pre-reliase

.editorconfig

@@ -17,3 +17,10 @@ indent_size = 4
 
 [*.sh]
 indent_size = 2
+
+[*.bats]
+indent_size = 2
+
+[Makefile]
+indent_style = tab
+indent_size = 4

.gitignore

@@ -35,7 +35,8 @@ $RECYCLE.BIN/
 .LSOverride
 
 # Icon must end with two \r
-Icon
+Icon
+
 
 # Thumbnails
 ._*
@@ -115,3 +116,14 @@ crashlytics-build.properties
 # sftp configuration file
 sftp-config.json
 
+#####=== Jekyll ===#####
+_site/
+.sass-cache/
+
+#####=== Custom ===#####
+git-secret
+vendor/
+temp/
+
+man/
+gh-pages/

Makefile

@@ -1,4 +1,28 @@
-all: myscript
+all: build
 
-myscript: includes/* body/*
-    cat $^ > "$@" || (rm -f "$@"; exit 1)
+git-secret: src/_utils/* src/commands/* src/main.sh
+	@cat $^ > "$@"
+	@chmod +x git-secret
+
+clean:
+	@rm -f git-secret
+
+build: git-secret
+
+develop: clean build
+
+install-test:
+	git clone https://github.com/sstephenson/bats.git vendor/bats
+
+test:
+	@if [ ! -d "vendor/bats" ]; then make install-test; fi
+	@export SECRET_PROJECT_ROOT="${PWD}"; export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \
+	rm -rf temp; mkdir temp; cd temp; \
+	bats ../tests;
+
+install-man:
+	gem install ronn
+
+man:
+	@if [ `gem list ronn -i` == "false" ]; then make install-man; fi
+	ronn --roff man/*.ronn

bin/_git_secret_tools.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-function _function_exists {
-  declare -f -F $1 > /dev/null
-  echo $?
-}

bin/git_secret_init.sh

@@ -1,31 +0,0 @@
-#!/bin/bash
-
-function init {
-  # A POSIX variable
-  # Reset in case getopts has been used previously in the shell.
-  OPTIND=1
-
-  output_file=""
-  verbose=0
-
-  while getopts "h?vf:" opt; do
-    case "$opt" in
-    h|\?)
-      usage
-      ;;
-    v)
-      verbose=1
-      ;;
-    f)
-      output_file=$OPTARG
-      ;;
-    esac
-
-    shift $((OPTIND-1))
-
-    [ "$1" = "--" ] && shift
-  done
-
-  echo "verbose=$verbose, output_file='$output_file', Leftovers: $@"
-
-}

git-secret

@@ -1,38 +1,572 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+# Global variables:
+
+WORKING_DIRECTORY="$PWD"
+# Folders:
+SECRETS_DIR=".gitsecret"
+SECRETS_DIR_KEYS="$SECRETS_DIR/keys"
+SECRETS_DIR_PATHS="$SECRETS_DIR/paths"
+
+# Files:
+SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg"
+SECRETS_DIR_KEYS_PUBRING="$SECRETS_DIR_KEYS/pubring.gpg"
+SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg"
+
+SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg"
+
+: ${SECRETS_GPG_COMMAND:="gpg"}
+GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
+
+: ${SECRETS_EXTENSION:=".secret"}
+
+
+# Inner bash :
+
+function _function_exists {
+  declare -f -F "$1" > /dev/null
+  echo $?
+}
+
+
+# OS based :
+
+function _os_based {
+  # Pass function name as first parameter.
+  # It will be invoked as os-based function with the postfix.
+
+  case "$(uname -s)" in
+
+    Darwin)
+      $1_osx ${@:2}
+    ;;
+
+    Linux)
+      $1_linux ${@:2}
+    ;;
+
+    # TODO: add MS Windows support.
+    # CYGWIN*|MINGW32*|MSYS*)
+    #   $1_ms ${@:2}
+    # ;;
+
+    *)
+      _abort 'unsupported OS.'
+    ;;
+  esac
+}
+
+
+# File System :
+
+function _set_config {
+  # First parameter is the KEY, second is VALUE, third is filename.
+
+  # The exit status is 0 (true) if the name was found, 1 (false) if not:
+  local contains=$(grep -Fq "$1" $3; echo $?)
+
+  if [[ $contains -eq 0 ]]; then
+    _os_based __replace_in_file $@
+  elif [[ $contains -eq 1 ]]; then
+    echo "$1 = $2" >> "$3"
+  fi
+}
+
+
+function _file_has_line {
+  # First parameter is the KEY, second is the filename.
+
+  local contains=$(grep -qw "$1" "$2"; echo $?)
+  # 0 on contains, 1 for error.
+  echo $contains;
+}
+
+
+function _delete_line {
+  _os_based __delete_line $@
+}
+
+
+function _temporary_file {
+  # This function creates temporary file
+  # which will be removed on system exit.
+  filename=$(_os_based __temp_file)  # is not `local` on purpose.
+
+  trap "echo 'cleaning up...'; rm -f $filename;" EXIT
+}
+
+
+function _unique_filename {
+  # First parameter is base-path, second is filename,
+  # third is optional extension.
+  local n=0 result=$2
+  while [[ 1 ]]; do
+    if [[ ! -f "$1/$result" ]]; then
+      break
+    fi
+
+    n=$(( $n + 1 ))
+    result="$2-$n"
+  done
+  echo $result
+}
+
+
+# VCS :
+
+function _check_ignore {
+  git check-ignore -q "$1";
+  echo $?
+}
+
+
+# Logic :
+
+function _abort {
+  >&2 echo "$1 abort."
+  exit 1
+}
+
+
+function _secrets_dir_exists {
+  if [[ ! -d $SECRETS_DIR ]]; then
+    _abort "$SECRETS_DIR does not exist."
+  fi
+}
+
+
+function _user_required {
+  _secrets_dir_exists
+
+  local error_message="no users found. run 'git secret tell' before adding files."
+  if [[ ! -f "$SECRETS_DIR_KEYS_PUBRING" ]] ||
+    [[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then
+    _abort "$error_message"
+  fi
+
+  local keys_exist=$($GPGLOCAL -n --list-keys)
+  if [[ -z $keys_exist ]]; then
+    _abort "$error_message"
+  fi
+}
+
+
+function _get_raw_filename {
+  echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##'
+}
+
+
+function _get_encrypted_filename {
+  echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")$SECRETS_EXTENSION" | sed -e 's#^\./##'
+}
+#!/usr/bin/env bash
+
+
+function __replace_in_file_linux {
+  sed -i.bak -c "s/^\($1\s*=\s*\).*\$/\1$2/" "$3"
+}
+
+
+function __delete_line_linux {
+  sed -i.bak -c "/$1/d" "$2"
+}
+
+
+function __temp_file_linux {
+  local filename=$(mktemp)
+  echo "$filename"
+}
+#!/usr/bin/env bash
+
+
+function __replace_in_file_osx {
+  sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
+}
+
+
+function __delete_line_osx {
+  sed -i.bak "/$1/d" "$2"
+}
+
+
+function __temp_file_osx {
+  : "${TMPDIR:=/tmp}"
+  local filename=$(mktemp -t _gitsecrets_ )
+  echo "$filename";
+}
+#!/usr/bin/env bash
+
+
+function add {
+  _user_required
+
+  local not_ignored=()
+
+  for item in $@; do
+    # Checking if all files in options are ignored:
+    if [[ ! -f $item ]]; then
+      _abort "$item is not a file."
+    fi
+
+    local ignored=$(_check_ignore "$item")
+    if [[ ! $ignored -eq 0 ]]; then
+      # collect unignored files.
+      not_ignored+=("$item")
+    fi
+  done
+
+  if [[ ! ${#not_ignored[@]} -eq 0 ]]; then
+    # and show them all at once.
+    _abort "these files are not ignored: ${not_ignored[@]} ;"
+  fi
+
+  for item in $@; do
+    # adding files into system, skipping duplicates.
+    local already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING")
+    if [[ $already_in -eq 1 ]]; then
+      echo $item >> $SECRETS_DIR_PATHS_MAPPING
+    fi
+  done
+
+  echo "${#@} items added."
+}
+#!/usr/bin/env bash
+
+
+function _show_help_clean {
+  echo "usage: git secret clean"
+  echo "removes all the hidden files."
+  echo
+  echo "  -v        shows which files are deleted."
+  exit 0
+}
+
+
+function clean {
+  OPTIND=1
+
+  local verbose=""
+  while getopts "vh" opt; do
+    case "$opt" in
+      v)
+        verbose="v"
+      ;;
+
+      h)
+        _show_help_clean
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  [[ ! -z $verbose ]] && echo && echo "cleaing:" || :  # bug with custom bash on OSX
+
+  find . -name *$SECRETS_EXTENSION -type f | xargs rm -f$verbose
+
+  [[ ! -z $verbose ]] && echo || :  # bug with custom bash on OSX
+
+}
+#!/usr/bin/env bash
+
+
+function _show_help_hide {
+  echo "usage: git secret hide"
+  echo "encrypts all the files added by the 'add' command."
+  echo
+  echo "  -c        clean files before creating new ones."
+  echo "  -v        shows which files are deleted."
+  exit 0
+}
+
+
+function _optional_clean {
+  OPTIND=1
+  local clean=0
+  local opt_string=""
+
+  while getopts "cvh" opt; do
+    case "$opt" in
+      c)  # -c is used for guaranted clean encryption.
+        clean=1
+      ;;
+
+      h)
+        _show_help_hide
+      ;;
+
+      *)
+        opt_string="$opt_string -$opt"
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  if [[ $clean -eq 1 ]]; then
+    clean ${opt_string}
+  fi
+}
+
+
+function hide {
+  _user_required
+
+  _optional_clean $@
+
+  local counter=0
+  while read line; do
+    local encrypted_filename=$(_get_encrypted_filename $line)
+
+    local recipients=$($GPGLOCAL --list-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
+    $GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line"
+
+    counter=$((counter+1))
+  done < $SECRETS_DIR_PATHS_MAPPING
+
+  echo "done. all $counter files are hidden."
+}
+#!/usr/bin/env bash
+
+
+function init {
+
+  if [[ -d "$SECRETS_DIR" ]]; then
+    _abort "already inited."
+  fi
+
+  local ignores=$(_check_ignore "$SECRETS_DIR"/)
+
+  if [[ ! $ignores -eq 1 ]]; then
+    _abort "'${SECRETS_DIR}/' is ignored."
+  fi
+
+  mkdir "$SECRETS_DIR" "$SECRETS_DIR_KEYS" "$SECRETS_DIR_PATHS"
+  touch "$SECRETS_DIR_KEYS_MAPPING" "$SECRETS_DIR_PATHS_MAPPING"
+  echo "'${SECRETS_DIR}/' created."
+}
+#!/usr/bin/env bash
+
+
+function killperson {
+  _user_required
+
+  if [[ ${#@} -eq 0 ]]; then
+    _abort "email is required."
+  fi
+
+  $GPGLOCAL --batch --yes --delete-key "$1"
+}
+#!/usr/bin/env bash
+
+
+function remove {
+  _user_required
+
+  for item in $@; do
+    if [[ ! -f "$item" ]]; then
+      _abort "$item is not a file."
+    fi
+
+    _delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING"
+  done
+
+  local all=${@}
+  echo "removed from index."
+  echo "ensure that files: [$all] are now not ignored."
+}
+#!/usr/bin/env bash
+
+
+function _show_help_reveal {
+  echo "usage: git secret reveal"
+  echo "unencrypts all the files added by the 'add' command."
+  echo
+  echo "  -d        specifies --homedir option for gpg."
+  exit 0
+}
+
+
+function reveal {
+  _user_required
+
+  OPTIND=1
+  local homedir=""
+  local passphrase=""
+
+  while getopts "hd:p:" opt; do
+    case "$opt" in
+      h)
+        _show_help_reveal
+      ;;
+
+      p)
+        passphrase=$OPTARG
+      ;;
+
+      d)
+        homedir=$OPTARG
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  local counter=0
+  while read line; do
+    local encrypted_filename=$(_get_encrypted_filename "$line")
+    echo "$line: $encrypted_filename"
+
+    local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt"
+    if [[ ! -z "$homedir" ]]; then
+      base="$base --homedir=$homedir"
+    fi
+
+    if [[ ! -z "$passphrase" ]]; then
+      base="$base --batch --yes --passphrase $passphrase"
+    fi
+
+    $base -o "$line" "$encrypted_filename"
+
+    counter=$((counter+1))
+  done < "$SECRETS_DIR_PATHS_MAPPING"
+
+  echo "done. all $counter files are revealed."
+}
+#!/usr/bin/env bash
+
+function tell {
+  _secrets_dir_exists
+
+  # A POSIX variable
+  # Reset in case getopts has been used previously in the shell.
+  OPTIND=1
+
+  local email
+  local homedir
+
+  while getopts "h?md:" opt; do
+    case "$opt" in
+      h|\?)
+        usage
+      ;;
+
+      m) # Set email of the git current user:
+        email=$(git config user.email) || email=""
+
+        if [[ -z $email ]]; then
+          _abort "empty email for current git user."
+        else
+          echo "$email is not empty"
+        fi
+      ;;
+
+      d)
+        homedir=$OPTARG
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  # Custom argument-parsing:
+  if [[ -z $email ]]; then
+    # Email was not set via `-m` and is in $1:
+    email="$1"
+    if [[ -z $email ]]; then
+      _abort "first argument must be an email address."
+    fi
+    shift
+  fi
+
+  # This file will be removed automatically:
+  _temporary_file
+  local keyfile=$filename
+
+  if [[ -z $homedir ]]; then
+    $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
+  else
+    # It means that homedir is set as an extra argument via `-d`:
+    $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" --export -a "$email" > "$keyfile"
+  fi
+
+  if [[ ! -s $keyfile ]]; then
+    _abort 'gpg key is empty. check your key name: `gpg --list-keys`.'
+  fi
+
+  # Importing public key to the local keychain:
+  $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
+
+  echo
+  echo "done. $email added as a person who knows the secret."
+}
+#!/usr/bin/env bash
+
+
+function usage {
+
+  if [[ ! -z "$1" ]]; then
+    echo $@
+  fi
+
+  local commands=""
+  local separator="|"
+
+  for com in `compgen -A function`
+  do
+    if [[ ! $com == _* ]]; then
+      commands+="$com$separator"
+    fi
+  done
+
+  echo "usage: git secret [${commands%?}]"
+  exit 0
+}
+#!/usr/bin/env bash
 
 # encryption: https://www.gnupg.org/gph/en/manual.html#AEN111
 # git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
 # adding files to git on pre_commit hook:
 # http://stackoverflow.com/questions/3284292/can-a-git-hook-automatically-add-files-to-the-commit
 
-SCRIPT_DIR=".secrets"
-
 
 function _check_setup {
+  # Checking git and secret-plugin setup:
   if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then
-    echo "repository is broken. try running 'git init' or 'git clone'"
-    exit 1
+    _abort "repository is broken. try running 'git init' or 'git clone'."
+  fi
+
+  # Checking gpg setup:
+  local secring="$SECRETS_DIR_KEYS/secring.gpg"
+  if [[ -f $secring ]] && [[ -s $secring ]]; then
+    # secring.gpg is not empty, someone has imported a private key.
+    _abort "it seems that someone has imported a secret key."
   fi
 }
 
 
 function _init_script {
+  # checking for proper set-up:
+  _check_setup
+
   if [[ $# == 0 ]]; then
     usage "no input parameters provided."
   fi
 
-  # checking for proper set-up:
-  _check_setup
-
   # load dependencies:
-  for f in ${0%/*}/bin/*; do [[ -f "$f" ]] && . "$f"; done
+  # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done
 
   # routing the input command:
   if [[ `_function_exists $1` == 0 ]] && [[ ! $1 == _* ]]; then
     $1 "${@:2}"
   else
-    usage "command ${1} not found."
+    usage "command $1 not found."
   fi
 }
 
+set -e
 _init_script $@

src/_utils/_git_secret_tools.sh

@@ -0,0 +1,161 @@
+#!/usr/bin/env bash
+
+# Global variables:
+
+WORKING_DIRECTORY="$PWD"
+# Folders:
+SECRETS_DIR=".gitsecret"
+SECRETS_DIR_KEYS="$SECRETS_DIR/keys"
+SECRETS_DIR_PATHS="$SECRETS_DIR/paths"
+
+# Files:
+SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg"
+SECRETS_DIR_KEYS_PUBRING="$SECRETS_DIR_KEYS/pubring.gpg"
+SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg"
+
+SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg"
+
+: ${SECRETS_GPG_COMMAND:="gpg"}
+GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
+
+: ${SECRETS_EXTENSION:=".secret"}
+
+
+# Inner bash :
+
+function _function_exists {
+  declare -f -F "$1" > /dev/null
+  echo $?
+}
+
+
+# OS based :
+
+function _os_based {
+  # Pass function name as first parameter.
+  # It will be invoked as os-based function with the postfix.
+
+  case "$(uname -s)" in
+
+    Darwin)
+      $1_osx ${@:2}
+    ;;
+
+    Linux)
+      $1_linux ${@:2}
+    ;;
+
+    # TODO: add MS Windows support.
+    # CYGWIN*|MINGW32*|MSYS*)
+    #   $1_ms ${@:2}
+    # ;;
+
+    *)
+      _abort 'unsupported OS.'
+    ;;
+  esac
+}
+
+
+# File System :
+
+function _set_config {
+  # First parameter is the KEY, second is VALUE, third is filename.
+
+  # The exit status is 0 (true) if the name was found, 1 (false) if not:
+  local contains=$(grep -Fq "$1" $3; echo $?)
+
+  if [[ $contains -eq 0 ]]; then
+    _os_based __replace_in_file $@
+  elif [[ $contains -eq 1 ]]; then
+    echo "$1 = $2" >> "$3"
+  fi
+}
+
+
+function _file_has_line {
+  # First parameter is the KEY, second is the filename.
+
+  local contains=$(grep -qw "$1" "$2"; echo $?)
+  # 0 on contains, 1 for error.
+  echo $contains;
+}
+
+
+function _delete_line {
+  _os_based __delete_line $@
+}
+
+
+function _temporary_file {
+  # This function creates temporary file
+  # which will be removed on system exit.
+  filename=$(_os_based __temp_file)  # is not `local` on purpose.
+
+  trap "echo 'cleaning up...'; rm -f $filename;" EXIT
+}
+
+
+function _unique_filename {
+  # First parameter is base-path, second is filename,
+  # third is optional extension.
+  local n=0 result=$2
+  while [[ 1 ]]; do
+    if [[ ! -f "$1/$result" ]]; then
+      break
+    fi
+
+    n=$(( $n + 1 ))
+    result="$2-$n"
+  done
+  echo $result
+}
+
+
+# VCS :
+
+function _check_ignore {
+  git check-ignore -q "$1";
+  echo $?
+}
+
+
+# Logic :
+
+function _abort {
+  >&2 echo "$1 abort."
+  exit 1
+}
+
+
+function _secrets_dir_exists {
+  if [[ ! -d $SECRETS_DIR ]]; then
+    _abort "$SECRETS_DIR does not exist."
+  fi
+}
+
+
+function _user_required {
+  _secrets_dir_exists
+
+  local error_message="no users found. run 'git secret tell' before adding files."
+  if [[ ! -f "$SECRETS_DIR_KEYS_PUBRING" ]] ||
+    [[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then
+    _abort "$error_message"
+  fi
+
+  local keys_exist=$($GPGLOCAL -n --list-keys)
+  if [[ -z $keys_exist ]]; then
+    _abort "$error_message"
+  fi
+}
+
+
+function _get_raw_filename {
+  echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##'
+}
+
+
+function _get_encrypted_filename {
+  echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")$SECRETS_EXTENSION" | sed -e 's#^\./##'
+}

src/_utils/_git_secret_tools_linux.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+
+function __replace_in_file_linux {
+  sed -i.bak -c "s/^\($1\s*=\s*\).*\$/\1$2/" "$3"
+}
+
+
+function __delete_line_linux {
+  sed -i.bak -c "/$1/d" "$2"
+}
+
+
+function __temp_file_linux {
+  local filename=$(mktemp)
+  echo "$filename"
+}

src/_utils/_git_secret_tools_osx.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+
+function __replace_in_file_osx {
+  sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
+}
+
+
+function __delete_line_osx {
+  sed -i.bak "/$1/d" "$2"
+}
+
+
+function __temp_file_osx {
+  : "${TMPDIR:=/tmp}"
+  local filename=$(mktemp -t _gitsecrets_ )
+  echo "$filename";
+}

src/commands/git_secret_add.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+
+function add {
+  _user_required
+
+  local not_ignored=()
+
+  for item in $@; do
+    # Checking if all files in options are ignored:
+    if [[ ! -f $item ]]; then
+      _abort "$item is not a file."
+    fi
+
+    local ignored=$(_check_ignore "$item")
+    if [[ ! $ignored -eq 0 ]]; then
+      # collect unignored files.
+      not_ignored+=("$item")
+    fi
+  done
+
+  if [[ ! ${#not_ignored[@]} -eq 0 ]]; then
+    # and show them all at once.
+    _abort "these files are not ignored: ${not_ignored[@]} ;"
+  fi
+
+  for item in $@; do
+    # adding files into system, skipping duplicates.
+    local already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING")
+    if [[ $already_in -eq 1 ]]; then
+      echo $item >> $SECRETS_DIR_PATHS_MAPPING
+    fi
+  done
+
+  echo "${#@} items added."
+}

src/commands/git_secret_clean.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+
+function _show_help_clean {
+  echo "usage: git secret clean"
+  echo "removes all the hidden files."
+  echo
+  echo "  -v        shows which files are deleted."
+  exit 0
+}
+
+
+function clean {
+  OPTIND=1
+
+  local verbose=""
+  while getopts "vh" opt; do
+    case "$opt" in
+      v)
+        verbose="v"
+      ;;
+
+      h)
+        _show_help_clean
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  [[ ! -z $verbose ]] && echo && echo "cleaing:" || :  # bug with custom bash on OSX
+
+  find . -name *$SECRETS_EXTENSION -type f | xargs rm -f$verbose
+
+  [[ ! -z $verbose ]] && echo || :  # bug with custom bash on OSX
+
+}

src/commands/git_secret_hide.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+
+function _show_help_hide {
+  echo "usage: git secret hide"
+  echo "encrypts all the files added by the 'add' command."
+  echo
+  echo "  -c        clean files before creating new ones."
+  echo "  -v        shows which files are deleted."
+  exit 0
+}
+
+
+function _optional_clean {
+  OPTIND=1
+  local clean=0
+  local opt_string=""
+
+  while getopts "cvh" opt; do
+    case "$opt" in
+      c)  # -c is used for guaranted clean encryption.
+        clean=1
+      ;;
+
+      h)
+        _show_help_hide
+      ;;
+
+      *)
+        opt_string="$opt_string -$opt"
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  if [[ $clean -eq 1 ]]; then
+    clean ${opt_string}
+  fi
+}
+
+
+function hide {
+  _user_required
+
+  _optional_clean $@
+
+  local counter=0
+  while read line; do
+    local encrypted_filename=$(_get_encrypted_filename $line)
+
+    local recipients=$($GPGLOCAL --list-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
+    $GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line"
+
+    counter=$((counter+1))
+  done < $SECRETS_DIR_PATHS_MAPPING
+
+  echo "done. all $counter files are hidden."
+}

src/commands/git_secret_init.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+
+function init {
+
+  if [[ -d "$SECRETS_DIR" ]]; then
+    _abort "already inited."
+  fi
+
+  local ignores=$(_check_ignore "$SECRETS_DIR"/)
+
+  if [[ ! $ignores -eq 1 ]]; then
+    _abort "'${SECRETS_DIR}/' is ignored."
+  fi
+
+  mkdir "$SECRETS_DIR" "$SECRETS_DIR_KEYS" "$SECRETS_DIR_PATHS"
+  touch "$SECRETS_DIR_KEYS_MAPPING" "$SECRETS_DIR_PATHS_MAPPING"
+  echo "'${SECRETS_DIR}/' created."
+}

src/commands/git_secret_killperson.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+
+function killperson {
+  _user_required
+
+  if [[ ${#@} -eq 0 ]]; then
+    _abort "email is required."
+  fi
+
+  $GPGLOCAL --batch --yes --delete-key "$1"
+}

src/commands/git_secret_remove.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+
+function remove {
+  _user_required
+
+  for item in $@; do
+    if [[ ! -f "$item" ]]; then
+      _abort "$item is not a file."
+    fi
+
+    _delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING"
+  done
+
+  local all=${@}
+  echo "removed from index."
+  echo "ensure that files: [$all] are now not ignored."
+}

src/commands/git_secret_reveal.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+
+function _show_help_reveal {
+  echo "usage: git secret reveal"
+  echo "unencrypts all the files added by the 'add' command."
+  echo
+  echo "  -d        specifies --homedir option for gpg."
+  exit 0
+}
+
+
+function reveal {
+  _user_required
+
+  OPTIND=1
+  local homedir=""
+  local passphrase=""
+
+  while getopts "hd:p:" opt; do
+    case "$opt" in
+      h)
+        _show_help_reveal
+      ;;
+
+      p)
+        passphrase=$OPTARG
+      ;;
+
+      d)
+        homedir=$OPTARG
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  local counter=0
+  while read line; do
+    local encrypted_filename=$(_get_encrypted_filename "$line")
+
+    local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt"
+    if [[ ! -z "$homedir" ]]; then
+      base="$base --homedir=$homedir"
+    fi
+
+    if [[ ! -z "$passphrase" ]]; then
+      base="$base --batch --yes --passphrase $passphrase"
+    fi
+
+    $base -o "$line" "$encrypted_filename"
+
+    counter=$((counter+1))
+  done < "$SECRETS_DIR_PATHS_MAPPING"
+
+  echo "done. all $counter files are revealed."
+}

src/commands/git_secret_tell.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+function tell {
+  _secrets_dir_exists
+
+  # A POSIX variable
+  # Reset in case getopts has been used previously in the shell.
+  OPTIND=1
+
+  local email
+  local homedir
+
+  while getopts "h?md:" opt; do
+    case "$opt" in
+      h|\?)
+        usage
+      ;;
+
+      m) # Set email of the git current user:
+        email=$(git config user.email) || email=""
+
+        if [[ -z $email ]]; then
+          _abort "empty email for current git user."
+        else
+          echo "$email is not empty"
+        fi
+      ;;
+
+      d)
+        homedir=$OPTARG
+      ;;
+    esac
+  done
+
+  shift $((OPTIND-1))
+  [ "$1" = "--" ] && shift
+
+  # Custom argument-parsing:
+  if [[ -z $email ]]; then
+    # Email was not set via `-m` and is in $1:
+    email="$1"
+    if [[ -z $email ]]; then
+      _abort "first argument must be an email address."
+    fi
+    shift
+  fi
+
+  # This file will be removed automatically:
+  _temporary_file
+  local keyfile=$filename
+
+  if [[ -z $homedir ]]; then
+    $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
+  else
+    # It means that homedir is set as an extra argument via `-d`:
+    $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" --export -a "$email" > "$keyfile"
+  fi
+
+  if [[ ! -s $keyfile ]]; then
+    _abort 'gpg key is empty. check your key name: `gpg --list-keys`.'
+  fi
+
+  # Importing public key to the local keychain:
+  $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
+
+  echo
+  echo "done. $email added as a person who knows the secret."
+}

src/commands/git_secret_usage.sh

@@ -1,6 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
 
 function usage {
+
   if [[ ! -z "$1" ]]; then
     echo $@
   fi
@@ -15,7 +17,6 @@ function usage {
     fi
   done
 
-  # usage|init|tell|hide|reveal
   echo "usage: git secret [${commands%?}]"
   exit 0
 }

src/main.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# encryption: https://www.gnupg.org/gph/en/manual.html#AEN111
+# git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
+# adding files to git on pre_commit hook:
+# http://stackoverflow.com/questions/3284292/can-a-git-hook-automatically-add-files-to-the-commit
+
+
+function _check_setup {
+  # Checking git and secret-plugin setup:
+  if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then
+    _abort "repository is broken. try running 'git init' or 'git clone'."
+  fi
+
+  # Checking gpg setup:
+  local secring="$SECRETS_DIR_KEYS/secring.gpg"
+  if [[ -f $secring ]] && [[ -s $secring ]]; then
+    # secring.gpg is not empty, someone has imported a private key.
+    _abort "it seems that someone has imported a secret key."
+  fi
+}
+
+
+function _init_script {
+  # checking for proper set-up:
+  _check_setup
+
+  if [[ $# == 0 ]]; then
+    usage "no input parameters provided."
+  fi
+
+  # load dependencies:
+  # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done
+
+  # routing the input command:
+  if [[ `_function_exists $1` == 0 ]] && [[ ! $1 == _* ]]; then
+    $1 "${@:2}"
+  else
+    usage "command $1 not found."
+  fi
+}
+
+set -e
+_init_script $@

test.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-echo $1
-
-echo $#

tests/_test_base.bash

@@ -0,0 +1,157 @@
+#!/usr/bin/env bash
+
+# This file is following a name convention defined in:
+# https://github.com/sstephenson/bats
+
+source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
+
+# Constants:
+
+FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
+
+# Folders:
+TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR"
+TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING"
+
+TEST_GPG_HOMEDIR="$PWD"
+# TEST_TEMP_FILE="$BATS_TMPDIR/test_temp"
+
+# GPG-based stuff:
+: ${SECRETS_GPG_COMMAND:="gpg"}
+GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
+
+
+# Personal data:
+TEST_DEFAULT_USER="user1"
+
+function test_user_password {
+  echo "${1}pass"
+}
+
+
+function test_user_email {
+  echo "${1}@gitsecret.io"
+}
+
+
+
+# GPG:
+
+function _get_gpg_fingerprint_by_email {
+  local email="$1"
+  local fingerprint=`$GPGTEST --list-public-keys --with-fingerprint --with-colons | \
+    sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
+    sed -e '/fpr/!d' | \
+    sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p'`
+  echo $fingerprint
+}
+
+
+function install_fixture_key {
+  local public_key="$BATS_TMPDIR/public-${1}.key"
+  local email=`test_user_email "$1"`
+
+  $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
+    --no-permission-warning --output "$public_key" \
+    --armor --batch --yes --export "$email"  > /dev/null 2>&1
+  $GPGTEST --import "$public_key" > /dev/null 2>&1
+  rm -f "$public_key"
+}
+
+
+function install_fixture_full_key {
+  local private_key="$BATS_TMPDIR/private-${1}.key"
+  local email=`test_user_email "$1"`
+
+  # local fingerprint=`_get_gpg_fingerprint_by_email "$email"`
+  $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
+    --no-permission-warning --output "$private_key" --armor \
+    --yes --export-secret-key "$email" > /dev/null 2>&1
+
+  $GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1
+
+  install_fixture_key "$1"
+}
+
+
+function uninstall_fixture_key {
+  local email=`test_user_email "$1"`
+  $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
+}
+
+
+function uninstall_fixture_full_key {
+  local email=`test_user_email "$1"`
+  local fingerprint=`_get_gpg_fingerprint_by_email "$email"`
+  $GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1
+
+  uninstall_fixture_key "$1"
+}
+
+
+# Git:
+function git_set_config_email {
+  git config --local user.email "$1"
+}
+
+
+function git_restore_default_email {
+  git config --local user.email "$1"
+}
+
+
+function remove_git_repository {
+  rm -rf ".git"
+}
+
+
+# Git Secret:
+function set_state_git {
+  git init > /dev/null 2>&1
+}
+
+
+function set_state_secret_init {
+  git secret init > /dev/null 2>&1
+}
+
+
+function set_state_secret_tell {
+  local email=`test_user_email $1`
+  git secret tell -d "$TEST_GPG_HOMEDIR" "$email"
+}
+
+
+function set_state_secret_add {
+  local filename="$1"
+  local content="$2"
+  echo "$content" > "$filename"
+  echo "$filename" >> ".gitignore"
+
+  git secret add "$filename"
+}
+
+
+function set_state_secret_hide {
+  git secret hide > /dev/null 2>&1
+}
+
+
+function unset_current_state {
+  # states order:
+  # git, secret_init, secret_tell, secret_add, secret_hide
+
+  # unsets `secret_hide`
+  # removes .secret files:
+  git secret clean > /dev/null 2>&1
+
+  # unsets `secret_add`, `secret_tell` and `secret_init`
+  rm -rf "$SECRETS_DIR"
+  rm -rf ".gitignore"
+
+  # unsets `git` state
+  remove_git_repository
+
+  # removes gpg homedir:
+  rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
+}

tests/test_add.bats

@@ -0,0 +1,78 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+
+function setup {
+  install_fixture_key "$TEST_DEFAULT_USER"
+  set_state_git
+  set_state_secret_init
+  set_state_secret_tell "$TEST_DEFAULT_USER"
+}
+
+
+function teardown {
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
+  unset_current_state
+}
+
+
+@test "run 'add' for unignored file" {
+  local TEST_FILE='test_file'
+  touch "$TEST_FILE"
+  echo "content" > "$TEST_FILE"
+
+  run git secret add "$TEST_FILE"
+  rm -f "$TEST_FILE"
+
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'add' normally" {
+  local filename="local_file"
+  echo "content" > "$filename"
+  echo "$filename" > ".gitignore"
+
+  run git secret add "$filename"
+  rm -f "$filename" ".gitignore"
+
+  [ "$status" -eq 0 ]
+
+  local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
+  [ "$files_list" = "$filename" ]
+}
+
+
+@test "run 'add' twice for one file" {
+  local filename="local_file"
+  echo "content" > "$filename"
+  echo "$filename" > ".gitignore"
+
+  run git secret add "$filename"
+  run git secret add "$filename"
+  rm -f "$filename" ".gitignore"
+
+  [ "$status" -eq 0 ]
+  [ "$output" = "1 items added." ]
+
+  local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
+  [ "$files_list" = "$filename" ]
+}
+
+
+@test "run 'add' for multiple files" {
+  local filename1="local_file1"
+  echo "content1" > "$filename1"
+  echo "$filename1" > ".gitignore"
+
+  local filename2="local_file2"
+  echo "content2" > "$filename2"
+  echo "$filename2" >> ".gitignore"
+
+  run git secret add "$filename1" "$filename2"
+  rm -f "$filename1" "$filename2" ".gitignore"
+
+  [ "$status" -eq 0 ]
+  [ "$output" = "2 items added." ]
+}

tests/test_hide.bats

@@ -0,0 +1,35 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+FILE_TO_HIDE="file_to_hide"
+FILE_CONTENTS="hidden content юникод"
+
+
+function setup {
+  install_fixture_key "$TEST_DEFAULT_USER"
+  set_state_git
+  set_state_secret_init
+  set_state_secret_tell "$TEST_DEFAULT_USER"
+  set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
+}
+
+
+function teardown {
+  uninstall_fixture_key $TEST_DEFAULT_USER
+  unset_current_state
+  rm -f "$FILE_TO_HIDE"
+}
+
+
+@test "run 'hide' normally" {
+  run git secret hide
+  [ "$status" -eq 0 ]
+  [ "$output" = "done. all 1 files are hidden." ]
+}
+
+
+@test "run 'hide' with params" {
+  run git secret hide -v -c
+  [ "$status" -eq 0 ]
+}

tests/test_init.bats

@@ -0,0 +1,37 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+
+function setup {
+  set_state_git
+}
+
+
+function teardown {
+  unset_current_state
+}
+
+
+@test "run 'init' without .git" {
+  remove_git_repository
+
+  run git secret init
+  [ "$status" -eq 1 ]
+  [ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ]
+}
+
+
+@test "run 'init' normally" {
+  run git secret init
+  [ "$status" -eq 0 ]
+}
+
+
+@test "run 'init' with '.gitsecret' already inited" {
+  mkdir "$SECRETS_DIR"
+
+  run git secret init
+  [ "$output" = "already inited. abort." ]
+  [ "$status" -eq 1 ]
+}

tests/test_killperson.bats

@@ -0,0 +1,33 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+
+function setup {
+  install_fixture_key "$TEST_DEFAULT_USER"
+  set_state_git
+  set_state_secret_init
+  set_state_secret_tell "$TEST_DEFAULT_USER"
+
+  # init_git_repository
+  # git_secret_init
+  # git_secret_tell_test
+}
+
+
+function teardown {
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
+  unset_current_state
+}
+
+
+@test "run 'killperson' without arguments" {
+  run git secret killperson
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'killperson' normally" {
+  run git secret killperson "$TEST_DEFAULT_USER"
+  [ "$status" -eq 0 ]
+}

tests/test_reveal.bats

@@ -0,0 +1,65 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+FILE_TO_HIDE="file_to_hide"
+FILE_CONTENTS="hidden content юникод"
+
+
+function setup {
+  install_fixture_full_key "$TEST_DEFAULT_USER"
+
+  set_state_git
+  set_state_secret_init
+  set_state_secret_tell "$TEST_DEFAULT_USER"
+  set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
+  set_state_secret_hide
+}
+
+
+function teardown {
+  uninstall_fixture_full_key "$TEST_DEFAULT_USER"
+  unset_current_state
+  rm -f "$FILE_TO_HIDE"
+}
+
+
+@test "run 'reveal' with password argument" {
+  cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+  rm -f "$FILE_TO_HIDE"
+
+  local password=`test_user_password "$TEST_DEFAULT_USER"`
+  run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
+
+  [ "$status" -eq 0 ]
+  [ -f "$FILE_TO_HIDE" ]
+
+  cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+
+  rm -f "${FILE_TO_HIDE}2"
+}
+
+
+@test "run 'reveal' with wrong password" {
+  rm -f "$FILE_TO_HIDE"
+
+  run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "WRONG"
+  [ "$status" -eq 2 ]
+  [ ! -f "$FILE_TO_HIDE" ]
+}
+
+
+@test "run 'reveal' for attacker" {
+  rm -f "$FILE_TO_HIDE"
+
+  local attacker="attacker1"
+  install_fixture_full_key "$attacker"
+
+  local password=`test_user_password "$attacker"`
+  run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
+
+  [ "$status" -eq 2 ]
+  [ ! -f "$FILE_TO_HIDE" ]
+
+  uninstall_fixture_full_key "$attacker"
+}

tests/test_tell.bats

@@ -0,0 +1,69 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+
+function setup {
+  install_fixture_key $TEST_DEFAULT_USER
+  set_state_git
+  set_state_secret_init
+}
+
+
+function teardown {
+  uninstall_fixture_key "$TEST_DEFAULT_USER"
+  unset_current_state
+}
+
+
+function git_secret_tell_test {
+  git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
+}
+
+
+@test "fail on no users" {
+  run _user_required
+  [ "$status" -eq 1 ]
+}
+
+
+@test "fail on secret-key imported" {
+  local private_key="$SECRETS_DIR_KEYS/secring.gpg"
+  echo "private key" > "$private_key"
+  [ -s "$private_key" ]
+
+  run git_secret_tell_test
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'tell' without '.gitsecret'" {
+  rm -rf "$SECRETS_DIR"
+
+  run git_secret_tell_test
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'tell' without arguments" {
+  run git secret tell
+  [ "$status" -eq 1 ]
+}
+
+
+@test "run 'tell' normally" {
+  run git_secret_tell_test
+  [ "$status" -eq 0 ]
+
+  run _user_required
+  [ "$status" -eq 0 ]
+}
+
+
+@test "run 'tell -m'" {
+  email=`test_user_email $TEST_DEFAULT_USER`
+
+  git_set_config_email "$email"
+  run git secret tell -d "$TEST_GPG_HOMEDIR" -m
+  [ "$status" -eq 0 ]
+}

tests/test_usage.bats

@@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load _test_base
+
+
+function setup {
+  set_state_git
+}
+
+
+function teardown {
+  unset_current_state
+}
+
+
+@test "run 'usage'" {
+  run git secret usage
+  [ "$status" -eq 0 ]
+}
+
+
+@test "run 'usage' without '.git'" {
+  remove_git_repository
+
+  run git secret usage
+  [ "$status" -eq 1 ]
+}