mirror of https://github.com/sobolevn/git-secret
pre-reliase
parent
f988860966
commit
634de90bae
@ -1,4 +1,28 @@
|
||||
all: myscript
|
||||
all: build
|
||||
|
||||
myscript: includes/* body/*
|
||||
cat $^ > "$@" || (rm -f "$@"; exit 1)
|
||||
git-secret: src/_utils/* src/commands/* src/main.sh
|
||||
@cat $^ > "$@"
|
||||
@chmod +x git-secret
|
||||
|
||||
clean:
|
||||
@rm -f git-secret
|
||||
|
||||
build: git-secret
|
||||
|
||||
develop: clean build
|
||||
|
||||
install-test:
|
||||
git clone https://github.com/sstephenson/bats.git vendor/bats
|
||||
|
||||
test:
|
||||
@if [ ! -d "vendor/bats" ]; then make install-test; fi
|
||||
@export SECRET_PROJECT_ROOT="${PWD}"; export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \
|
||||
rm -rf temp; mkdir temp; cd temp; \
|
||||
bats ../tests;
|
||||
|
||||
install-man:
|
||||
gem install ronn
|
||||
|
||||
man:
|
||||
@if [ `gem list ronn -i` == "false" ]; then make install-man; fi
|
||||
ronn --roff man/*.ronn
|
||||
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
function _function_exists {
|
||||
declare -f -F $1 > /dev/null
|
||||
echo $?
|
||||
}
|
@ -1,31 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
function init {
|
||||
# A POSIX variable
|
||||
# Reset in case getopts has been used previously in the shell.
|
||||
OPTIND=1
|
||||
|
||||
output_file=""
|
||||
verbose=0
|
||||
|
||||
while getopts "h?vf:" opt; do
|
||||
case "$opt" in
|
||||
h|\?)
|
||||
usage
|
||||
;;
|
||||
v)
|
||||
verbose=1
|
||||
;;
|
||||
f)
|
||||
output_file=$OPTARG
|
||||
;;
|
||||
esac
|
||||
|
||||
shift $((OPTIND-1))
|
||||
|
||||
[ "$1" = "--" ] && shift
|
||||
done
|
||||
|
||||
echo "verbose=$verbose, output_file='$output_file', Leftovers: $@"
|
||||
|
||||
}
|
@ -1,38 +1,572 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Global variables:
|
||||
|
||||
WORKING_DIRECTORY="$PWD"
|
||||
# Folders:
|
||||
SECRETS_DIR=".gitsecret"
|
||||
SECRETS_DIR_KEYS="$SECRETS_DIR/keys"
|
||||
SECRETS_DIR_PATHS="$SECRETS_DIR/paths"
|
||||
|
||||
# Files:
|
||||
SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg"
|
||||
SECRETS_DIR_KEYS_PUBRING="$SECRETS_DIR_KEYS/pubring.gpg"
|
||||
SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg"
|
||||
|
||||
SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg"
|
||||
|
||||
: ${SECRETS_GPG_COMMAND:="gpg"}
|
||||
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
|
||||
|
||||
: ${SECRETS_EXTENSION:=".secret"}
|
||||
|
||||
|
||||
# Inner bash :
|
||||
|
||||
function _function_exists {
|
||||
declare -f -F "$1" > /dev/null
|
||||
echo $?
|
||||
}
|
||||
|
||||
|
||||
# OS based :
|
||||
|
||||
function _os_based {
|
||||
# Pass function name as first parameter.
|
||||
# It will be invoked as os-based function with the postfix.
|
||||
|
||||
case "$(uname -s)" in
|
||||
|
||||
Darwin)
|
||||
$1_osx ${@:2}
|
||||
;;
|
||||
|
||||
Linux)
|
||||
$1_linux ${@:2}
|
||||
;;
|
||||
|
||||
# TODO: add MS Windows support.
|
||||
# CYGWIN*|MINGW32*|MSYS*)
|
||||
# $1_ms ${@:2}
|
||||
# ;;
|
||||
|
||||
*)
|
||||
_abort 'unsupported OS.'
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
||||
# File System :
|
||||
|
||||
function _set_config {
|
||||
# First parameter is the KEY, second is VALUE, third is filename.
|
||||
|
||||
# The exit status is 0 (true) if the name was found, 1 (false) if not:
|
||||
local contains=$(grep -Fq "$1" $3; echo $?)
|
||||
|
||||
if [[ $contains -eq 0 ]]; then
|
||||
_os_based __replace_in_file $@
|
||||
elif [[ $contains -eq 1 ]]; then
|
||||
echo "$1 = $2" >> "$3"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _file_has_line {
|
||||
# First parameter is the KEY, second is the filename.
|
||||
|
||||
local contains=$(grep -qw "$1" "$2"; echo $?)
|
||||
# 0 on contains, 1 for error.
|
||||
echo $contains;
|
||||
}
|
||||
|
||||
|
||||
function _delete_line {
|
||||
_os_based __delete_line $@
|
||||
}
|
||||
|
||||
|
||||
function _temporary_file {
|
||||
# This function creates temporary file
|
||||
# which will be removed on system exit.
|
||||
filename=$(_os_based __temp_file) # is not `local` on purpose.
|
||||
|
||||
trap "echo 'cleaning up...'; rm -f $filename;" EXIT
|
||||
}
|
||||
|
||||
|
||||
function _unique_filename {
|
||||
# First parameter is base-path, second is filename,
|
||||
# third is optional extension.
|
||||
local n=0 result=$2
|
||||
while [[ 1 ]]; do
|
||||
if [[ ! -f "$1/$result" ]]; then
|
||||
break
|
||||
fi
|
||||
|
||||
n=$(( $n + 1 ))
|
||||
result="$2-$n"
|
||||
done
|
||||
echo $result
|
||||
}
|
||||
|
||||
|
||||
# VCS :
|
||||
|
||||
function _check_ignore {
|
||||
git check-ignore -q "$1";
|
||||
echo $?
|
||||
}
|
||||
|
||||
|
||||
# Logic :
|
||||
|
||||
function _abort {
|
||||
>&2 echo "$1 abort."
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
function _secrets_dir_exists {
|
||||
if [[ ! -d $SECRETS_DIR ]]; then
|
||||
_abort "$SECRETS_DIR does not exist."
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _user_required {
|
||||
_secrets_dir_exists
|
||||
|
||||
local error_message="no users found. run 'git secret tell' before adding files."
|
||||
if [[ ! -f "$SECRETS_DIR_KEYS_PUBRING" ]] ||
|
||||
[[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then
|
||||
_abort "$error_message"
|
||||
fi
|
||||
|
||||
local keys_exist=$($GPGLOCAL -n --list-keys)
|
||||
if [[ -z $keys_exist ]]; then
|
||||
_abort "$error_message"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _get_raw_filename {
|
||||
echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##'
|
||||
}
|
||||
|
||||
|
||||
function _get_encrypted_filename {
|
||||
echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")$SECRETS_EXTENSION" | sed -e 's#^\./##'
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function __replace_in_file_linux {
|
||||
sed -i.bak -c "s/^\($1\s*=\s*\).*\$/\1$2/" "$3"
|
||||
}
|
||||
|
||||
|
||||
function __delete_line_linux {
|
||||
sed -i.bak -c "/$1/d" "$2"
|
||||
}
|
||||
|
||||
|
||||
function __temp_file_linux {
|
||||
local filename=$(mktemp)
|
||||
echo "$filename"
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function __replace_in_file_osx {
|
||||
sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
|
||||
}
|
||||
|
||||
|
||||
function __delete_line_osx {
|
||||
sed -i.bak "/$1/d" "$2"
|
||||
}
|
||||
|
||||
|
||||
function __temp_file_osx {
|
||||
: "${TMPDIR:=/tmp}"
|
||||
local filename=$(mktemp -t _gitsecrets_ )
|
||||
echo "$filename";
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function add {
|
||||
_user_required
|
||||
|
||||
local not_ignored=()
|
||||
|
||||
for item in $@; do
|
||||
# Checking if all files in options are ignored:
|
||||
if [[ ! -f $item ]]; then
|
||||
_abort "$item is not a file."
|
||||
fi
|
||||
|
||||
local ignored=$(_check_ignore "$item")
|
||||
if [[ ! $ignored -eq 0 ]]; then
|
||||
# collect unignored files.
|
||||
not_ignored+=("$item")
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ ! ${#not_ignored[@]} -eq 0 ]]; then
|
||||
# and show them all at once.
|
||||
_abort "these files are not ignored: ${not_ignored[@]} ;"
|
||||
fi
|
||||
|
||||
for item in $@; do
|
||||
# adding files into system, skipping duplicates.
|
||||
local already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING")
|
||||
if [[ $already_in -eq 1 ]]; then
|
||||
echo $item >> $SECRETS_DIR_PATHS_MAPPING
|
||||
fi
|
||||
done
|
||||
|
||||
echo "${#@} items added."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_clean {
|
||||
echo "usage: git secret clean"
|
||||
echo "removes all the hidden files."
|
||||
echo
|
||||
echo " -v shows which files are deleted."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function clean {
|
||||
OPTIND=1
|
||||
|
||||
local verbose=""
|
||||
while getopts "vh" opt; do
|
||||
case "$opt" in
|
||||
v)
|
||||
verbose="v"
|
||||
;;
|
||||
|
||||
h)
|
||||
_show_help_clean
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
[[ ! -z $verbose ]] && echo && echo "cleaing:" || : # bug with custom bash on OSX
|
||||
|
||||
find . -name *$SECRETS_EXTENSION -type f | xargs rm -f$verbose
|
||||
|
||||
[[ ! -z $verbose ]] && echo || : # bug with custom bash on OSX
|
||||
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_hide {
|
||||
echo "usage: git secret hide"
|
||||
echo "encrypts all the files added by the 'add' command."
|
||||
echo
|
||||
echo " -c clean files before creating new ones."
|
||||
echo " -v shows which files are deleted."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function _optional_clean {
|
||||
OPTIND=1
|
||||
local clean=0
|
||||
local opt_string=""
|
||||
|
||||
while getopts "cvh" opt; do
|
||||
case "$opt" in
|
||||
c) # -c is used for guaranted clean encryption.
|
||||
clean=1
|
||||
;;
|
||||
|
||||
h)
|
||||
_show_help_hide
|
||||
;;
|
||||
|
||||
*)
|
||||
opt_string="$opt_string -$opt"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
if [[ $clean -eq 1 ]]; then
|
||||
clean ${opt_string}
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function hide {
|
||||
_user_required
|
||||
|
||||
_optional_clean $@
|
||||
|
||||
local counter=0
|
||||
while read line; do
|
||||
local encrypted_filename=$(_get_encrypted_filename $line)
|
||||
|
||||
local recipients=$($GPGLOCAL --list-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
|
||||
$GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line"
|
||||
|
||||
counter=$((counter+1))
|
||||
done < $SECRETS_DIR_PATHS_MAPPING
|
||||
|
||||
echo "done. all $counter files are hidden."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function init {
|
||||
|
||||
if [[ -d "$SECRETS_DIR" ]]; then
|
||||
_abort "already inited."
|
||||
fi
|
||||
|
||||
local ignores=$(_check_ignore "$SECRETS_DIR"/)
|
||||
|
||||
if [[ ! $ignores -eq 1 ]]; then
|
||||
_abort "'${SECRETS_DIR}/' is ignored."
|
||||
fi
|
||||
|
||||
mkdir "$SECRETS_DIR" "$SECRETS_DIR_KEYS" "$SECRETS_DIR_PATHS"
|
||||
touch "$SECRETS_DIR_KEYS_MAPPING" "$SECRETS_DIR_PATHS_MAPPING"
|
||||
echo "'${SECRETS_DIR}/' created."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function killperson {
|
||||
_user_required
|
||||
|
||||
if [[ ${#@} -eq 0 ]]; then
|
||||
_abort "email is required."
|
||||
fi
|
||||
|
||||
$GPGLOCAL --batch --yes --delete-key "$1"
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function remove {
|
||||
_user_required
|
||||
|
||||
for item in $@; do
|
||||
if [[ ! -f "$item" ]]; then
|
||||
_abort "$item is not a file."
|
||||
fi
|
||||
|
||||
_delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING"
|
||||
done
|
||||
|
||||
local all=${@}
|
||||
echo "removed from index."
|
||||
echo "ensure that files: [$all] are now not ignored."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_reveal {
|
||||
echo "usage: git secret reveal"
|
||||
echo "unencrypts all the files added by the 'add' command."
|
||||
echo
|
||||
echo " -d specifies --homedir option for gpg."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function reveal {
|
||||
_user_required
|
||||
|
||||
OPTIND=1
|
||||
local homedir=""
|
||||
local passphrase=""
|
||||
|
||||
while getopts "hd:p:" opt; do
|
||||
case "$opt" in
|
||||
h)
|
||||
_show_help_reveal
|
||||
;;
|
||||
|
||||
p)
|
||||
passphrase=$OPTARG
|
||||
;;
|
||||
|
||||
d)
|
||||
homedir=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
local counter=0
|
||||
while read line; do
|
||||
local encrypted_filename=$(_get_encrypted_filename "$line")
|
||||
echo "$line: $encrypted_filename"
|
||||
|
||||
local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt"
|
||||
if [[ ! -z "$homedir" ]]; then
|
||||
base="$base --homedir=$homedir"
|
||||
fi
|
||||
|
||||
if [[ ! -z "$passphrase" ]]; then
|
||||
base="$base --batch --yes --passphrase $passphrase"
|
||||
fi
|
||||
|
||||
$base -o "$line" "$encrypted_filename"
|
||||
|
||||
counter=$((counter+1))
|
||||
done < "$SECRETS_DIR_PATHS_MAPPING"
|
||||
|
||||
echo "done. all $counter files are revealed."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
function tell {
|
||||
_secrets_dir_exists
|
||||
|
||||
# A POSIX variable
|
||||
# Reset in case getopts has been used previously in the shell.
|
||||
OPTIND=1
|
||||
|
||||
local email
|
||||
local homedir
|
||||
|
||||
while getopts "h?md:" opt; do
|
||||
case "$opt" in
|
||||
h|\?)
|
||||
usage
|
||||
;;
|
||||
|
||||
m) # Set email of the git current user:
|
||||
email=$(git config user.email) || email=""
|
||||
|
||||
if [[ -z $email ]]; then
|
||||
_abort "empty email for current git user."
|
||||
else
|
||||
echo "$email is not empty"
|
||||
fi
|
||||
;;
|
||||
|
||||
d)
|
||||
homedir=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
# Custom argument-parsing:
|
||||
if [[ -z $email ]]; then
|
||||
# Email was not set via `-m` and is in $1:
|
||||
email="$1"
|
||||
if [[ -z $email ]]; then
|
||||
_abort "first argument must be an email address."
|
||||
fi
|
||||
shift
|
||||
fi
|
||||
|
||||
# This file will be removed automatically:
|
||||
_temporary_file
|
||||
local keyfile=$filename
|
||||
|
||||
if [[ -z $homedir ]]; then
|
||||
$SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
|
||||
else
|
||||
# It means that homedir is set as an extra argument via `-d`:
|
||||
$SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" --export -a "$email" > "$keyfile"
|
||||
fi
|
||||
|
||||
if [[ ! -s $keyfile ]]; then
|
||||
_abort 'gpg key is empty. check your key name: `gpg --list-keys`.'
|
||||
fi
|
||||
|
||||
# Importing public key to the local keychain:
|
||||
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1
|
||||
|
||||
echo
|
||||
echo "done. $email added as a person who knows the secret."
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function usage {
|
||||
|
||||
if [[ ! -z "$1" ]]; then
|
||||
echo $@
|
||||
fi
|
||||
|
||||
local commands=""
|
||||
local separator="|"
|
||||
|
||||
for com in `compgen -A function`
|
||||
do
|
||||
if [[ ! $com == _* ]]; then
|
||||
commands+="$com$separator"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "usage: git secret [${commands%?}]"
|
||||
exit 0
|
||||
}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# encryption: https://www.gnupg.org/gph/en/manual.html#AEN111
|
||||
# git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
|
||||
# adding files to git on pre_commit hook:
|
||||
# http://stackoverflow.com/questions/3284292/can-a-git-hook-automatically-add-files-to-the-commit
|
||||
|
||||
SCRIPT_DIR=".secrets"
|
||||
|
||||
|
||||
function _check_setup {
|
||||
# Checking git and secret-plugin setup:
|
||||
if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then
|
||||
echo "repository is broken. try running 'git init' or 'git clone'"
|
||||
exit 1
|
||||
_abort "repository is broken. try running 'git init' or 'git clone'."
|
||||
fi
|
||||
|
||||
# Checking gpg setup:
|
||||
local secring="$SECRETS_DIR_KEYS/secring.gpg"
|
||||
if [[ -f $secring ]] && [[ -s $secring ]]; then
|
||||
# secring.gpg is not empty, someone has imported a private key.
|
||||
_abort "it seems that someone has imported a secret key."
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _init_script {
|
||||
# checking for proper set-up:
|
||||
_check_setup
|
||||
|
||||
if [[ $# == 0 ]]; then
|
||||
usage "no input parameters provided."
|
||||
fi
|
||||
|
||||
# checking for proper set-up:
|
||||
_check_setup
|
||||
|
||||
# load dependencies:
|
||||
for f in ${0%/*}/bin/*; do [[ -f "$f" ]] && . "$f"; done
|
||||
# for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done
|
||||
|
||||
# routing the input command:
|
||||
if [[ `_function_exists $1` == 0 ]] && [[ ! $1 == _* ]]; then
|
||||
$1 "${@:2}"
|
||||
else
|
||||
usage "command ${1} not found."
|
||||
usage "command $1 not found."
|
||||
fi
|
||||
}
|
||||
|
||||
set -e
|
||||
_init_script $@
|
||||
|
@ -0,0 +1,161 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Global variables:
|
||||
|
||||
WORKING_DIRECTORY="$PWD"
|
||||
# Folders:
|
||||
SECRETS_DIR=".gitsecret"
|
||||
SECRETS_DIR_KEYS="$SECRETS_DIR/keys"
|
||||
SECRETS_DIR_PATHS="$SECRETS_DIR/paths"
|
||||
|
||||
# Files:
|
||||
SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg"
|
||||
SECRETS_DIR_KEYS_PUBRING="$SECRETS_DIR_KEYS/pubring.gpg"
|
||||
SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg"
|
||||
|
||||
SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg"
|
||||
|
||||
: ${SECRETS_GPG_COMMAND:="gpg"}
|
||||
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
|
||||
|
||||
: ${SECRETS_EXTENSION:=".secret"}
|
||||
|
||||
|
||||
# Inner bash :
|
||||
|
||||
function _function_exists {
|
||||
declare -f -F "$1" > /dev/null
|
||||
echo $?
|
||||
}
|
||||
|
||||
|
||||
# OS based :
|
||||
|
||||
function _os_based {
|
||||
# Pass function name as first parameter.
|
||||
# It will be invoked as os-based function with the postfix.
|
||||
|
||||
case "$(uname -s)" in
|
||||
|
||||
Darwin)
|
||||
$1_osx ${@:2}
|
||||
;;
|
||||
|
||||
Linux)
|
||||
$1_linux ${@:2}
|
||||
;;
|
||||
|
||||
# TODO: add MS Windows support.
|
||||
# CYGWIN*|MINGW32*|MSYS*)
|
||||
# $1_ms ${@:2}
|
||||
# ;;
|
||||
|
||||
*)
|
||||
_abort 'unsupported OS.'
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
||||
# File System :
|
||||
|
||||
function _set_config {
|
||||
# First parameter is the KEY, second is VALUE, third is filename.
|
||||
|
||||
# The exit status is 0 (true) if the name was found, 1 (false) if not:
|
||||
local contains=$(grep -Fq "$1" $3; echo $?)
|
||||
|
||||
if [[ $contains -eq 0 ]]; then
|
||||
_os_based __replace_in_file $@
|
||||
elif [[ $contains -eq 1 ]]; then
|
||||
echo "$1 = $2" >> "$3"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _file_has_line {
|
||||
# First parameter is the KEY, second is the filename.
|
||||
|
||||
local contains=$(grep -qw "$1" "$2"; echo $?)
|
||||
# 0 on contains, 1 for error.
|
||||
echo $contains;
|
||||
}
|
||||
|
||||
|
||||
function _delete_line {
|
||||
_os_based __delete_line $@
|
||||
}
|
||||
|
||||
|
||||
function _temporary_file {
|
||||
# This function creates temporary file
|
||||
# which will be removed on system exit.
|
||||
filename=$(_os_based __temp_file) # is not `local` on purpose.
|
||||
|
||||
trap "echo 'cleaning up...'; rm -f $filename;" EXIT
|
||||
}
|
||||
|
||||
|
||||
function _unique_filename {
|
||||
# First parameter is base-path, second is filename,
|
||||
# third is optional extension.
|
||||
local n=0 result=$2
|
||||
while [[ 1 ]]; do
|
||||
if [[ ! -f "$1/$result" ]]; then
|
||||
break
|
||||
fi
|
||||
|
||||
n=$(( $n + 1 ))
|
||||
result="$2-$n"
|
||||
done
|
||||
echo $result
|
||||
}
|
||||
|
||||
|
||||
# VCS :
|
||||
|
||||
function _check_ignore {
|
||||
git check-ignore -q "$1";
|
||||
echo $?
|
||||
}
|
||||
|
||||
|
||||
# Logic :
|
||||
|
||||
function _abort {
|
||||
>&2 echo "$1 abort."
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
function _secrets_dir_exists {
|
||||
if [[ ! -d $SECRETS_DIR ]]; then
|
||||
_abort "$SECRETS_DIR does not exist."
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _user_required {
|
||||
_secrets_dir_exists
|
||||
|
||||
local error_message="no users found. run 'git secret tell' before adding files."
|
||||
if [[ ! -f "$SECRETS_DIR_KEYS_PUBRING" ]] ||
|
||||
[[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then
|
||||
_abort "$error_message"
|
||||
fi
|
||||
|
||||
local keys_exist=$($GPGLOCAL -n --list-keys)
|
||||
if [[ -z $keys_exist ]]; then
|
||||
_abort "$error_message"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _get_raw_filename {
|
||||
echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##'
|
||||
}
|
||||
|
||||
|
||||
function _get_encrypted_filename {
|
||||
echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")$SECRETS_EXTENSION" | sed -e 's#^\./##'
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function __replace_in_file_linux {
|
||||
sed -i.bak -c "s/^\($1\s*=\s*\).*\$/\1$2/" "$3"
|
||||
}
|
||||
|
||||
|
||||
function __delete_line_linux {
|
||||
sed -i.bak -c "/$1/d" "$2"
|
||||
}
|
||||
|
||||
|
||||
function __temp_file_linux {
|
||||
local filename=$(mktemp)
|
||||
echo "$filename"
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function __replace_in_file_osx {
|
||||
sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3"
|
||||
}
|
||||
|
||||
|
||||
function __delete_line_osx {
|
||||
sed -i.bak "/$1/d" "$2"
|
||||
}
|
||||
|
||||
|
||||
function __temp_file_osx {
|
||||
: "${TMPDIR:=/tmp}"
|
||||
local filename=$(mktemp -t _gitsecrets_ )
|
||||
echo "$filename";
|
||||
}
|
@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function add {
|
||||
_user_required
|
||||
|
||||
local not_ignored=()
|
||||
|
||||
for item in $@; do
|
||||
# Checking if all files in options are ignored:
|
||||
if [[ ! -f $item ]]; then
|
||||
_abort "$item is not a file."
|
||||
fi
|
||||
|
||||
local ignored=$(_check_ignore "$item")
|
||||
if [[ ! $ignored -eq 0 ]]; then
|
||||
# collect unignored files.
|
||||
not_ignored+=("$item")
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ ! ${#not_ignored[@]} -eq 0 ]]; then
|
||||
# and show them all at once.
|
||||
_abort "these files are not ignored: ${not_ignored[@]} ;"
|
||||
fi
|
||||
|
||||
for item in $@; do
|
||||
# adding files into system, skipping duplicates.
|
||||
local already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING")
|
||||
if [[ $already_in -eq 1 ]]; then
|
||||
echo $item >> $SECRETS_DIR_PATHS_MAPPING
|
||||
fi
|
||||
done
|
||||
|
||||
echo "${#@} items added."
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_clean {
|
||||
echo "usage: git secret clean"
|
||||
echo "removes all the hidden files."
|
||||
echo
|
||||
echo " -v shows which files are deleted."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function clean {
|
||||
OPTIND=1
|
||||
|
||||
local verbose=""
|
||||
while getopts "vh" opt; do
|
||||
case "$opt" in
|
||||
v)
|
||||
verbose="v"
|
||||
;;
|
||||
|
||||
h)
|
||||
_show_help_clean
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
[[ ! -z $verbose ]] && echo && echo "cleaing:" || : # bug with custom bash on OSX
|
||||
|
||||
find . -name *$SECRETS_EXTENSION -type f | xargs rm -f$verbose
|
||||
|
||||
[[ ! -z $verbose ]] && echo || : # bug with custom bash on OSX
|
||||
|
||||
}
|
@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_hide {
|
||||
echo "usage: git secret hide"
|
||||
echo "encrypts all the files added by the 'add' command."
|
||||
echo
|
||||
echo " -c clean files before creating new ones."
|
||||
echo " -v shows which files are deleted."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function _optional_clean {
|
||||
OPTIND=1
|
||||
local clean=0
|
||||
local opt_string=""
|
||||
|
||||
while getopts "cvh" opt; do
|
||||
case "$opt" in
|
||||
c) # -c is used for guaranted clean encryption.
|
||||
clean=1
|
||||
;;
|
||||
|
||||
h)
|
||||
_show_help_hide
|
||||
;;
|
||||
|
||||
*)
|
||||
opt_string="$opt_string -$opt"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
if [[ $clean -eq 1 ]]; then
|
||||
clean ${opt_string}
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function hide {
|
||||
_user_required
|
||||
|
||||
_optional_clean $@
|
||||
|
||||
local counter=0
|
||||
while read line; do
|
||||
local encrypted_filename=$(_get_encrypted_filename $line)
|
||||
|
||||
local recipients=$($GPGLOCAL --list-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
|
||||
$GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line"
|
||||
|
||||
counter=$((counter+1))
|
||||
done < $SECRETS_DIR_PATHS_MAPPING
|
||||
|
||||
echo "done. all $counter files are hidden."
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function init {
|
||||
|
||||
if [[ -d "$SECRETS_DIR" ]]; then
|
||||
_abort "already inited."
|
||||
fi
|
||||
|
||||
local ignores=$(_check_ignore "$SECRETS_DIR"/)
|
||||
|
||||
if [[ ! $ignores -eq 1 ]]; then
|
||||
_abort "'${SECRETS_DIR}/' is ignored."
|
||||
fi
|
||||
|
||||
mkdir "$SECRETS_DIR" "$SECRETS_DIR_KEYS" "$SECRETS_DIR_PATHS"
|
||||
touch "$SECRETS_DIR_KEYS_MAPPING" "$SECRETS_DIR_PATHS_MAPPING"
|
||||
echo "'${SECRETS_DIR}/' created."
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function killperson {
|
||||
_user_required
|
||||
|
||||
if [[ ${#@} -eq 0 ]]; then
|
||||
_abort "email is required."
|
||||
fi
|
||||
|
||||
$GPGLOCAL --batch --yes --delete-key "$1"
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function remove {
|
||||
_user_required
|
||||
|
||||
for item in $@; do
|
||||
if [[ ! -f "$item" ]]; then
|
||||
_abort "$item is not a file."
|
||||
fi
|
||||
|
||||
_delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING"
|
||||
done
|
||||
|
||||
local all=${@}
|
||||
echo "removed from index."
|
||||
echo "ensure that files: [$all] are now not ignored."
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
function _show_help_reveal {
|
||||
echo "usage: git secret reveal"
|
||||
echo "unencrypts all the files added by the 'add' command."
|
||||
echo
|
||||
echo " -d specifies --homedir option for gpg."
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
function reveal {
|
||||
_user_required
|
||||
|
||||
OPTIND=1
|
||||
local homedir=""
|
||||
local passphrase=""
|
||||
|
||||
while getopts "hd:p:" opt; do
|
||||
case "$opt" in
|
||||
h)
|
||||
_show_help_reveal
|
||||
;;
|
||||
|
||||
p)
|
||||
passphrase=$OPTARG
|
||||
;;
|
||||
|
||||
d)
|
||||
homedir=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
local counter=0
|
||||
while read line; do
|
||||
local encrypted_filename=$(_get_encrypted_filename "$line")
|
||||
|
||||
local base="$SECRETS_GPG_COMMAND --use-agent -q --decrypt"
|
||||
if [[ ! -z "$homedir" ]]; then
|
||||
base="$base --homedir=$homedir"
|
||||
fi
|
||||
|
||||
if [[ ! -z "$passphrase" ]]; then
|
||||
base="$base --batch --yes --passphrase $passphrase"
|
||||
fi
|
||||
|
||||
$base -o "$line" "$encrypted_filename"
|
||||
|
||||
counter=$((counter+1))
|
||||
done < "$SECRETS_DIR_PATHS_MAPPING"
|
||||
|
||||
echo "done. all $counter files are revealed."
|
||||
}
|
@ -0,0 +1,68 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
function tell {
|
||||
_secrets_dir_exists
|
||||
|
||||
# A POSIX variable
|
||||
# Reset in case getopts has been used previously in the shell.
|
||||
OPTIND=1
|
||||
|
||||
local email
|
||||
local homedir
|
||||
|
||||
while getopts "h?md:" opt; do
|
||||
case "$opt" in
|
||||
h|\?)
|
||||
usage
|
||||
;;
|
||||
|
||||
m) # Set email of the git current user:
|
||||
email=$(git config user.email) || email=""
|
||||
|
||||
if [[ -z $email ]]; then
|
||||
_abort "empty email for current git user."
|
||||
else
|
||||
echo "$email is not empty"
|
||||
fi
|
||||
;;
|
||||
|
||||
d)
|
||||
homedir=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND-1))
|
||||
[ "$1" = "--" ] && shift
|
||||
|
||||
# Custom argument-parsing:
|
||||
if [[ -z $email ]]; then
|
||||
# Email was not set via `-m` and is in $1:
|
||||
email="$1"
|
||||
if [[ -z $email ]]; then
|
||||
_abort "first argument must be an email address."
|
||||
fi
|
||||
shift
|
||||
fi
|
||||
|
||||
# This file will be removed automatically:
|
||||
_temporary_file
|
||||
local keyfile=$filename
|
||||
|
||||
if [[ -z $homedir ]]; then
|
||||
$SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile"
|
||||
else
|
||||
# It means that homedir is set as an extra argument via `-d`:
|
||||
$SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" --export -a "$email" > "$keyfile"
|
||||
fi
|
||||
|
||||
if [[ ! -s $keyfile ]]; then
|
||||
_abort 'gpg key is empty. check your key name: `gpg --list-keys`.'
|
||||
fi
|
||||
|
||||
# Importing public key to the local keychain:
|
||||
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1
|
||||
|
||||
echo
|
||||
echo "done. $email added as a person who knows the secret."
|
||||
}
|
@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# encryption: https://www.gnupg.org/gph/en/manual.html#AEN111
|
||||
# git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
|
||||
# adding files to git on pre_commit hook:
|
||||
# http://stackoverflow.com/questions/3284292/can-a-git-hook-automatically-add-files-to-the-commit
|
||||
|
||||
|
||||
function _check_setup {
|
||||
# Checking git and secret-plugin setup:
|
||||
if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then
|
||||
_abort "repository is broken. try running 'git init' or 'git clone'."
|
||||
fi
|
||||
|
||||
# Checking gpg setup:
|
||||
local secring="$SECRETS_DIR_KEYS/secring.gpg"
|
||||
if [[ -f $secring ]] && [[ -s $secring ]]; then
|
||||
# secring.gpg is not empty, someone has imported a private key.
|
||||
_abort "it seems that someone has imported a secret key."
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function _init_script {
|
||||
# checking for proper set-up:
|
||||
_check_setup
|
||||
|
||||
if [[ $# == 0 ]]; then
|
||||
usage "no input parameters provided."
|
||||
fi
|
||||
|
||||
# load dependencies:
|
||||
# for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done
|
||||
|
||||
# routing the input command:
|
||||
if [[ `_function_exists $1` == 0 ]] && [[ ! $1 == _* ]]; then
|
||||
$1 "${@:2}"
|
||||
else
|
||||
usage "command $1 not found."
|
||||
fi
|
||||
}
|
||||
|
||||
set -e
|
||||
_init_script $@
|
@ -0,0 +1,157 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# This file is following a name convention defined in:
|
||||
# https://github.com/sstephenson/bats
|
||||
|
||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
||||
|
||||
# Constants:
|
||||
|
||||
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
||||
|
||||
# Folders:
|
||||
TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR"
|
||||
TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING"
|
||||
|
||||
TEST_GPG_HOMEDIR="$PWD"
|
||||
# TEST_TEMP_FILE="$BATS_TMPDIR/test_temp"
|
||||
|
||||
# GPG-based stuff:
|
||||
: ${SECRETS_GPG_COMMAND:="gpg"}
|
||||
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
|
||||
|
||||
|
||||
# Personal data:
|
||||
TEST_DEFAULT_USER="user1"
|
||||
|
||||
function test_user_password {
|
||||
echo "${1}pass"
|
||||
}
|
||||
|
||||
|
||||
function test_user_email {
|
||||
echo "${1}@gitsecret.io"
|
||||
}
|
||||
|
||||
|
||||
|
||||
# GPG:
|
||||
|
||||
function _get_gpg_fingerprint_by_email {
|
||||
local email="$1"
|
||||
local fingerprint=`$GPGTEST --list-public-keys --with-fingerprint --with-colons | \
|
||||
sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
|
||||
sed -e '/fpr/!d' | \
|
||||
sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p'`
|
||||
echo $fingerprint
|
||||
}
|
||||
|
||||
|
||||
function install_fixture_key {
|
||||
local public_key="$BATS_TMPDIR/public-${1}.key"
|
||||
local email=`test_user_email "$1"`
|
||||
|
||||
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
||||
--no-permission-warning --output "$public_key" \
|
||||
--armor --batch --yes --export "$email" > /dev/null 2>&1
|
||||
$GPGTEST --import "$public_key" > /dev/null 2>&1
|
||||
rm -f "$public_key"
|
||||
}
|
||||
|
||||
|
||||
function install_fixture_full_key {
|
||||
local private_key="$BATS_TMPDIR/private-${1}.key"
|
||||
local email=`test_user_email "$1"`
|
||||
|
||||
# local fingerprint=`_get_gpg_fingerprint_by_email "$email"`
|
||||
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
||||
--no-permission-warning --output "$private_key" --armor \
|
||||
--yes --export-secret-key "$email" > /dev/null 2>&1
|
||||
|
||||
$GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1
|
||||
|
||||
install_fixture_key "$1"
|
||||
}
|
||||
|
||||
|
||||
function uninstall_fixture_key {
|
||||
local email=`test_user_email "$1"`
|
||||
$GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
function uninstall_fixture_full_key {
|
||||
local email=`test_user_email "$1"`
|
||||
local fingerprint=`_get_gpg_fingerprint_by_email "$email"`
|
||||
$GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1
|
||||
|
||||
uninstall_fixture_key "$1"
|
||||
}
|
||||
|
||||
|
||||
# Git:
|
||||
function git_set_config_email {
|
||||
git config --local user.email "$1"
|
||||
}
|
||||
|
||||
|
||||
function git_restore_default_email {
|
||||
git config --local user.email "$1"
|
||||
}
|
||||
|
||||
|
||||
function remove_git_repository {
|
||||
rm -rf ".git"
|
||||
}
|
||||
|
||||
|
||||
# Git Secret:
|
||||
function set_state_git {
|
||||
git init > /dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
function set_state_secret_init {
|
||||
git secret init > /dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
function set_state_secret_tell {
|
||||
local email=`test_user_email $1`
|
||||
git secret tell -d "$TEST_GPG_HOMEDIR" "$email"
|
||||
}
|
||||
|
||||
|
||||
function set_state_secret_add {
|
||||
local filename="$1"
|
||||
local content="$2"
|
||||
echo "$content" > "$filename"
|
||||
echo "$filename" >> ".gitignore"
|
||||
|
||||
git secret add "$filename"
|
||||
}
|
||||
|
||||
|
||||
function set_state_secret_hide {
|
||||
git secret hide > /dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
function unset_current_state {
|
||||
# states order:
|
||||
# git, secret_init, secret_tell, secret_add, secret_hide
|
||||
|
||||
# unsets `secret_hide`
|
||||
# removes .secret files:
|
||||
git secret clean > /dev/null 2>&1
|
||||
|
||||
# unsets `secret_add`, `secret_tell` and `secret_init`
|
||||
rm -rf "$SECRETS_DIR"
|
||||
rm -rf ".gitignore"
|
||||
|
||||
# unsets `git` state
|
||||
remove_git_repository
|
||||
|
||||
# removes gpg homedir:
|
||||
rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
|
||||
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,78 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
|
||||
function setup {
|
||||
install_fixture_key "$TEST_DEFAULT_USER"
|
||||
set_state_git
|
||||
set_state_secret_init
|
||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||
unset_current_state
|
||||
}
|
||||
|
||||
|
||||
@test "run 'add' for unignored file" {
|
||||
local TEST_FILE='test_file'
|
||||
touch "$TEST_FILE"
|
||||
echo "content" > "$TEST_FILE"
|
||||
|
||||
run git secret add "$TEST_FILE"
|
||||
rm -f "$TEST_FILE"
|
||||
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'add' normally" {
|
||||
local filename="local_file"
|
||||
echo "content" > "$filename"
|
||||
echo "$filename" > ".gitignore"
|
||||
|
||||
run git secret add "$filename"
|
||||
rm -f "$filename" ".gitignore"
|
||||
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
|
||||
[ "$files_list" = "$filename" ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'add' twice for one file" {
|
||||
local filename="local_file"
|
||||
echo "content" > "$filename"
|
||||
echo "$filename" > ".gitignore"
|
||||
|
||||
run git secret add "$filename"
|
||||
run git secret add "$filename"
|
||||
rm -f "$filename" ".gitignore"
|
||||
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "1 items added." ]
|
||||
|
||||
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
|
||||
[ "$files_list" = "$filename" ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'add' for multiple files" {
|
||||
local filename1="local_file1"
|
||||
echo "content1" > "$filename1"
|
||||
echo "$filename1" > ".gitignore"
|
||||
|
||||
local filename2="local_file2"
|
||||
echo "content2" > "$filename2"
|
||||
echo "$filename2" >> ".gitignore"
|
||||
|
||||
run git secret add "$filename1" "$filename2"
|
||||
rm -f "$filename1" "$filename2" ".gitignore"
|
||||
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "2 items added." ]
|
||||
}
|
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
FILE_TO_HIDE="file_to_hide"
|
||||
FILE_CONTENTS="hidden content юникод"
|
||||
|
||||
|
||||
function setup {
|
||||
install_fixture_key "$TEST_DEFAULT_USER"
|
||||
set_state_git
|
||||
set_state_secret_init
|
||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||
set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
uninstall_fixture_key $TEST_DEFAULT_USER
|
||||
unset_current_state
|
||||
rm -f "$FILE_TO_HIDE"
|
||||
}
|
||||
|
||||
|
||||
@test "run 'hide' normally" {
|
||||
run git secret hide
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "done. all 1 files are hidden." ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'hide' with params" {
|
||||
run git secret hide -v -c
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
|
||||
function setup {
|
||||
set_state_git
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
unset_current_state
|
||||
}
|
||||
|
||||
|
||||
@test "run 'init' without .git" {
|
||||
remove_git_repository
|
||||
|
||||
run git secret init
|
||||
[ "$status" -eq 1 ]
|
||||
[ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'init' normally" {
|
||||
run git secret init
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'init' with '.gitsecret' already inited" {
|
||||
mkdir "$SECRETS_DIR"
|
||||
|
||||
run git secret init
|
||||
[ "$output" = "already inited. abort." ]
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
|
||||
function setup {
|
||||
install_fixture_key "$TEST_DEFAULT_USER"
|
||||
set_state_git
|
||||
set_state_secret_init
|
||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||
|
||||
# init_git_repository
|
||||
# git_secret_init
|
||||
# git_secret_tell_test
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||
unset_current_state
|
||||
}
|
||||
|
||||
|
||||
@test "run 'killperson' without arguments" {
|
||||
run git secret killperson
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'killperson' normally" {
|
||||
run git secret killperson "$TEST_DEFAULT_USER"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
@ -0,0 +1,65 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
FILE_TO_HIDE="file_to_hide"
|
||||
FILE_CONTENTS="hidden content юникод"
|
||||
|
||||
|
||||
function setup {
|
||||
install_fixture_full_key "$TEST_DEFAULT_USER"
|
||||
|
||||
set_state_git
|
||||
set_state_secret_init
|
||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||
set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
|
||||
set_state_secret_hide
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
uninstall_fixture_full_key "$TEST_DEFAULT_USER"
|
||||
unset_current_state
|
||||
rm -f "$FILE_TO_HIDE"
|
||||
}
|
||||
|
||||
|
||||
@test "run 'reveal' with password argument" {
|
||||
cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
|
||||
rm -f "$FILE_TO_HIDE"
|
||||
|
||||
local password=`test_user_password "$TEST_DEFAULT_USER"`
|
||||
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
||||
|
||||
[ "$status" -eq 0 ]
|
||||
[ -f "$FILE_TO_HIDE" ]
|
||||
|
||||
cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
|
||||
|
||||
rm -f "${FILE_TO_HIDE}2"
|
||||
}
|
||||
|
||||
|
||||
@test "run 'reveal' with wrong password" {
|
||||
rm -f "$FILE_TO_HIDE"
|
||||
|
||||
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "WRONG"
|
||||
[ "$status" -eq 2 ]
|
||||
[ ! -f "$FILE_TO_HIDE" ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'reveal' for attacker" {
|
||||
rm -f "$FILE_TO_HIDE"
|
||||
|
||||
local attacker="attacker1"
|
||||
install_fixture_full_key "$attacker"
|
||||
|
||||
local password=`test_user_password "$attacker"`
|
||||
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
||||
|
||||
[ "$status" -eq 2 ]
|
||||
[ ! -f "$FILE_TO_HIDE" ]
|
||||
|
||||
uninstall_fixture_full_key "$attacker"
|
||||
}
|
@ -0,0 +1,69 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
|
||||
function setup {
|
||||
install_fixture_key $TEST_DEFAULT_USER
|
||||
set_state_git
|
||||
set_state_secret_init
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||
unset_current_state
|
||||
}
|
||||
|
||||
|
||||
function git_secret_tell_test {
|
||||
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
||||
}
|
||||
|
||||
|
||||
@test "fail on no users" {
|
||||
run _user_required
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "fail on secret-key imported" {
|
||||
local private_key="$SECRETS_DIR_KEYS/secring.gpg"
|
||||
echo "private key" > "$private_key"
|
||||
[ -s "$private_key" ]
|
||||
|
||||
run git_secret_tell_test
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'tell' without '.gitsecret'" {
|
||||
rm -rf "$SECRETS_DIR"
|
||||
|
||||
run git_secret_tell_test
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'tell' without arguments" {
|
||||
run git secret tell
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'tell' normally" {
|
||||
run git_secret_tell_test
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
run _user_required
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'tell -m'" {
|
||||
email=`test_user_email $TEST_DEFAULT_USER`
|
||||
|
||||
git_set_config_email "$email"
|
||||
run git secret tell -d "$TEST_GPG_HOMEDIR" -m
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
@ -0,0 +1,27 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load _test_base
|
||||
|
||||
|
||||
function setup {
|
||||
set_state_git
|
||||
}
|
||||
|
||||
|
||||
function teardown {
|
||||
unset_current_state
|
||||
}
|
||||
|
||||
|
||||
@test "run 'usage'" {
|
||||
run git secret usage
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'usage' without '.git'" {
|
||||
remove_git_repository
|
||||
|
||||
run git secret usage
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
Loading…
Reference in New Issue