Issue 516 verbose on errors (#518)

* add error info on errors listing keys * move bash $TMPDIR initialization earlier * show gpg output if hide encryption fails * update changelog * fix typos * improve messaging when reveal and tell are done * simplify logic, fix typo in error message
5 years ago · 95b5b320fc
parent 701497df9d
commit 95b5b320fc
8 changed files with 25 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@
 ### Features

 - Support SECRETS_PINENTRY env var for gnupg --pinentry-mode parameter (#221)
+- If 'hide' fails, show output from gnupg (#516)

 ### Bugfixes

--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@ -28,6 +28,8 @@ fi
 : "${SECRETS_OCTAL_PERMS_COMMAND:="_os_based __get_octal_perms"}"
 : "${SECRETS_EPOCH_TO_DATE:="_os_based __epoch_to_date"}"

+# Temp Dir
+: "${TMPDIR:=/tmp}"

 # AWK scripts:
 # shellcheck disable=2016
@ -548,15 +550,16 @@ function _user_required {
  local keys_exist
  keys_exist=$($SECRETS_GPG_COMMAND --homedir "$secrets_dir_keys" --no-permission-warning -n --list-keys 3>&-)
  local exit_code=$?
+  if [[ -z "$keys_exist" ]]; then
+    _abort "$error_message"
+  fi
  if [[ "$exit_code" -ne 0 ]]; then
    # this might catch corner case where gpg --list-keys shows 
    # 'gpg: skipped packet of type 12 in keybox' warnings but succeeds? 
    # See #136
+    echo "$keys_exist"	# show whatever _did_ come out of gpg
    _abort "problem listing public keys with gpg: exit code $exit_code"
  fi
-  if [[ -z "$keys_exist" ]]; then
-    _abort "$error_message"
-  fi
 }

 # note: this has the same 'username matching' issue described in 
--- a/src/_utils/_git_secret_tools_freebsd.sh
+++ b/src/_utils/_git_secret_tools_freebsd.sh
@ -10,7 +10,6 @@ function __replace_in_file_freebsd {


 function __temp_file_freebsd {
-  : "${TMPDIR:=/tmp}"
  local filename
  # man mktemp on FreeBSD:
  # ...
--- a/src/_utils/_git_secret_tools_linux.sh
+++ b/src/_utils/_git_secret_tools_linux.sh
@ -8,7 +8,6 @@ function __replace_in_file_linux {


 function __temp_file_linux {
-  : "${TMPDIR:=/tmp}"
  local filename
  # man mktemp on CentOS 7:
  # mktemp [OPTION]... [TEMPLATE]
--- a/src/_utils/_git_secret_tools_osx.sh
+++ b/src/_utils/_git_secret_tools_osx.sh
@ -8,7 +8,6 @@ function __replace_in_file_osx {


 function __temp_file_osx {
-  : "${TMPDIR:=/tmp}"
  local filename
  # man mktemp on OSX: 
  # ...
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@ -109,7 +109,7 @@ function hide {
  [ "$1" = '--' ] && shift

  if [ $# -ne 0 ]; then 
-    _abort "clean does not understand params: $*"
+    _abort "hide does not understand params: $*"
  fi

  # We need user to continue:
@ -170,22 +170,28 @@ function hide {

        set +e   # disable 'set -e' so we can capture exit_code

-        if [[ -n "$_SECRETS_VERBOSE" ]]; then
-      	  # see https://github.com/bats-core/bats-core#file-descriptor-3-read-this-if-bats-hangs for info about 3>&-
-          # on at least some platforms, this doesn't output anything unless there's a warning or error
-          $SECRETS_GPG_COMMAND "${args[@]}" 3>&-
-        else 
-          $SECRETS_GPG_COMMAND "${args[@]}" > /dev/null 2>&1 3>&-
-        fi
+     	  # see https://github.com/bats-core/bats-core#file-descriptor-3-read-this-if-bats-hangs for info about 3>&-
+        local gpg_output
+        gpg_output=$($SECRETS_GPG_COMMAND "${args[@]}" 3>&-)  # we leave stderr alone
        local exit_code=$?

        set -e  # re-enable set -e

+        local error=0
        if [[ "$exit_code" -ne 0 ]] || [[ ! -f "$output_path" ]]; then
+          error=1 
+        fi
+
+        if [[ "$error" -ne 0 ]] || [[ -n "$_SECRETS_VERBOSE" ]]; then
+          if [[ -n "$gpg_output" ]]; then
+            echo "$gpg_output"
+          fi  
+        fi
+
+        if [[ ! -f "$output_path" ]]; then
          # if gpg can't encrypt a file we asked it to, that's an error unless in force_continue mode.
          _warn_or_abort "problem encrypting file with gpg: exit code $exit_code: $filename" "$exit_code" "$force_continue"
-        fi
-        if [[ -f "$output_path" ]]; then
+        else
          counter=$((counter+1))
          if [[ "$preserve" == 1 ]]; then
            local perms
--- a/src/commands/git_secret_reveal.sh
+++ b/src/commands/git_secret_reveal.sh
@ -75,5 +75,5 @@ function reveal {
  
  done

-  echo "git-secret: done. $counter of ${#to_show[@]} files are revealed."
+  _message "done. $counter of ${#to_show[@]} files are revealed."
 }
--- a/src/commands/git_secret_tell.sh
+++ b/src/commands/git_secret_tell.sh
@ -114,7 +114,7 @@ function tell {
    fi
  done

-  echo "done. ${emails[*]} added as someone who know(s) the secret."
+  _message "done. ${emails[*]} added as user(s) who know the secret."

  # force re-encrypting of files if required
  local fsdb