Add SECRETS_PINENTRY env var and docs (#490)

* Add SECRETS_PINENTRY env var * add docs and tests for SECRETS_PINENTRY * improve diagnostic output * fix regex example for bats-core diagnostics
5 years ago · baf6c4113b
parent bb4b61c2c4
commit baf6c4113b
9 changed files with 50 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,11 @@
 # Changelog
 ## {{Next Version}}
 ### Bugfixes
 - Support SECRETS_PINENTRY env var for gnupg --pinentry-mode parameter (#221)
 ## Version 0.2.6
 ### Features
--- a/man/man1/git-secret-cat.1.ronn
+++ b/man/man1/git-secret-cat.1.ronn
@ -11,6 +11,9 @@ git-secret-cat - decrypts files passed on command line to stdout
 As with `git-secret-reveal`, you'll need to have a public/private keypair that is allowed to 
 decrypt this repo.
 Note also that this command can be affected by the `SECRETS_PINENTRY` environment variable. See
 (See [git-secret(7)](http://git-secret.io/git-secret) for information using `SECRETS_PINENTRY`.
 ## OPTIONS
--- a/man/man1/git-secret-changes.1.ronn
+++ b/man/man1/git-secret-changes.1.ronn
@ -12,6 +12,9 @@ You can provide any number of hidden files to this command as arguments, and it
 Note that files must be specified by their encrypted names, typically `filename.yml.secret`.
 If no arguments are provided, information about all hidden files will be shown.
 Note also that this command can be affected by the `SECRETS_PINENTRY` environment variable. See
 (See [git-secret(7)](http://git-secret.io/git-secret) for information using `SECRETS_PINENTRY`.
 ## OPTIONS
--- a/man/man1/git-secret-hide.1.ronn
+++ b/man/man1/git-secret-hide.1.ronn
@ -36,6 +36,9 @@ Also, it is possible to modify the names of the encrypted files by setting `SECR
 (See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
 folder using the SECRETS_DIR environment variable.
 You can also enable verbosity using the SECRETS_VERBOSE environment variable,
 as documented at [git-secret(7)](http://git-secret.io/)
 ## OPTIONS
@ -47,9 +50,6 @@ folder using the SECRETS_DIR environment variable.
    -m  - encrypt files only when modified.
    -h  - shows help.
 You can also enable verbosity using the SECRETS_VERBOSE environment variable,
 as documented at [git-secret(7)](http://git-secret.io/)
 ## MANUAL
 Run `man git-secret-hide` to see this note.
--- a/man/man1/git-secret-reveal.1.ronn
+++ b/man/man1/git-secret-reveal.1.ronn
@ -13,9 +13,6 @@ You will need to have imported the paired secret-key with one of the
 public-keys which were used in the encryption.
 Under the hood, this uses the `gpg --decrypt` command. 
 (See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
 folder using the SECRETS_DIR environment variable.
 ## OPTIONS
@ -27,6 +24,9 @@ folder using the SECRETS_DIR environment variable.
    -P  - preserve permissions of encrypted file in unencrypted file.
    -h  - shows help.
 (See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
 folder using the SECRETS_DIR environment variable.
 ## MANUAL
--- a/man/man7/git-secret.7.ronn
+++ b/man/man7/git-secret.7.ronn
@ -67,6 +67,9 @@ After doing so rerun the tests to be sure that it won't break anything. Tested t
 * `$SECRETS_DIR` - sets the directory where git-secret stores its files, defaults to .gitsecret. 
 It can be changed to any valid directory name.
 * `$SECRETS_PINENTRY` - allows user to specify a setting for `gpg`'s --pinentry option. 
 See `gpg` docs for details about gpg's --pinentry option.
 ## The `.gitsecret` folder (can be overridden with SECRETS_DIR)
 This folder contains information about the files encrypted by git-secret, 
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@ -95,7 +95,7 @@ AWK_GPG_VER_CHECK='
 '
 # This is 1 for gpg version 2.1 or greater, otherwise 0
-GPG_VER_21="$($SECRETS_GPG_COMMAND --version | gawk "$AWK_GPG_VER_CHECK")"
+GPG_VER_MIN_21="$($SECRETS_GPG_COMMAND --version | gawk "$AWK_GPG_VER_CHECK")"
 # Bash:
@ -681,9 +681,13 @@ function _decrypt {
    args+=( "--homedir" "$homedir" )
  fi
-  if [[ "$GPG_VER_21" -eq 1 ]]; then
+  if [[ "$GPG_VER_MIN_21" -eq 1 ]]; then
    if [[ -n "$SECRETS_PINENTRY" ]]; then
      args+=( "--pinentry-mode" "$SECRETS_PINENTRY" )
    else
      args+=( "--pinentry-mode" "loopback" )
    fi
  fi
  if [[ -z "$_SECRETS_VERBOSE" ]]; then
    args+=( "--quiet" )
--- a/tests/test_reveal.bats
+++ b/tests/test_reveal.bats
@ -186,3 +186,23 @@ function teardown {
  # Cleaning up:
  uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
 }
@test "run 'reveal' with SECRETS_PINENTRY=loopback" {
  rm -f "$FILE_TO_HIDE"
  local password=$(test_user_password "$TEST_DEFAULT_USER")
  SECRETS_PINENTRY=loopback run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
  [ "$status" -eq 0 ]
 }
@test "run 'reveal' with SECRETS_PINENTRY=error" {
  if [[ "$GPG_VER_MIN_21" -ne 1 ]]; then
    skip "this test is skipped on gpg before version 2.1"
  fi
  rm -f "$FILE_TO_HIDE"
  local password=$(test_user_password "$TEST_DEFAULT_USER")
  SECRETS_PINENTRY=error run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
  [ "$status" -ne 0 ]
 }
--- a/utils/tests.sh
+++ b/utils/tests.sh
@ -8,7 +8,7 @@ TEST_DIR=/tmp/git-secret-test
 rm -rf "${TEST_DIR}" 
 mkdir "${TEST_DIR}"
-echo "Created dir: ${TEST_DIR}"
+echo "# created dir: ${TEST_DIR}"
 chmod 0700 "${TEST_DIR}"
 (