Version 0.2.2 pre-release

There are a lot of changes, multiple things were refactored: tests,
some commands, building and meta.

Several critical bugs fixed.

Changes:
1. Fixed #74, when `_user_required` was not working after reimporting keys
2. Closes #73, now it is possible to provide multiple emails to the `killperson` command
3. Closes #72, now it is possible to provide multiple emails to the `tell` command
4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website
5. Closes #70, now installation section is removed from main `man` file
6. Closes #69, now "See also" section in the `man`s are clickable
7. Closes #61, added "Manual" section to the manuals
8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing
9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases
10. Refactored `hide` and `clean` commands to be shorter
11. `shellcheck` is now supported with `make lint`

Additional features are not comming to 0.2.2 after this commit.

.ci/script.sh

@@ -24,5 +24,5 @@ fi
 if [[ ! -z "$(command -v shellcheck)" ]]; then
   # This means, that `shellcheck` does exist, so run it:
   echo 'running lint'
-  find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
+  make lint
 fi

.docker/deb/debian/Dockerfile

@@ -7,12 +7,12 @@ MAINTAINER Nikita Sobolev (mail@sobolevn.me)
 RUN apt-get update && \
     apt-get install -y man make git apt-transport-https && \
     apt-get install -y ruby ruby-dev ruby-build && \
-    apt-get autoremove && apt-get autoclean
+    apt-get autoremove && apt-get autoclean && \
+    mkdir /code
 
 # This will increase the container size, but speed up the build,
 # since this part will change, while the dependencies won't:
 
-RUN mkdir /code
 WORKDIR /code
 
 # Removing `origin` for good:

.docker/rpm/centos/Dockerfile

@@ -0,0 +1,26 @@
+FROM centos:latest
+
+MAINTAINER Nikita Sobolev (mail@sobolevn.me)
+
+ENV HOME /root
+
+RUN yum update -y && \
+    yum install -y epel-release && \
+    yum install -y dnf && \
+    dnf update -y && \
+    rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \
+    dnf install -y gnupg man make gcc git tar > /dev/null && \
+    dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \
+    dnf -y group install 'Development tools' && \
+    dnf install -y ruby ruby-devel rubygems && \
+    dnf -y autoremove && \
+    mkdir /code
+
+WORKDIR /code
+
+# Removing `origin` for good:
+
+RUN git clone -q https://github.com/sobolevn/git-secret.git && \
+    cd git-secret && git remote rm origin
+
+WORKDIR /code/git-secret

.github/ISSUE_TEMPLATE.md

@@ -18,7 +18,6 @@ Any logs, error output, etc?
 ----------------------------
 (If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
 
-
 Any other comments?
 -------------------
 …

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,7 +15,6 @@ Does this close any currently open issues?
 ------------------------------------------
 …
 
-
 Any relevant logs, error output, etc?
 -------------------------------------
 (If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
@@ -23,11 +22,3 @@ Any relevant logs, error output, etc?
 Any other comments?
 -------------------
 …
-
-Where has this been tested?
----------------------------
-**Operating system:** …
-
-**`git-secret` version:** …
-
-**Shell type and version:** …

.gitignore

@@ -133,4 +133,3 @@ temp/
 build/
 *.deb
 *.fpm
-test.txt

CONTRIBUTING.md

@@ -28,10 +28,10 @@ Only required if dealing with manuals, `gh-pages` or releases:
 1. Firstly, you will need to setup development hooks with `make install-hooks`
 2. Make changes to the files that need to be changed
 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command
-4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}`
+4. Run [`shellcheck`][shellcheck] against all your changes with `make lint`
 5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work
 6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail
-7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request
+7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways
 
 ### Branches
 
@@ -55,7 +55,7 @@ CI is done with the help of `travis`. `travis` handles multiple environments:
 
 ### Release process
 
-The release process is defined in the `git`-hooks and `.travis.yml`.  
+The release process is defined in the `git`-hooks and `.travis.yml`.
 
 When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events.
 
@@ -88,6 +88,6 @@ Releases to `brew` are made manually.
 [tracker]: https://github.com/sobolevn/git-secret/issues
 [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
 [shellcheck]: https://github.com/koalaman/shellcheck
-[git-secret-site]: https://sobolevn.github.io/git-secret/
+[git-secret-site]: http://git-secret.io
 [bintray]: https://bintray.com/sobolevn
 [Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/

Makefile

@@ -53,9 +53,13 @@ test: install-test clean build
 install-ronn:
 	@if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi
 
+.PHONY: clean-man
+clean-man:
+	@find "man/" -type f ! -name "*.ronn" -delete
+
 .PHONY: build-man
-build-man: install-ronn
-	@ronn --roff man/*/*.ronn
+build-man: install-ronn clean-man
+	@ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn
 
 .PHONY: build-gh-pages
 build-gh-pages:
@@ -76,6 +80,10 @@ install-hooks:
 .PHONY: develop
 develop: clean build install-hooks
 
+.PHONY: lint
+lint:
+	@find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
+
 #
 # Packaging:
 #

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/)
 
-[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/)
+[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)
 
 ## What is `git-secret`?
 
@@ -14,11 +14,11 @@
 
 ## Usage
 
-See the [git-secret site](https://sobolevn.github.io/git-secret/).
+See the [git-secret site](http://git-secret.io/).
 
 ## Installation
 
-See the [installation section](https://sobolevn.github.io/git-secret/#installation).
+See the [installation section](http://git-secret.io/#installation).
 
 ## Contributing
 

man/man1/git-secret-add.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-ADD" "1" "May 2016" "" ""
+.TH "GIT\-SECRET\-ADD" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-add\fR \- starts to track added files\.
@@ -32,5 +32,8 @@ It is not recommened to add filenames directly into the \fB\.gitsecret/paths/map
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-add\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-add.1.ronn

@@ -20,6 +20,11 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-add` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man1/git-secret-changes.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CHANGES" "1" "May 2016" "" ""
+.TH "GIT\-SECRET\-CHANGES" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-changes\fR \- view diff of the hidden files\.
@@ -10,12 +10,12 @@
 .
 .nf
 
-git secret changes [\-h] [\-d dir] [\-p password] <pathspec>\.\.\.
+git secret changes [\-h] [\-d dir] [\-p password] [pathspec]\.\.\.
 .
 .fi
 .
 .SH "DESCRIPTION"
-\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\.
+\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. You can provide any number of files to this command as arguments, so it will show changes for these files only\. If no arguments are provided \- information about all files will be shown\.
 .
 .SH "OPTIONS"
 .
@@ -27,5 +27,8 @@ git secret changes [\-h] [\-d dir] [\-p password] <pathspec>\.\.\.
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-changes\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-add(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-changes.1.ronn

@@ -3,11 +3,11 @@ git-secret-changes - view diff of the hidden files.
 
 ## SYNOPSIS
 
-    git secret changes [-h] [-d dir] [-p password] <pathspec>...
+    git secret changes [-h] [-d dir] [-p password] [pathspec]...
 
 
 ## DESCRIPTION
-`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited.
+`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown.
 
 
 ## OPTIONS
@@ -17,6 +17,11 @@ git-secret-changes - view diff of the hidden files.
     -h  - shows help.
 
 
+## MANUAL
+
+Run `man git-secret-changes` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-add(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man1/git-secret-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CLEAN" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-CLEAN" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-clean\fR \- removes all the hidden files\.
@@ -26,5 +26,8 @@ git secret clean [\-v]
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-clean\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR

man/man1/git-secret-clean.1.ronn

@@ -16,6 +16,11 @@ git-secret-clean - removes all the hidden files.
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-clean` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

man/man1/git-secret-hide.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "" ""
+.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.
@@ -31,5 +31,8 @@ It is possible to modify the names of the encrypted files by setting \fBSECRETS_
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-hide\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1)
+git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-hide.1.ronn

@@ -20,6 +20,11 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX
     -h  - shows help.
 
 
+## MANUAL
+
+Run `man git-secret-hide` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1)
+[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man1/git-secret-init.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" ""
+.TH "GIT\-SECRET\-INIT" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-init\fR \- initializes git\-secret repository\.
@@ -25,5 +25,8 @@ git secret init
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-init\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-init(1), git\-secret\-tell(1)
+git\-secret\-usage(1) \fIhttp://git\-secret\.io/git\-secret\-usage\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR

man/man1/git-secret-init.1.ronn

@@ -15,6 +15,11 @@ git-secret-init - initializes git-secret repository.
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-init` to see this note.
+
+
 ## SEE ALSO
 
-git-init(1), git-secret-tell(1)
+[git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell)

man/man1/git-secret-killperson.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\.
@@ -10,12 +10,12 @@
 .
 .nf
 
-git secret killperson [email]
+git secret killperson <emails>\.\.\.
 .
 .fi
 .
 .SH "DESCRIPTION"
-\fBgit\-secret\-killperson\fR makes it impossible for given user to decrypt the hidden file in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring\.
+This command removes selected email addresses from the keyring\. \fBgit\-secret\-killperson\fR makes it impossible for given users to decrypt the hidden files in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring to renew the encryption\.
 .
 .SH "OPTIONS"
 .
@@ -25,5 +25,8 @@ git secret killperson [email]
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-killperson\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR

man/man1/git-secret-killperson.1.ronn

@@ -3,11 +3,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
 
 ## SYNOPSIS
 
-    git secret killperson [email]
+    git secret killperson <emails>...
 
 
 ## DESCRIPTION
-`git-secret-killperson` makes it impossible for given user to decrypt the hidden file in the future. It is required to run `git-secret-hide` once again with the updated keyring.
+This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption.
 
 
 ## OPTIONS
@@ -15,6 +15,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-killperson` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean)

man/man1/git-secret-list.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-LIST" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-LIST" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-list\fR \- prints all the added files\.
@@ -25,5 +25,8 @@ git secret list
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-list\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-list.1.ronn

@@ -15,6 +15,11 @@ git-secret-list - prints all the added files.
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-list` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man1/git-secret-remove.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REMOVE" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-REMOVE" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-remove\fR \- removes files from index\.
@@ -10,7 +10,7 @@
 .
 .nf
 
-git secret remove [\-c] <pathspec\.\.>
+git secret remove [\-c] <pathspec>\.\.\.
 .
 .fi
 .
@@ -26,5 +26,8 @@ git secret remove [\-c] <pathspec\.\.>
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-remove\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-add(1), git\-secret\-reveal(1), git\-secret\-hide(1)
+git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR

man/man1/git-secret-remove.1.ronn

@@ -3,7 +3,7 @@ git-secret-remove - removes files from index.
 
 ## SYNOPSIS
 
-    git secret remove [-c] <pathspec..>
+    git secret remove [-c] <pathspec>...
 
 
 ## DESCRIPTION
@@ -16,6 +16,11 @@ git-secret-remove - removes files from index.
     -h  - shows help.
 
 
+## MANUAL
+
+Run `man git-secret-remove` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-add(1), git-secret-reveal(1), git-secret-hide(1)
+[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

man/man1/git-secret-reveal.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REVEAL" "1" "May 2016" "" ""
+.TH "GIT\-SECRET\-REVEAL" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-reveal\fR \- decrypts all added files\.
@@ -28,5 +28,8 @@ git secret reveal [\-f] [\-d dir] [\-p password]
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-reveal\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1)
+git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR

man/man1/git-secret-reveal.1.ronn

@@ -18,6 +18,11 @@ git-secret-reveal - decrypts all added files.
     -h  - shows help.
 
 
+## MANUAL
+
+Run `man git-secret-reveal` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1)
+[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide)

man/man1/git-secret-tell.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" ""
+.TH "GIT\-SECRET\-TELL" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-tell\fR \- adds a person, who can access private data\.
@@ -10,12 +10,12 @@
 .
 .nf
 
-git secret tell [\-m] [\-d dir] [email]
+git secret tell [\-m] [\-d dir] [emails]\.\.\.
 .
 .fi
 .
 .SH "DESCRIPTION"
-\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\.
+\fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\.
 .
 .P
 \fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\.
@@ -30,5 +30,8 @@ git secret tell [\-m] [\-d dir] [email]
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-tell\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR

man/man1/git-secret-tell.1.ronn

@@ -3,11 +3,11 @@ git-secret-tell - adds a person, who can access private data.
 
 ## SYNOPSIS
 
-    git secret tell [-m] [-d dir] [email]
+    git secret tell [-m] [-d dir] [emails]...
 
 
 ## DESCRIPTION
-`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
+`git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
 
 **Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported.
 
@@ -19,6 +19,11 @@ git-secret-tell - adds a person, who can access private data.
     -h  - shows help.
 
 
+## MANUAL
+
+Run `man git-secret-tell` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

man/man1/git-secret-usage.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-USAGE" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-USAGE" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-usage\fR \- prints all the available commands\.
@@ -25,5 +25,8 @@ git secret usage
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-usage\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-usage.1.ronn

@@ -15,6 +15,11 @@ git-secret-usage - prints all the available commands.
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-usage` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man1/git-secret-whoknows.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2016" "" ""
+.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\.
@@ -25,5 +25,8 @@ git secret whoknows
 .
 .fi
 .
+.SH "MANUAL"
+Run \fBman git\-secret\-whoknows\fR to see this note\.
+.
 .SH "SEE ALSO"
-git\-secret\-list(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1)
+git\-secret\-list(1) \fIhttp://git\-secret\.io/git\-secret\-list\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR

man/man1/git-secret-whoknows.1.ronn

@@ -15,6 +15,11 @@ git-secret-whoknows - prints email-labels for each key in the keyring.
     -h  - shows this help.
 
 
+## MANUAL
+
+Run `man git-secret-whoknows` to see this note.
+
+
 ## SEE ALSO
 
-git-secret-list(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
+[git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

man/man7/git-secret.7

@@ -1,137 +1,11 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET" "7" "July 2016" "" ""
+.TH "GIT\-SECRET" "7" "February 2017" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\fR
 .
-.SH "Content"
-.
-.IP "1." 4
-\fIIntro\fR
-.
-.IP "2." 4
-\fIInstallation\fR
-.
-.IP "3." 4
-\fIUsage\fR
-.
-.IP "4." 4
-\fIConfiguration\fR
-.
-.IP "" 0
-.
-.SH "Intro"
-There\'s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret\-keys, OAuth secret keys and so on, outside of the git repository\. Even if this repository is private, it is a security risk to just publish them into the world wide web\. What are the drawbacks of storing them separately?
-.
-.IP "1." 4
-These files are not version controlled\. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed\. And you can not tell for sure which version of the configuration file was used with each commit\.
-.
-.IP "2." 4
-When building the automated deployment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\.
-.
-.IP "" 0
-.
-.SS "How does <code>git\-secret</code> solve these problems?"
-.
-.IP "1." 4
-\fBgit\-secret\fR encrypts files and stores them inside the \fBgit\fR repository, so you will have all the changes for every commit\.
-.
-.IP "2." 4
-\fBgit\-secret\fR doesn\'t require any other deploy operations rather than \fBgit secret reveal\fR, so it will automatically decrypt all the required files\.
-.
-.IP "" 0
-.
-.SS "What is <code>git\-secret</code>?"
-\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why deal with all this private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\.
-.
-.SH "Installation"
-.
-.SS "Dependencies"
-\fBgit\-secret\fR relies on two dependencies: \fBgit\fR \fIhttps://git\-scm\.com/\fR and \fBgpg\fR \fIhttps://www\.gnupg\.org/\fR\. Download and install them before using this project\. \fBgit\-secret\fR is tested to work with:
-.
-.IP "" 4
-.
-.nf
-
-git version 2\.7\.0
-gpg (GnuPG) 1\.4\.20
-.
-.fi
-.
-.IP "" 0
-.
-.SS "Supported platforms"
-\fBgit\-secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add your platform to this list, if all the tests pass for you\. \fBCygwin\fR support is planned\.
-.
-.SS "Installation process"
-There are several ways to install \fBgit\-secret\fR:
-.
-.P
-\fB\fBHomebrew\fR\fR
-.
-.IP "1." 4
-Run \fBbrew install git\-secret\fR\. That will do\. Also, there are two options:
-.
-.IP "2." 4
-\fB\-\-without\-gpg\fR to build without \fBgpg\fR support
-.
-.IP "3." 4
-\fB\-\-HEAD\fR to install \fBHEAD\fR version
-.
-.IP "4." 4
-Note, that we have migrated from \fBtap\fR to the official \fBbrew\fR repo
-.
-.IP "" 0
-.
-.P
-\fB\fB\fBdeb\fR package\fR\fR
-.
-.IP "1." 4
-Run \fBecho "deb https://dl\.bintray\.com/sobolevn/deb git\-secret stable" | sudo tee \-a /etc/apt/sources\.list\fR
-.
-.IP "2." 4
-Run \fBsudo apt\-get install git\-secret\fR
-.
-.IP "" 0
-.
-.P
-\fB\fB\fBrpm\fR package\fR\fR
-.
-.IP "1." 4
-Run \fBwget https://bintray\.com/sobolevn/rpm/rpm \-O bintray\-sobolevn\-rpm\.repo && sudo mv bintray\-sobolevn\-rpm\.repo /etc/yum\.repos\.d/\fR
-.
-.IP "2." 4
-Run \fBsudo yum install git\-secret\fR
-.
-.IP "" 0
-.
-.P
-\fB\fBManual\fR\fR
-.
-.IP "1." 4
-Clone the repository first: \fBgit clone https://github\.com/sobolevn/git\-secret\.git git\-secret\fR
-.
-.IP "2." 4
-Run \fBcd git\-secret && make build\fR
-.
-.IP "3." 4
-Run \fBPREFIX="/usr/local" make install\fR, note that you can install to any prefix in your \fBPATH\fR
-.
-.IP "" 0
-.
-.P
-\fB\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR\fR
-.
-.IP "1." 4
-Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB~/\.zshrc\fR
-.
-.IP "2." 4
-Run \fBsource ~/\.zshrc\fR or reopen the terminal
-.
-.IP "" 0
-.
 .SH "Usage"
 These steps cover the basic process of using \fBgit\-secret\fR:
 .

man/man7/git-secret.7.ronn

@@ -1,80 +1,3 @@
-## Content
-
-1. [Intro](#intro)
-2. [Installation](#installation)
-3. [Usage](#usage)
-4. [Configuration](#configuration)
-
-## Intro
-
-There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
-
-1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit.
-2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
-
-### How does `git-secret` solve these problems?
-
-1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit.
-2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files.
-
-### What is `git-secret`?
-
-`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
-
-## Installation
-
-### Dependencies
-
-`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with:
-
-    git version 2.7.0
-    gpg (GnuPG) 1.4.20
-
-### Supported platforms
-
-`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3
-You can add your platform to this list, if all the tests pass for you.
-`Cygwin` support is planned.
-
-### Installation process
-
-There are several ways to install `git-secret`:
-
-**** Homebrew ****
-
-1. Run `brew install git-secret`. That will do. Also, there are two options:
-  * `--without-gpg` to build without `gpg` support
-  * `--HEAD` to install `HEAD` version
-2. Note, that we have migrated from `tap` to the official `brew` repo
-
-**** `deb` package ****
-
-You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret).
-
-0. Pre-requirements: make sure you have installed `apt-transport-https`
-1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list`
-2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -`
-3. Run `sudo apt-get update && sudo apt-get install git-secret`
-
-**** `rpm` package ****
-
-You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret).
-
-1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/`
-2. Run `sudo yum install git-secret`
-
-**** Manual ****
-
-1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret`
-2. Run `cd git-secret && make build`
-3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH`
-
-**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) ****
-
-1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc`
-2. Run `source ~/.zshrc` or reopen the terminal
-
-
 ## Usage
 These steps cover the basic process of using `git-secret`:
 
@@ -101,5 +24,3 @@ These settings are available to be changed:
 * `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
 * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
 
-[1]: https://git-scm.com/
-[2]: https://www.gnupg.org/

src/_utils/_git_secret_tools.sh

@@ -21,15 +21,15 @@ SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg"  # shellcheck disable
 GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
 
 
-# Inner bash :
+# Inner bash:
 
 function _function_exists {
-  declare -f -F "$1" > /dev/null
+  declare -f -F "$1" > /dev/null 2>&1
   echo $?
 }
 
 
-# OS based :
+# OS based:
 
 function _os_based {
   # Pass function name as first parameter.
@@ -57,7 +57,7 @@ function _os_based {
 }
 
 
-# File System :
+# File System:
 
 function _set_config {
   # First parameter is the KEY, second is VALUE, third is filename.
@@ -125,7 +125,7 @@ function _show_manual_for {
 }
 
 
-# VCS :
+# VCS:
 
 function _check_ignore {
   git check-ignore --no-index -q "$1";
@@ -143,22 +143,67 @@ function _add_ignored_file {
 
 
 function _is_inside_git_tree {
-    git rev-parse --is-inside-work-tree >/dev/null 2>&1
-    echo $?
+  git rev-parse --is-inside-work-tree >/dev/null 2>&1
+  echo $?
 }
 
 
-# Logic :
+function _get_git_root_path {
+  # We need this function to get the location of the `.git` folder,
+  # since `.gitsecret` must be on the same level.
+  local result
+  result=$(git rev-parse --show-toplevel)
+  echo "$result"
+}
+
+
+# Logic:
 
 function _abort {
   >&2 echo "$1 abort."
   exit 1
 }
 
+function _find_and_clean {
+  # required:
+  local pattern="$1" # can be any string pattern
+
+  # optional:
+  local verbose=${2:-""} # can be empty or should be equal to "v"
+
+  # shellcheck disable=2086
+  find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose
+}
+
+
+function _find_and_clean_formated {
+  # required:
+  local pattern="$1" # can be any string pattern
+
+  # optional:
+  local verbose=${2:-""} # can be empty or should be equal to "v"
+  local message=${3:-"cleaning:"} # can be any string
+
+  if [[ ! -z "$verbose" ]]; then
+    echo && echo "$message"
+  fi
+
+  _find_and_clean "$pattern" "$verbose"
+
+  if [[ ! -z "$verbose" ]]; then
+    echo
+  fi
+}
+
 
 function _secrets_dir_exists {
-  if [[ ! -d "$SECRETS_DIR" ]]; then
-    _abort "$SECRETS_DIR does not exist."
+  local root_path
+  root_path=$(_get_git_root_path)
+
+  local full_path="$root_path/$SECRETS_DIR"
+
+  if [[ ! -d "$full_path" ]]; then
+    _abort "$full_path does not exist."
   fi
 }
 
@@ -172,7 +217,7 @@ function _user_required {
   fi
 
   local keys_exist
-  keys_exist=$($GPGLOCAL -n --list-keys --with-colon)
+  keys_exist=$($GPGLOCAL -n --list-keys)
   if [[ -z "$keys_exist" ]]; then
     _abort "$error_message"
   fi
@@ -234,8 +279,8 @@ function _decrypt {
 
   if [[ ! -z "$passphrase" ]]; then
     echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \
-      "$encrypted_filename"
+      "$encrypted_filename" > /dev/null 2>&1
   else
-    $base "$encrypted_filename"
+    $base "$encrypted_filename" > /dev/null 2>&1
   fi
 }

src/commands/git_secret_add.sh

@@ -8,6 +8,7 @@ function add {
   while getopts "ih" opt; do
     case "$opt" in
       i) auto_add=1;;
+
       h) _show_manual_for "add";;
     esac
   done

src/commands/git_secret_changes.sh

@@ -18,15 +18,18 @@ function changes {
   shift $((OPTIND-1))
   [ "$1" = '--' ] && shift
 
-  local filenames=( "$@" )
-  if [[ ${#filenames[@]} -eq 0 ]]; then
+  _user_required
+
+  local filenames="$*"
+  if [[ -z $filenames ]]; then
     # Checking if no filenames are passed, show diff for all files.
-    filenames=( $(git secret list) )
+    filenames=$(git secret list)
   fi
 
   IFS='
   '
-  for filename in "${filenames[@]}"; do
+
+  for filename in $filenames; do
     local decrypted
     local content
     local diff_result

src/commands/git_secret_clean.sh

@@ -17,14 +17,8 @@ function clean {
   shift $((OPTIND-1))
   [ "$1" = '--' ] && shift
 
-  if [[ ! -z "$verbose" ]]; then
-    echo && echo 'cleaing:'
-  fi
-
-  find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose
-
-  if [[ ! -z "$verbose" ]]; then
-    echo
-  fi
+  _user_required
 
+  # User should see properly formated output:
+  _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
 }

src/commands/git_secret_hide.sh

@@ -2,55 +2,28 @@
 
 
 function _optional_clean {
-  OPTIND=1
-  local clean=0
-  local opt_string=''
-
-  while getopts 'cdvh' opt; do
-    case "$opt" in
-      c) clean=1;;
-
-      h) _show_manual_for 'hide';;
-
-      v) opt_string='-v';;
-    esac
-  done
-
-  shift $((OPTIND-1))
-  [ "$1" = '--' ] && shift
-
-  _user_required
+  local clean="$1"
+  local verbose=${2:-""}
 
   if [[ $clean -eq 1 ]]; then
-    clean "$opt_string"
+    _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
   fi
 }
 
 
 function _optional_delete {
-  local verbose=''
-  local delete=0
-
-  OPTIND=1
-
-  while getopts 'vd' opt; do
-    case "$opt" in
-      d) delete=1;;
-
-      v) verbose="v";;
-    esac
-  done
-
-  shift $((OPTIND-1))
-  [ "$1" = '--' ] && shift
+  local delete="$1"
+  local verbose=${2:-""}
 
   if [[ $delete -eq 1 ]]; then
+    # We use custom formating here:
     if [[ ! -z "$verbose" ]]; then
       echo && echo 'removing unencrypted files:'
     fi
 
     while read -r line; do
-      find . -name "*$line" -type f -print0 | xargs -0 rm -f$verbose
+      # So the formating would not be repeated several times here:
+      _find_and_clean "*$line" "$verbose"
     done < "$SECRETS_DIR_PATHS_MAPPING"
 
     if [[ ! -z "$verbose" ]]; then
@@ -62,7 +35,33 @@ function _optional_delete {
 
 
 function hide {
-  _optional_clean "$@"
+  local clean=0
+  local delete=0
+  local verbose=''
+
+  OPTIND=1
+
+  while getopts 'cdvh' opt; do
+    case "$opt" in
+      c) clean=1;;
+
+      d) delete=1;;
+
+      v) verbose='v';;
+
+      h) _show_manual_for 'hide';;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = '--' ] && shift
+
+  # We need user to continue:
+  _user_required
+
+  # If -c option was provided, it would clean the hidden files
+  # before creating new ones.
+  _optional_clean "$clean" "$verbose"
 
   local counter=0
   while read -r line; do
@@ -79,7 +78,9 @@ function hide {
     counter=$((counter+1))
   done < "$SECRETS_DIR_PATHS_MAPPING"
 
-  _optional_delete "$@"
+  # If -d option was provided, it would delete the source files
+  # after we have already hidden them.
+  _optional_delete "$delete" "$verbose"
 
   echo "done. all $counter files are hidden."
 }

src/commands/git_secret_killperson.sh

@@ -15,9 +15,13 @@ function killperson {
 
   _user_required
 
-  if [[ ${#@} -eq 0 ]]; then
-    _abort "email is required."
+  local emails=( "$@" )
+
+  if [[ ${#emails[@]} -eq 0 ]]; then
+    _abort "at least one email is required."
   fi
 
-  $GPGLOCAL --batch --yes --delete-key "$1"
+  for email in "${emails[@]}"; do
+    $GPGLOCAL --batch --yes --delete-key "$email"
+  done
 }

src/commands/git_secret_reveal.sh

@@ -23,7 +23,7 @@ function reveal {
   shift $((OPTIND-1))
   [ "$1" = '--' ] && shift
 
-   _user_required
+  _user_required
 
   local counter=0
   while read -r line; do

src/commands/git_secret_tell.sh

@@ -2,20 +2,19 @@
 
 
 function tell {
-  local email
+  local emails
+  local self_email=0
   local homedir
 
   # A POSIX variable
   # Reset in case getopts has been used previously in the shell.
   OPTIND=1
 
-  while getopts "h?md:" opt; do
+  while getopts "hmd:" opt; do
     case "$opt" in
       h) _show_manual_for "tell";;
 
-      m) # Set email of the git current user:
-        email=$(git config user.email) || _abort "'git config user.email' is not set."
-      ;;
+      m) self_email=1;;
 
       d) homedir=$OPTARG;;
     esac
@@ -24,34 +23,49 @@ function tell {
   shift $((OPTIND-1))
   [ "$1" = "--" ] && shift
 
-  # Moved to enable viewing a manual without validation:
+  # Validates that application is inited:
   _secrets_dir_exists
 
-  # Custom argument-parsing:
-  if [[ -z $email ]]; then
-    # Email was not set via `-m` and is in $1:
-    test ! -z "$1" && email="$1"; shift || _abort "first argument must be an email address."
-  fi
+  emails=( "$@" )
+  local git_email
+
+  if [[ "$self_email" -eq 1 ]]; then
+    git_email=$(git config user.email)
 
-  # This file will be removed automatically:
-  _temporary_file  # note, that `_temporary_file` will export `filename` var.
-  # shellcheck disable=2154
-  local keyfile="$filename"
-
-  if [[ -z "$homedir" ]]; then
-    $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
-  else
-    # It means that homedir is set as an extra argument via `-d`:
-    $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \
-      --export -a "$email" > "$keyfile"
+    if [[ -z "$git_email" ]]; then
+      _abort "'git config user.email' is not set."
+    fi
+
+    emails+=("$git_email")
   fi
 
-  if [[ ! -s "$keyfile" ]]; then
-    _abort 'gpg key is empty. check your key name: "gpg --list-keys".'
+  if [[ "${#emails[@]}" -eq 0 ]]; then
+    # If after possible addition of git_email, emails are still empty,
+    # we should raise an exception.
+    _abort "you must provide at least one email address."
   fi
 
-  # Importing public key to the local keychain:
-  $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
+  for email in "${emails[@]}"; do
+    # This file will be removed automatically:
+    _temporary_file  # note, that `_temporary_file` will export `filename` var.
+    # shellcheck disable=2154
+    local keyfile="$filename"
+
+    if [[ -z "$homedir" ]]; then
+      $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
+    else
+      # It means that homedir is set as an extra argument via `-d`:
+      $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \
+        --export -a "$email" > "$keyfile"
+    fi
+
+    if [[ ! -s "$keyfile" ]]; then
+      _abort 'gpg key is empty. check your key name: "gpg --list-keys".'
+    fi
+
+    # Importing public key to the local keychain:
+    $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
+  done
 
-  echo "done. $email added as a person who knows the secret."
+  echo "done. ${emails[*]} added as someone who know(s) the secret."
 }

src/commands/git_secret_usage.sh

@@ -13,7 +13,11 @@ function usage {
   shift $((OPTIND-1))
   [ "$1" = "--" ] && shift
 
+  # There was a bug with some shells, which were adding extra commands
+  # to the old dynamic-loading version of this code.
+  # thanks to @antmak it is now fixed, see:
+  # https://github.com/sobolevn/git-secret/issues/47
   local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows"
 
-  echo "usage: git secret [${commands}]"
+  echo "usage: git secret [$commands]"
 }

src/commands/git_secret_whoknows.sh

@@ -18,7 +18,7 @@ function whoknows {
 
   local keys
 
-  # Just to the point:
+  # Getting the users from gpg:
   keys=$(_get_users_in_keyring)
   echo "$keys"
 }

tests/_test_base.bash

@@ -3,34 +3,35 @@
 # This file is following a name convention defined in:
 # https://github.com/sstephenson/bats
 
+# shellcheck disable=1090
 source "$SECRET_PROJECT_ROOT/src/version.sh"
+# shellcheck disable=1090
 source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
 
 # Constants:
-
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
 
-# Folders:
-TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR"
-TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING"
-
-TEST_GPG_HOMEDIR="$PWD"
+TEST_GPG_HOMEDIR="$BATS_TMPDIR"
 
 # GPG-based stuff:
-: ${SECRETS_GPG_COMMAND:="gpg"}
+: "${SECRETS_GPG_COMMAND:="gpg"}"
 GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
 
 
 # Personal data:
 
 TEST_DEFAULT_USER="user1"
+TEST_SECOND_USER="user2" # shellcheck disable=2034
+TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034
 
 function test_user_password {
+  # It was set on key creation:
   echo "${1}pass"
 }
 
 
 function test_user_email {
+  # It was set on key creation:
   echo "${1}@gitsecret.io"
 }
 
@@ -39,21 +40,25 @@ function test_user_email {
 
 function get_gpg_fingerprint_by_email {
   local email="$1"
-  local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \
-    sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
+  local fingerprint
+
+  fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \
+    sed -e '/<'"$email"'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
     sed -e '/fpr/!d' | \
     sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p')
-  echo $fingerprint
+  echo "$fingerprint"
 }
 
 
 function install_fixture_key {
   local public_key="$BATS_TMPDIR/public-${1}.key"
-  local email=$(test_user_email "$1")
+  local email
+
+  email=$(test_user_email "$1")
 
   $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
     --no-permission-warning --output "$public_key" \
-    --armor --batch --yes --export "$email"
+    --armor --batch --yes --export "$email" > /dev/null 2>&1
   $GPGTEST --import "$public_key" > /dev/null 2>&1
   rm -f "$public_key"
 }
@@ -61,18 +66,23 @@ function install_fixture_key {
 
 function install_fixture_full_key {
   local private_key="$BATS_TMPDIR/private-${1}.key"
-  local email=$(test_user_email "$1")
+  local email
+  local fp
+  local fingerprint
+
+  email=$(test_user_email "$1")
 
   $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
     --no-permission-warning --output "$private_key" --armor \
-    --yes --export-secret-key "$email"
+    --yes --export-secret-key "$email" > /dev/null 2>&1
 
-  $GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1
+  $GPGTEST --allow-secret-key-import \
+    --import "$private_key" > /dev/null 2>&1
 
-  local fp=$($GPGTEST --with-fingerprint "$private_key")
+  fp=$($GPGTEST --with-fingerprint "$private_key")
 
   # since 0.1.2 fingerprint is returned:
-  local fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
+  fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
 
   install_fixture_key "$1"
 
@@ -82,13 +92,16 @@ function install_fixture_full_key {
 
 
 function uninstall_fixture_key {
-  local email=$(test_user_email "$1")
+  local email
+
+  email=$(test_user_email "$1")
   $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
 }
 
 
 function uninstall_fixture_full_key {
-  local email=$(test_user_email "$1")
+  local email
+  email=$(test_user_email "$1")
 
   local fingerprint="$2"
   if [[ -z "$fingerprint" ]]; then
@@ -96,7 +109,8 @@ function uninstall_fixture_full_key {
     fingerprint=$(get_gpg_fingerprint_by_email "$email")
   fi
 
-  $GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1
+  $GPGTEST --batch --yes \
+    --delete-secret-keys "$fingerprint" > /dev/null 2>&1
 
   uninstall_fixture_key "$1"
 }
@@ -112,8 +126,12 @@ function git_set_config_email {
 function git_commit {
   git_set_config_email "$1"
 
-  local user_name=$(git config user.name)
-  local commit_gpgsign=$(git config commit.gpgsign)
+  local user_name
+  local commit_gpgsign
+
+  user_name=$(git config user.name)
+
+  commit_gpgsign=$(git config commit.gpgsign)
 
   git config --local user.name "$TEST_DEFAULT_USER"
   git config --local commit.gpgsign false
@@ -133,6 +151,11 @@ function remove_git_repository {
 
 # Git Secret:
 
+function set_state_initial {
+  cd "$BATS_TMPDIR" || exit 1
+}
+
+
 function set_state_git {
   git init > /dev/null 2>&1
 }
@@ -144,7 +167,9 @@ function set_state_secret_init {
 
 
 function set_state_secret_tell {
-  local email=$(test_user_email $1)
+  local email
+
+  email=$(test_user_email "$1")
   git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1
 }
 
@@ -166,7 +191,7 @@ function set_state_secret_hide {
 
 function unset_current_state {
   # states order:
-  # git, secret_init, secret_tell, secret_add, secret_hide
+  # initial, git, secret_init, secret_tell, secret_add, secret_hide
 
   # unsets `secret_hide`
   # removes .secret files:
@@ -181,4 +206,7 @@ function unset_current_state {
 
   # removes gpg homedir:
   rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
+
+  # return to the base dir:
+  cd "$SECRET_PROJECT_ROOT" || exit 1
 }

tests/test_add.bats

@@ -5,6 +5,8 @@ load _test_base
 
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
+
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -29,7 +31,7 @@ function teardown {
 }
 
 
-@test "run 'add' for unignored file with '-i' option" {
+@test "run 'add' for unignored file with '-i'" {
   local TEST_FILE='test_file.auto_ignore'
   touch "$TEST_FILE"
   echo "content" > "$TEST_FILE"
@@ -63,7 +65,7 @@ function teardown {
   local TEST_FILE='test_file'
   local TEST_DIR='test_dir'
 
-  mkdir "$TEST_DIR"
+  mkdir -p "$TEST_DIR"
   touch "$TEST_DIR/$TEST_FILE"
   echo "content" > "$TEST_DIR/$TEST_FILE"
   echo "$TEST_DIR/$TEST_FILE" > ".gitignore"

tests/test_changes.bats

@@ -12,6 +12,7 @@ FINGERPRINT=""
 function setup {
   FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -74,8 +75,10 @@ function teardown {
   echo "$new_content" >> "$FILE_TO_HIDE"
   echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE"
 
-  run git secret changes "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" -d "$TEST_GPG_HOMEDIR" -p "$password"
-  [ "$status" -eq 2 ]
+  run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \
+    "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE"
+
+  [ "$status" -eq 0 ]
 
   # Testing that output has both filename and changes:
   [[ "$output" == *"changes in $FILE_TO_HIDE"* ]]

tests/test_clean.bats

@@ -1,3 +1,67 @@
 #!/usr/bin/env bats
 
-# TODO: create tests for this command.
+load _test_base
+
+FIRST_FILE="file_to_hide1"
+SECOND_FILE="file_to_hide2"
+
+FOLDER="somedir"
+FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
+
+
+function setup {
+  install_fixture_key "$TEST_DEFAULT_USER"
+
+  set_state_initial
+  set_state_git
+  set_state_secret_init
+  set_state_secret_tell "$TEST_DEFAULT_USER"
+  set_state_secret_add "$FIRST_FILE" "somecontent"
+  set_state_secret_add "$SECOND_FILE" "somecontent2"
+  set_state_secret_hide
+}
+
+
+function teardown {
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
+  unset_current_state
+
+  # This also needs to be cleaned:
+  rm -f "$FIRST_FILE" "$SECOND_FILE"
+  rm -rf "$FOLDER"
+}
+
+
+function _secret_files_exists {
+  local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \
+    -print0 2>/dev/null | grep -q .; echo "$?")
+  echo "$result"
+}
+
+
+@test "run 'clean' normally" {
+  run git secret clean
+  [ "$status" -eq 0 ]
+
+  # There must be no .secret files:
+  local exists=$(_secret_files_exists)
+  [ "$exists" -ne 0 ]
+}
+
+
+@test "run 'clean' with '-v'" {
+  run git secret clean -v
+  [ "$status" -eq 0 ]
+
+  # There must be no .secret files:
+  local exists=$(_secret_files_exists)
+  [ "$exists" -ne 0 ]
+
+  local first_filename=$(_get_encrypted_filename "$FIRST_FILE")
+  local second_filename=$(_get_encrypted_filename "$SECOND_FILE")
+
+  # Output must be verbose:
+  [[ "$output" == *"cleaning"* ]]
+  [[ "$output" == *"$first_filename"* ]]
+  [[ "$output" == *"$second_filename"* ]]
+}

tests/test_hide.bats

@@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -26,29 +27,72 @@ function teardown {
 
 @test "run 'hide' normally" {
   run git secret hide
+
+  # Command must execute normally:
   [ "$status" -eq 0 ]
   [ "$output" = "done. all 1 files are hidden." ]
+
+  # New files should be crated:
+  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
+  [ -f "$encrypted_file" ]
+}
+
+
+@test "run 'hide' with multiple files" {
+  # Preparations:
+  local second_file="second_file.txt"
+  local second_content="some content"
+  set_state_secret_add "$second_file" "$second_content"
+
+  # Now it should hide 2 files:
+  run git secret hide
+  [ "$status" -eq 0 ]
+  [ "$output" = "done. all 2 files are hidden." ]
 }
 
 
-@test "run 'hide' with -c param" {
+@test "run 'hide' with '-c' and '-v'" {
+  # Preparations:
+  local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE")
+  set_state_secret_hide # so it would be data to clean
+
   run git secret hide -v -c
   [ "$status" -eq 0 ]
+
+  # File should be still there (it is not deletion):
+  [ -f "$FILE_TO_HIDE" ]
+
+  # Output should be verbose:
+  [[ "$output" == *"cleaning"* ]]
+  [[ "$output" == *"$encrypted_filename"* ]]
+}
+
+
+@test "run 'hide' with '-d'" {
+  run git secret hide -d
+  [ "$status" -eq 0 ]
+
+  # File must be removed:
+  [ ! -f "$FILE_TO_HIDE" ]
 }
 
 
-@test "run 'hide' with -d param" {
+@test "run 'hide' with '-d' and '-v'" {
   run git secret hide -v -d
   [ "$status" -eq 0 ]
+
+  # File must be removed:
   [ ! -f "$FILE_TO_HIDE" ]
-}
 
+  # It should be verbose:
+  [[ "$output" == *"removing unencrypted files"* ]]
+  [[ "$output" == *"$FILE_TO_HIDE"* ]]
+}
 
-@test "run 'hide' for multiple users" {
-  local new_user="user2"
 
-  install_fixture_key "$new_user"
-  set_state_secret_tell "$new_user"
+@test "run 'hide' with multiple users" {
+  install_fixture_key "$TEST_SECOND_USER"
+  set_state_secret_tell "$TEST_SECOND_USER"
 
   run git secret hide
   [ "$status" -eq 0 ]

tests/test_init.bats

@@ -4,6 +4,7 @@ load _test_base
 
 
 function setup {
+  set_state_initial
   set_state_git
 }
 
@@ -13,7 +14,7 @@ function teardown {
 }
 
 
-@test "run 'init' without .git" {
+@test "run 'init' without '.git'" {
   remove_git_repository
 
   run git secret init

tests/test_killperson.bats

@@ -5,6 +5,8 @@ load _test_base
 
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
+
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -26,4 +28,22 @@ function teardown {
 @test "run 'killperson' normally" {
   run git secret killperson "$TEST_DEFAULT_USER"
   [ "$status" -eq 0 ]
+
+  # Then whoknows must return an error with status code 1:
+  run git secret whoknows
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'killperson' with multiple arguments" {
+  # Adding second user:
+  install_fixture_key "$TEST_SECOND_USER"
+  set_state_secret_tell "$TEST_SECOND_USER"
+
+  run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
+  [ "$status" -eq 0 ]
+
+  # Nothing to show:
+  run git secret whoknows
+  [ "$status" -eq 1 ]
 }

tests/test_list.bats

@@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -31,9 +32,27 @@ function teardown {
 }
 
 
+@test "run 'list' with multiple files" {
+  # Preparations:
+  local second_file="second_file.txt"
+  set_state_secret_add "$second_file" "$FILE_CONTENTS"
+
+  run git secret list
+  [ "$status" -eq 0 ]
+
+  # Now it should list two files:
+  [[ "$output" == *"$FILE_TO_HIDE"* ]]
+  [[ "$output" == *"$second_file"* ]]
+
+  # Cleaning up:
+  rm -f "$second_file"
+}
+
+
 @test "run 'list' on empty repo" {
   git secret remove "$FILE_TO_HIDE"
 
+  # Running `list` on empty mapping should result an error:
   run git secret list
   [ "$status" -eq 1 ]
 }

tests/test_main.bats

@@ -4,6 +4,7 @@ load _test_base
 
 
 function setup {
+  set_state_initial
   set_state_git
 }
 
@@ -29,3 +30,17 @@ function teardown {
   run git secret --version
   [ "$output" == "$GITSECRET_VERSION" ]
 }
+
+
+@test "run 'git secret --dry-run'" {
+  # We will break things apart, so normally it won't run:
+  rm -rf ".git"
+
+  # This must fail:
+  run git secret usage
+  [ "$status" -eq 1 ]
+
+  # Dry run won't fail:
+  run git secret --dry-run
+  [ "$status" -eq 0 ]
+}

tests/test_remove.bats

@@ -5,42 +5,71 @@ load _test_base
 FIRST_FILE="file_to_hide1"
 SECOND_FILE="file_to_hide2"
 
-# There was a bug with `sed` an slashes:
-# see https://github.com/sobolevn/git-secret/issues/23
 FOLDER="somedir"
 FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
 
 
 function setup {
-  install_fixture_full_key "$TEST_DEFAULT_USER"
+  install_fixture_key "$TEST_DEFAULT_USER"
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
   set_state_secret_add "$FIRST_FILE" "somecontent"
   set_state_secret_add "$SECOND_FILE" "somecontent2"
+  set_state_secret_hide
 }
 
 
 function teardown {
-  uninstall_fixture_full_key "$TEST_DEFAULT_USER"
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
   unset_current_state
-  rm -f "$FIRST_FILE" "$SECOND_FILE"
 
-  # This needs to be cleaned
+  # This also needs to be cleaned:
+  rm -f "$FIRST_FILE" "$SECOND_FILE"
   rm -rf "$FOLDER"
 }
 
 
-@test "run 'remove' normally" {
-  git secret hide
+function _has_line {
+  local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
+  echo "$result"
+}
+
 
+@test "run 'remove' normally" {
   run git secret remove "$SECOND_FILE"
   [ "$status" -eq 0 ]
 
-  local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
+  # Mapping should not contain the second file:
+  local mapping_contains=$(_has_line "$SECOND_FILE")
   [ "$mapping_contains" -eq 1 ]
 
+  # But the first file must not change:
+  local other_files=$(_has_line "$FIRST_FILE")
+  [ "$other_files" -eq 0 ]
+
+  # Both files should be present:
+  local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
+  local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
+
+  [ -f "$first_enctypted_file" ]
+  [ -f "$second_enctypted_file" ]
+}
+
+
+@test "run 'remove' with multiple arguments" {
+  run git secret remove "$FIRST_FILE" "$SECOND_FILE"
+  [ "$status" -eq 0 ]
+
+  local first_line=$(_has_line "$FIRST_FILE")
+  [ "$first_line" -eq 1 ]
+
+  local second_line=$(_has_line "$SECOND_FILE")
+  [ "$second_line" -eq 1 ]
+
+  # Both files should be present:
   local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
   local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
 
@@ -50,14 +79,19 @@ function teardown {
 
 
 @test "run 'remove' with slashes in filename" {
+  # There was a bug with `sed` an slashes:
+  # see https://github.com/sobolevn/git-secret/issues/23
+
+  # Prepartions:
   mkdir -p "$FOLDER"
   set_state_secret_add "$FILE_IN_FOLDER" "somecontent3"
-  git secret hide
+  set_state_secret_hide # runing hide again to hide new data
 
+  # Now it should remove filename with slashes from the mapping:
   run git secret remove "$FILE_IN_FOLDER"
   [ "$status" -eq 0 ]
 
-  local mapping_contains=$(grep "$FILE_IN_FOLDER" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
+  local mapping_contains=$(_has_line "$FILE_IN_FOLDER")
   [ "$mapping_contains" -eq 1 ]
 
   local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER)
@@ -65,14 +99,14 @@ function teardown {
 }
 
 
-@test "run 'remove -c'" {
+@test "run 'remove' with '-c'" {
   git secret hide
 
   run git secret remove -c "$SECOND_FILE"
   echo "$output"
   [ "$status" -eq 0 ]
 
-  local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
+  local mapping_contains=$(_has_line "$SECOND_FILE")
   [ "$mapping_contains" -eq 1 ]
 
   local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)

tests/test_reveal.bats

@@ -11,6 +11,7 @@ FINGERPRINT=""
 function setup {
   FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
@@ -22,6 +23,7 @@ function setup {
 function teardown {
   uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
   unset_current_state
+
   rm -f "$FILE_TO_HIDE"
 }
 
@@ -63,32 +65,58 @@ function teardown {
 
 
 @test "run 'reveal' for attacker" {
+  # Preparations
   rm -f "$FILE_TO_HIDE"
 
-  local attacker="attacker1"
-  local atacker_fingerprint=$(install_fixture_full_key "$attacker")
+  local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER")
+  local password=$(test_user_password "$TEST_ATTACKER_USER")
 
-  local password=$(test_user_password "$attacker")
   run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
 
+  # This should fail, nothing should be created:
   [ "$status" -eq 2 ]
   [ ! -f "$FILE_TO_HIDE" ]
 
-  uninstall_fixture_full_key "$attacker" "$atacker_fingerprint"
+  # Cleaning up:
+  uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint"
 }
 
 
-@test "run 'reveal' for multiple users" {
-  local new_user="user2"
-  install_fixture_full_key "$new_user"
-  set_state_secret_tell "$new_user"
+@test "run 'reveal' for multiple users (with key deletion)" {
+  # Preparations:
+  local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
+  local password=$(test_user_password "$TEST_SECOND_USER")
+  set_state_secret_tell "$TEST_SECOND_USER"
   set_state_secret_hide
 
+  # We are removing a secret key of the first user to be sure
+  # that it is not used in decryption:
   uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
 
-  local password=$(test_user_password "$new_user")
+  # Testing:
+  run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
+
+  [ "$status" -eq 0 ]
+  [ -f "$FILE_TO_HIDE" ]
+
+  # Cleaning up:
+  uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
+}
+
+
+@test "run 'reveal' for multiple users (normally)" {
+  # Preparations:
+  local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
+  local password=$(test_user_password "$TEST_SECOND_USER")
+  set_state_secret_tell "$TEST_SECOND_USER"
+  set_state_secret_hide
+
+  # Testing:
   run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
 
   [ "$status" -eq 0 ]
   [ -f "$FILE_TO_HIDE" ]
+
+  # Cleaning up:
+  uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
 }

tests/test_reveal_filename.bats

@@ -12,6 +12,7 @@ OLD_SECRETS_EXTENSION=""
 function setup {
   FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"

tests/test_tell.bats

@@ -5,6 +5,8 @@ load _test_base
 
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
+
+  set_state_initial
   set_state_git
   set_state_secret_init
 }
@@ -16,12 +18,23 @@ function teardown {
 }
 
 
-function git_secret_tell_test {
-  git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
+@test "fail on no users" {
+  run _user_required
+  [ "$status" -eq 1 ]
 }
 
 
-@test "fail on no users" {
+@test "constantly fail on no users" {
+  # We had a serious bug with _user_required,
+  # see this link for the details:
+  # https://github.com/sobolevn/git-secret/issues/74
+
+  # Preparations:
+  git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
+  git secret killperson "$TEST_DEFAULT_USER"
+
+  # It was showing something like `tru::1:1289775241:0:2:1:6`
+  # after the preparations done and the error was not generated.
   run _user_required
   [ "$status" -eq 1 ]
 }
@@ -32,7 +45,7 @@ function git_secret_tell_test {
   echo "private key" > "$private_key"
   [ -s "$private_key" ]
 
-  run git_secret_tell_test
+  run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
   [ "$status" -eq 1 ]
 }
 
@@ -40,7 +53,7 @@ function git_secret_tell_test {
 @test "run 'tell' without '.gitsecret'" {
   rm -rf "$SECRETS_DIR"
 
-  run git_secret_tell_test
+  run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
   [ "$status" -eq 1 ]
 }
 
@@ -52,15 +65,20 @@ function git_secret_tell_test {
 
 
 @test "run 'tell' normally" {
-  run git_secret_tell_test
+  run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
   [ "$status" -eq 0 ]
 
+  # Testing that now user is found:
   run _user_required
   [ "$status" -eq 0 ]
+
+  # Testing that now user is in the list of people who knows the secret:
+  run git secret whoknows
+  [[ "$output" == *"$TEST_DEFAULT_USER"* ]]
 }
 
 
-@test "run 'tell -m'" {
+@test "run 'tell' with '-m'" {
   email=$(test_user_email $TEST_DEFAULT_USER)
 
   git_set_config_email "$email"
@@ -69,8 +87,32 @@ function git_secret_tell_test {
 }
 
 
-@test "run 'tell -m' with empty email" {
-  git_set_config_email ""
+@test "run 'tell' with '-m' (empty email)" {
+  # Prepartions:
+  git_set_config_email "" # now it should not allow to add yourself
+
   run git secret tell -d "$TEST_GPG_HOMEDIR" -m
   [ "$status" -eq 1 ]
 }
+
+
+@test "run 'tell' with multiple emails" {
+  # Preparations:
+  install_fixture_key "$TEST_SECOND_USER"
+
+  # Testing the command iteself:
+  run git secret tell -d "$TEST_GPG_HOMEDIR" \
+    "$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
+
+  [ "$status" -eq 0 ]
+
+  # Testing that these users are presented in the
+  # list of people who knows secret:
+  run git secret whoknows
+
+  [[ "$output" == *"$TEST_DEFAULT_USER"* ]]
+  [[ "$output" == *"$TEST_SECOND_USER"* ]]
+
+  # Cleaning up:
+  uninstall_fixture_key "$TEST_SECOND_USER"
+}

tests/test_usage.bats

@@ -4,6 +4,7 @@ load _test_base
 
 
 function setup {
+  set_state_initial
   set_state_git
 }
 

tests/test_whoknows.bats

@@ -5,24 +5,40 @@ load _test_base
 
 function setup {
   install_fixture_key "$TEST_DEFAULT_USER"
-  install_fixture_key "user2"
+  install_fixture_key "$TEST_SECOND_USER"
 
+  set_state_initial
   set_state_git
   set_state_secret_init
   set_state_secret_tell "$TEST_DEFAULT_USER"
-  set_state_secret_tell "user2"
+  set_state_secret_tell "$TEST_SECOND_USER"
 }
 
 
 function teardown {
-  uninstall_fixture_key $TEST_DEFAULT_USER
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
+  uninstall_fixture_key "$TEST_SECOND_USER"
   unset_current_state
-
-  rm -f "$FILE_TO_HIDE"
 }
 
 
 @test "run 'whoknows' normally" {
   run git secret whoknows
   [ "$status" -eq 0 ]
+
+  # Now test the output, both users should be present:
+  [[ "$output" == *"$TEST_DEFAULT_USER"* ]]
+  [[ "$output" == *"$TEST_SECOND_USER"* ]]
+}
+
+
+@test "run 'whoknows' without any users" {
+  # Preparations, removing users:
+  local email1=$(test_user_email "$TEST_DEFAULT_USER")
+  local email2=$(test_user_email "$TEST_SECOND_USER")
+  git secret killperson "$email1" "$email2"
+
+  # Now whoknows should raise an error: there are no users.
+  run git secret whoknows
+  [ "$status" -eq 1 ]
 }

utils/rpm/rpm-ci.sh

@@ -16,6 +16,9 @@ RPM_FILE_LOCATION=$(locate_rpm)
 
 # Integration tests
 function integration_tests {
+  # Note that `dnf` must be installed.
+  # CentOS 6 does not support `dnf`.
+
   # Installing the package:
   dnf install -y "$RPM_FILE_LOCATION"