From 86a214574d09c3f4a606cf5aac6d0871a204ee56 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sat, 12 Mar 2016 22:21:04 +0300 Subject: [PATCH 1/4] debian/ubuntu packages --- Makefile | 35 +++++++++++++++++++++--- README.md | 2 +- man/man1/git-secret.7.ronn | 2 +- src/_utils/_git_secret_tools.sh | 2 ++ src/main.sh | 18 ++++++++++--- utils/build-deb.sh | 47 +++++++++++++++++++++++++++++++++ utils/post-commit.sh | 9 ++++++- 7 files changed, 105 insertions(+), 10 deletions(-) create mode 100755 utils/build-deb.sh diff --git a/Makefile b/Makefile index 63552ca2..348a1aeb 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,7 @@ +# +# Building: +# + all: build git-secret: src/_utils/* src/commands/* src/main.sh @@ -9,6 +13,10 @@ clean: build: git-secret +# +# Testing: +# + install-test: git clone https://github.com/sstephenson/bats.git vendor/bats @@ -19,16 +27,24 @@ test: rm -rf temp; mkdir temp; cd temp; \ bats "../tests"; -install-man: - gem install ronn +# +# Manuals: +# + +install-ronn: + @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi build-man: - @if [ ! `gem list ronn -i` == "true" ]; then make install-man; fi + @make install-ronn ronn --roff man/man1/*.ronn build-gh-pages: @/usr/bin/env bash utils/gh-branch.sh +# +# Development: +# + install-hooks: @# pre-commit: @ln -fs "${PWD}/utils/pre-commit.sh" "${PWD}/.git/hooks/pre-commit" @@ -38,3 +54,16 @@ install-hooks: @chmod +x "${PWD}/.git/hooks/post-commit" develop: clean build install-hooks + +# +# Packaging: +# + +install-fpm: + @if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi + +build-deb: clean build + @make install-fpm + @chmod +x "${PWD}/utils/build-deb.sh" + @"./utils/build-deb.sh" + diff --git a/README.md b/README.md index 2850bff2..b48066b3 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ This project is still under development. Current objectives: ## Testing For testing this project uses [`bats`](1). You can install it by running `make install-test`. -To run tests call: `make test`. It will download and install `bats` into `vandor/bats` if it's not installed yet. +To run tests call: `make test`. It will download and install `bats` into `vendor/bats` if it's not installed yet. [1]: https://github.com/sstephenson/bats diff --git a/man/man1/git-secret.7.ronn b/man/man1/git-secret.7.ronn index f999c990..82914b9b 100644 --- a/man/man1/git-secret.7.ronn +++ b/man/man1/git-secret.7.ronn @@ -9,7 +9,7 @@ There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately? 1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit. -2. When building the automated deploment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. +2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. ### How does `git-secret` solve these problems? diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 21da88ca..d1a1adf8 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +GITSECRET_VERSION="0.1.0" + # Global variables: WORKING_DIRECTORY="$PWD" diff --git a/src/main.sh b/src/main.sh index 52573a46..011c88b4 100755 --- a/src/main.sh +++ b/src/main.sh @@ -29,19 +29,29 @@ function _incorrect_usage { } -function _init_script { - # checking for proper set-up: - _check_setup +function _show_version { + echo "$GITSECRET_VERSION" + exit 0 +} + +function _init_script { if [[ $# == 0 ]]; then _incorrect_usage "no input parameters provided." 126 fi + if [[ $1 == "--version" ]]; then + _show_version + fi + + # checking for proper set-up: + _check_setup + # load dependencies: # for f in ${0%/*}/src/*/*; do [[ -f "$f" ]] && . "$f"; done # routing the input command: - if [[ $(_function_exists "$1") == 0 ]] && [[ ! $1 == _* ]]; then + if [[ $(_function_exists $1) == 0 ]] && [[ ! $1 == _* ]]; then $1 "${@:2}" else _incorrect_usage "command $1 not found." 126 diff --git a/utils/build-deb.sh b/utils/build-deb.sh new file mode 100755 index 00000000..7a866849 --- /dev/null +++ b/utils/build-deb.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +set -e + +# Initializing and settings: +READ_PEM=0744 +EXEC_PEM=0755 + +SCRIPT_NAME="git-secret" +SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." +SCRIPT_VERSION=$(bash ${PWD}/git-secret --version) +: ${SCRIPT_EPOCH:=0} +: ${SCRIPT_ITERATION:=1} + +if [[ -z "$SCRIPT_BUILD_DIR" ]]; then + SCRIPT_BUILD_DIR="${HOME}/debbuild-${SCRIPT_NAME}" +fi + +SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/installroot" + +# Preparing the files +rm -rf "$SCRIPT_BUILD_DIR" +mkdir -p "$SCRIPT_DEST_DIR" + +# Coping the files inside the build folder: +install -b -m "$EXEC_PEM" "git-secret" "${SCRIPT_DEST_DIR}/git-secret" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/man/man1" +for file in man/man1/* ; do + if [[ "$file" == *.ronn ]]; then + continue + fi + + install -b -m "$READ_PEM" "$file" "${SCRIPT_DEST_DIR}/${file}" +done + +# Building .deb package: +cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ + -a all \ + -n "$SCRIPT_NAME" \ + -d git \ + -d gpg \ + --epoch "$SCRIPT_EPOCH" \ + --version "$SCRIPT_VERSION" \ + --iteration "$SCRIPT_ITERATION" \ + --description="$SCRIPT_DESCRIPTION" \ + -C "$SCRIPT_DEST_DIR" \ + . diff --git a/utils/post-commit.sh b/utils/post-commit.sh index 836d81a7..f37496e7 100755 --- a/utils/post-commit.sh +++ b/utils/post-commit.sh @@ -4,7 +4,14 @@ set -e BRANCH_NAME=$(git branch | grep '*' | sed 's/* //') -if [[ $BRANCH_NAME == 'master' ]]; then +if [[ "$BRANCH_NAME" == 'master' ]]; then # Build new web documentation: make build-gh-pages + + # create new release: + NEWEST_TAG=$(git describe --abbrev=0 --tags) + SCRIPT_VERSION=$(git secret --version) + if [[ "$NEWEST_TAG" != "$SCRIPT_VERSION" ]]; then + git tag -a "$SCRIPT_VERSION" -m "version $SCRIPT_VERSION" + fi fi From 73a6e041fad238a0b6213ac077ef8a79594ff599 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 00:35:05 +0300 Subject: [PATCH 2/4] fixed .deb package creation --- Makefile | 2 ++ src/commands/git_secret_reveal.sh | 6 +++--- tests/test_main.bats | 6 ++++++ utils/build-deb.sh | 16 +++++++--------- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 348a1aeb..b1ed3bf2 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ +SHELL:=/usr/bin/env bash + # # Building: # diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 973ddab5..6143a0eb 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -32,11 +32,11 @@ function reveal { fi if [[ ! -z "$passphrase" ]]; then - base="$base --batch --yes --passphrase $passphrase" + echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 -o "$line" "$encrypted_filename" + else + $base -o "$line" "$encrypted_filename" fi - $base -o "$line" "$encrypted_filename" - counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" diff --git a/tests/test_main.bats b/tests/test_main.bats index f52e9daa..6a1d5838 100644 --- a/tests/test_main.bats +++ b/tests/test_main.bats @@ -23,3 +23,9 @@ function teardown { run git secret notacommand [ "$status" -eq 126 ] } + + +@test "run 'git secret --version'" { + run git secret --version + [ "$output" == "$GITSECRET_VERSION" ] +} diff --git a/utils/build-deb.sh b/utils/build-deb.sh index 7a866849..e62eaf4e 100755 --- a/utils/build-deb.sh +++ b/utils/build-deb.sh @@ -3,7 +3,7 @@ set -e # Initializing and settings: -READ_PEM=0744 +READ_PEM=0644 EXEC_PEM=0755 SCRIPT_NAME="git-secret" @@ -23,22 +23,20 @@ rm -rf "$SCRIPT_BUILD_DIR" mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: -install -b -m "$EXEC_PEM" "git-secret" "${SCRIPT_DEST_DIR}/git-secret" -install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/man/man1" +install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" for file in man/man1/* ; do - if [[ "$file" == *.ronn ]]; then - continue - fi + if [[ "$file" == *.ronn ]]; then + continue + fi - install -b -m "$READ_PEM" "$file" "${SCRIPT_DEST_DIR}/${file}" + install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/${file}" done # Building .deb package: cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ -a all \ -n "$SCRIPT_NAME" \ - -d git \ - -d gpg \ --epoch "$SCRIPT_EPOCH" \ --version "$SCRIPT_VERSION" \ --iteration "$SCRIPT_ITERATION" \ From 455cfc468b0f3e0855684fdb1af2c74b26442d62 Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 12:14:28 +0300 Subject: [PATCH 3/4] man7 created & install.sh working --- Makefile | 11 ++++++--- man/{man1 => man7}/git-secret.7 | 4 +-- man/{man1 => man7}/git-secret.7.ronn | 0 utils/build-deb.sh | 3 +++ utils/install.sh | 37 ++++++++++++++++++++++++++++ 5 files changed, 50 insertions(+), 5 deletions(-) rename man/{man1 => man7}/git-secret.7 (95%) rename man/{man1 => man7}/git-secret.7.ronn (100%) create mode 100755 utils/install.sh diff --git a/Makefile b/Makefile index b1ed3bf2..f47438cf 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ SHELL:=/usr/bin/env bash +PREFIX?="/usr" # # Building: @@ -15,6 +16,10 @@ clean: build: git-secret +install: clean build + @chmod +x "./utils/install.sh" + @sudo "./utils/install.sh" "$(PREFIX)" + # # Testing: # @@ -38,10 +43,10 @@ install-ronn: build-man: @make install-ronn - ronn --roff man/man1/*.ronn + ronn --roff man/*/*.ronn build-gh-pages: - @/usr/bin/env bash utils/gh-branch.sh + @"./utils/gh-branch.sh" # # Development: @@ -66,6 +71,6 @@ install-fpm: build-deb: clean build @make install-fpm - @chmod +x "${PWD}/utils/build-deb.sh" + @chmod +x "./utils/build-deb.sh" @"./utils/build-deb.sh" diff --git a/man/man1/git-secret.7 b/man/man7/git-secret.7 similarity index 95% rename from man/man1/git-secret.7 rename to man/man7/git-secret.7 index 929c1aee..6b15b102 100644 --- a/man/man1/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "February 2016" "" "" +.TH "GIT\-SECRET" "7" "March 2016" "" "" . .SH "NAME" \fBgit\-secret\fR @@ -26,7 +26,7 @@ There\'s a known problem in server configuration and deploying, when you have to These files are not version controlled\. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed\. And you can not tell for sure which version of the configuration file was used with each commit\. . .IP "2." 4 -When building the automated deploment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. +When building the automated deployment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. . .IP "" 0 . diff --git a/man/man1/git-secret.7.ronn b/man/man7/git-secret.7.ronn similarity index 100% rename from man/man1/git-secret.7.ronn rename to man/man7/git-secret.7.ronn diff --git a/utils/build-deb.sh b/utils/build-deb.sh index e62eaf4e..e20af392 100755 --- a/utils/build-deb.sh +++ b/utils/build-deb.sh @@ -25,6 +25,7 @@ mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: install -D -T -b -m "$EXEC_PEM" -T "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" +install -m "$READ_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.ronn ]]; then continue @@ -32,6 +33,8 @@ for file in man/man1/* ; do install -D -T -b -m "$READ_PEM" -T "$file" "${SCRIPT_DEST_DIR}/usr/share/${file}" done +install -D -T -b -m "$READ_PEM" -T "man/man7/git-secret.7" \ + "${SCRIPT_DEST_DIR}/usr/share/man/man7/git-secret.7" # Building .deb package: cd "$SCRIPT_DEST_DIR" && fpm -s dir -t deb \ diff --git a/utils/install.sh b/utils/install.sh new file mode 100755 index 00000000..89e006d0 --- /dev/null +++ b/utils/install.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set -e + +# Credit goes to: +# https://github.com/sstephenson/bats/blob/master/install.sh +resolve_link() { + $(type -p greadlink readlink | head -1) "$1" +} + +abs_dirname() { + local cwd="$(pwd)" + local path="$1" + + while [ -n "$path" ]; do + cd "${path%/*}" + local name="${path##*/}" + path="$(resolve_link "$name" || true)" + done + + pwd + cd "$cwd" +} + +PREFIX="$1" +if [ -z "$PREFIX" ]; then + echo "usage: $0 " >&2 + exit 1 +fi + +SCRIPT_ROOT="$(dirname $(abs_dirname "$0"))" + +mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 +cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret +cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 +cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 + +echo "Installed git-secret to $PREFIX/bin/git-secret" From c78bc099a76604e1f0eb9317170473bf12c92d3e Mon Sep 17 00:00:00 2001 From: elinamorits Date: Sun, 13 Mar 2016 13:06:18 +0300 Subject: [PATCH 4/4] prerelease --- README.md | 20 ++++++++++++++------ man/man7/git-secret.7.ronn | 23 ++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b48066b3..1869d6a8 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,14 @@ ![git-secret terminal preview](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/gitsecret_terminal.gif) -## Installation and Usage +## Usage See the [git-secret site](https://sobolevn.github.io/git-secret/). +## Installation + +See the [installation section](https://sobolevn.github.io/git-secret/#installation). + ## Status This project is still under development. Current objectives: @@ -17,15 +21,19 @@ This project is still under development. Current objectives: - add `trust-model` parameter to `git-secret-hide` - autocomplete for `zsh` plugin - extra tests -- precompiled distributions for `brew` and other package managers -- create `CONTRIBUTING.md` with custom styleguide, refactor code due to styleguide +- precompiled distribution for `RPM` +- integrate [`shellcheck`](https://github.com/koalaman/shellcheck) for code style tests +- create `CONTRIBUTING.md` with development process explained - сygwin support (?) - ## Testing -For testing this project uses [`bats`](1). You can install it by running `make install-test`. +For testing this project uses [`bats`](https://github.com/sstephenson/bats). You can install it by running `make install-test`. To run tests call: `make test`. It will download and install `bats` into `vendor/bats` if it's not installed yet. -[1]: https://github.com/sstephenson/bats +## Changelog + +### Version 0.1.0 + +- Initial release diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 82914b9b..67804e35 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -39,18 +39,31 @@ You can add you platform to this list, if all the tests passes for you. There are several ways to install `git-secret`: -**The hard way** +**Brew** -1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `cd git-secret && make build` -3. Move `git-secret` file and `man/` folder somewhere inside your `$PATH`, or extend your `$PATH` to contain `git-secret` file and `man/` folder +1. Run `brew install sobolevn/tap/git-secret` **`antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems)** 1. Add line `antigen bundle sobolevn/git-secret` to your `.zshrc` 2. Run `source ~/.zshrc` or reopen the terminal -`brew` and `fpm` support is planned. +**`make install`** + +1. Download the latest realease [here](https://github.com/sobolevn/git-secret/releases) +2. Unpack and run `make install PREFIX="your/installation/path"`, note that this command may require `sudo` + +**The hard way** + +1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` +2. Run `cd git-secret && make build` +3. Move `git-secret` file and `man/` folder somewhere inside your `$PATH`, or extend your `$PATH` to contain `git-secret` file and `man/` folder + +**Local `.deb` package** + +1. Download the latest realease [here](https://github.com/sobolevn/git-secret/releases) +2. Unpack, and run `make build-deb`, it is possible to set the output folder with `$SCRIPT_BUILD_DIR` variable. +3. Install the local `.deb` package with `dpkp -i git-secret-package-name.deb`, note that this command may require `sudo` and the package name will be different ## Usage These steps cover the basic process of using `git-secret`: