From 2e7d6a12a5f80a9d0efe993cd46d12e729309576 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 16:13:06 -0400 Subject: [PATCH 01/17] add -c (preserve permission) option to reveal. For #172 --- man/man1/git-secret-reveal.1.ronn | 3 ++- src/commands/git_secret_reveal.sh | 11 ++++++++++- tests/test_reveal.bats | 10 ++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index 5afb1f9a..22d4f150 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -3,7 +3,7 @@ git-secret-reveal - decrypts all added files. ## SYNOPSIS - git secret reveal [-f] [-d dir] [-p password] + git secret reveal [-f] [-c] [-d dir] [-p password] ## DESCRIPTION @@ -18,6 +18,7 @@ Under the hood, this uses the `gpg --decrypt` command. -f - forces to overwrite existing files without prompt. -d - specifies `--homedir` option for the `gpg`, basically use this option if you store your keys in a custom location. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. + -c - attempts to set decrypted file to same permissions as encrypted file (normally would be -p but that's used above). -h - shows help. diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 633e14eb..a1826441 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -5,15 +5,18 @@ function reveal { local homedir='' local passphrase='' local force=0 + local chmod=0 OPTIND=1 - while getopts 'hfd:p:' opt; do + while getopts 'chfd:p:' opt; do case "$opt" in h) _show_manual_for 'reveal';; f) force=1;; + c) chmod=1;; + p) passphrase=$OPTARG;; d) homedir=$OPTARG;; @@ -46,6 +49,12 @@ function reveal { _abort "cannot find decrypted version of file: $filename" fi + if [[ "$chmod" ]]; then + local perms + perms=$(stat -f "%Op" "$filename") + chmod "$perms" "$path" + fi + counter=$((counter+1)) done < "$path_mappings" diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index f8bcba9f..7f4cfb92 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -55,6 +55,16 @@ function teardown { } +@test "run 'reveal' with '-c'" { + rm "$FILE_TO_HIDE" + + local password=$(test_user_password "$TEST_DEFAULT_USER") + run git secret reveal -c -d "$TEST_GPG_HOMEDIR" -p "$password" + + [ "$status" -eq 0 ] + [ -f "$FILE_TO_HIDE" ] +} + @test "run 'reveal' with wrong password" { rm "$FILE_TO_HIDE" From ffc50acd6a71225b66d63d158b39080f3f588fda Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 21:28:33 -0400 Subject: [PATCH 02/17] add os-based versions of get_octal_perms --- src/_utils/_git_secret_tools.sh | 6 ++++++ src/_utils/_git_secret_tools_linux.sh | 6 ++++++ src/_utils/_git_secret_tools_osx.sh | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 0d23e565..0afb7490 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -16,6 +16,7 @@ _SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg" # Commands: : "${SECRETS_GPG_COMMAND:="gpg"}" : "${SECRETS_CHECKSUM_COMMAND:="_os_based __sha256"}" +: "${SECRETS_OCTAL_PERMS_COMMAND:="_os_based __get_octal_perms"}" # AWK scripts: @@ -204,6 +205,11 @@ function _unique_filename { echo "$result" } +#function _get_octal_perms { +# local file=$1 +# perms=$(stat -f "'%a'" "$filename") +#} + # Helper function diff --git a/src/_utils/_git_secret_tools_linux.sh b/src/_utils/_git_secret_tools_linux.sh index 5e18a8b3..6a59c31b 100644 --- a/src/_utils/_git_secret_tools_linux.sh +++ b/src/_utils/_git_secret_tools_linux.sh @@ -16,3 +16,9 @@ function __temp_file_linux { function __sha256_linux { sha256sum "$1" } + +function __get_octal_perms_linux { + local file=$1 + perms=$(stat --format "'%a'" "$filename") + echo "$perms" +} diff --git a/src/_utils/_git_secret_tools_osx.sh b/src/_utils/_git_secret_tools_osx.sh index 8588b18f..e5ce8e86 100644 --- a/src/_utils/_git_secret_tools_osx.sh +++ b/src/_utils/_git_secret_tools_osx.sh @@ -18,3 +18,9 @@ function __temp_file_osx { function __sha256_osx { /usr/bin/shasum -a256 "$1" } +function __get_octal_perms_osx { + local file=$1 + local perms + perms=$(stat -f "'%p'" "$filename") + echo "$perms" +} From fda5a0ad21be2e6a096f01c9a8af57ea91c9a8f1 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 21:29:01 -0400 Subject: [PATCH 03/17] fixes and debug for 'reveal -c' option --- src/commands/git_secret_reveal.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index a1826441..f2ad57be 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -49,10 +49,15 @@ function reveal { _abort "cannot find decrypted version of file: $filename" fi - if [[ "$chmod" ]]; then + if [[ "$chmod" == 1 ]]; then local perms - perms=$(stat -f "%Op" "$filename") - chmod "$perms" "$path" + perms=$($SECRETS_OCTAL_PERMS_COMMAND "$filename") + + echo "# octal_perms_command: $SECRETS_OCTAL_PERMS_COMMAND" >&3 + echo "# filename is '$filename', path is '$path'" >&3 + echo "# NOT running: chmod $perms $path" >&3 + + #chmod "$perms" "$path" fi counter=$((counter+1)) From 2a1a8cb58b869c48adf7da118333a7c1c934d67d Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 21:41:04 -0400 Subject: [PATCH 04/17] fixes for lint and typo --- src/_utils/_git_secret_tools_linux.sh | 8 +++++--- src/_utils/_git_secret_tools_osx.sh | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/_utils/_git_secret_tools_linux.sh b/src/_utils/_git_secret_tools_linux.sh index 6a59c31b..6daf4abd 100644 --- a/src/_utils/_git_secret_tools_linux.sh +++ b/src/_utils/_git_secret_tools_linux.sh @@ -18,7 +18,9 @@ function __sha256_linux { } function __get_octal_perms_linux { - local file=$1 - perms=$(stat --format "'%a'" "$filename") - echo "$perms" + local filename + filename=$1 + local perms + perms=$(stat --format "'%a'" "$filename") + echo "$perms" } diff --git a/src/_utils/_git_secret_tools_osx.sh b/src/_utils/_git_secret_tools_osx.sh index e5ce8e86..f0dd2246 100644 --- a/src/_utils/_git_secret_tools_osx.sh +++ b/src/_utils/_git_secret_tools_osx.sh @@ -19,7 +19,8 @@ function __sha256_osx { /usr/bin/shasum -a256 "$1" } function __get_octal_perms_osx { - local file=$1 + local filename + filename=$1 local perms perms=$(stat -f "'%p'" "$filename") echo "$perms" From 505428f837b8524ac216de09326764edb43ed752 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 22:41:32 -0400 Subject: [PATCH 05/17] quoting fixes --- src/_utils/_git_secret_tools_linux.sh | 2 +- src/_utils/_git_secret_tools_osx.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_utils/_git_secret_tools_linux.sh b/src/_utils/_git_secret_tools_linux.sh index 6daf4abd..291b8b2d 100644 --- a/src/_utils/_git_secret_tools_linux.sh +++ b/src/_utils/_git_secret_tools_linux.sh @@ -21,6 +21,6 @@ function __get_octal_perms_linux { local filename filename=$1 local perms - perms=$(stat --format "'%a'" "$filename") + perms=$(stat --format '%a' "$filename") echo "$perms" } diff --git a/src/_utils/_git_secret_tools_osx.sh b/src/_utils/_git_secret_tools_osx.sh index f0dd2246..52d669d5 100644 --- a/src/_utils/_git_secret_tools_osx.sh +++ b/src/_utils/_git_secret_tools_osx.sh @@ -22,6 +22,6 @@ function __get_octal_perms_osx { local filename filename=$1 local perms - perms=$(stat -f "'%p'" "$filename") + perms=$(stat -f '%p' "$filename") echo "$perms" } From a86e6ec552e0d9e8a4646d3ae151125b14cc9373 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 22:41:57 -0400 Subject: [PATCH 06/17] remove unused code --- src/_utils/_git_secret_tools.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 0afb7490..8e9bc82d 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -205,11 +205,6 @@ function _unique_filename { echo "$result" } -#function _get_octal_perms { -# local file=$1 -# perms=$(stat -f "'%a'" "$filename") -#} - # Helper function From d73e1081be8877d949526549c2169e50b349a2d2 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 22:43:06 -0400 Subject: [PATCH 07/17] cleanup --- src/commands/git_secret_reveal.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index f2ad57be..c05a3079 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -50,14 +50,10 @@ function reveal { fi if [[ "$chmod" == 1 ]]; then - local perms - perms=$($SECRETS_OCTAL_PERMS_COMMAND "$filename") + local perms + perms=$($SECRETS_OCTAL_PERMS_COMMAND "$filename") - echo "# octal_perms_command: $SECRETS_OCTAL_PERMS_COMMAND" >&3 - echo "# filename is '$filename', path is '$path'" >&3 - echo "# NOT running: chmod $perms $path" >&3 - - #chmod "$perms" "$path" + chmod $perms "$path" fi counter=$((counter+1)) From eb528df301c03139cbd3b9db8323c3d7b3da80a0 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 22:43:37 -0400 Subject: [PATCH 08/17] test permissions --- tests/test_reveal.bats | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 7f4cfb92..2fa633ed 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -62,6 +62,15 @@ function teardown { run git secret reveal -c -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] + + local perm1 + local perm2 + perm1=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) + perm2=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) + echo "# perm1: $perm1, perm2: $perm2" >&3 + + [ "$perm1" = "$perm2" ] + [ -f "$FILE_TO_HIDE" ] } From cfdca85469de078aa19c3acf92aab16bf58702a9 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 23:13:12 -0400 Subject: [PATCH 09/17] fixes, use _get_encrypted_filename, show TAP diag output --- src/commands/git_secret_reveal.sh | 10 ++++++++-- tests/test_reveal.bats | 12 ++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index c05a3079..5153d370 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -50,10 +50,16 @@ function reveal { fi if [[ "$chmod" == 1 ]]; then + local secret_file + secret_file=$(_get_encrypted_filename "$path") local perms - perms=$($SECRETS_OCTAL_PERMS_COMMAND "$filename") + perms=$($SECRETS_OCTAL_PERMS_COMMAND "$secret_file") - chmod $perms "$path" + echo "# octal_perms_command: $SECRETS_OCTAL_PERMS_COMMAND" >&3 + echo "# filename is '$filename', path is '$path'" >&3 + echo "# running: chmod '$perms' '$path'" >&3 + + chmod "$perms" "$path" fi counter=$((counter+1)) diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 2fa633ed..d4882ad6 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -59,17 +59,21 @@ function teardown { rm "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") + + local secret_file=$(_get_encrypted_filename "$FILE_TO_HIDE") + chmod o-rwx "$secret_file" + run git secret reveal -c -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] local perm1 local perm2 - perm1=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) - perm2=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) - echo "# perm1: $perm1, perm2: $perm2" >&3 + secret_perm=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) + file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) + echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 - [ "$perm1" = "$perm2" ] + [ "$secret_perm" = "$file_perm" ] [ -f "$FILE_TO_HIDE" ] } From a090bbddacc6ae35c030a5570b02623f37ebdbe3 Mon Sep 17 00:00:00 2001 From: joshr Date: Sun, 22 Jul 2018 23:16:01 -0400 Subject: [PATCH 10/17] fix --- tests/test_reveal.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index d4882ad6..858dec87 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -67,8 +67,8 @@ function teardown { [ "$status" -eq 0 ] - local perm1 - local perm2 + local secret_perm + local file_perm secret_perm=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 From 835fe80d8f0d5ecafcf6d03e80cd0fc44143d8a7 Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 09:15:05 -0400 Subject: [PATCH 11/17] set permissions when hiding files. change option to -C. --- src/commands/git_secret_hide.sh | 13 ++++++++++++- src/commands/git_secret_reveal.sh | 4 ++-- tests/test_reveal.bats | 4 ++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index 1490bcd7..d9c7078a 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -80,16 +80,19 @@ function _optional_fsdb_update_hash { function hide { local clean=0 + local chmod=0 local delete=0 local fsdb_update_hash=0 # add checksum hashes to fsdb local verbose='' OPTIND=1 - while getopts 'cdmvh' opt; do + while getopts 'cCdmvh' opt; do case "$opt" in c) clean=1;; + C) chmod=1;; + d) delete=1;; m) fsdb_update_hash=1;; @@ -160,6 +163,14 @@ function hide { if [[ "$exit_code" -ne 0 ]]; then _abort "problem encrypting file with gpg: exit code $exit_code: $filename" fi + + if [[ "$chmod" == 1 ]]; then + local perms + perms=$($SECRETS_OCTAL_PERMS_COMMAND "$input_path") + chmod "$perms" "$output_path" + fi + + # If -m option was provided, it will update unencrypted file hash local key="$filename" local hash="$file_hash" diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 5153d370..1d521a2d 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -9,13 +9,13 @@ function reveal { OPTIND=1 - while getopts 'chfd:p:' opt; do + while getopts 'hfCd:p:' opt; do case "$opt" in h) _show_manual_for 'reveal';; f) force=1;; - c) chmod=1;; + C) chmod=1;; p) passphrase=$OPTARG;; diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 858dec87..15440445 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -55,7 +55,7 @@ function teardown { } -@test "run 'reveal' with '-c'" { +@test "run 'reveal' with '-C'" { rm "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") @@ -63,7 +63,7 @@ function teardown { local secret_file=$(_get_encrypted_filename "$FILE_TO_HIDE") chmod o-rwx "$secret_file" - run git secret reveal -c -d "$TEST_GPG_HOMEDIR" -p "$password" + run git secret reveal -C -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] From afec23fb17d82d3edd20a786fac7413a603a5a62 Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 09:17:05 -0400 Subject: [PATCH 12/17] add test for -C option. fix typos in comments. --- tests/test_hide.bats | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/tests/test_hide.bats b/tests/test_hide.bats index baf82a1c..cd9e35f1 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -32,11 +32,37 @@ function teardown { [ "$status" -eq 0 ] [ "$output" = "done. all 1 files are hidden." ] - # New files should be crated: + # New files should be created: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } +@test "run 'hide' with '-C'" { + + # attempt to alter permissions on input file + chmod o-rwx "$FILE_TO_HIDE" + + run git secret hide -C + + # Command must execute normally: + [ "$status" -eq 0 ] + [ "$output" = "done. all 1 files are hidden." ] + + # New files should be created: + local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") + [ -f "$encrypted_file" ] + + # permissions should match. We don't have access to SECRETS_OCTAL_PERMS_COMMAND here + local secret_perm + local file_perm + secret_perm=$(ls -l "$encrypted_file" | cut -d' ' -f1) + file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) + echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 + + [ "$secret_perm" = "$file_perm" ] + +} + @test "run 'hide' from inside subdirectory" { # Preparations: local root_dir='test_sub_dir' @@ -101,7 +127,7 @@ function teardown { [ "${lines[0]}" = "done. all 1 files are hidden." ] [ "${lines[1]}" = "cleaning up..." ] - # New files should be crated: + # New files should be created: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } @@ -130,7 +156,7 @@ function teardown { # no changes should occur to path_mappings files cmp -s "${path_mappings}" "${path_mappings}.bak" - # New files should be crated: + # New files should be created: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } From fc9f4878a10dc9f376eb7d543e0117092896efb4 Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 09:57:57 -0400 Subject: [PATCH 13/17] document -C in .ronn files and fix synopsis of 'git secret hide' --- man/man1/git-secret-hide.1.ronn | 3 ++- man/man1/git-secret-reveal.1.ronn | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index 253e184a..86932f81 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -3,7 +3,7 @@ git-secret-hide - encrypts all added files with the inner keyring. ## SYNOPSIS - git secret hide [-c] [-v] + git secret hide [-c] [-C] [-v] [-d] [-m] ## DESCRIPTION @@ -19,6 +19,7 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX -v - verbose, shows extra information. -c - deletes encrypted files before creating new ones. + -C - sets permissions of encrypted file to match unencrypted file -d - deletes unencrypted files after encryption. -m - encrypt files only when modified. -h - shows help. diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index 22d4f150..080ec8e9 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -3,7 +3,7 @@ git-secret-reveal - decrypts all added files. ## SYNOPSIS - git secret reveal [-f] [-c] [-d dir] [-p password] + git secret reveal [-f] [-C] [-d dir] [-p password] ## DESCRIPTION @@ -18,7 +18,7 @@ Under the hood, this uses the `gpg --decrypt` command. -f - forces to overwrite existing files without prompt. -d - specifies `--homedir` option for the `gpg`, basically use this option if you store your keys in a custom location. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. - -c - attempts to set decrypted file to same permissions as encrypted file (normally would be -p but that's used above). + -C - set decrypted file to same permissions as encrypted file. -h - shows help. From 645fc2370ef77d15f93d7a322d22d5855b62b108 Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 10:09:58 -0400 Subject: [PATCH 14/17] change preserve option from -C to -P --- man/man1/git-secret-hide.1.ronn | 4 ++-- man/man1/git-secret-reveal.1.ronn | 4 ++-- src/commands/git_secret_hide.sh | 8 ++++---- src/commands/git_secret_reveal.sh | 8 ++++---- tests/test_hide.bats | 4 ++-- tests/test_reveal.bats | 4 ++-- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index 86932f81..aa7c63b1 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -3,7 +3,7 @@ git-secret-hide - encrypts all added files with the inner keyring. ## SYNOPSIS - git secret hide [-c] [-C] [-v] [-d] [-m] + git secret hide [-c] [-P] [-v] [-d] [-m] ## DESCRIPTION @@ -19,7 +19,7 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX -v - verbose, shows extra information. -c - deletes encrypted files before creating new ones. - -C - sets permissions of encrypted file to match unencrypted file + -P - preserve permissions of unencrypted file in encrypted file. -d - deletes unencrypted files after encryption. -m - encrypt files only when modified. -h - shows help. diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index 080ec8e9..e4b37a98 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -3,7 +3,7 @@ git-secret-reveal - decrypts all added files. ## SYNOPSIS - git secret reveal [-f] [-C] [-d dir] [-p password] + git secret reveal [-f] [-P] [-d dir] [-p password] ## DESCRIPTION @@ -18,7 +18,7 @@ Under the hood, this uses the `gpg --decrypt` command. -f - forces to overwrite existing files without prompt. -d - specifies `--homedir` option for the `gpg`, basically use this option if you store your keys in a custom location. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. - -C - set decrypted file to same permissions as encrypted file. + -P - preserve permissions of encrypted file in unencrypted file. -h - shows help. diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index d9c7078a..e7e4a376 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -80,18 +80,18 @@ function _optional_fsdb_update_hash { function hide { local clean=0 - local chmod=0 + local preserve=0 local delete=0 local fsdb_update_hash=0 # add checksum hashes to fsdb local verbose='' OPTIND=1 - while getopts 'cCdmvh' opt; do + while getopts 'cPdmvh' opt; do case "$opt" in c) clean=1;; - C) chmod=1;; + P) preserve=1;; d) delete=1;; @@ -164,7 +164,7 @@ function hide { _abort "problem encrypting file with gpg: exit code $exit_code: $filename" fi - if [[ "$chmod" == 1 ]]; then + if [[ "$preserve" == 1 ]]; then local perms perms=$($SECRETS_OCTAL_PERMS_COMMAND "$input_path") chmod "$perms" "$output_path" diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 1d521a2d..01d1ac29 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -5,17 +5,17 @@ function reveal { local homedir='' local passphrase='' local force=0 - local chmod=0 + local preserve=0 OPTIND=1 - while getopts 'hfCd:p:' opt; do + while getopts 'hfPd:p:' opt; do case "$opt" in h) _show_manual_for 'reveal';; f) force=1;; - C) chmod=1;; + P) preserve=1;; p) passphrase=$OPTARG;; @@ -49,7 +49,7 @@ function reveal { _abort "cannot find decrypted version of file: $filename" fi - if [[ "$chmod" == 1 ]]; then + if [[ "$preserve" == 1 ]]; then local secret_file secret_file=$(_get_encrypted_filename "$path") local perms diff --git a/tests/test_hide.bats b/tests/test_hide.bats index cd9e35f1..cdf7f6af 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -37,12 +37,12 @@ function teardown { [ -f "$encrypted_file" ] } -@test "run 'hide' with '-C'" { +@test "run 'hide' with '-P'" { # attempt to alter permissions on input file chmod o-rwx "$FILE_TO_HIDE" - run git secret hide -C + run git secret hide -P # Command must execute normally: [ "$status" -eq 0 ] diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 15440445..0e00d573 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -55,7 +55,7 @@ function teardown { } -@test "run 'reveal' with '-C'" { +@test "run 'reveal' with '-P'" { rm "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") @@ -63,7 +63,7 @@ function teardown { local secret_file=$(_get_encrypted_filename "$FILE_TO_HIDE") chmod o-rwx "$secret_file" - run git secret reveal -C -d "$TEST_GPG_HOMEDIR" -p "$password" + run git secret reveal -P -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] From 41fdf8b2e4d9b57ef10c67d8bf4f96d373ffe18d Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 10:27:55 -0400 Subject: [PATCH 15/17] update man pages --- man/man1/git-secret-add.1 | 2 +- man/man1/git-secret-cat.1 | 2 +- man/man1/git-secret-changes.1 | 4 ++-- man/man1/git-secret-clean.1 | 2 +- man/man1/git-secret-hide.1 | 5 +++-- man/man1/git-secret-init.1 | 2 +- man/man1/git-secret-killperson.1 | 2 +- man/man1/git-secret-list.1 | 2 +- man/man1/git-secret-remove.1 | 2 +- man/man1/git-secret-reveal.1 | 7 ++++--- man/man1/git-secret-tell.1 | 4 ++-- man/man1/git-secret-usage.1 | 2 +- man/man1/git-secret-whoknows.1 | 2 +- man/man7/git-secret.7 | 8 ++++---- 14 files changed, 24 insertions(+), 22 deletions(-) diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index 9e7ea9b3..f3208e8c 100644 --- a/man/man1/git-secret-add.1 +++ b/man/man1/git-secret-add.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-ADD" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-ADD" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. diff --git a/man/man1/git-secret-cat.1 b/man/man1/git-secret-cat.1 index 35539054..690cb0c5 100644 --- a/man/man1/git-secret-cat.1 +++ b/man/man1/git-secret-cat.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CAT" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CAT" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-cat\fR \- decrypts files passed on command line to stdout diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index 895e48ce..fcdd05c6 100644 --- a/man/man1/git-secret-changes.1 +++ b/man/man1/git-secret-changes.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CHANGES" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CHANGES" "1" "July 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. @@ -15,7 +15,7 @@ git secret changes [\-h] [\-d dir] [\-p password] [pathspec]\.\.\. .fi . .SH "DESCRIPTION" -\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. You can provide any number of hidden files to this command as arguments, and it will show changes for these files only\. Note that files must be specified by their encrypted names, typically \fBfilename\.yml\.secret\fR\. If no arguments are provided, information about all hidden files will be shown\. +\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already committed\. You can provide any number of hidden files to this command as arguments, and it will show changes for these files only\. Note that files must be specified by their encrypted names, typically \fBfilename\.yml\.secret\fR\. If no arguments are provided, information about all hidden files will be shown\. . .SH "OPTIONS" . diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index b269550f..34ddccc1 100644 --- a/man/man1/git-secret-clean.1 +++ b/man/man1/git-secret-clean.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CLEAN" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CLEAN" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 58149888..0156ece6 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-HIDE" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. @@ -10,7 +10,7 @@ . .nf -git secret hide [\-c] [\-v] +git secret hide [\-c] [\-P] [\-v] [\-d] [\-m] . .fi . @@ -26,6 +26,7 @@ It is possible to modify the names of the encrypted files by setting \fBSECRETS_ \-v \- verbose, shows extra information\. \-c \- deletes encrypted files before creating new ones\. +\-P \- preserve permissions of unencrypted file in encrypted file\. \-d \- deletes unencrypted files after encryption\. \-m \- encrypt files only when modified\. \-h \- shows help\. diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 3143d07b..0a9f1358 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-INIT" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index 7bdef58a..30a68b2f 100644 --- a/man/man1/git-secret-killperson.1 +++ b/man/man1/git-secret-killperson.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-KILLPERSON" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-KILLPERSON" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index 07b4f6b1..db6b8df3 100644 --- a/man/man1/git-secret-list.1 +++ b/man/man1/git-secret-list.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-LIST" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-LIST" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index cc41fac3..03f14faa 100644 --- a/man/man1/git-secret-remove.1 +++ b/man/man1/git-secret-remove.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REMOVE" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-REMOVE" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index ec68ac63..4e60ac59 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REVEAL" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-REVEAL" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. @@ -10,7 +10,7 @@ . .nf -git secret reveal [\-f] [\-d dir] [\-p password] +git secret reveal [\-f] [\-P] [\-d dir] [\-p password] . .fi . @@ -21,9 +21,10 @@ git secret reveal [\-f] [\-d dir] [\-p password] . .nf -\-f \- forces to overwrite exisiting files without prompt\. +\-f \- forces to overwrite existing files without prompt\. \-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if you store your keys in a custom location\. \-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. +\-P \- preserve permissions of encrypted file in unencrypted file\. \-h \- shows help\. . .fi diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 60fdec22..4771bd88 100644 --- a/man/man1/git-secret-tell.1 +++ b/man/man1/git-secret-tell.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-TELL" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-TELL" "1" "July 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-tell\fR \- adds a person, who can access private data\. @@ -15,7 +15,7 @@ git secret tell [\-m] [\-d dir] [emails]\.\.\. .fi . .SH "DESCRIPTION" -\fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. +\fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key, but they cannot decrypt the old files, which were already encrypted without their key\. The files should be re\-encrypted with the new keyring by someone who has the unencrypted files\. . .P \fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. diff --git a/man/man1/git-secret-usage.1 b/man/man1/git-secret-usage.1 index a00c54f2..204b296f 100644 --- a/man/man1/git-secret-usage.1 +++ b/man/man1/git-secret-usage.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-USAGE" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-USAGE" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-usage\fR \- prints all the available commands\. diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 177af3ae..e39932d6 100644 --- a/man/man1/git-secret-whoknows.1 +++ b/man/man1/git-secret-whoknows.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-WHOKNOWS" "1" "May 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-WHOKNOWS" "1" "June 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 7f4bd715..7ce54893 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET" "7" "July 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\fR @@ -44,7 +44,7 @@ Get their \fBgpg\fR public\-key\. \fBYou won\'t need their secret key\.\fR Import this key into your \fBgpg\fR setup (in ~/\.gnupg or similar) by running \fBgpg \-\-import KEY_NAME\.txt\fR . .IP "3." 4 -Now add this person to your secrets repo by running \fBgit secret tell persons@email\.id\fR (this will be the email address assocated with the public key) +Now add this person to your secrets repo by running \fBgit secret tell persons@email\.id\fR (this will be the email address associated with the public key) . .IP "4." 4 The newly added user cannot yet read the encrypted files\. Now, re\-encrypt the files using \fBgit secret reveal; git secret hide \-d\fR, and then commit and push the newly encrypted files\. (The \-d options deletes the unencrypted file after re\-encrypting it)\. Now the newly added user be able to decrypt the files in the repo using \fBgit\-secret\fR\. @@ -52,7 +52,7 @@ The newly added user cannot yet read the encrypted files\. Now, re\-encrypt the .IP "" 0 . .P -Note that it is possible to add yourself to the git\-secret repo without decrypting existing files\. It will be possible to decrypt them after reencrypting them with the new keyring\. So, if you don\'t want unexpected keys added, you can configure some server\-side security policy with the \fBpre\-receive\fR hook\. +Note that it is possible to add yourself to the git\-secret repo without decrypting existing files\. It will be possible to decrypt them after re\-encrypting them with the new keyring\. So, if you don\'t want unexpected keys added, you can configure some server\-side security policy with the \fBpre\-receive\fR hook\. . .SH "Configuration" You can configure the version of gpg used, or the extension your encrypted files use, to suit your workflow better\. To do so, just set the required variable to the value you need\. This can be done in your shell environment file or with each \fBgit\-secret\fR command\. @@ -90,7 +90,7 @@ This directory currently contains only the file \fBmapping\.cfg\fR, which lists All the other internal data is stored in the directory: . .SS "\.gitsecret/keys" -This directory contains data used by git\-secret and PGP to allow and maintain the correct encyption and access rights for the permitted parties\. +This directory contains data used by git\-secret and PGP to allow and maintain the correct encryption and access rights for the permitted parties\. . .P Generally speaking, all the files in this directory \fIexcept\fR \fBrandom_seed\fR should be checked into your repo\. From 5d5392232b95d5461b57765669d8a35815f7878b Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 10:31:57 -0400 Subject: [PATCH 16/17] remove debug code --- src/commands/git_secret_reveal.sh | 5 ----- tests/test_hide.bats | 4 +++- tests/test_reveal.bats | 4 +++- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 01d1ac29..cf9fa328 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -54,11 +54,6 @@ function reveal { secret_file=$(_get_encrypted_filename "$path") local perms perms=$($SECRETS_OCTAL_PERMS_COMMAND "$secret_file") - - echo "# octal_perms_command: $SECRETS_OCTAL_PERMS_COMMAND" >&3 - echo "# filename is '$filename', path is '$path'" >&3 - echo "# running: chmod '$perms' '$path'" >&3 - chmod "$perms" "$path" fi diff --git a/tests/test_hide.bats b/tests/test_hide.bats index cdf7f6af..002a3644 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -57,7 +57,9 @@ function teardown { local file_perm secret_perm=$(ls -l "$encrypted_file" | cut -d' ' -f1) file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) - echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 + + # text sent to file descriptor 3 is 'diagnostic' (debug) output for devs + #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ] diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 0e00d573..5f8ac672 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -71,7 +71,9 @@ function teardown { local file_perm secret_perm=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) - echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 + + # text sent to file descriptor 3 is 'diagnostic' (debug) output for devs + #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ] From 1ea3b3139d7f3ac0ffa0a142d7598b9443217a64 Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 18 Aug 2018 10:34:48 -0400 Subject: [PATCH 17/17] clarify comment for devs regarding bats TAP diagnostic output --- tests/test_hide.bats | 2 +- tests/test_reveal.bats | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_hide.bats b/tests/test_hide.bats index 002a3644..11da2fe4 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -58,7 +58,7 @@ function teardown { secret_perm=$(ls -l "$encrypted_file" | cut -d' ' -f1) file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) - # text sent to file descriptor 3 is 'diagnostic' (debug) output for devs + # text prefixed with '# ' and sent to file descriptor 3 is 'diagnostic' (debug) output for devs #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ] diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 5f8ac672..b972f0d2 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -72,7 +72,7 @@ function teardown { secret_perm=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1) file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1) - # text sent to file descriptor 3 is 'diagnostic' (debug) output for devs + # text prefixed with '# ' and sent to file descriptor 3 is 'diagnostic' (debug) output for devs #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3 [ "$secret_perm" = "$file_perm" ]