_DIST}-ci" # This will run the full intergration check inside the `docker` container: # see `test-deb-ci` and `test-rpm-ci` in `Makefile` @@ -20,3 +20,8 @@ if [[ -z "$DOCKER_DIST" ]]; then # since it is called inside the docker container anyway. make test fi + +if [[ "$GITSECRET_DIST" == 'none' ]]; then + # If running a native build, do a lint: + find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} +fi diff --git a/.gitignore b/.gitignore index 309b6085..6eff042b 100644 --- a/.gitignore +++ b/.gitignore @@ -133,3 +133,4 @@ temp/ build/ *.deb *.fpm +test.txt diff --git a/git-secret.plugin.zsh b/git-secret.plugin.zsh index a6b73b98..61977e1f 100644 --- a/git-secret.plugin.zsh +++ b/git-secret.plugin.zsh @@ -1,3 +1,5 @@ +#!/usr/bin/env zsh + # Copyright 2016 Sobolev Nikita # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,7 +15,7 @@ # limitations under the License. # Create binary: -PLUGIN_DIR="$(dirname $0)" +PLUGIN_DIR="$(dirname "$0")" if [ ! -f "$PLUGIN_DIR/git-secret" ]; then cd "$PLUGIN_DIR" && make build && cd .. diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 6daf26b4..b574bbfc 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -212,7 +212,7 @@ function _decrypt { local encrypted_filename encrypted_filename=$(_get_encrypted_filename "$filename") - local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt" + local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt --no-permission-warning" if [[ "$write_to_file" -eq 1 ]]; then base="$base -o $filename" diff --git a/src/commands/git_secret_changes.sh b/src/commands/git_secret_changes.sh index 27b0405a..b669cda9 100644 --- a/src/commands/git_secret_changes.sh +++ b/src/commands/git_secret_changes.sh @@ -1,11 +1,13 @@ #!/usr/bin/env bash function changes { + local passphrase="" + OPTIND=1 - while getopts "hd:p:" opt; do + while getopts 'hd:p:' opt; do case "$opt" in - h) _show_manual_for "changes";; + h) _show_manual_for 'changes';; p) passphrase=$OPTARG;; @@ -14,7 +16,7 @@ function changes { done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift local filenames="$1" if [[ -z "$filenames" ]]; then @@ -22,18 +24,21 @@ function changes { filenames=$(git secret list) fi - local previous_commit=$(git rev-parse HEAD) - - for filename in "$filenames"; do - # Meta information: - local encrypted_filename=$(_get_encrypted_filename "$filename") - local last_encrypted=$(git show "${previous_commit}:${encrypted_filename}") + IFS=' + ' + for filename in $filenames; do + local decrypted + local content + local diff_result # Now we have all the data required: - local decrypted=$(_decrypt "$filename" "0" "0" "$homedir" "$passphrase") - local content=$(cat "$filename") + decrypted=$(_decrypt "$filename" "0" "0" "$homedir" "$passphrase") + content=$(cat "$filename") - local diff_result=$(diff <(echo "$decrypted") <(echo "$content")) + # Let's diff the result: + diff_result=$(diff <(echo "$decrypted") <(echo "$content")) || true + # There was a bug in the previous version, since `diff` returns + # exit code `1` when the files are different. echo "changes in ${filename}: ${diff_result}" done } diff --git a/src/commands/git_secret_clean.sh b/src/commands/git_secret_clean.sh index 9b503cc4..7068a05a 100644 --- a/src/commands/git_secret_clean.sh +++ b/src/commands/git_secret_clean.sh @@ -2,22 +2,23 @@ function clean { + local verbose='' + OPTIND=1 - local verbose="" - while getopts "vh" opt; do + while getopts 'vh' opt; do case "$opt" in v) verbose="v";; - h) _show_manual_for "clean";; + h) _show_manual_for 'clean';; esac done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift if [[ ! -z "$verbose" ]]; then - echo && echo "cleaing:" + echo && echo 'cleaing:' fi find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index 6c4ae669..ec781bc7 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -12,7 +12,7 @@ function _optional_clean { h) _show_manual_for 'hide';; - v) opt_string="-v";; + v) opt_string='-v';; esac done diff --git a/src/commands/git_secret_killperson.sh b/src/commands/git_secret_killperson.sh index c3b3909b..371a2bb2 100644 --- a/src/commands/git_secret_killperson.sh +++ b/src/commands/git_secret_killperson.sh @@ -4,9 +4,9 @@ function killperson { OPTIND=1 - while getopts "h" opt; do + while getopts 'h' opt; do case "$opt" in - h) _show_manual_for "killperson";; + h) _show_manual_for 'killperson';; esac done diff --git a/src/commands/git_secret_list.sh b/src/commands/git_secret_list.sh index eb522fad..7a8862dc 100644 --- a/src/commands/git_secret_list.sh +++ b/src/commands/git_secret_list.sh @@ -4,14 +4,14 @@ function list { OPTIND=1 - while getopts 'h?' opt; do + while getopts 'h' opt; do case "$opt" in h) _show_manual_for 'list';; esac done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift _user_required diff --git a/src/commands/git_secret_remove.sh b/src/commands/git_secret_remove.sh index de0f1ab2..2a7259c7 100644 --- a/src/commands/git_secret_remove.sh +++ b/src/commands/git_secret_remove.sh @@ -2,9 +2,10 @@ function remove { - OPTIND=1 local clean=0 + OPTIND=1 + while getopts 'ch' opt; do case "$opt" in c) clean=1;; @@ -14,9 +15,9 @@ function remove { done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift - # validate if user exist: + # Validate if user exists: _user_required for item in "$@"; do @@ -25,7 +26,7 @@ function remove { fi _delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING" - rm -f "${SECRETS_DIR_PATHS_MAPPING}.bak" + rm -f "${SECRETS_DIR_PATHS_MAPPING}.bak" # not all systems create '.bak' if [[ "$clean" == 1 ]]; then local encrypted_filename diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 2b1d2452..7f6a389c 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -2,15 +2,15 @@ function reveal { + local homedir='' + local passphrase='' + local force=0 OPTIND=1 - local homedir="" - local passphrase="" - local force=0 - while getopts "hfd:p:" opt; do + while getopts 'hfd:p:' opt; do case "$opt" in - h) _show_manual_for "reveal";; + h) _show_manual_for 'reveal';; f) force=1;; @@ -21,13 +21,13 @@ function reveal { done shift $((OPTIND-1)) - [ "$1" = "--" ] && shift + [ "$1" = '--' ] && shift _user_required local counter=0 - while read line; do - # the parameters are: filename, force, homedir, passphrase + while read -r line; do + # The parameters are: filename, write-to-file, force, homedir, passphrase _decrypt "$line" "1" "$force" "$homedir" "$passphrase" counter=$((counter+1)) diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh index 0bbfc151..efdcc316 100644 --- a/src/commands/git_secret_tell.sh +++ b/src/commands/git_secret_tell.sh @@ -2,15 +2,13 @@ function tell { - _secrets_dir_exists + local email + local homedir # A POSIX variable # Reset in case getopts has been used previously in the shell. OPTIND=1 - local email - local homedir - while getopts "h?md:" opt; do case "$opt" in h) _show_manual_for "tell";; @@ -26,6 +24,9 @@ function tell { shift $((OPTIND-1)) [ "$1" = "--" ] && shift + # Moved to enable viewing a manual without validation: + _secrets_dir_exists + # Custom argument-parsing: if [[ -z $email ]]; then # Email was not set via `-m` and is in $1: @@ -33,18 +34,20 @@ function tell { fi # This file will be removed automatically: - _temporary_file + _temporary_file # note, that `_temporary_file` will export `filename` var. + # shellcheck disable=2154 local keyfile="$filename" if [[ -z "$homedir" ]]; then $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" else # It means that homedir is set as an extra argument via `-d`: - $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" --export -a "$email" > "$keyfile" + $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ + --export -a "$email" > "$keyfile" fi if [[ ! -s "$keyfile" ]]; then - _abort 'gpg key is empty. check your key name: `gpg --list-keys`.' + _abort 'gpg key is empty. check your key name: "gpg --list-keys".' fi # Importing public key to the local keychain: diff --git a/src/commands/git_secret_whoknows.sh b/src/commands/git_secret_whoknows.sh index 66a8267b..9b35c854 100644 --- a/src/commands/git_secret_whoknows.sh +++ b/src/commands/git_secret_whoknows.sh @@ -13,8 +13,12 @@ function whoknows { shift $((OPTIND-1)) [ "$1" = "--" ] && shift + # Validating, that we have a user: _user_required - local keys=$(_get_users_in_keyring) + local keys + + # Just to the point: + keys=$(_get_users_in_keyring) echo "$keys" } diff --git a/src/main.sh b/src/main.sh index f7bbc70b..a4884751 100755 --- a/src/main.sh +++ b/src/main.sh @@ -12,14 +12,14 @@ function _check_setup { local ignored ignored=$(_check_ignore ".gitsecret/") if [[ ! $ignored -eq 1 ]]; then - _abort ".gitsecret folder is ignored." + _abort '.gitsecret folder is ignored.' fi # Checking gpg setup: local secring="$SECRETS_DIR_KEYS/secring.gpg" if [[ -f $secring ]] && [[ -s $secring ]]; then # secring.gpg is not empty, someone has imported a private key. - _abort "it seems that someone has imported a secret key." + _abort 'it seems that someone has imported a secret key.' fi } @@ -39,7 +39,7 @@ function _show_version { function _init_script { if [[ $# == 0 ]]; then - _incorrect_usage "no input parameters provided." 126 + _incorrect_usage 'no input parameters provided.' 126 fi # Parse plugin-level options: @@ -49,7 +49,7 @@ function _init_script { local opt="$1" case "$opt" in - # options for quick-exit strategy: + # Options for quick-exit strategy: --dry-run) dry_run=1 shift;; @@ -61,13 +61,10 @@ function _init_script { done if [[ "$dry_run" == 0 ]]; then - # checking for proper set-up: - _check_setup + # Checking for proper set-up: + _check_setup - # load dependencies: - # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done - - # routing the input command: + # Routing the input command: if [[ $(_function_exists "$1") == 0 ]] && [[ ! $1 == _* ]]; then $1 "${@:2}" else # TODO: elif [[ $(_plugin_exists $1) == 0 ]]; then diff --git a/tests/test_changes.bats b/tests/test_changes.bats index 1782d58e..b151b22e 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -3,6 +3,7 @@ load _test_base FILE_TO_HIDE="file_to_hide" +SECOND_FILE_TO_HIDE="second_file_to_hide" FILE_CONTENTS="hidden content юникод" FINGERPRINT="" @@ -15,6 +16,7 @@ function setup { set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" + set_state_secret_add "$SECOND_FILE_TO_HIDE" "$FILE_CONTENTS" set_state_secret_hide } @@ -26,16 +28,16 @@ function teardown { } -@test "run 'changes' without previous commit" { +@test "run 'changes' with one file changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") local new_content="new content" echo "$new_content" >> "$FILE_TO_HIDE" - run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" + run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -eq 0 ] # Testing that output has both filename and changes: - [[ "$output" == *"$FILE_TO_HIDE"* ]] + [[ "$output" == *"changes in $FILE_TO_HIDE"* ]] [[ "$output" == *"$new_content"* ]] } @@ -47,14 +49,20 @@ function teardown { } -@test "run 'changes' with commit" { - git_commit "$(test_user_email $TEST_DEFAULT_USER)" 'initial' +@test "run 'changes' with multiple files changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") - - echo "new content" >> "$FILE_TO_HIDE" + local new_content="new content" + local second_new_content="something different" + echo "$new_content" >> "$FILE_TO_HIDE" + echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] - [[ "$output" == *"$FILE_TO_HIDE"* ]] + + # Testing that output has both filename and changes: + [[ "$output" == *"changes in $FILE_TO_HIDE"* ]] [[ "$output" == *"$new_content"* ]] + + [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] + [[ "$output" == *"$second_file_to_hide"* ]] } diff --git a/tests/test_killperson.bats b/tests/test_killperson.bats index 81647d32..b749623b 100644 --- a/tests/test_killperson.bats +++ b/tests/test_killperson.bats @@ -8,10 +8,6 @@ function setup { set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" - - # init_git_repository - # git_secret_init - # git_secret_tell_test } From e87efeb3c03e7db3f8de95d2118bcb9234f1cab7 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 22:43:03 +0300 Subject: [PATCH 06/24] refactored all src folder --- .ci/before_script.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ci/before_script.sh b/.ci/before_script.sh index 39c15ca0..fe7f22b1 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -18,6 +18,8 @@ fi # Local linux (standart build): if [[ "$GITSECRET_DIST" == "none" ]]; then + sudo apt-get update + # Installing linter: sudo apt-get install -y shellcheck From a4d1b56925984253236fc6e541738b9003bcd887 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 22:58:51 +0300 Subject: [PATCH 07/24] travis fix --- .travis.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2c23c971..3a2316ea 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ matrix: + fast_finish: true include: - os: linux env: GITSECRET_DIST="deb"; DOCKER_DIST="debian"; @@ -19,10 +20,22 @@ matrix: env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: required language: ruby + addons: + apt: + sources: + - debian-sid + packages: + - shellcheck - os: linux env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" sudo: required language: ruby + addons: + apt: + sources: + - debian-sid + packages: + - shellcheck - os: osx env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: false From 66b326a07739b2d62841a5c3ffd9a9d3af401f93 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 23:04:27 +0300 Subject: [PATCH 08/24] travis final fix --- .ci/before_script.sh | 8 +++++--- .ci/script.sh | 4 ++-- .travis.yml | 8 +------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/.ci/before_script.sh b/.ci/before_script.sh index fe7f22b1..9f2cc04c 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -18,10 +18,12 @@ fi # Local linux (standart build): if [[ "$GITSECRET_DIST" == "none" ]]; then - sudo apt-get update + if [[ "$GITSECRET_LINT" == 'lint' ]]; then + sudo apt-get update - # Installing linter: - sudo apt-get install -y shellcheck + # Installing linter: + sudo apt-get install -y shellcheck + fi if [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then # Installing custom GPG version: diff --git a/.ci/script.sh b/.ci/script.sh index 7d201e03..ed3dea44 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -21,7 +21,7 @@ if [[ -z "$DOCKER_DIST" ]]; then make test fi -if [[ "$GITSECRET_DIST" == 'none' ]]; then - # If running a native build, do a lint: +if [[ "$GITSECRET_LINT" == 'lint' ]]; then + # If running a native build with lint param, do a lint: find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} fi diff --git a/.travis.yml b/.travis.yml index 3a2316ea..1d893a1e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ matrix: sudo: required language: ruby - os: linux - env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" + env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"; GITSECRET_LINT="lint" sudo: required language: ruby addons: @@ -30,12 +30,6 @@ matrix: env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" sudo: required language: ruby - addons: - apt: - sources: - - debian-sid - packages: - - shellcheck - os: osx env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: false From 7b7289b570a3178fcd97a4074470a3a06d3363df Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 23:18:00 +0300 Subject: [PATCH 09/24] travis final fix --- .ci/before_script.sh | 7 ------- .ci/script.sh | 3 ++- .travis.yml | 2 +- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.ci/before_script.sh b/.ci/before_script.sh index 9f2cc04c..acdb3aa2 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -18,13 +18,6 @@ fi # Local linux (standart build): if [[ "$GITSECRET_DIST" == "none" ]]; then - if [[ "$GITSECRET_LINT" == 'lint' ]]; then - sudo apt-get update - - # Installing linter: - sudo apt-get install -y shellcheck - fi - if [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then # Installing custom GPG version: sudo apt-get install -y gnupg2 diff --git a/.ci/script.sh b/.ci/script.sh index ed3dea44..58df35a1 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -21,7 +21,8 @@ if [[ -z "$DOCKER_DIST" ]]; then make test fi -if [[ "$GITSECRET_LINT" == 'lint' ]]; then +if [[ $(command -v shellcheck; echo $?) -eq 0 ]]; then + echo 'running lint' # If running a native build with lint param, do a lint: find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} fi diff --git a/.travis.yml b/.travis.yml index 1d893a1e..e7298030 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ matrix: sudo: required language: ruby - os: linux - env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"; GITSECRET_LINT="lint" + env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: required language: ruby addons: From a1666c8de27793b8fd64c8cdee2a6d57e7337f84 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 23:22:33 +0300 Subject: [PATCH 10/24] travis final fix --- .ci/script.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.ci/script.sh b/.ci/script.sh index 58df35a1..0ec0e8a2 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -21,7 +21,8 @@ if [[ -z "$DOCKER_DIST" ]]; then make test fi -if [[ $(command -v shellcheck; echo $?) -eq 0 ]]; then +SHELLCHECK=$(command -v shellcheck; echo $?) +if [[ "$SHELLCHECK" -eq 0 ]]; then echo 'running lint' # If running a native build with lint param, do a lint: find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} From 26448c9474145999d465b4e43a9147986fa9982d Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 30 Jun 2016 23:30:06 +0300 Subject: [PATCH 11/24] travis final fix --- .ci/script.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.ci/script.sh b/.ci/script.sh index 0ec0e8a2..aa120fdd 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -21,8 +21,7 @@ if [[ -z "$DOCKER_DIST" ]]; then make test fi -SHELLCHECK=$(command -v shellcheck; echo $?) -if [[ "$SHELLCHECK" -eq 0 ]]; then +if [[ ! -z "$(command -v shellcheck)" ]]; then echo 'running lint' # If running a native build with lint param, do a lint: find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} From f5e40fefe0eda761c05a2654e42cde80d2d3408f Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 12:32:07 +0300 Subject: [PATCH 12/24] added make distribution, updated travis and docker files --- .docker/make/debian/Dockerfile | 22 ++++++++++++++++++++++ .travis.yml | 5 +++++ Makefile | 8 ++++++++ utils/make/make-ci.sh | 31 +++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 .docker/make/debian/Dockerfile create mode 100644 utils/make/make-ci.sh diff --git a/.docker/make/debian/Dockerfile b/.docker/make/debian/Dockerfile new file mode 100644 index 00000000..7a7a5c99 --- /dev/null +++ b/.docker/make/debian/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +# Dependencies and project initialization: + +RUN apt-get update && \ + apt-get install -y man make git apt-transport-https && \ + apt-get autoremove && apt-get autoclean + +# This will increase the container size, but speed up the build, +# since this part will change, while the dependencies won't: + +RUN mkdir /code +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.travis.yml b/.travis.yml index e7298030..f4ec83e3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,11 @@ matrix: fast_finish: true include: + - os: linux + env: GITSECRET_DIST="make"; DOCKER_DIST="debian" + services: docker + sudo: required + language: ruby - os: linux env: GITSECRET_DIST="deb"; DOCKER_DIST="debian"; services: docker diff --git a/Makefile b/Makefile index 202caf10..d2d01b5b 100644 --- a/Makefile +++ b/Makefile @@ -127,3 +127,11 @@ deploy-rpm: build-rpm @chmod +x "./utils/rpm/rpm-deploy.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/rpm/rpm-deploy.sh" + +# make: + +.PHONY: test-make-ci +test-make-ci: clean install-test + @chmod +x "./utils/make/make-ci.sh"; sync; \ + export SECRET_PROJECT_ROOT="${PWD}"; \ + "./utils/make/make-ci.sh" diff --git a/utils/make/make-ci.sh b/utils/make/make-ci.sh new file mode 100644 index 00000000..3aeb9179 --- /dev/null +++ b/utils/make/make-ci.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +set -e + +# Note that this file is created for test purposes: +# 1. It runs inside the Docker container +# 2. It does not use `sudo` or anything +# 3. If you would like to install a package with `make` on your system, +# see `Installation` + +source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" + + +# Integration tests +function integration_tests { + # Installing the package: + make build + make install + + # Testing the installation: + which "git-secret" + + # Test the manuals: + man --where "git-secret" # .7 + man --where "git-secret-init" # .1 +} + +integration_tests + +# Unit tests: +source "${SECRET_PROJECT_ROOT}/utils/tests.sh" From 6ea5fabf5343ba131a294c77dab0f1bbc6d3ccd1 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 12:46:54 +0300 Subject: [PATCH 13/24] removed `source build-utils` from make-ci --- utils/build-utils.sh | 12 ++++++------ utils/make/make-ci.sh | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/utils/build-utils.sh b/utils/build-utils.sh index d9d06e63..f73cea47 100644 --- a/utils/build-utils.sh +++ b/utils/build-utils.sh @@ -8,11 +8,11 @@ EXEC_PEM=0755 SCRIPT_NAME="git-secret" SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." -SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +SCRIPT_VERSION=$(bash "${PWD}"/git-secret --version) # This might be overridden someday: -: ${SCRIPT_EPOCH:=0} -: ${SCRIPT_ITERATION:=1} +: "${SCRIPT_EPOCH:=0}" +: "${SCRIPT_ITERATION:=1}" # This may be overridden: if [[ -z "$SCRIPT_BUILD_DIR" ]]; then @@ -23,12 +23,12 @@ SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/buildroot" function locate_deb { - ls $SCRIPT_DEST_DIR/*.deb | head -1 + find . -maxdepth 1 -name "$SCRIPT_DEST_DIR/*.deb" | head -1 } function locate_rpm { - ls $SCRIPT_DEST_DIR/*.rpm | head -1 + find . -maxdepth 1 -name "$SCRIPT_DEST_DIR/*.rpm" | head -1 } @@ -77,5 +77,5 @@ function build_package { function clean_up_files { - rm -rf "${SCRIPT_DEST_DIR}/usr" + rm -rf "${SCRIPT_DEST_DIR:?}/usr" } diff --git a/utils/make/make-ci.sh b/utils/make/make-ci.sh index 3aeb9179..af00c4df 100644 --- a/utils/make/make-ci.sh +++ b/utils/make/make-ci.sh @@ -8,13 +8,13 @@ set -e # 3. If you would like to install a package with `make` on your system, # see `Installation` -source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" - # Integration tests function integration_tests { - # Installing the package: + # Building the package: make build + + # Installing the package: make install # Testing the installation: From fab0b9b1f0caf382604e133784b53c1462d38e42 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 12:59:55 +0300 Subject: [PATCH 14/24] fixes in finding functions, also test-make-ci added $PATH --- Makefile | 1 + utils/build-utils.sh | 4 ++-- utils/install.sh | 10 +++++++--- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index d2d01b5b..5ce122e8 100644 --- a/Makefile +++ b/Makefile @@ -134,4 +134,5 @@ deploy-rpm: build-rpm test-make-ci: clean install-test @chmod +x "./utils/make/make-ci.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ + export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ "./utils/make/make-ci.sh" diff --git a/utils/build-utils.sh b/utils/build-utils.sh index f73cea47..b366de08 100644 --- a/utils/build-utils.sh +++ b/utils/build-utils.sh @@ -23,12 +23,12 @@ SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/buildroot" function locate_deb { - find . -maxdepth 1 -name "$SCRIPT_DEST_DIR/*.deb" | head -1 + find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.deb" | head -1 } function locate_rpm { - find . -maxdepth 1 -name "$SCRIPT_DEST_DIR/*.rpm" | head -1 + find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.rpm" | head -1 } diff --git a/utils/install.sh b/utils/install.sh index a1499b39..fd8aedb2 100755 --- a/utils/install.sh +++ b/utils/install.sh @@ -10,9 +10,12 @@ function resolve_link { } function abs_dirname { - local cwd="$(pwd)" + local cwd local path="$1" + cwd="$(pwd)" + + while [ -n "$path" ]; do cd "${path%/*}" local name="${path##*/}" @@ -29,7 +32,7 @@ if [ -z "$PREFIX" ]; then exit 1 fi -SCRIPT_ROOT="$(dirname $(abs_dirname "$0"))" +SCRIPT_ROOT="$(dirname "$(abs_dirname "$0")")" mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret @@ -37,7 +40,8 @@ cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret # There was an issue with this line: # cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 # see https://github.com/sobolevn/git-secret/issues/35 for reference. -find "$SCRIPT_ROOT"/man/man1 -name *.1 -print0 | xargs -0 -I {} cp -a {} "$PREFIX"/share/man/man1 +find "$SCRIPT_ROOT"/man/man1 -name '*.1' -print0 | xargs -0 -I {} cp \ + -a {} "$PREFIX"/share/man/man1 cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 echo "Installed git-secret to ${PREFIX}/bin/git-secret" From c83f41e6e22ce428bee1e4906d5a036663fcffe8 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 13:24:32 +0300 Subject: [PATCH 15/24] refactored all utils and src --- .ci/script.sh | 5 ++++- utils/deb/deb-build.sh | 2 ++ utils/deb/deb-ci.sh | 4 ++++ utils/deb/deb-deploy.sh | 4 +++- utils/gh-branch.sh | 9 ++++++--- utils/hooks/post-commit.sh | 4 ++-- utils/hooks/pre-commit.sh | 2 +- utils/make/make-ci.sh | 2 ++ utils/rpm/rpm-build.sh | 2 ++ utils/rpm/rpm-ci.sh | 4 ++++ utils/rpm/rpm-deploy.sh | 4 +++- 11 files changed, 33 insertions(+), 9 deletions(-) diff --git a/.ci/script.sh b/.ci/script.sh index aa120fdd..46391f76 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -22,7 +22,10 @@ if [[ -z "$DOCKER_DIST" ]]; then fi if [[ ! -z "$(command -v shellcheck)" ]]; then + # This means, that `shellcheck` does exist, so run it: echo 'running lint' - # If running a native build with lint param, do a lint: find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + find utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + # TODO: add tests to lint + # see: https://github.com/koalaman/shellcheck/issues/709 fi diff --git a/utils/deb/deb-build.sh b/utils/deb/deb-build.sh index 8cf586bc..46692a7c 100755 --- a/utils/deb/deb-build.sh +++ b/utils/deb/deb-build.sh @@ -2,6 +2,8 @@ set -e +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" preinstall_files diff --git a/utils/deb/deb-ci.sh b/utils/deb/deb-ci.sh index fd88c84e..198896d6 100644 --- a/utils/deb/deb-ci.sh +++ b/utils/deb/deb-ci.sh @@ -7,6 +7,8 @@ set -e # 2. It does not use `sudo` or anything # 3. If you would like to install `.deb` package on your system, see `Installation` +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .deb file: @@ -33,4 +35,6 @@ function integration_tests { integration_tests # Unit tests: +# shellcheck source=./utils/tests.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/deb/deb-deploy.sh b/utils/deb/deb-deploy.sh index a93afce5..ffd367ff 100755 --- a/utils/deb/deb-deploy.sh +++ b/utils/deb/deb-deploy.sh @@ -2,10 +2,12 @@ set -e +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: -SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) RELEASE_DATE=$(date +%Y-%m-%d) # add `\"override\": 1 \` into the `matrixParams`, if needed: diff --git a/utils/gh-branch.sh b/utils/gh-branch.sh index cf8a32db..06a9d92e 100755 --- a/utils/gh-branch.sh +++ b/utils/gh-branch.sh @@ -4,11 +4,14 @@ set -e function update_gh_branch { - local branch_name=$(git branch | grep '*' | sed 's/* //') - git checkout gh-pages + local branch_name + + branch_name=$(git branch | grep '\*' | sed 's/* //') + + git checkout 'gh-pages' make - git add _posts + git add '_posts' git commit -m 'documentation update' git checkout "$branch_name" } diff --git a/utils/hooks/post-commit.sh b/utils/hooks/post-commit.sh index e43f1708..7b20fe67 100755 --- a/utils/hooks/post-commit.sh +++ b/utils/hooks/post-commit.sh @@ -2,7 +2,7 @@ set -e -BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') +BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') if [[ "$BRANCH_NAME" == 'master' ]]; then # Build new web documentation: @@ -12,7 +12,7 @@ fi if [[ "$BRANCH_NAME" == 'staging' ]]; then # Compare script version and the latest tag: NEWEST_TAG=$(git describe --abbrev=0 --tags) - SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) + SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then # Create new release: diff --git a/utils/hooks/pre-commit.sh b/utils/hooks/pre-commit.sh index 62c01a68..c00642c6 100755 --- a/utils/hooks/pre-commit.sh +++ b/utils/hooks/pre-commit.sh @@ -2,7 +2,7 @@ set -e -BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') +BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') if [[ $BRANCH_NAME != '(no branch)' ]]; then unset GIT_WORK_TREE diff --git a/utils/make/make-ci.sh b/utils/make/make-ci.sh index af00c4df..81f00409 100644 --- a/utils/make/make-ci.sh +++ b/utils/make/make-ci.sh @@ -28,4 +28,6 @@ function integration_tests { integration_tests # Unit tests: +# shellcheck source=./utils/tests.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/rpm/rpm-build.sh b/utils/rpm/rpm-build.sh index 74957e13..9d723570 100644 --- a/utils/rpm/rpm-build.sh +++ b/utils/rpm/rpm-build.sh @@ -2,6 +2,8 @@ set -e +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Copying all the required files to the build directory: diff --git a/utils/rpm/rpm-ci.sh b/utils/rpm/rpm-ci.sh index 8958605a..28dd7d78 100644 --- a/utils/rpm/rpm-ci.sh +++ b/utils/rpm/rpm-ci.sh @@ -7,6 +7,8 @@ set -e # 2. It does not use `sudo` or anything # 3. If you would like to install `.rpm` package on your system, see `Installation` +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .rpm file: @@ -30,4 +32,6 @@ function integration_tests { integration_tests # Unit tests: +# shellcheck source=./utils/tests.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/rpm/rpm-deploy.sh b/utils/rpm/rpm-deploy.sh index 341febab..93927849 100644 --- a/utils/rpm/rpm-deploy.sh +++ b/utils/rpm/rpm-deploy.sh @@ -2,10 +2,12 @@ set -e +# shellcheck source=./utils/build-utils.sh +# shellcheck disable=SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: -SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) RELEASE_DATE=$(date +%Y-%m-%d) # add `\"override\": 1 \` into the `matrixParams`, if needed: From db0f2e1940cdced400f9edcc45659729bd8f9d56 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 13:30:49 +0300 Subject: [PATCH 16/24] fixed shellcheck issues --- utils/deb/deb-build.sh | 3 +-- utils/deb/deb-ci.sh | 6 ++---- utils/deb/deb-deploy.sh | 3 +-- utils/make/make-ci.sh | 3 +-- utils/rpm/rpm-build.sh | 3 +-- utils/rpm/rpm-ci.sh | 6 ++---- utils/rpm/rpm-deploy.sh | 3 +-- 7 files changed, 9 insertions(+), 18 deletions(-) diff --git a/utils/deb/deb-build.sh b/utils/deb/deb-build.sh index 46692a7c..3c433b06 100755 --- a/utils/deb/deb-build.sh +++ b/utils/deb/deb-build.sh @@ -2,8 +2,7 @@ set -e -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" preinstall_files diff --git a/utils/deb/deb-ci.sh b/utils/deb/deb-ci.sh index 198896d6..571003b3 100644 --- a/utils/deb/deb-ci.sh +++ b/utils/deb/deb-ci.sh @@ -7,8 +7,7 @@ set -e # 2. It does not use `sudo` or anything # 3. If you would like to install `.deb` package on your system, see `Installation` -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .deb file: @@ -35,6 +34,5 @@ function integration_tests { integration_tests # Unit tests: -# shellcheck source=./utils/tests.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/deb/deb-deploy.sh b/utils/deb/deb-deploy.sh index ffd367ff..961468be 100755 --- a/utils/deb/deb-deploy.sh +++ b/utils/deb/deb-deploy.sh @@ -2,8 +2,7 @@ set -e -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: diff --git a/utils/make/make-ci.sh b/utils/make/make-ci.sh index 81f00409..61441cb3 100644 --- a/utils/make/make-ci.sh +++ b/utils/make/make-ci.sh @@ -28,6 +28,5 @@ function integration_tests { integration_tests # Unit tests: -# shellcheck source=./utils/tests.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/rpm/rpm-build.sh b/utils/rpm/rpm-build.sh index 9d723570..09434943 100644 --- a/utils/rpm/rpm-build.sh +++ b/utils/rpm/rpm-build.sh @@ -2,8 +2,7 @@ set -e -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Copying all the required files to the build directory: diff --git a/utils/rpm/rpm-ci.sh b/utils/rpm/rpm-ci.sh index 28dd7d78..4bb7c4ac 100644 --- a/utils/rpm/rpm-ci.sh +++ b/utils/rpm/rpm-ci.sh @@ -7,8 +7,7 @@ set -e # 2. It does not use `sudo` or anything # 3. If you would like to install `.rpm` package on your system, see `Installation` -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .rpm file: @@ -32,6 +31,5 @@ function integration_tests { integration_tests # Unit tests: -# shellcheck source=./utils/tests.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" diff --git a/utils/rpm/rpm-deploy.sh b/utils/rpm/rpm-deploy.sh index 93927849..1fe69396 100644 --- a/utils/rpm/rpm-deploy.sh +++ b/utils/rpm/rpm-deploy.sh @@ -2,8 +2,7 @@ set -e -# shellcheck source=./utils/build-utils.sh -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: From 1e748a3c540bc421f9112a119ca886f92092491f Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 16:18:53 +0300 Subject: [PATCH 17/24] CONTRIBUTING.md added --- .ci/before_script.sh | 8 ++-- .ci/script.sh | 5 +-- .travis.yml | 12 ++++-- CONTRIBUTING.md | 86 ++++++++++++++++++++++++++++++++++++++ LICENSE.md | 21 ++++++++++ README.md | 20 +++++---- man/man7/git-secret.7.ronn | 28 ++++++------- utils/hooks/post-commit.sh | 6 +-- utils/hooks/pre-commit.sh | 4 +- 9 files changed, 149 insertions(+), 41 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE.md diff --git a/.ci/before_script.sh b/.ci/before_script.sh index acdb3aa2..a3712c76 100644 --- a/.ci/before_script.sh +++ b/.ci/before_script.sh @@ -17,9 +17,7 @@ if [[ "$GITSECRET_DIST" == "brew" ]]; then fi # Local linux (standart build): -if [[ "$GITSECRET_DIST" == "none" ]]; then - if [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then - # Installing custom GPG version: - sudo apt-get install -y gnupg2 - fi +if [[ "$GITSECRET_DIST" == "none" ]] && [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then + # Installing custom GPG version: + sudo apt-get install -y gnupg2 fi diff --git a/.ci/script.sh b/.ci/script.sh index 46391f76..3a441376 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -15,7 +15,7 @@ if [[ ! -z "$DOCKER_DIST" ]]; then fi # Local builds: -if [[ -z "$DOCKER_DIST" ]]; then +if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "brew" ]]; then # Only running `make test` on standard (non-docker) build, # since it is called inside the docker container anyway. make test @@ -24,8 +24,7 @@ fi if [[ ! -z "$(command -v shellcheck)" ]]; then # This means, that `shellcheck` does exist, so run it: echo 'running lint' - find src -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} - find utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} # TODO: add tests to lint # see: https://github.com/koalaman/shellcheck/issues/709 fi diff --git a/.travis.yml b/.travis.yml index f4ec83e3..fb99efa4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,16 +25,20 @@ matrix: env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: required language: ruby + - os: linux + env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" + sudo: required + language: ruby + - os: linux + env: GITSECRET_DIST="shellcheck" + sudo: required + language: ruby addons: apt: sources: - debian-sid packages: - shellcheck - - os: linux - env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" - sudo: required - language: ruby - os: osx env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" sudo: false diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..8dd802d6 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,86 @@ +# Contributing + +Your contributions are always welcome! + +## Process + +### Environment + +Before starting make sure you have: + +* git +* bash +* gnupg (or gnupg2) +* [shellcheck](https://github.com/koalaman/shellcheck) + +Only required if dealing with manuals, `gh-pages` or releases: + +* ruby, ruby-dev + +### Getting started + +1. Create your own or pick an opened issue from the [tracker](https://github.com/sobolevn/git-secret/issues). Take a look at the [`help-wanted` tag](https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) +2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git` +3. Make sure that everything works fine by running `make test` + +### Development Process + +1. Firstly, you will need to setup development hooks with `make install-hooks` +2. Make changes to the files that need to be changed +3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command +4. Run [`shellcheck`](https://github.com/koalaman/shellcheck) against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` +5. Now, add all your files to the commit with `git add --all` and commit changes `git commit`, make sure you write a good commit message, which will explain your works +6. When running `git commit` the tests will run automatically, you commit will be canceled if they fail +7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have *one* commit per pull-request + +### Branches + +We have three long-live branches: `master`, `staging` and `develop` (and `gh-pages`). + +It basically looks like that: + +> `your-branch` -> `develop` -> `staging` -> `master` + +* `master` branch is protected, since `antigen` and tools like it installs the app from main branch directly. So only fully tested code goes there +* `staging` - this brach is used to create a new `git` tag and a `github` release, then it gets merged into `master` +* `develop` is where the development is done and the branch you should send your pull-requests to + +### Continuous integration + +CI is done with the help of `travis`. `travis` handles multiple environments: + +* `Docker`-based jobs, or so-called 'integration tests', these tests creates a local release, installs it with the package-manager and then runs unit-tests and system checks +* `OSX` jobs, they just assure that everything will work under `OSX` +* Native `travis` jobs, which handles basic unit-tests and style-checks + +### Release process + +The release process is defined in the `git`-hooks and `.travis.yml`. + +When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events. + +Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook. + +Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the https://sobolevn.github.io/git-secret/. And the new `git` tag will be automatically created if the version is changed: + +```bash +if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then + git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" +fi +``` + +Then it will be merged inside `master` when ready. + +#### Travis releases + +When creating a commit inside `master` branch `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`](https://bintray.com/sobolevn). + +If you wish to override previous release (*be careful*) you will need to add `"override": 1 ` into `matrixParams`, see `deb-deploy.sh` and `rpm-deploy.sh` + +#### Manual releases + +Releases to `brew` are made manually. + +#### Dockerhub releases + +[`Dockerhub`](https://hub.docker.com/r/sobolevn/git-secret/) contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`. diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 00000000..cf38dad3 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Nikita Sobolev + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index a2201a7b..e438eafc 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # git-secret -[![Build Status](https://secure.travis-ci.org/sobolevn/git-secret.png?branch=master)](https://travis-ci.org/sobolevn/git-secret) +[![Build Status](https://secure.travis-ci.org/sobolevn/git-secret.png?branch=master)](https://travis-ci.org/sobolevn/git-secret) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) + +## What is `git-secret`? + +`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. ## Preview @@ -14,16 +18,14 @@ See the [git-secret site](https://sobolevn.github.io/git-secret/). See the [installation section](https://sobolevn.github.io/git-secret/#installation). -## Status - -This project is still under development. See [https://github.com/sobolevn/git-secret/milestones](milestones) for the refence. +## Contributing -## Testing +See [CONTRIBUTING.md](CONTRIBUTING.md). -For testing this project uses [`bats`](https://github.com/sstephenson/bats). You can install it by running `make install-test`. -To run tests call: `make test`. It will download and install `bats` into `vendor/bats` if it's not installed yet. +## Changelog +See [CHANGELOG.md](CHANGELOG.md). -## Changelog +## License -See [CHANGELOG.md](CHANGELOG.md) +MIT. See [LICENSE.md](LICENSE.md) for details. diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 1f685c4f..1785c827 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -25,7 +25,7 @@ There's a known problem in server configuration and deploying, when you have to ### Dependencies -`git secret` relies on two dependecies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: +`git secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: git version 2.7.0 gpg (GnuPG) 1.4.20 @@ -47,33 +47,33 @@ There are several ways to install `git-secret`: * `--HEAD` to install `HEAD` version 2. Note, that we have migrated from `tap` to the official `brew` repo +**deb package** + +1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret stable" | sudo tee -a /etc/apt/sources.list` +2. Run `sudo apt-get install git-secret` + +**rpm package** + +1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` +2. Run `sudo yum install git-secret` + **Manual** 1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` +2. Run `make build` +3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` **`antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems)** 1. Add line `antigen bundle sobolevn/git-secret` to your `.zshrc` 2. Run `source ~/.zshrc` or reopen the terminal -**The hard way** - -1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `cd git-secret && make build` -3. Move `git-secret` file and `man/` folder somewhere inside your `$PATH`, or extend your `$PATH` to contain `git-secret` file and `man/` folder - -**Local `.deb` package** - -1. Download the latest realease [here](https://github.com/sobolevn/git-secret/releases) -2. Unpack, and run `make build-deb`, it is possible to set the output folder with `$SCRIPT_BUILD_DIR` variable. -3. Install the local `.deb` package with `dpkp -i git-secret-package-name.deb`, note that this command may require `sudo` and the package name will be different ## Usage These steps cover the basic process of using `git-secret`: 0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address. -1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created. +1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created, *note* that `.gitsecret/` folder [should not be ignored](https://github.com/sobolevn/git-secret/issues/39). 2. Add first user to the system by running `git secret tell your@gpg.email-id`. 3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add ` command. Make sure these files are ignored, otherwise `git secret` won't allow you to add them, as these files will be stored unencrypted. 4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your changes. **But**. It's recommended to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes. diff --git a/utils/hooks/post-commit.sh b/utils/hooks/post-commit.sh index 7b20fe67..dff89cee 100755 --- a/utils/hooks/post-commit.sh +++ b/utils/hooks/post-commit.sh @@ -4,12 +4,10 @@ set -e BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') -if [[ "$BRANCH_NAME" == 'master' ]]; then +if [[ "$BRANCH_NAME" == 'staging' ]]; then # Build new web documentation: make build-gh-pages -fi - -if [[ "$BRANCH_NAME" == 'staging' ]]; then + # Compare script version and the latest tag: NEWEST_TAG=$(git describe --abbrev=0 --tags) SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) diff --git a/utils/hooks/pre-commit.sh b/utils/hooks/pre-commit.sh index c00642c6..f14a52c7 100755 --- a/utils/hooks/pre-commit.sh +++ b/utils/hooks/pre-commit.sh @@ -4,13 +4,13 @@ set -e BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') -if [[ $BRANCH_NAME != '(no branch)' ]]; then +if [[ "$BRANCH_NAME" != '(no branch)' ]]; then unset GIT_WORK_TREE # Run tests: make test - if [[ $BRANCH_NAME == "master" ]]; then + if [[ "$BRANCH_NAME" == "staging" ]]; then # Build new manuals: make build-man From b750ba6da30f3cac0c8ec674cd9b61bc8549b90b Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 16:29:43 +0300 Subject: [PATCH 18/24] some stylechanges in markdown --- CONTRIBUTING.md | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8dd802d6..d1e8ef0f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,18 +8,18 @@ Your contributions are always welcome! Before starting make sure you have: -* git -* bash -* gnupg (or gnupg2) -* [shellcheck](https://github.com/koalaman/shellcheck) +- git +- bash +- gnupg (or gnupg2) +- [shellcheck](https://github.com/koalaman/shellcheck) Only required if dealing with manuals, `gh-pages` or releases: -* ruby, ruby-dev +- ruby, ruby-dev ### Getting started -1. Create your own or pick an opened issue from the [tracker](https://github.com/sobolevn/git-secret/issues). Take a look at the [`help-wanted` tag](https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) +1. Create your own or pick an opened issue from the [tracker][tracker]. Take a look at the [`help-wanted` tag][help-wanted] 2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git` 3. Make sure that everything works fine by running `make test` @@ -41,17 +41,17 @@ It basically looks like that: > `your-branch` -> `develop` -> `staging` -> `master` -* `master` branch is protected, since `antigen` and tools like it installs the app from main branch directly. So only fully tested code goes there -* `staging` - this brach is used to create a new `git` tag and a `github` release, then it gets merged into `master` -* `develop` is where the development is done and the branch you should send your pull-requests to +- `master` branch is protected, since `antigen` and tools like it installs the app from main branch directly. So only fully tested code goes there +- `staging` - this brach is used to create a new `git` tag and a `github` release, then it gets merged into `master` +- `develop` is where the development is done and the branch you should send your pull-requests to ### Continuous integration CI is done with the help of `travis`. `travis` handles multiple environments: -* `Docker`-based jobs, or so-called 'integration tests', these tests creates a local release, installs it with the package-manager and then runs unit-tests and system checks -* `OSX` jobs, they just assure that everything will work under `OSX` -* Native `travis` jobs, which handles basic unit-tests and style-checks +- `Docker`-based jobs, or so-called 'integration tests', these tests creates a local release, installs it with the package-manager and then runs unit-tests and system checks +- `OSX` jobs, they just assure that everything will work under `OSX` +- Native `travis` jobs, which handles basic unit-tests and stylechecks ### Release process @@ -61,7 +61,7 @@ When creating a commit inside the `staging` branch (it is usually a documentatio Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook. -Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the https://sobolevn.github.io/git-secret/. And the new `git` tag will be automatically created if the version is changed: +Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the [https://sobolevn.github.io/git-secret/][git-secret site]. And the new `git` tag will be automatically created if the version is changed: ```bash if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then @@ -84,3 +84,7 @@ Releases to `brew` are made manually. #### Dockerhub releases [`Dockerhub`](https://hub.docker.com/r/sobolevn/git-secret/) contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`. + +[tracker]: https://github.com/sobolevn/git-secret/issues +[help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 +[git-secret site]: https://sobolevn.github.io/git-secret/ From e3bf934835ac1b745e15c4cc3e98ac27223115d8 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 17:16:12 +0300 Subject: [PATCH 19/24] readme and gratis --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e438eafc..55bf5fbf 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ [![Build Status](https://secure.travis-ci.org/sobolevn/git-secret.png?branch=master)](https://travis-ci.org/sobolevn/git-secret) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) +[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) + ## What is `git-secret`? `git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. @@ -29,3 +31,7 @@ See [CHANGELOG.md](CHANGELOG.md). ## License MIT. See [LICENSE.md](LICENSE.md) for details. + +## Thanks + +Special thanks to @elioqoshi for awesome logo. From e4cc0301d57b6e18a29781a664e38dc352a009d7 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 17:18:09 +0300 Subject: [PATCH 20/24] fixed link [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 55bf5fbf..f3415c24 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks -Special thanks to @elioqoshi for awesome logo. +Special thanks to [@elioqoshi](https://github.com/elioqoshi) for awesome logo. From 4740dd62230fc9c7f71ff8a5cae7692abe22c034 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 2 Jul 2016 17:20:55 +0300 Subject: [PATCH 21/24] fixed link [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f3415c24..8589d30c 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks -Special thanks to [@elioqoshi](https://github.com/elioqoshi) for awesome logo. +Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for awesome logo. From 3ee08d52cb0c153c8f65907b7e1c82e69bd35838 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Mon, 4 Jul 2016 12:40:41 +0300 Subject: [PATCH 22/24] new badges [ci skip] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8589d30c..9858e8b6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # git-secret -[![Build Status](https://secure.travis-ci.org/sobolevn/git-secret.png?branch=master)](https://travis-ci.org/sobolevn/git-secret) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) +[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Bintray rpm](https://img.shields.io/bintray/v/sobolevn/rpm/git-secret.svg)](https://bintray.com/sobolevn/rpm/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) [![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) @@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks -Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for awesome logo. +Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for the awesome logo. From 00deabb0e3c2cc51ddd48cacdb2da5bfda85614f Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 10 Jul 2016 14:28:48 +0300 Subject: [PATCH 23/24] This is a release commit. Changes: 1. Now everything is tested inside the `docker`-containers and `OSX` images on `travis`. 2. We now have `CONTRIBUTING.md` and `LICENSE.md`. `README.md` is also changed. 3. We have a brand logo. 4. We have autodeploy to `bintray`. 5. Everything is `shellcheck`ed (except `tests/`). Closes #32 #33 #34 #35 #39 --- CHANGELOG.md | 2 ++ CONTRIBUTING.md | 33 ++++++++++++++++++--------------- README.md | 2 +- man/man7/git-secret.7.ronn | 24 ++++++++++++------------ 4 files changed, 33 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65ac3019..7766f2bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog +## Version 0.2.0 + ## Version 0.1.2 - Added `-i` option to the `git-secret-add` command, which auto adds unignored files to the `.gitignore` diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d1e8ef0f..c94d6f74 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -28,30 +28,30 @@ Only required if dealing with manuals, `gh-pages` or releases: 1. Firstly, you will need to setup development hooks with `make install-hooks` 2. Make changes to the files that need to be changed 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command -4. Run [`shellcheck`](https://github.com/koalaman/shellcheck) against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` -5. Now, add all your files to the commit with `git add --all` and commit changes `git commit`, make sure you write a good commit message, which will explain your works -6. When running `git commit` the tests will run automatically, you commit will be canceled if they fail -7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have *one* commit per pull-request +4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` +5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work +6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail +7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request ### Branches -We have three long-live branches: `master`, `staging` and `develop` (and `gh-pages`). +We have three long-live branches: `master`, `staging` and `develop` (and `gh-pages` for static site). It basically looks like that: > `your-branch` -> `develop` -> `staging` -> `master` -- `master` branch is protected, since `antigen` and tools like it installs the app from main branch directly. So only fully tested code goes there -- `staging` - this brach is used to create a new `git` tag and a `github` release, then it gets merged into `master` +- `master` branch is protected, since `antigen` and tools like it install the app from the main branch directly. So only fully tested code goes there +- `staging` - this branch is used to create a new `git` tag and a `github` release, then it gets merged into `master` - `develop` is where the development is done and the branch you should send your pull-requests to ### Continuous integration CI is done with the help of `travis`. `travis` handles multiple environments: -- `Docker`-based jobs, or so-called 'integration tests', these tests creates a local release, installs it with the package-manager and then runs unit-tests and system checks -- `OSX` jobs, they just assure that everything will work under `OSX` -- Native `travis` jobs, which handles basic unit-tests and stylechecks +- `Docker`-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checks +- `OSX` jobs, which handle basic unit-tests on `OSX` +- Native `travis` jobs, which handle basic unit-tests and stylechecks ### Release process @@ -61,7 +61,7 @@ When creating a commit inside the `staging` branch (it is usually a documentatio Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook. -Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the [https://sobolevn.github.io/git-secret/][git-secret site]. And the new `git` tag will be automatically created if the version is changed: +Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the [git-secret site][git-secret-site]. And the new `git` tag will be automatically created if the version is changed: ```bash if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then @@ -73,9 +73,9 @@ Then it will be merged inside `master` when ready. #### Travis releases -When creating a commit inside `master` branch `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`](https://bintray.com/sobolevn). +When creating a commit inside `master` branch, `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`][bintray]. -If you wish to override previous release (*be careful*) you will need to add `"override": 1 ` into `matrixParams`, see `deb-deploy.sh` and `rpm-deploy.sh` +If you wish to override a previous release (*be careful*) you will need to add `"override": 1` into `matrixParams`, see `deb-deploy.sh` and `rpm-deploy.sh` #### Manual releases @@ -83,8 +83,11 @@ Releases to `brew` are made manually. #### Dockerhub releases -[`Dockerhub`](https://hub.docker.com/r/sobolevn/git-secret/) contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`. +[`Dockerhub`][Dockerhub] contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`. [tracker]: https://github.com/sobolevn/git-secret/issues [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 -[git-secret site]: https://sobolevn.github.io/git-secret/ +[shellcheck]: https://github.com/koalaman/shellcheck +[git-secret-site]: https://sobolevn.github.io/git-secret/ +[bintray]: https://bintray.com/sobolevn +[Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/ diff --git a/README.md b/README.md index 9858e8b6..ca3afffd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # git-secret -[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Bintray rpm](https://img.shields.io/bintray/v/sobolevn/rpm/git-secret.svg)](https://bintray.com/sobolevn/rpm/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) +[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) [![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 1785c827..7ef7f5e7 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -25,14 +25,14 @@ There's a known problem in server configuration and deploying, when you have to ### Dependencies -`git secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: +`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: git version 2.7.0 gpg (GnuPG) 1.4.20 ### Supported platforms -`git secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3 +`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3 You can add your platform to this list, if all the tests pass for you. `Cygwin` support is planned. @@ -40,32 +40,32 @@ You can add your platform to this list, if all the tests pass for you. There are several ways to install `git-secret`: -**Brew** +#### Homebrew 1. Run `brew install git-secret`. That will do. Also, there are two options: * `--without-gpg` to build without `gpg` support * `--HEAD` to install `HEAD` version 2. Note, that we have migrated from `tap` to the official `brew` repo -**deb package** +#### `deb` package 1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret stable" | sudo tee -a /etc/apt/sources.list` 2. Run `sudo apt-get install git-secret` -**rpm package** +#### `rpm` package 1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` 2. Run `sudo yum install git-secret` -**Manual** +#### Manual 1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `make build` +2. Run `cd git-secret && make build` 3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` -**`antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems)** +#### `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) -1. Add line `antigen bundle sobolevn/git-secret` to your `.zshrc` +1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc` 2. Run `source ~/.zshrc` or reopen the terminal @@ -73,9 +73,9 @@ There are several ways to install `git-secret`: These steps cover the basic process of using `git-secret`: 0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address. -1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created, *note* that `.gitsecret/` folder [should not be ignored](https://github.com/sobolevn/git-secret/issues/39). -2. Add first user to the system by running `git secret tell your@gpg.email-id`. -3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add ` command. Make sure these files are ignored, otherwise `git secret` won't allow you to add them, as these files will be stored unencrypted. +1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created, **note** that `.gitsecret/` folder [should **not** be ignored](https://github.com/sobolevn/git-secret/issues/39). +2. Add first user to the system by running `git secret tell your@gpg.email`. +3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add ` command. Make sure these files are ignored, otherwise `git-secret` won't allow you to add them, as these files will be stored unencrypted. 4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your changes. **But**. It's recommended to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes. 5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done! From b9fc50ad6740849ff904d060d0c484bf13f6bfdf Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 10 Jul 2016 14:48:17 +0300 Subject: [PATCH 24/24] manuals fix --- man/man7/git-secret.7 | 15 +++++++++++++++ man/man7/git-secret.7.ronn | 10 +++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 769aaa70..2e4166d9 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -68,6 +68,9 @@ gpg (GnuPG) 1\.4\.20 .SS "Installation process" There are several ways to install \fBgit\-secret\fR: . +.P +\fB\fBHomebrew\fR\fR +. .IP "1." 4 Run \fBbrew install git\-secret\fR\. That will do\. Also, there are two options: . @@ -82,6 +85,9 @@ Note, that we have migrated from \fBtap\fR to the official \fBbrew\fR repo . .IP "" 0 . +.P +\fB\fB\fBdeb\fR package\fR\fR +. .IP "1." 4 Run \fBecho "deb https://dl\.bintray\.com/sobolevn/deb git\-secret stable" | sudo tee \-a /etc/apt/sources\.list\fR . @@ -90,6 +96,9 @@ Run \fBsudo apt\-get install git\-secret\fR . .IP "" 0 . +.P +\fB\fB\fBrpm\fR package\fR\fR +. .IP "1." 4 Run \fBwget https://bintray\.com/sobolevn/rpm/rpm \-O bintray\-sobolevn\-rpm\.repo && sudo mv bintray\-sobolevn\-rpm\.repo /etc/yum\.repos\.d/\fR . @@ -98,6 +107,9 @@ Run \fBsudo yum install git\-secret\fR . .IP "" 0 . +.P +\fB\fBManual\fR\fR +. .IP "1." 4 Clone the repository first: \fBgit clone https://github\.com/sobolevn/git\-secret\.git git\-secret\fR . @@ -109,6 +121,9 @@ Run \fBPREFIX="/usr/local" make install\fR, note that you can install to any pre . .IP "" 0 . +.P +\fB\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR\fR +. .IP "1." 4 Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB~/\.zshrc\fR . diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 7ef7f5e7..af3553e6 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -40,30 +40,30 @@ You can add your platform to this list, if all the tests pass for you. There are several ways to install `git-secret`: -#### Homebrew +**** Homebrew **** 1. Run `brew install git-secret`. That will do. Also, there are two options: * `--without-gpg` to build without `gpg` support * `--HEAD` to install `HEAD` version 2. Note, that we have migrated from `tap` to the official `brew` repo -#### `deb` package +**** `deb` package **** 1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret stable" | sudo tee -a /etc/apt/sources.list` 2. Run `sudo apt-get install git-secret` -#### `rpm` package +**** `rpm` package **** 1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` 2. Run `sudo yum install git-secret` -#### Manual +**** Manual **** 1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` 2. Run `cd git-secret && make build` 3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` -#### `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) +**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) **** 1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc` 2. Run `source ~/.zshrc` or reopen the terminal