|
|
|
|
@ -1,5 +1,18 @@
|
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
AWK_FSDB_UPDATE_HASH='
|
|
|
|
|
BEGIN { FS=":"; OFS=":"; }
|
|
|
|
|
{
|
|
|
|
|
if ( key == $1 )
|
|
|
|
|
{
|
|
|
|
|
print key,hash;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
print $1,$2;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
'
|
|
|
|
|
|
|
|
|
|
function _optional_clean {
|
|
|
|
|
local clean="$1"
|
|
|
|
|
@ -26,7 +39,8 @@ function _optional_delete {
|
|
|
|
|
|
|
|
|
|
while read -r line; do
|
|
|
|
|
# So the formating would not be repeated several times here:
|
|
|
|
|
_find_and_clean "*$line" "$verbose"
|
|
|
|
|
local filename=$(_get_record_filename "$line")
|
|
|
|
|
_find_and_clean "*$filename" "$verbose"
|
|
|
|
|
done < "$path_mappings"
|
|
|
|
|
|
|
|
|
|
if [[ ! -z "$verbose" ]]; then
|
|
|
|
|
@ -35,20 +49,49 @@ function _optional_delete {
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function _get_checksum_local {
|
|
|
|
|
local checksum="$SECRETS_CHECKSUM_COMMAND"
|
|
|
|
|
echo "$checksum"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function _get_file_hash {
|
|
|
|
|
local input_path="$1" # Required
|
|
|
|
|
local checksum_local
|
|
|
|
|
local file_hash
|
|
|
|
|
|
|
|
|
|
checksum_local=$(_get_checksum_local)
|
|
|
|
|
file_hash=$($checksum_local $input_path | awk '{print $1}')
|
|
|
|
|
|
|
|
|
|
echo "$file_hash"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function _optional_fsdb_update_hash {
|
|
|
|
|
local key="$1"
|
|
|
|
|
local hash="$2"
|
|
|
|
|
local fsdb # path_mappings
|
|
|
|
|
|
|
|
|
|
fsdb=$(_get_secrets_dir_paths_mapping)
|
|
|
|
|
|
|
|
|
|
gawk -i inplace -v key=$key -v hash=$hash "$AWK_FSDB_UPDATE_HASH" "$fsdb"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function hide {
|
|
|
|
|
local clean=0
|
|
|
|
|
local delete=0
|
|
|
|
|
local fsdb_update_hash=0 # add checksum hashes to fsdb
|
|
|
|
|
local verbose=''
|
|
|
|
|
|
|
|
|
|
OPTIND=1
|
|
|
|
|
|
|
|
|
|
while getopts 'cdvh' opt; do
|
|
|
|
|
while getopts 'cduvh' opt; do
|
|
|
|
|
case "$opt" in
|
|
|
|
|
c) clean=1;;
|
|
|
|
|
|
|
|
|
|
d) delete=1;;
|
|
|
|
|
|
|
|
|
|
u) fsdb_update_hash=1;;
|
|
|
|
|
|
|
|
|
|
v) verbose='v';;
|
|
|
|
|
|
|
|
|
|
h) _show_manual_for 'hide';;
|
|
|
|
|
@ -71,9 +114,13 @@ function hide {
|
|
|
|
|
path_mappings=$(_get_secrets_dir_paths_mapping)
|
|
|
|
|
|
|
|
|
|
local counter=0
|
|
|
|
|
while read -r line; do
|
|
|
|
|
while read -r record; do
|
|
|
|
|
local filename
|
|
|
|
|
local fsdb_file_hash
|
|
|
|
|
local encrypted_filename
|
|
|
|
|
encrypted_filename=$(_get_encrypted_filename "$line")
|
|
|
|
|
filename=$(_get_record_filename "$record")
|
|
|
|
|
fsdb_file_hash=$(_get_record_hash "$record")
|
|
|
|
|
encrypted_filename=$(_get_encrypted_filename "$filename")
|
|
|
|
|
|
|
|
|
|
local recipients
|
|
|
|
|
recipients=$(_get_recepients)
|
|
|
|
|
@ -83,13 +130,23 @@ function hide {
|
|
|
|
|
|
|
|
|
|
local input_path
|
|
|
|
|
local output_path
|
|
|
|
|
input_path=$(_append_root_path "$line")
|
|
|
|
|
input_path=$(_append_root_path "$filename")
|
|
|
|
|
output_path=$(_append_root_path "$encrypted_filename")
|
|
|
|
|
|
|
|
|
|
# shellcheck disable=2086
|
|
|
|
|
$gpg_local --use-agent --yes --trust-model=always --encrypt \
|
|
|
|
|
$recipients -o "$output_path" "$input_path"
|
|
|
|
|
|
|
|
|
|
file_hash=$(_get_file_hash $input_path)
|
|
|
|
|
|
|
|
|
|
# encrypt file only if required
|
|
|
|
|
if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
|
|
|
|
|
# shellcheck disable=2086
|
|
|
|
|
$gpg_local --use-agent --yes --trust-model=always --encrypt \
|
|
|
|
|
$recipients -o "$output_path" "$input_path"
|
|
|
|
|
# If -u option was provided, it will update unencrypted file hash
|
|
|
|
|
local key="$filename"
|
|
|
|
|
local hash="$file_hash"
|
|
|
|
|
# Update file hash if required in fsdb
|
|
|
|
|
[[ "$fsdb_update_hash" -gt 0 ]] && \
|
|
|
|
|
_optional_fsdb_update_hash "$key" "$hash"
|
|
|
|
|
fi
|
|
|
|
|
counter=$((counter+1))
|
|
|
|
|
done < "$path_mappings"
|
|
|
|
|
|
|
|
|
|
|
Carlos Hernandez
7 years ago