From da3e6d2cac2de4e232e18892d8c1e6a213910ea8 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 13:21:18 -0600
Subject: [PATCH 01/25] Adding checksum, and fsdb functions, making path
 mappings file colon delimited fsdb.

---
 src/_utils/_git_secret_tools.sh | 81 ++++++++++++++++++++++++++++++++-
 1 file changed, 80 insertions(+), 1 deletion(-)

diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
index 882c0b24..0a76f2f6 100644
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@@ -15,8 +15,38 @@ _SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg"
 
 # Commands:
 : "${SECRETS_GPG_COMMAND:="gpg"}"
+: "${SECRETS_CHECKSUM_COMMAND:="sha256sum"}"
 
 
+# AWK scripts:
+AWK_FSDB_HAS_RECORD='
+BEGIN { FS=":"; OFS=":"; cnt=0; }
+{
+  if ( key == $1 )
+  {
+    cnt++
+  }
+}
+END { if ( cnt > 0 ) print "0"; else print "1"; }
+'
+
+AWK_FSDB_RM_RECORD='
+BEGIN { FS=":"; OFS=":"; }
+{
+  if ( key != $1 )
+  {
+    print $1,$2;
+  }
+}
+'
+
+AWK_FSDB_CLEAR_HASHES='
+BEGIN { FS=":"; OFS=":"; }
+{
+  print $1,"";
+}
+'
+
 # Bash:
 
 function _function_exists {
@@ -129,6 +159,55 @@ function _unique_filename {
 }
 
 
+# File System Database (fsdb):
+
+
+function _get_record_filename {
+  # Returns 1st field from passed record
+  local record="$1"
+  local filename=$(echo "$record" | awk -F: '{print $1}')
+
+  echo "$filename"
+}
+
+
+function _get_record_hash {
+  # Returns 2nd field from passed record
+  local record="$1"
+  local hash=$(echo "$record" | awk -F: '{print $2}')
+
+  echo "$hash"
+}
+
+
+function _fsdb_has_record {
+  # First parameter is the key
+  # Second is the fsdb
+  local key="$1"  # required
+  local fsdb="$2" # required
+
+  # 0 on contains, 1 for error.
+  gawk -v key=$key "$AWK_FSDB_HAS_RECORD" "$fsdb"
+}
+
+
+function _fsdb_rm_record {
+  # First parameter is the key (filename)
+  # Second is the path to fsdb
+  local key="$1"  # required
+  local fsdb="$2" # required
+
+  gawk -i inplace -v key=$key "$AWK_FSDB_RM_RECORD" "$fsdb"
+}
+
+function _fsdb_clear_hashes {
+  # First parameter is the path to fsdb
+  local fsdb="$1" # required
+
+  gawk -i inplace "$AWK_FSDB_CLEAR_HASHES" "$fsdb"
+}
+
+
 # Manuals:
 
 function _show_manual_for {
@@ -315,7 +394,7 @@ function _list_all_added_files {
   fi
 
   while read -r line; do
-    echo "$line"
+    _get_record_filename "$line"
   done < "$path_mappings"
 }
 

From 638b67e155e9f9fe436b40dd570fc872463b8d13 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 13:26:43 -0600
Subject: [PATCH 02/25] Migrating to new fsdb(:) format.

---
 src/commands/git_secret_add.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh
index d968a8e1..1f70d560 100644
--- a/src/commands/git_secret_add.sh
+++ b/src/commands/git_secret_add.sh
@@ -69,18 +69,20 @@ function add {
 
   # Adding files to path mappings:
 
-  local path_mappings
-  path_mappings=$(_get_secrets_dir_paths_mapping)
+  local fsdb
+  fsdb=$(_get_secrets_dir_paths_mapping)
 
   for item in "${items[@]}"; do
     local path
+    local key
     path=$(_git_normalize_filename "$item")
+    key="$path"
 
     # Adding files into system, skipping duplicates.
     local already_in
-    already_in=$(_file_has_line "$path" "$path_mappings")
+    already_in=$(_fsdb_has_record "$key" "$fsdb")
     if [[ "$already_in" -eq 1 ]]; then
-      echo "$path" >> "$path_mappings"
+      echo "$key" >> "$fsdb"
     fi
   done
 

From b75884e3f0903853e4a35d7f8d0100353fa9e4e9 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 13:30:27 -0600
Subject: [PATCH 03/25] File checksum hash of secrets kept in path_mappings
 (fsdb)

---
 src/commands/git_secret_hide.sh | 73 +++++++++++++++++++++++++++++----
 1 file changed, 65 insertions(+), 8 deletions(-)

diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh
index 88120808..b62ccc28 100644
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@@ -1,5 +1,18 @@
 #!/usr/bin/env bash
 
+AWK_FSDB_UPDATE_HASH='
+BEGIN { FS=":"; OFS=":"; }
+{
+  if ( key == $1 )
+  {
+    print key,hash;
+  }
+  else
+  {
+    print $1,$2;
+  }
+}
+'
 
 function _optional_clean {
   local clean="$1"
@@ -26,7 +39,8 @@ function _optional_delete {
 
     while read -r line; do
       # So the formating would not be repeated several times here:
-      _find_and_clean "*$line" "$verbose"
+      local filename=$(_get_record_filename "$line")
+      _find_and_clean "*$filename" "$verbose"
     done < "$path_mappings"
 
     if [[ ! -z "$verbose" ]]; then
@@ -35,20 +49,49 @@ function _optional_delete {
   fi
 }
 
+function _get_checksum_local {
+  local checksum="$SECRETS_CHECKSUM_COMMAND"
+  echo "$checksum"
+}
+
+function _get_file_hash {
+  local input_path="$1" # Required
+  local checksum_local
+  local file_hash
+
+  checksum_local=$(_get_checksum_local)
+  file_hash=$($checksum_local $input_path | awk '{print $1}')
+
+  echo "$file_hash"
+}
+
+function _optional_fsdb_update_hash {
+  local key="$1"
+  local hash="$2"
+  local fsdb          # path_mappings
+
+  fsdb=$(_get_secrets_dir_paths_mapping)
+
+  gawk -i inplace -v key=$key -v hash=$hash "$AWK_FSDB_UPDATE_HASH" "$fsdb"
+}
+
 
 function hide {
   local clean=0
   local delete=0
+  local fsdb_update_hash=0 # add checksum hashes to fsdb
   local verbose=''
 
   OPTIND=1
 
-  while getopts 'cdvh' opt; do
+  while getopts 'cduvh' opt; do
     case "$opt" in
       c) clean=1;;
 
       d) delete=1;;
 
+      u) fsdb_update_hash=1;;
+
       v) verbose='v';;
 
       h) _show_manual_for 'hide';;
@@ -71,9 +114,13 @@ function hide {
   path_mappings=$(_get_secrets_dir_paths_mapping)
 
   local counter=0
-  while read -r line; do
+  while read -r record; do
+    local filename
+    local fsdb_file_hash
     local encrypted_filename
-    encrypted_filename=$(_get_encrypted_filename "$line")
+    filename=$(_get_record_filename "$record")
+    fsdb_file_hash=$(_get_record_hash "$record")
+    encrypted_filename=$(_get_encrypted_filename "$filename")
 
     local recipients
     recipients=$(_get_recepients)
@@ -83,13 +130,23 @@ function hide {
 
     local input_path
     local output_path
-    input_path=$(_append_root_path "$line")
+    input_path=$(_append_root_path "$filename")
     output_path=$(_append_root_path "$encrypted_filename")
 
-    # shellcheck disable=2086
-    $gpg_local --use-agent --yes --trust-model=always --encrypt \
-      $recipients -o "$output_path" "$input_path"
+    file_hash=$(_get_file_hash $input_path)
 
+    # encrypt file only if required
+    if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
+      # shellcheck disable=2086
+      $gpg_local --use-agent --yes --trust-model=always --encrypt \
+        $recipients -o "$output_path" "$input_path"
+      # If -u option was provided, it will update unencrypted file hash
+      local key="$filename"
+      local hash="$file_hash"
+      # Update file hash if required in fsdb
+      [[ "$fsdb_update_hash" -gt 0 ]] && \
+        _optional_fsdb_update_hash "$key" "$hash"
+    fi
     counter=$((counter+1))
   done < "$path_mappings"
 

From 8407b505bb5c1ef6a9098f9e294917b0f1ddd522 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 14:19:16 -0600
Subject: [PATCH 04/25] Ensure random seed is ignored

---
 src/commands/git_secret_init.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/commands/git_secret_init.sh b/src/commands/git_secret_init.sh
index f2fe5819..481fec2d 100644
--- a/src/commands/git_secret_init.sh
+++ b/src/commands/git_secret_init.sh
@@ -1,5 +1,27 @@
 #!/usr/bin/env bash
 
+AWK_CHECK_GITIGNORE='
+BEGIN { cnt=0; }
+{
+  if ( pattern == $0 )
+    cnt++
+}
+
+END { print cnt }
+'
+
+
+function gitignore_has_pattern {
+  local pattern
+  local gitignore_file_path
+
+  pattern="$1"
+  gitignore_file_path=$(_append_root_path '.gitignore')
+
+  _maybe_create_gitignore
+  gawk -v pattern="$pattern" "$AWK_CHECK_GITIGNORE" "$gitignore_file_path"
+}
+
 
 function init {
   OPTIND=1
@@ -30,4 +52,13 @@ function init {
   touch "$(_get_secrets_dir_keys_mapping)" "$(_get_secrets_dir_paths_mapping)"
 
   echo "'$git_secret_dir/' created."
+
+  # verify random_seed file is ignored
+  local random_seed_file
+  local already_in
+  random_seed_file=$(_append_root_path '.gitignore/random_seed')
+  already_in=$(gitignore_has_pattern "$random_seed_file")
+  [[ "$already_in" -gt 0 ]] && \
+    echo "$random_seed_file" >> "$gitignore_file_path"
+  # TODO: git attributes to view diffs
 }

From 6279fe21258fc7e69b6b9c12641336511460af56 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 14:19:48 -0600
Subject: [PATCH 05/25] Migrate to new fsdb remove

---
 src/commands/git_secret_remove.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/commands/git_secret_remove.sh b/src/commands/git_secret_remove.sh
index 3fc44563..2afeb86b 100644
--- a/src/commands/git_secret_remove.sh
+++ b/src/commands/git_secret_remove.sh
@@ -39,7 +39,13 @@ function remove {
     fi
 
     # Deleting it from path mappings:
-    _delete_line "$normalized_path" "$path_mappings"
+    # _delete_line "$normalized_path" "$path_mappings"
+    # Remove record from fsdb with matching key
+    local key
+    key="$normalized_path"
+    fsdb="$path_mappings"
+    _fsdb_rm_record "$key" "$fsdb"
+
     rm -f "${path_mappings}.bak"  # not all systems create '.bak'
 
     # Optional clean:

From 4160c2a05dfe6db4e02f7b5dc6cb51f30158b8e9 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Fri, 8 Sep 2017 14:20:33 -0600
Subject: [PATCH 06/25] Getting path from fsdb

---
 src/commands/git_secret_reveal.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh
index cc1131df..7f816467 100644
--- a/src/commands/git_secret_reveal.sh
+++ b/src/commands/git_secret_reveal.sh
@@ -32,8 +32,10 @@ function reveal {
 
   local counter=0
   while read -r line; do
+    local filename
     local path
-    path=$(_append_root_path "$line")
+    filename=$(_get_record_filename "$line")
+    path=$(_append_root_path "$filename")
 
     # The parameters are: filename, write-to-file, force, homedir, passphrase
     _decrypt "$path" "1" "$force" "$homedir" "$passphrase"

From 5b1993abc8024ac73ee2c8d4d02b46c0aa9fdb95 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sun, 10 Sep 2017 10:38:03 -0600
Subject: [PATCH 07/25] Telling secrets need to invalidate file hashes

---
 src/commands/git_secret_tell.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh
index e082f2a5..f65f3179 100644
--- a/src/commands/git_secret_tell.sh
+++ b/src/commands/git_secret_tell.sh
@@ -1,5 +1,16 @@
 #!/usr/bin/env bash
 
+AWK_GPG_KEY_CNT='
+BEGIN { cnt=0; OFS=":"; FS=":"; }
+flag=0; $1 == "pub" { cnt++ }
+END { print cnt }
+'
+
+function get_gpg_key_count {
+  local gpg_local
+  gpg_local=$(_get_gpg_local)
+  $gpg_local --list-public-keys --with-colon | gawk "$AWK_GPG_KEY_CNT"
+}
 
 function tell {
   local emails
@@ -46,6 +57,8 @@ function tell {
     _abort "you must provide at least one email address."
   fi
 
+  local start_key_cnt
+  start_key_cnt=$(get_gpg_key_cnt)
   for email in "${emails[@]}"; do
     # This file will be removed automatically:
     _temporary_file  # note, that `_temporary_file` will export `filename` var.
@@ -71,4 +84,7 @@ function tell {
   done
 
   echo "done. ${emails[*]} added as someone who know(s) the secret."
+  local end_key_cnt
+  end_key_cnt=$(get_gpg_key_cnt)
+  [[ $start_key_cnt -ne $end_key_cnt ]] && _fsdb_clear_hashes
 }

From dcaf08e501f0adb32bc631a46594dc47bc5ab206 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Mon, 11 Sep 2017 09:14:30 -0600
Subject: [PATCH 08/25] Get key counts from right function

---
 src/commands/git_secret_tell.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh
index f65f3179..edfa6d39 100644
--- a/src/commands/git_secret_tell.sh
+++ b/src/commands/git_secret_tell.sh
@@ -58,7 +58,7 @@ function tell {
   fi
 
   local start_key_cnt
-  start_key_cnt=$(get_gpg_key_cnt)
+  start_key_cnt=$(get_gpg_key_count)
   for email in "${emails[@]}"; do
     # This file will be removed automatically:
     _temporary_file  # note, that `_temporary_file` will export `filename` var.
@@ -85,6 +85,6 @@ function tell {
 
   echo "done. ${emails[*]} added as someone who know(s) the secret."
   local end_key_cnt
-  end_key_cnt=$(get_gpg_key_cnt)
+  end_key_cnt=$(get_gpg_key_count)
   [[ $start_key_cnt -ne $end_key_cnt ]] && _fsdb_clear_hashes
 }

From 7897730955de064fe2f0f7a0c59d701272be68f2 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Mon, 11 Sep 2017 09:15:30 -0600
Subject: [PATCH 09/25] Supply fsdb path when clearing hashes

---
 src/commands/git_secret_tell.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh
index edfa6d39..71b9fe3b 100644
--- a/src/commands/git_secret_tell.sh
+++ b/src/commands/git_secret_tell.sh
@@ -84,7 +84,11 @@ function tell {
   done
 
   echo "done. ${emails[*]} added as someone who know(s) the secret."
+
+  # force re-encrypting of files if required
+  local fsdb
   local end_key_cnt
+  fsdb=$(_get_secrets_dir_paths_mapping)
   end_key_cnt=$(get_gpg_key_count)
-  [[ $start_key_cnt -ne $end_key_cnt ]] && _fsdb_clear_hashes
+  [[ $start_key_cnt -ne $end_key_cnt ]] && _fsdb_clear_hashes "$fsdb"
 }

From 2c478f879daef4324bd47d56d88a3de8be27462d Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Mon, 11 Sep 2017 09:16:03 -0600
Subject: [PATCH 10/25] Simplify how ignore patterns are to gitignore during
 init

---
 src/commands/git_secret_init.sh | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/src/commands/git_secret_init.sh b/src/commands/git_secret_init.sh
index 481fec2d..80dccfa3 100644
--- a/src/commands/git_secret_init.sh
+++ b/src/commands/git_secret_init.sh
@@ -1,17 +1,15 @@
 #!/usr/bin/env bash
 
-AWK_CHECK_GITIGNORE='
+AWK_ADD_TO_GITIGNORE='
 BEGIN { cnt=0; }
 {
-  if ( pattern == $0 )
-    cnt++
+  print $0
+  if ( $0 == pattern ) cnt++;
 }
-
-END { print cnt }
+ENDFILE { if ( cnt == 0) print pattern; }
 '
 
-
-function gitignore_has_pattern {
+function gitignore_add_pattern {
   local pattern
   local gitignore_file_path
 
@@ -19,10 +17,9 @@ function gitignore_has_pattern {
   gitignore_file_path=$(_append_root_path '.gitignore')
 
   _maybe_create_gitignore
-  gawk -v pattern="$pattern" "$AWK_CHECK_GITIGNORE" "$gitignore_file_path"
+  gawk -i inplace -v pattern="$pattern" "$AWK_ADD_TO_GITIGNORE" "$gitignore_file_path"
 }
 
-
 function init {
   OPTIND=1
 
@@ -53,12 +50,9 @@ function init {
 
   echo "'$git_secret_dir/' created."
 
-  # verify random_seed file is ignored
   local random_seed_file
-  local already_in
-  random_seed_file=$(_append_root_path '.gitignore/random_seed')
-  already_in=$(gitignore_has_pattern "$random_seed_file")
-  [[ "$already_in" -gt 0 ]] && \
-    echo "$random_seed_file" >> "$gitignore_file_path"
+  random_seed_file=".gitsecret/keys/random_seed"
+  gitignore_add_pattern "$random_seed_file"
+
   # TODO: git attributes to view diffs
 }

From c602db958374546baede7fcfd3663ee5aa2e89de Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Mon, 11 Sep 2017 21:06:02 -0600
Subject: [PATCH 11/25] Migrate to exported keys.

---
 tests/fixtures/gpg/attacker1/private.key  |  59 ++++++++++++++++++++++
 tests/fixtures/gpg/attacker1/public.key   |  30 +++++++++++
 tests/fixtures/gpg/attacker1/pubring.gpg  | Bin 1193 -> 0 bytes
 tests/fixtures/gpg/attacker1/pubring.gpg~ | Bin 1193 -> 0 bytes
 tests/fixtures/gpg/attacker1/random_seed  | Bin 600 -> 0 bytes
 tests/fixtures/gpg/attacker1/secring.gpg  | Bin 2570 -> 0 bytes
 tests/fixtures/gpg/attacker1/trustdb.gpg  | Bin 1280 -> 0 bytes
 tests/fixtures/gpg/user1/private.key      |  59 ++++++++++++++++++++++
 tests/fixtures/gpg/user1/public.key       |  30 +++++++++++
 tests/fixtures/gpg/user1/pubring.gpg      | Bin 1185 -> 0 bytes
 tests/fixtures/gpg/user1/pubring.gpg~     | Bin 1185 -> 0 bytes
 tests/fixtures/gpg/user1/random_seed      | Bin 600 -> 0 bytes
 tests/fixtures/gpg/user1/secring.gpg      | Bin 2563 -> 0 bytes
 tests/fixtures/gpg/user1/trustdb.gpg      | Bin 1280 -> 0 bytes
 tests/fixtures/gpg/user2/private.key      |  59 ++++++++++++++++++++++
 tests/fixtures/gpg/user2/public.key       |  30 +++++++++++
 tests/fixtures/gpg/user2/pubring.gpg      | Bin 1185 -> 0 bytes
 tests/fixtures/gpg/user2/pubring.gpg~     | Bin 1185 -> 0 bytes
 tests/fixtures/gpg/user2/random_seed      | Bin 600 -> 0 bytes
 tests/fixtures/gpg/user2/secring.gpg      | Bin 2562 -> 0 bytes
 tests/fixtures/gpg/user2/trustdb.gpg      | Bin 1280 -> 0 bytes
 21 files changed, 267 insertions(+)
 create mode 100644 tests/fixtures/gpg/attacker1/private.key
 create mode 100644 tests/fixtures/gpg/attacker1/public.key
 delete mode 100755 tests/fixtures/gpg/attacker1/pubring.gpg
 delete mode 100755 tests/fixtures/gpg/attacker1/pubring.gpg~
 delete mode 100755 tests/fixtures/gpg/attacker1/random_seed
 delete mode 100755 tests/fixtures/gpg/attacker1/secring.gpg
 delete mode 100755 tests/fixtures/gpg/attacker1/trustdb.gpg
 create mode 100644 tests/fixtures/gpg/user1/private.key
 create mode 100644 tests/fixtures/gpg/user1/public.key
 delete mode 100755 tests/fixtures/gpg/user1/pubring.gpg
 delete mode 100755 tests/fixtures/gpg/user1/pubring.gpg~
 delete mode 100755 tests/fixtures/gpg/user1/random_seed
 delete mode 100755 tests/fixtures/gpg/user1/secring.gpg
 delete mode 100755 tests/fixtures/gpg/user1/trustdb.gpg
 create mode 100644 tests/fixtures/gpg/user2/private.key
 create mode 100644 tests/fixtures/gpg/user2/public.key
 delete mode 100755 tests/fixtures/gpg/user2/pubring.gpg
 delete mode 100755 tests/fixtures/gpg/user2/pubring.gpg~
 delete mode 100755 tests/fixtures/gpg/user2/random_seed
 delete mode 100755 tests/fixtures/gpg/user2/secring.gpg
 delete mode 100755 tests/fixtures/gpg/user2/trustdb.gpg

diff --git a/tests/fixtures/gpg/attacker1/private.key b/tests/fixtures/gpg/attacker1/private.key
new file mode 100644
index 00000000..678a5e95
--- /dev/null
+++ b/tests/fixtures/gpg/attacker1/private.key
@@ -0,0 +1,59 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQO+BFaigVQBCADC5dJ0xweZ+6L0owo2wpKSbQFGQoRJxYVcc1dWe3zNZ5yBrJDV
+N79rYV5AmHnIGDAJrHHV9rYM4+C8obKka7P3ROm0RMsYKDhpQXWFjsOrl1rjWL86
+6D4X7Q5uuJWluPp1+hbzpBmNCX3Y5sr1fmCazvR5iIAvY3EkYbqDt2+BtGTqlevY
+ivWiOoPKRY9Dc44rKQh8GmaVJzcO3D21IF70i3GnOtjUSK8DWXdD4BrtYTE/9Ua4
+bmT2pOPmGMcI38pQHZQXqMPTzloakZk9qIbBoB3FS/UFxQr3R3V+tXPm1Eca/75G
++U4VCRLUFWsDU5d+oTCFCa0qNjGnLFOE85C7ABEBAAH+AwMCW7i8uGNVEnRgGKI3
+2g1TXbUxgqg8ayjCkE2m99KmtbzxAAGJfuETnpxMo9U5JDOk68UC4jgArfWFOad5
+Q3waxbCmKOTuSKqiA1FjXVoL5CtSzziygJ2XSLFh+fOsyeXWSdsmHjIQsXmwSnEm
+9TJxNHNA5AL53lX+ike78cP8fNNlZSFWzfqGSe2nHgLICqMAk8hDUO6s/zFrHmbb
+6Bu7azLTe4r9oEHcD8XsGlxhUUntK8WFPnrZlAdo++E8Ax4VQA/KXaU7STNutMQu
+tvuIOB+E6RRH/lKesIwt2Hrbin/AQKzyyedUJOVqW/UCsXBN9dnpbdR5pSn3eXxy
+LLb3S7whUVUE3HSrVqTRoyupyX10lAecpHPJMB6qq054x1xStPAkcsuVGrewznjD
+Zywicif6QzbBc6ZN1tS7fOxxJ9vn5qT9et0xnIJqFc++eofJHJ/Wl9eBtg5XTis7
+69ERbU6GjqVJhAmPPQNoEVUhS1hJimQxAF/oqhEO8yTEJhmGZIzYTrQ1GcLh/AiH
+qkZ5LVwraTrXOJJaRzBL+bzfJa91MJVIpfS9wDTpW/CFvFp9Og/dYmTDfE1zLgSv
+tPSD6RcFxiOTkAeLRN7X5RdFqHjWdhgu2hyd87jpfGt3u0BK1iWW6CptSeNrSFXy
+lEsU3VuBFMRIjdUAXDefN8/99LdSgO7FkLyJsTeTxGOgrdp9fJF3ZEnk5wYRj6Im
+/3NyEq5gdeow02LPIgBGqsXi5iHSAaSJEZnpguCsJqeDnzsGmiLBfy2/MS03+XzU
+FW4OxbNxprDJdheHYqJ6k2z7xchkPedk0s9JpDVe/5ShMyrJI0THP2psPm+EVlKK
+7lDpNf4hRj2by8HYLa/X21AgS8WLTWd+osyO5HQxqhMlDqtpKkOJ4q6ylb3QgDNU
+GrQiYXR0YWNrZXIxIDxhdHRhY2tlcjFAZ2l0c2VjcmV0LmlvPokBOAQTAQIAIgUC
+VqKBVAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQiAEDMVPMIKV1RwgA
+sQAQmjtDpyKS/+zzFgVuOqu5QffqylFMXw8zrchiBLTeTCEKoixNj5cccpAG9xDU
+ZcMwMw/lSAz1MXSfQ6GGvl4ErlZrlx9SSacqPwDNoKWMci9PDb3JpaXZtQQCrDmw
+nZpSE6bKvhAoTIaA6Tn8g4uOo3vTyDuX1DznrcUFrMCW7vw5ztttA1hvg5iHrs4d
+ia/FaRX0SOf9y/0u9kQW2pkWlVL2pRgQaYwHl7FQRGnrwibxyEpTQ8x+d8uU87DN
+aaiUZ5GcsZT2U6cmhuz/k0IFGL408huF5h50KVFTYQNQc3Le3v9wrh88Obn4ciX/
+2YizefDo5WGt5/mvlUfp750DvQRWooFUAQgAv54OkX9n0+L/59UUWWtqz+siBF3o
+3wMU0AKoATIZbilxoOPHzvv8iWpSlShTNsY4HqsZf7tIqfJLq91EigV0uQs0v6zw
+zFC31t8lQaQy0g0uv04xnMIvYw4xRhUa7dBphokeuuSCU7uJzq6za3Ia1hoNZEfd
+lEG/1LdGMzMLURxUlWWwpzRJdPEpEd6/InavNiffiGaiJXfTUQfpicz0k7eyXgK5
+Pat07UaIW80gol+fghu4BhEHAWAfAV6ocd/YfUn7Hax55l0/npC3Y72JMhhSW11H
+gOE1iz33INGF9pfNL+VQwQj9gUQCOcczquD4NQ7RgQAdZQ2K9k4caOzbxQARAQAB
+/gMDAlu4vLhjVRJ0YNV0uVpXwCia2Vq2WMzxN0UyvAeF9QwkV8LAJt3O/VwzdJDg
+jWALHfUHysylbmE3nwAL6gOznL+XQ/Sf1v0dzDZZi8S64t4DNGnk7wRuui2/ZRVd
+3jM2tiW/Y7ijWIpEaRwH8jtrV6+zoUt76YgBcgun+nhUzcGbdvh11Ygu5VHYxNU3
+J7p4E80gClGsciNO9B+hgR8kg+wGc+C0LBey1mh5A0AWqO0NwFlF8YlpleC09Pld
+I3+NJ4miZUMS6ue5Me1QvBcAvaY3Vuh2U0RPICI2Athx0xpILktnuANqjxg4BiZI
+Lelaxxl12ycdO5Im1IUXiLBgMOBRFvRQ/6iEb/oTGRN8aY5W93LQ7nSyKdn6B6V5
+HzDfuwrDJP6Q+sMi3SCEFgaNpNTRPu11gvMAj1V+4zwgsflZHVgkKSwvg2pRXAPp
+rNfJo6d0bfImF9w2J/2d/gYSOoWsC92VG0KY8hVWkHOBUVZFyRl4zv8UNoCtBPkM
+Wq00X0J3ZNAjnPE8hl2OK4q+4r0Q3CecVgK0tlTMqVfgNVgG0X6LV7xmbViY4HuA
+kvfmLkTFwL3NzpGVtm4S2DjMUQQygjS2GOfOM4TrNd9Jn5WMCP/7HX5K/3VjL4ai
+mpAoz0A2UeA116KaniW8PnZCm9A+ZFVALjsikgi1gBEuJC2+mgUfhbPtni41qcio
+mhN9si+BE7HhiFk8I/+xg7bAmNcw6hk/zESfKKxqqV4iiauQBy9zEtA7Gg8chcK+
+08eaunF2abkF8xbYPOF8p71sHo2UeJ1gK1lGMzTt1p7NSZm0F9VmPcy8WWjzna1z
+oRy44TyWcW90abV5gCerAhSDAlrdwZfcRG6NXT/wG0TjoCMgiIhR1X1gjpozV6NB
+3fB9sc/NDhhibsqA0i0JiYkBHwQYAQIACQUCVqKBVAIbDAAKCRCIAQMxU8wgpQqe
+CACBDi7KrqQzdzeipLadUsaTptvFBlwavpCLRtNbJI8v5i4kr8cLmyqGAwCS8Yem
+3SCI/K4ujln8an6XrhsOE/uwfyQz5iUcP7BN9sIEp/ITOIXu0q0kzxThmpJqHzvf
+bvkPemFEiwYwGZn87cFXmd7FMEoFIt/s/bCnPCuBkxvUMj/D65Sb5x1X+FzWjK2m
+OVJGpTHAixns+DDHOfXEkghQTfj1pX/LBV9nXKlSZtpDO/p/kx+xITxXA/a4EDtD
+2JpZBYmSTcbyVamQEMTzMIfEUhMbSrhKRYcm6g5Jbu5oy0ci/5qIhsR45pA7JSc0
+0Vjcr8GgU7JyYnSqF2Ua8YA6
+=Ygfi
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/fixtures/gpg/attacker1/public.key b/tests/fixtures/gpg/attacker1/public.key
new file mode 100644
index 00000000..6b367947
--- /dev/null
+++ b/tests/fixtures/gpg/attacker1/public.key
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFaigVQBCADC5dJ0xweZ+6L0owo2wpKSbQFGQoRJxYVcc1dWe3zNZ5yBrJDV
+N79rYV5AmHnIGDAJrHHV9rYM4+C8obKka7P3ROm0RMsYKDhpQXWFjsOrl1rjWL86
+6D4X7Q5uuJWluPp1+hbzpBmNCX3Y5sr1fmCazvR5iIAvY3EkYbqDt2+BtGTqlevY
+ivWiOoPKRY9Dc44rKQh8GmaVJzcO3D21IF70i3GnOtjUSK8DWXdD4BrtYTE/9Ua4
+bmT2pOPmGMcI38pQHZQXqMPTzloakZk9qIbBoB3FS/UFxQr3R3V+tXPm1Eca/75G
++U4VCRLUFWsDU5d+oTCFCa0qNjGnLFOE85C7ABEBAAG0ImF0dGFja2VyMSA8YXR0
+YWNrZXIxQGdpdHNlY3JldC5pbz6JATgEEwECACIFAlaigVQCGwMGCwkIBwMCBhUI
+AgkKCwQWAgMBAh4BAheAAAoJEIgBAzFTzCCldUcIALEAEJo7Q6cikv/s8xYFbjqr
+uUH36spRTF8PM63IYgS03kwhCqIsTY+XHHKQBvcQ1GXDMDMP5UgM9TF0n0Ohhr5e
+BK5Wa5cfUkmnKj8AzaCljHIvTw29yaWl2bUEAqw5sJ2aUhOmyr4QKEyGgOk5/IOL
+jqN708g7l9Q8563FBazAlu78Oc7bbQNYb4OYh67OHYmvxWkV9Ejn/cv9LvZEFtqZ
+FpVS9qUYEGmMB5exUERp68Im8chKU0PMfnfLlPOwzWmolGeRnLGU9lOnJobs/5NC
+BRi+NPIbheYedClRU2EDUHNy3t7/cK4fPDm5+HIl/9mIs3nw6OVhref5r5VH6e+5
+AQ0EVqKBVAEIAL+eDpF/Z9Pi/+fVFFlras/rIgRd6N8DFNACqAEyGW4pcaDjx877
+/IlqUpUoUzbGOB6rGX+7SKnyS6vdRIoFdLkLNL+s8MxQt9bfJUGkMtINLr9OMZzC
+L2MOMUYVGu3QaYaJHrrkglO7ic6us2tyGtYaDWRH3ZRBv9S3RjMzC1EcVJVlsKc0
+SXTxKRHevyJ2rzYn34hmoiV301EH6YnM9JO3sl4CuT2rdO1GiFvNIKJfn4IbuAYR
+BwFgHwFeqHHf2H1J+x2seeZdP56Qt2O9iTIYUltdR4DhNYs99yDRhfaXzS/lUMEI
+/YFEAjnHM6rg+DUO0YEAHWUNivZOHGjs28UAEQEAAYkBHwQYAQIACQUCVqKBVAIb
+DAAKCRCIAQMxU8wgpQqeCACBDi7KrqQzdzeipLadUsaTptvFBlwavpCLRtNbJI8v
+5i4kr8cLmyqGAwCS8Yem3SCI/K4ujln8an6XrhsOE/uwfyQz5iUcP7BN9sIEp/IT
+OIXu0q0kzxThmpJqHzvfbvkPemFEiwYwGZn87cFXmd7FMEoFIt/s/bCnPCuBkxvU
+Mj/D65Sb5x1X+FzWjK2mOVJGpTHAixns+DDHOfXEkghQTfj1pX/LBV9nXKlSZtpD
+O/p/kx+xITxXA/a4EDtD2JpZBYmSTcbyVamQEMTzMIfEUhMbSrhKRYcm6g5Jbu5o
+y0ci/5qIhsR45pA7JSc00Vjcr8GgU7JyYnSqF2Ua8YA6
+=CU3L
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/fixtures/gpg/attacker1/pubring.gpg b/tests/fixtures/gpg/attacker1/pubring.gpg
deleted file mode 100755
index ca28e4cb00bdf6a5889d5c858db1ffd5640fff91..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1193
zcmV;a1XlZ*0SyFJqJdNa2mr$6(saiMnfs#jqY5^{l9Fu!MnZ&1#f4mRS5|v`&1al}
ztdP|=ziVM$K$v;R7%&N}an<&=4CCOup|YfFv-d>lv_#7oC^%_Bb%l<@tCw2iSid^x
zJ{Ro{Zn%}DxcYVa7W1STjR}3&=F0VcV4BYKd5C~7V{s&5x`VfGfwW}mmFw7w^`bh1
z%0-VubB-%12z(l5l_xh2+&#4*Ui6D`r#jfwNUsA~cSGPB?O`!L^+vdEWcH-v<`~Ba
z-^x%OlozPO)6QBNk(oWHhQXj6#Y^=C#R~UFb$+#T=F~?T|Gq}~P8A6f)D>$3Q<r|B
zFog-NDmF2vEK`K@kh=g80RRECB4KoNVPk7$axox0VRUq1V{2t{F+gW&baQ26a%FTb
zX>UG>0XPH`0RjLb1p-#0fm8w;0|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@r?@
z12I#~Af<Ij2mrAF5Slwfry`R7?DG}{ZaS;ELHFv)QA}SCGp)#C1hn2vAqt`_O^=rx
za*zi15Y%PEFf$M3NDTEcbe}_^hQ3||u2yT8A5uxDDn9_tprwp*FHa4<$)%;)wFCmJ
zIk26YQWK`iz7Qx(hJfig{DX^*qkGfHJD1cv=dHyBtiYD;{5j6sZ39?ugP4b|&K-%b
z#c37vNay{_{Vw)I7TTE>l~VSl7!YZU2bZx>L}}~7Ch^EhQ$x&tcgvLXu+3?xlxLBg
zv6S{xrzVE%|C2%m7``;}8-?Z`bSY6&VFOTea^BwmaIPObIl1_9CI8uovw867<zcPo
z`LC5n>F=-t00X%J4Fp!Afm8tq0Kc9Nk$-2?;{WH>6j^I(&+8%tUFhEf6wm^w0WukG
zDRH3V$IkowiE2`nC{s4ZI3BARf4fMj@=L4TM2ZD;xeGMEtnkcGx7Ob!L8LO$4KBY<
zF`U9LV-7J!6&mf(X@-d&y5xdWyNS-Ovuko1)*20DN8OY`ztp!zGcyZO98{HMu%|Rh
zbnz(>-oGMtuQn&&h-RWCchgY^>50trlee;70=Ye_bnQlnTg@P%U!Q^-xCRji0bm~i
zUZ`>3*nLU+9jtlgT|b_Xw`0ADG8j@@T}Oc7HH$s>Akl^Pm(4HbP{9cOfkXm1$1|$n
z_%#mEfdCz44T|<o9BAy@#Q+fj00D^s9|RZy0ssjG0#>4dR010e0162ZhyepJQ_LWx
z3Z4i6fetRpuB0<}H=?Arol?e=rrX5^TpGTRi$>F1B#$rVE+ntV3!5s20|1ioho;>i
zi2SZDj#>O_ewVHr4io#Ze<U;JB^*DnP4>bBr}7gxh3?X=B+nG#nv!ZCJKt{k4|-ul
ziv}<mnf&d+SDD_$FiHg?-|YRcr#vfxlN;1BKf~*ko97)@_*~YEt)@9rMx`;piy7?r
zFvmId#F7Y5P5AYtf6E15XI!aLX4*qL`hSxju^~KH1NOKOJ44u-Sp|ubO~&$7sgMxF
z^Du|RQWG0WxJpHbCh87JZtiHyM<V~4h=#;?=8!ujCp6Jm+^@l)Q?hbmbgCC+8u5TS
HumS)BTk{^!

diff --git a/tests/fixtures/gpg/attacker1/pubring.gpg~ b/tests/fixtures/gpg/attacker1/pubring.gpg~
deleted file mode 100755
index cef7514e5a7d39e3c387bdf0ba197baa480d351f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1193
zcmV;a1XlZ*0SyFJqJdNa2mr$6(saiMnfs#jqY5^{l9Fu!MnZ&1#f4mRS5|v`&1al}
ztdP|=ziVM$K$v;R7%&N}an<&=4CCOup|YfFv-d>lv_#7oC^%_Bb%l<@tCw2iSid^x
zJ{Ro{Zn%}DxcYVa7W1STjR}3&=F0VcV4BYKd5C~7V{s&5x`VfGfwW}mmFw7w^`bh1
z%0-VubB-%12z(l5l_xh2+&#4*Ui6D`r#jfwNUsA~cSGPB?O`!L^+vdEWcH-v<`~Ba
z-^x%OlozPO)6QBNk(oWHhQXj6#Y^=C#R~UFb$+#T=F~?T|Gq}~P8A6f)D>$3Q<r|B
zFog-NDmF2vEK`K@kh=g80RRECB4KoNVPk7$axox0VRUq1V{2t{F+gW&baQ26a%FTb
zX>UG>0XPH`0RjLb1p-#0fm8w;0|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@r?@
z12I#~Af<Ij2mrAF5Slwfry`R7?DG}{ZaS;ELHFv)QA}SCGp)#C1hn2vAqt`_O^=rx
za*zi15Y%PEFf$M3NDTEcbe}_^hQ3||u2yT8A5uxDDn9_tprwp*FHa4<$)%;)wFCmJ
zIk26YQWK`iz7Qx(hJfig{DX^*qkGfHJD1cv=dHyBtiYD;{5j6sZ39?ugP4b|&K-%b
z#c37vNay{_{Vw)I7TTE>l~VSl7!YZU2bZx>L}}~7Ch^EhQ$x&tcgvLXu+3?xlxLBg
zv6S{xrzVE%|C2%m7``;}8-?Z`bSY6&VFOTea^BwmaIPObIl1_9CI8uovw867<zcPo
z`LC5n>F=-t006lG4Fp!Afm8tq0Kc9Nk$-2?;{WH>6j^I(&+8%tUFhEf6wm^w0WukG
zDRH3V$IkowiE2`nC{s4ZI3BARf4fMj@=L4TM2ZD;xeGMEtnkcGx7Ob!L8LO$4KBY<
zF`U9LV-7J!6&mf(X@-d&y5xdWyNS-Ovuko1)*20DN8OY`ztp!zGcyZO98{HMu%|Rh
zbnz(>-oGMtuQn&&h-RWCchgY^>50trlee;70=Ye_bnQlnTg@P%U!Q^-xCRji0bm~i
zUZ`>3*nLU+9jtlgT|b_Xw`0ADG8j@@T}Oc7HH$s>Akl^Pm(4HbP{9cOfkXm1$1|$n
z_%#mEfdCz44T|<o9BAy@#Q+fj00D^s9|RZy0ssjG0#>4dR010e0162ZhyepJQ_LWx
z3Z4i6fetRpuB0<}H=?Arol?e=rrX5^TpGTRi$>F1B#$rVE+ntV3!5s20|1ioho;>i
zi2SZDj#>O_ewVHr4io#Ze<U;JB^*DnP4>bBr}7gxh3?X=B+nG#nv!ZCJKt{k4|-ul
ziv}<mnf&d+SDD_$FiHg?-|YRcr#vfxlN;1BKf~*ko97)@_*~YEt)@9rMx`;piy7?r
zFvmId#F7Y5P5AYtf6E15XI!aLX4*qL`hSxju^~KH1NOKOJ44u-Sp|ubO~&$7sgMxF
z^Du|RQWG0WxJpHbCh87JZtiHyM<V~4h=#;?=8!ujCp6Jm+^@l)Q?hbmbgCC+8u5TS
HumS)8RZAYq

diff --git a/tests/fixtures/gpg/attacker1/random_seed b/tests/fixtures/gpg/attacker1/random_seed
deleted file mode 100755
index 885dc50fed9ea4ab759cef17cf089471c5522573..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 600
zcmV-e0;m0!7WNUNs3xoQSN>A)l1>dj5;m7S%_uhlgkQ(I?|LeIS-)J1!cEWcol<)7
zw+Ir2kZ_ZElLTe1W+%?JQWXdS5(~ky>5coeiJ*9mR^v3Wu6BEA{oel9dM<1;^T+eQ
zWTS$<W?~5%lM44-2MLYFu%6kuHsG~FfH92V!ADj}?#Ou#d>S;xFfgH+rCtaj`+0-B
zZMGI?2Kh!ko^%v5oPyWdU8dzR4ex);Y=11y{Udo2htdFh%t-8B{h!wH6&P24GEJ(u
zvF3zfJz5BFohUS!ZrRmjF)>+ZA*&3PknaF9ro1c%UE6UuqvXQj))o|xj(!ZPqG*$8
zponXjb5;qtiy^x=*hf4@3v6H-A*L<+xnI<{tegL^PI`dq;h^WKbW(e<-bzA%tgl&F
zLG37F?7;ETF@Vk>n#`?naNrcTH5v5)B$sfGFL+vydQ|j1C+3S;b7|mdFIGI;4vq3{
zJK7W-ajn9+wTf@Q1vi+;bjx?-2g?WHMTdd}L>5T}6;ZwIy&{q4NIA32M>FKYhY8KX
zaE++Cw<(~k^3r=Z1aq`ypccwfB;#Btl&I_V;*Dms*d?W;E<%!;SX%i19p@^XJ-DSx
zJLTY(i0R?eB<D#wu2Tx|xHvX>0j0%iQ1fuSzI-l?M6ufr+~`?HGOL`7l-=0gSeakl
zQe8cl(&5M%18hKWP0Wl{Hcx+k076AQLx`=HnK`^lmbIw#vP=9Dzb#Cx&+a83gn*s*
mU9ZPUTD9)RuCeoCPt+clw0f`2(`RPCk%vh^&~n$b$7eoggf1rl

diff --git a/tests/fixtures/gpg/attacker1/secring.gpg b/tests/fixtures/gpg/attacker1/secring.gpg
deleted file mode 100755
index 0d68730d9fbaeb6a3d71ddc58387b0731232f581..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2570
zcmV+l3ib7s1HJ@SqJdNa2mr$6(saiMnfs#jqY5^{l9Fu!MnZ&1#f4mRS5|v`&1al}
ztdP|=ziVM$K$v;R7%&N}an<&=4CCOup|YfFv-d>lv_#7oC^%_Bb%l<@tCw2iSid^x
zJ{Ro{Zn%}DxcYVa7W1STjR}3&=F0VcV4BYKd5C~7V{s&5x`VfGfwW}mmFw7w^`bh1
z%0-VubB-%12z(l5l_xh2+&#4*Ui6D`r#jfwNUsA~cSGPB?O`!L^+vdEWcH-v<`~Ba
z-^x%OlozPO)6QBNk(oWHhQXj6#Y^=C#R~UFb$+#T=F~?T|Gq}~P8A6f)D>$3Q<r|B
zFog-NDmF2vEK`K@kh=g80RRF10|NqExV*SyRT6Yy7@{}Y4O3mUF@mT(Ybe5yO{VwK
zrnS8B00D`9;S-*mOrzB~Br~Mz#RB3u0Il_fIj4C;d>X~DrYPj@NUEX(QDa?N3*;+O
z&p5JxotH?lVfpi{$>r8b+a?||5V3i%N^vIjGI2C>K;#1X-c|mJN4xRE{Cv}8Wg%A0
z`i4pEryc^x3Znp%$U{)>tp71<9%kF<8@p>V(|d~jph4UZ#q1hfVNpr#E5(IAdfAi*
zX#3$j10EGX56WGoJ4rKcw8Sp9`-nIngy|GV{!*T>j4jxD+lqg{K&<k~=Ts!+YFqUJ
zv2acG+39W6d8H}$d3<s#w)acCAyHKX+;po}q|u`*smXnGln0!obIC9ss;f?T$6Qjh
z@Fa4}l^VCO&UnLTEFy9z`a?FsbEZw!)VqA_aVOj7=A`|4-7%bkY8B7EdWXpzpVpVx
zfwm4;PAfa>(GhJ<hK{94gb9y5185OdAxl_EiexbWU+Ah44)Y|$CK-lgjMz@JH5tO;
z{0N7tMtLn<D``5{IFedNFiZKo-zBegFqKH9^u53|>09uHyjp!a58Yy9!+cG1E(EW%
z^n>Xa1;!(jkOzxI-q+<9MW}ezb{H<&9G&yH>3nN<yFg0TC6?$aZAs&6NLBKbOBCH(
zffU3@jnx2LH=j4p{q(m|fbPYRyos?llf+}7t=fHjk#}TC<mUzvkD@03b8-@{V0G#+
z(_+se07k0C;^raJ0i=l$ndySytR|;}pF0McBEf$xzcDR0`FzwBZVtt>ai*}zb{B_Y
zqI#2T`^Cs)J?CW7&q<^;UjLM#Gb+g=M8`jBY(8&<R#J-YQ0X=PAx1r$%fZ+!uh-j9
zAWOxIO=o_h%#P%AF{%?K4y$P@Ly6+9vX#BifHPDYv?5`2bYWv_WpXhfJYjTnVPk7$
zaxp+>X>@aCV{&D5E@^K*i2*nS69EDMA_W3gqJdNb8v_Ol2?z%R0tOWb0tpHW1Qr4V
z0RkQY0vCV)3JDO10Ru5p%pj$8M+gA101%oxL#HB=|LpS?1#UX4xk2~p%27;T4>PUE
zVg$6_Od$%QEKQG>9CDBb_Yl-&!!R=s<wy+mF?63pp@zO*1g=(Vmmg9|rz$@H&7h@>
zaxYH}y~(Ae*|h`$tU0iqno<*{%DxaNOoo8zIsAi*j-z|i$UB$RJm;;&1+2i9?)*8<
z+ie3_Z-bbJuFf5auf=H<^hoFZ%l$6)L>Aha7L`)=r5F%tj0cyoP(*3#!Y1*^N>fA3
zes{~1^RUfnsFY`soUxSlQ>P||?EjNO1sJ|G@*9Qb9&{;DQ(*&8b8_C^|8TA!JUO}e
zawY%Sh_iX{=;dLp=lQRdN9pgd0ssJ=1HA-RqJdNa2mrsH4v~Ln)8hZ<)f8E4YR~H;
z1YPLg0~F8#r~xt=ZYgn~<HyeX{E2E(l_*m-#yB3U8GpM-sq#y!-9(B7bh!&OzpU`g
zP`B3KB|)Sz(hV-ZPBEOqFJlfdMim<E&}oK=9=ha$Q@e@IuCr@$8rB*OWJleULBG_u
zMl&-DQ5;m2Ww56-Np$fk5#GNdcCR)k--u?SC3n+N2kD8-^pm%;UIMv2t90!~h+EAd
zqF<ka8@L7$2LWIo0bZza-`IUg`yH%#=3PIYkhf#Ki82^cTU|$h;Wdjr_aM=Q_Lt2s
z<xs&0{eeURIma`q;P^ET(SZORWetk<P8?|L+r<D80RRF10|NqExV*SyRT6Yy)pWU9
zSHLKm*;=+(%<(rxGQ0<c^$a9e!oVio&i!07bdcbUU<)1f2g=N)Zecf{01N5^vz)(|
zL-e24{T<9US&PKF;@$%^Y2@z&Zn`bMWffiCGd8v*zhk(gSc*hx90&3{Ygezcp-X$|
zhyij7r}}tQ&B2>?_;uBYF6B|!#ML(^x_A@KAPP~eawAUkAEALCB!lb*bKtZr7qZr9
zc>_QesO=5FSw-=QX_er#^!Z&Qe~l-JqGdx8>gTyJ?NGcI0KKL+R_Jz9L{A_hHUijj
z(;7%FOJ}$PYL6H=1|~=?=~~Abb=xN$JCY{Ug%^mhU@+iO7W7d6sDy9&6B!eHX^vL+
za?tK{vMJg62c>x*FyFfh!zBKY`okjKAcPhMjil7kKJ9ga^8k-ke&akKvH4jYSR^Sd
zFN11PTm$K>*U6)&bZzn`7u+@{{hj^>5;}#f3*D6)LYVRuR*-XnQC3CC8F<eB6gGgZ
z1o;eFtu$XkcVy5bobfz{U5+b?zT&+Q+$Wq?0<^YN%&Ax4HCP7Gev4PUW^GuQ;Cq0Q
z_vS7{#lXGI&XJY2ZW7oy%uxg~f;6@m=gu>P>owm=pOuUV|N9+&O8<3ZFNUI;kSNbU
zHc{X;*P@!9CA>a%LYvS&WK}>eJ0g+@wSW;WBrU$01s{d8?Vc_*smQ3B6MeETffKRe
zh*>-%|FMI%z?j!C>KQ-GM4u?EYN=i#iK~zYFLM&mI~orhg~Gnm$C|ovc4@f<^A^}V
z;e4mPY#xo2c%5J?Sw=H7?be>nNtv`4)n+}+yjf`Tovm}B9Jt{;mT_-%X|;KPC#wP!
zg92LJ!I#`bZjD_(@Eb(qpd%oNh*8yjV2+wISEE7Q@O`n*%?=o1ZpwhtEeVN<0Urby
z0RjLC1p-#0fm8w;3;+rV5QqT-F;mPSr3#)10D%rJ%C4j{cQ>M>ww+SOlcw9n23#7x
zkc&psTO^M!<}M_!#|xV(h64bS@rS0}Ac*{~E{<9JYJQil8x9luuzw^o<|Q0Iuub;D
z1gG*7IEC)gtt8JB;hK_aA3NV}`44(wM2iM68JYa;!B?5y#V|?*BH!%&u%|pLfs-55
zGC#xXl$+-rSNL4kjIE|QQbwgQz>68|_%O#g^~910P)+#trGLu>UuRsYQfAsiJNkc<
zAF&}kR|EFA5IaNInpp*jl1;|)RjH5=#PcwR#8ML*O1MfzhbHO{Np9|F%SR&rnuvzP
gc;=8hB_}k|Slq9{pi{DPVsxq(Wg78-I<Nu&01<P+)Bpeg

diff --git a/tests/fixtures/gpg/attacker1/trustdb.gpg b/tests/fixtures/gpg/attacker1/trustdb.gpg
deleted file mode 100755
index f1b041e7ea95eac01f473d9aef85ac8878495794..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1280
zcmZQfFGy!*W@Ke#Vqgec)ELTu9WZiX7sn7CRfiEIV1dza84VXu2n<L%kQ*R-Y2aTT
zhU+@BI#ookwr1Zgp3%X`Y#4k-VJRCVamhm{5Xs9>^)&I#(+Y!40Z+eum!7+|OP!PJ
KA5<Me83O=Le;A7Z

diff --git a/tests/fixtures/gpg/user1/private.key b/tests/fixtures/gpg/user1/private.key
new file mode 100644
index 00000000..1a412fe9
--- /dev/null
+++ b/tests/fixtures/gpg/user1/private.key
@@ -0,0 +1,59 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQO+BFaigO0BCACwtBp5eg1d68f9WhmYew/4eU5zjaJsNj1DHsHokxsUt9QpIdVq
+DuPxlW8pTOUrhqQZd0ozaaDMswwFpzkblelQJzt/juqy/lkK2StlQfK2YRk7zehV
+HA6YOtTFyYbyheCeSFNJ4bfy3nn1lSDTtSmDpQBz19hVBP9JapI8K96nTSuK0NAb
+FEZ7ZdFLdXbtEkXHtTL+eqrys8UI7Ou+iZZ+dBlwTl9Jszg/b6IjYCYFT/LKuLX3
+ss9fI/ypuwjB+1zys9WNDiNrrb8e26GDeOjfTH0vPuV9nU2gqLVzlssTLiWkrjSW
+g3OhO3jBBa59oEf60eBreL0FZ74LqRsPT8NVABEBAAH+AwMCDb97GbFDRhZgU4Gp
+0YHMOv/Fy3ENidzrv+jbviH170EKpIgizpIpzen4SwTT+dbks+MM9vPvvaDbJPBo
+qTkPYOm9ON6jBRTzAF0ITiioSjhXhpYHJ4eLCUPt+qSTtFLPQChSAOmmUKQD2zUP
+cLG0gjKUiapu0klbcyF8mpKIuUuQUFG0fdlEWNoKzxKF0nlQ9Fn2CTCLaJK/a8tp
+FdoO0naGBYsCUMFHIs+ntaCoQZcUl52JfcLVq0HteISCqybX13lrJIlVGRLB4YYj
+CcIsymAc2/sbKpPHRcQQHcaiPL6z20P9yo8DyLwSB1j/RnqMJU4XBY7wS7sOeJMy
+d5QhTbq3i4kgpqh59q0uJamVKJNLEb/qVZDycdgj3EIU1C7HEukaiefPnvqDFWwx
+o88VOZoeqKCvf2QQgM1a4AgwpkZ20jvDK3ydeGWA9d+BsqgfKUOfjbhxc2J5W3Fk
+J/tpjQQErEPRbRZNi9aEYNNBNZeZ1NVsu32kO3FJfj2bgAsTduHK6PAoHT3M2gXW
+EzshsMqeFabWgMLfgXA65oOmcBkCQpcRXJHEwghLS6qGkNgB9R+tWBdnfpLgCELa
+k+aYUf28szbzMyxfBfCUoMFT052oNQmeerHg4BgTQNaWMuFG9qsI5DzxFmmXLhBs
+uMZ15oOgJHaT19zW9xMV6REnnHLFrwQ6pm0bO+kDrHBiOLGG7YcjoVb1aqMRaFSu
+Po8pFNLKuLSJ35wWrGms4N9MQH1jOSWMsmOnYvJofakpA2JAXIkitNjQuo2UbA8N
+bx+klajhlBJDdyO6Z6o2dndr+XHg5tKfK+6XSuK50Xr9CdV7R6hpZG2Ek+OUNewD
+M+1DuXC/9EVOs8H1bdBd2WuGOwAgUhNND/YGqcYBqCxplvVIYeMzhgR4O3ZUNodG
+wLQadXNlcjEgPHVzZXIxQGdpdHNlY3JldC5pbz6JATgEEwECACIFAlaigO0CGwMG
+CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENKAWkGC6Z/0fskH/RIZyEdxw80P
+qyNRVg79wrhut63y7ovseavqN6wpECgkK4urqVNBErzA1LqEQONGLUjcgStCdSGA
+YJlw5ZJ67K7oRidzODnZovLndT4D1WYkf4v4jnl95CblJUkPSMHKny+uw0Mrgl3Q
+Kri5BxBggMHu330cgthpyUC0P+yqi1YRHde+2P107IdkpLYgJ1qJz3loAgm6AmG0
+kwiK6wIZzbIwvnEtZDVxvofrM1o5lAXgH+puxyC7lZaU8gnJqXGM5rYJAEPC3E6M
+m45f3JkEjnbd5ruJ07SQJ0DGklKGKL5zTG0lX30Mb28EXX0OAK1MODIHvd3LcSqb
+VJ6lMXUJehKdA74EVqKA7QEIANqD9vGoR651Kdn0z0FOVkSgZQG43KtXsoj0ifC/
+eC58JqPhRCTFcSLb55AIGLsAHcu+yRwkSwBrCisTIHqO15dSbYbbj+1LfYX0lOBN
+tGEXZA4NZ02hGOmsC2ND4+1qQ5afBIjDlMd5ceQY3MipdWHn0mi5CF04iaLDmMPE
+iy6C7NKofuSs+4+kyzg49RdnjP/Oe4cIsiEe4B6CvMPrnOoOXyMck6DmZz/Hj8+p
+keGh+vaT3/sbTyCrOEPmaC+HmLf2jCycr6wxVkOjwEY1V1ZhVVi+27uN2FskmEJm
+qeQhsDhwKhqLWmez9kWAz9TbqAVB5E5yatJMmxc6pcIkbpEAEQEAAf4DAwINv3sZ
+sUNGFmAjXQZ3NwRZ0DnvYj9t1cHfdaWtD/hKj2rlsRdgbcuANeZ5gcrZL6iXEvns
+SMuSNGx3moQBDZytbRPGVP3s5LWaZqsCj/BiCePWepVYaJTYNxXZ40bGTEy7VDL5
+rnRw9KwJzG3NNg5siKHBDbQNZZhdN1Q1PLHyxK5JnDspXtvTuYmHy0mVveY2WviE
+cnaGq07PtchE0tYIyRQgrJ3szJoh17Z/aLGR77zWLGzqF4UVQIBRLuCxrUeUTEUU
+3CHbveY0AKa5SQIu0fKyYBkeyWuWgX1JdPGFiFlPaiwId3ba+0DlXNwlHKJgWCGP
+GtGcNVo/AyUdTwQncNsXiwxJ3RG2AsqASRINQLsbUqKUE20WHBFbyRnHQcJby2si
+hjruM6mXLI4jqyMxtER9JXv1B/MTfLH8uxEOVYma3Wmp41vkICqH0LygHQ1tTKUf
+bMh0A517s53YFvkrbd110p7bfQcqpeAfZ2vUNKW/G7pUt+4sFeTPJ8A6XrBEt3rk
+H7kMjU7wI3PSm3UzEnMzxNFga40qwzclPOa1ka9KvJpH60E7pSLwf9AaYOJfuKST
+n/6uk/q+UONZZgcbtrPCaRptd86lInxHu9R8s7T7/ZK3/oPmU7M5leg7NmuAWshG
+eb+XGBO/QugLVdMz9Dc/3YELzPe+CqjRUiVpBoNfAGurZ0ou7o1KgeOQovcuh1wt
+cpHM55XeuxRvM5Xz5FgKinU0pw9t7uuASOF1Y3d7PncBkfkpvxjbPqyspVHEbloA
+JvDB7Eim8KcSIS+/DVPMdohfRdcLQLeUU7FSQ10HxERSgD4HQ70jQLYyHEsOqZv2
+04U/cwpD1EfdzITb8LQNPIPyPsgehbaMNonYiTXFW2uUBgPriAtqPSG7wF/FJbN0
+TT9N9PWFVoNciQEfBBgBAgAJBQJWooDtAhsMAAoJENKAWkGC6Z/0DY0H/A14kv3S
+l0CBUkAn6XtfsEvdBKyeOZjPNlK1HzgNwPCkbpOR4g9mTqA4tr/XzpJk/A2VE5y0
+/DIaRnxivy9trnjQG7eNdymm08My+GRCPWOkceIlSV7IBZh2iMvYpFVXELOcjH6x
+ldc+RQiJ0irRXs28XbXYc7T4JYZr7xgDQIb6yyaAAdd6//k1oHGQf2uTsNWZzs43
+OBAN2ze3DdYWXMtsskHVvnnFJSAR+03rg92VMSAfh6GKq0aFF12qTUAAWVEkoAFH
+gRBQRqVFT9RgKOgk7VRlytO1sv5bP5ZlvE5IvN9HCTHLOYCr/sTgOb3oYYQ/zZAm
+Bh9SiS8oRa1I+f4=
+=PunG
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/fixtures/gpg/user1/public.key b/tests/fixtures/gpg/user1/public.key
new file mode 100644
index 00000000..3d5358c2
--- /dev/null
+++ b/tests/fixtures/gpg/user1/public.key
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFaigO0BCACwtBp5eg1d68f9WhmYew/4eU5zjaJsNj1DHsHokxsUt9QpIdVq
+DuPxlW8pTOUrhqQZd0ozaaDMswwFpzkblelQJzt/juqy/lkK2StlQfK2YRk7zehV
+HA6YOtTFyYbyheCeSFNJ4bfy3nn1lSDTtSmDpQBz19hVBP9JapI8K96nTSuK0NAb
+FEZ7ZdFLdXbtEkXHtTL+eqrys8UI7Ou+iZZ+dBlwTl9Jszg/b6IjYCYFT/LKuLX3
+ss9fI/ypuwjB+1zys9WNDiNrrb8e26GDeOjfTH0vPuV9nU2gqLVzlssTLiWkrjSW
+g3OhO3jBBa59oEf60eBreL0FZ74LqRsPT8NVABEBAAG0GnVzZXIxIDx1c2VyMUBn
+aXRzZWNyZXQuaW8+iQE4BBMBAgAiBQJWooDtAhsDBgsJCAcDAgYVCAIJCgsEFgID
+AQIeAQIXgAAKCRDSgFpBgumf9H7JB/0SGchHccPND6sjUVYO/cK4bret8u6L7Hmr
+6jesKRAoJCuLq6lTQRK8wNS6hEDjRi1I3IErQnUhgGCZcOWSeuyu6EYnczg52aLy
+53U+A9VmJH+L+I55feQm5SVJD0jByp8vrsNDK4Jd0Cq4uQcQYIDB7t99HILYaclA
+tD/sqotWER3Xvtj9dOyHZKS2ICdaic95aAIJugJhtJMIiusCGc2yML5xLWQ1cb6H
+6zNaOZQF4B/qbscgu5WWlPIJyalxjOa2CQBDwtxOjJuOX9yZBI523ea7idO0kCdA
+xpJShii+c0xtJV99DG9vBF19DgCtTDgyB73dy3Eqm1SepTF1CXoSuQENBFaigO0B
+CADag/bxqEeudSnZ9M9BTlZEoGUBuNyrV7KI9Inwv3gufCaj4UQkxXEi2+eQCBi7
+AB3LvskcJEsAaworEyB6jteXUm2G24/tS32F9JTgTbRhF2QODWdNoRjprAtjQ+Pt
+akOWnwSIw5THeXHkGNzIqXVh59JouQhdOImiw5jDxIsuguzSqH7krPuPpMs4OPUX
+Z4z/znuHCLIhHuAegrzD65zqDl8jHJOg5mc/x4/PqZHhofr2k9/7G08gqzhD5mgv
+h5i39owsnK+sMVZDo8BGNVdWYVVYvtu7jdhbJJhCZqnkIbA4cCoai1pns/ZFgM/U
+26gFQeROcmrSTJsXOqXCJG6RABEBAAGJAR8EGAECAAkFAlaigO0CGwwACgkQ0oBa
+QYLpn/QNjQf8DXiS/dKXQIFSQCfpe1+wS90ErJ45mM82UrUfOA3A8KRuk5HiD2ZO
+oDi2v9fOkmT8DZUTnLT8MhpGfGK/L22ueNAbt413KabTwzL4ZEI9Y6Rx4iVJXsgF
+mHaIy9ikVVcQs5yMfrGV1z5FCInSKtFezbxdtdhztPglhmvvGANAhvrLJoAB13r/
++TWgcZB/a5Ow1ZnOzjc4EA3bN7cN1hZcy2yyQdW+ecUlIBH7TeuD3ZUxIB+HoYqr
+RoUXXapNQABZUSSgAUeBEFBGpUVP1GAo6CTtVGXK07Wy/ls/lmW8Tki830cJMcs5
+gKv+xOA5vehhhD/NkCYGH1KJLyhFrUj5/g==
+=0Q64
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/fixtures/gpg/user1/pubring.gpg b/tests/fixtures/gpg/user1/pubring.gpg
deleted file mode 100755
index 09d8348d883bf4746d398d9f6534ed2a570f6436..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1185
zcmV;S1YY}@0SyFJqJZrI2mr9O8hLsRUF*mFS{ayo5BPabbB&^GHa$Zg!RV746t~nV
zA=PRQ<MEYmDNN-nhNKyHN;7Go%(Dyyr#Tyy=};#-e~#+1{#gpyD`i3QwqY4N&FEDe
z4wyRB#mR>9h2Wk@Q%T{s^4@v%l_1l#DTAc|bJy5a1pi5Dk~}Nkr%fx0(9jzcMtfz^
zOLcbb5=F<gGX8q1^0UPV?CZXXmVR^@a86%Ivp7F*q9b4?1yAzIxV87P&tD__sk;cl
z`&{y~)r}4#YpuT?+o6Ma=-*6zFFxgcolT&qwR4us6D}pBt~8c|bD=wU!3C~;phx=A
z;A?oj1!ukssT&VZ!&Lwg0RREC8g+AJaxox0b#rBMF+gW&baQ26a%FTbX>UG>0XPH`
z0RjLb1p-#0fb9Ys0|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@ukNT0w&8pY(po
z2mKNm$VYL*%@3<1QC1H9!nkg?t@7@R?0Ku|H>@cTC?qS3tEp2#61>3Fx`aUEMlDF(
zfh$6FA%I|+aOIME?5^lWCv!MC*`o62bv^^tW+Z=$_>Osf<R;}MNe@WD%AYT;!$T{A
zUC=7Hxd#wnfWhwHeH?<=X~{seKkTZDRuLW7zS#YA?1yBewjd{3iO+dx0tvbTVYHJ7
zit7Ry&9X4QaV=yualVJ^Gg>*61>hg*ZpR?Im6nw93CXE(jOMlp07JsuPK=w5U)-4l
zj&|MVyNT1ZkS9RKl2V2!zH>}%C0~6EZ*K%$eGUMvOgJ(Jz1_=kDw|ZEr7?90dJ?b#
z00X%J4Fp!Afb9VY0NR80@u)|xbt&2O&p}RBM4)8>xZJB(vWWDF@V|I2d?useL?p#=
zBHQPX2pGEn9m~GS93)EsYYHn9AbO71mr`wp+mG!_eTDRt;7zn)7i10%XHB6P>8uN5
zL*wmgLzbTeh{Ke}d2!?z+{meQVdv6lxd>f2iK4@p!^Dd&g6z_$e&nqCkEF{uIQ182
zjQ`GihX}GE9^f8=yu<69>JDEc9Fw5tXFtb}&#95&q5Afd-}@U+Agee-=4da6n78(f
zES#^bF;+vPz(zG!R$*0GzT3Nv*jpr+LT0JtA+R`bDjJJgXS4Q2fX~$1s0BgfPI79}
zOq&-vrNSg`kpK|^00D^s9|RZy0ssjG0#>4c?E)JN0162Z(tuh)g6W_14UGr<4S16M
z(w9JiQa~r^dtb0i-2|+jIhfBjQnepA4Z!fEZj+JX4`xoFIJUpn&XQ#O4V4p|wEQv}
zMtowwFKw=P&>OdncPXaR!!r0}LOo-oapEOOUdRQQc8JT^q*YfCvz&~6v6a_8MF@$~
zD$!oeyj``}bF}y+hHLK_13-rQ%O-#U*Lwf?HK1{je`}Ml)tS!DH#iUt+c&oj))rjL
zY_dVszInwZAQAgb>x12uF(4m@p^B?Ug%@3_O+WxyQ6!)NM}ZJfMx{kh)L<y+B<)mX
z%G0&7{#!qmWxP&Eyx&I&G0QoCtNz5`Ilbs%gg?!YCI%l;i7zNctw{O)umS)BsZJ$5

diff --git a/tests/fixtures/gpg/user1/pubring.gpg~ b/tests/fixtures/gpg/user1/pubring.gpg~
deleted file mode 100755
index f662a8ec8dfaad49540ee690b964d3dc0e27b94a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1185
zcmV;S1YY}@0SyFJqJZrI2mr9O8hLsRUF*mFS{ayo5BPabbB&^GHa$Zg!RV746t~nV
zA=PRQ<MEYmDNN-nhNKyHN;7Go%(Dyyr#Tyy=};#-e~#+1{#gpyD`i3QwqY4N&FEDe
z4wyRB#mR>9h2Wk@Q%T{s^4@v%l_1l#DTAc|bJy5a1pi5Dk~}Nkr%fx0(9jzcMtfz^
zOLcbb5=F<gGX8q1^0UPV?CZXXmVR^@a86%Ivp7F*q9b4?1yAzIxV87P&tD__sk;cl
z`&{y~)r}4#YpuT?+o6Ma=-*6zFFxgcolT&qwR4us6D}pBt~8c|bD=wU!3C~;phx=A
z;A?oj1!ukssT&VZ!&Lwg0RREC8g+AJaxox0b#rBMF+gW&baQ26a%FTbX>UG>0XPH`
z0RjLb1p-#0fb9Ys0|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@ukNT0w&8pY(po
z2mKNm$VYL*%@3<1QC1H9!nkg?t@7@R?0Ku|H>@cTC?qS3tEp2#61>3Fx`aUEMlDF(
zfh$6FA%I|+aOIME?5^lWCv!MC*`o62bv^^tW+Z=$_>Osf<R;}MNe@WD%AYT;!$T{A
zUC=7Hxd#wnfWhwHeH?<=X~{seKkTZDRuLW7zS#YA?1yBewjd{3iO+dx0tvbTVYHJ7
zit7Ry&9X4QaV=yualVJ^Gg>*61>hg*ZpR?Im6nw93CXE(jOMlp07JsuPK=w5U)-4l
zj&|MVyNT1ZkS9RKl2V2!zH>}%C0~6EZ*K%$eGUMvOgJ(Jz1_=kDw|ZEr7?90dJ?b#
z006lG4Fp!Afb9VY0NR80@u)|xbt&2O&p}RBM4)8>xZJB(vWWDF@V|I2d?useL?p#=
zBHQPX2pGEn9m~GS93)EsYYHn9AbO71mr`wp+mG!_eTDRt;7zn)7i10%XHB6P>8uN5
zL*wmgLzbTeh{Ke}d2!?z+{meQVdv6lxd>f2iK4@p!^Dd&g6z_$e&nqCkEF{uIQ182
zjQ`GihX}GE9^f8=yu<69>JDEc9Fw5tXFtb}&#95&q5Afd-}@U+Agee-=4da6n78(f
zES#^bF;+vPz(zG!R$*0GzT3Nv*jpr+LT0JtA+R`bDjJJgXS4Q2fX~$1s0BgfPI79}
zOq&-vrNSg`kpK|^00D^s9|RZy0ssjG0#>4c?E)JN0162Z(tuh)g6W_14UGr<4S16M
z(w9JiQa~r^dtb0i-2|+jIhfBjQnepA4Z!fEZj+JX4`xoFIJUpn&XQ#O4V4p|wEQv}
zMtowwFKw=P&>OdncPXaR!!r0}LOo-oapEOOUdRQQc8JT^q*YfCvz&~6v6a_8MF@$~
zD$!oeyj``}bF}y+hHLK_13-rQ%O-#U*Lwf?HK1{je`}Ml)tS!DH#iUt+c&oj))rjL
zY_dVszInwZAQAgb>x12uF(4m@p^B?Ug%@3_O+WxyQ6!)NM}ZJfMx{kh)L<y+B<)mX
z%G0&7{#!qmWxP&Eyx&I&G0QoCtNz5`Ilbs%gg?!YCI%l;i7zNctw{O)umS)8qNXJ`

diff --git a/tests/fixtures/gpg/user1/random_seed b/tests/fixtures/gpg/user1/random_seed
deleted file mode 100755
index a81b00394fe9dab8f6fc2ba8cc6370977db7ef6a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 600
zcmV-e0;l~VWS16~`EH`_^C7z6t-XfSg~$fG!hd<pWpzC|pxKJND*0rlAp`|w2X%F8
zBKiVq<0CSet%1Yb$p0SP9QsF*Z$H}%rOXI|!+GLc$G^RNM%u0t#eU%8Y}3Ga1f`Lc
zViTvQ^__pN#W5pvV$^=g#Nl7%bJal2dr|D+xaW4}D5ELVTT0|(*}Dojx|kkDg+86b
z)!1PNK^ZK+c|cxbNK4sIzu=qU7#*r=+_KJlPxN>~f?^?v<64!9bAdqc!|Fw2j$mMW
z5Uae&J-}%9?P!u>p71h?72;VM$m2#YH6}*qtn@PDZ3QnP{V@zpcrx2eu=tZ6-SS8G
z#Xuk5zOShnrl1(fLV(TOhIoz6!X-NOh~_G2qSL*LWW*Ux3S>d<UfoPTLz5h>q0|1V
zho1m@G)pkS;Dq+2o@<cJ;{20$^fX_*h_#18p9gAaye^PKzN<FzVPdW3;|rvdr+A<M
zIL6VC6XNkgFVbSQL-j5QAVReAeC?usRIgMuIqU5xNL?+$M;qKHI;-wZEP+VH(GPni
zjmvoLc>g3ASNoHP=CL+@x8c3*Xi^EWa;iBf)zP_%zQsp3kCCy303Je&gP$%IrTa6c
zclH4!+q>Tpn6BtDnP;Ctskoe#Ol2NYJRr1D!NdJMf$AqYd8EAd!duEFjGXZs=H7a<
zpc24Ev}xWQXM;fCMg{5>2Lma-z($Y^M%9m|_PkqtZ)i=$iVe#=V1ZR($@Z5Ef{cmG
msSUMa?OqCwGi`~azQiU9pf-m=j-xFyOOJ_1i*v**4zbPADKt0$

diff --git a/tests/fixtures/gpg/user1/secring.gpg b/tests/fixtures/gpg/user1/secring.gpg
deleted file mode 100755
index c377cc721d05c45bf1c0d8b69d32089ab29c4137..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2563
zcmV+e3jFnz1HJ@SqJZrI2mr9O8hLsRUF*mFS{ayo5BPabbB&^GHa$Zg!RV746t~nV
zA=PRQ<MEYmDNN-nhNKyHN;7Go%(Dyyr#Tyy=};#-e~#+1{#gpyD`i3QwqY4N&FEDe
z4wyRB#mR>9h2Wk@Q%T{s^4@v%l_1l#DTAc|bJy5a1pi5Dk~}Nkr%fx0(9jzcMtfz^
zOLcbb5=F<gGX8q1^0UPV?CZXXmVR^@a86%Ivp7F*q9b4?1yAzIxV87P&tD__sk;cl
z`&{y~)r}4#YpuT?+o6Ma=-*6zFFxgcolT&qwR4us6D}pBt~8c|bD=wU!3C~;phx=A
z;A?oj1!ukssT&VZ!&Lwg0RRF10|NpLzk3<6Lq-;0Q-P_`fy_Gp#mjLGiQMbI=-a*_
z_3uFnq=+KUk}1vU_)7%S`PSsK;|%um@4cYgB=BgdIS*jzy*S>Z1r+lDT?kGns7g3j
zhL#5>hl>eA?fRsXv{KJNC{h6Frck5<+cghxv9y9Rl!>Zt(n(u$A$*#Wh`CFUP*Jpf
z*+f{{3eOUS(s@wyS@sDqi)fO+Ys+aB+78loh6RfPP{Btc&!@GZs6m$$mz{}y!quxm
z?RbQOt0vdid21wzRT&b&;f5m#!Ys;Q9NYUFDwD@W#1I|EqCCE{+e7`zj|0fO5(ilS
zMtY1TP8S7^@JqW6c#|@Blp#&Jw~L7&rl@)Ltu7_0l_---5x?qHkn(ZZBiuq1)Go&o
z=^BaW&z|~&6>Kr1&lNeE9;l$Ne`FAV&063HFs4R!(mTT|e4Th@fc4*jvZx;^L!XVf
zadTpMTXAG3`)Q2?1gt~RZ5B<7)`VcwK{c0|)YWXeeWW{aNq#+>fD03L;mYXnC>=e_
z+6C4VJ0Y;jo)xCnfWqH_a60CLrf?YoLYEO-k;K9XOG~PTkk|qBAFWsyXMU342twME
z=9p3ayt6j*Gb~>P@RXpzQ`4QOH3^=2vEbks6F}CMGT}z{s|e&g@fK;9E)Z<E#&za{
zpd@ya*WA|k6BX$ZC!BJ{uLL@#Z5uo31FUdjII)K9ha;g@^=hLLXjHB~k0}(=%DA+N
z-<%e#X{_MiOhA2OIVFs;W2a*BXnm<E17bj2i6XSv(7KJ3Y!3}@AEcG2;gk|XcO$xI
zsy23aYx!~D=F*=l?w3m9xzT$43DtW?sA*(vgp=cxHS7a3?L)b6zw|{;v%&Rk&|TSU
zhC2WtQWH%N_6DiO0jMl#mi0(s<1>Z?csq7fHit&Qv>J7DWpXhfJauzraxp+>X>@aC
zV{&D5E@^K*i2*nS69EDMA_W3gqJZrJ8v_Ol2?z%R0tOWb0tpHW1Qr4V0RkQY0vCV)
z3JDO>fLcL<>7Vp|$p`%s8OTR*!_5z?BT-fk{ld6zx2^K-i|l!;>Nl(@5GW)oi>s+q
zK@z;c)VhQ~<3=q=+<_}Xbs>OYnQ-NjdhD*~MkjMPIoYD}=XE{<)n+7ri};RtedH$P
zB}orR!OEX6uERqsf?d!mxVZ-qV1U8y-+df{*lEc?v_I^si&haG*S^^ObnJ&@q_!X@
zT8YnjXaWhk0%5e12#V_h8O^dVzHu#NHF3U&>oZz8lm*})>Tbs%yOoxd@(IbQag64+
z2>?UF+)j*}j$hoF1devy=DUg0w2&u2#*$KoD86${Z6#lQ3~z4)U40G!txPyF2ff|P
zaVncso~1E$33?K+0ssJ=1HJ@SqJZrI2msoH_VK7ku5~Hd^v^*~Rz#p>0l3_&SF(uo
ziSWO8E_^1V;Y1|GaU$F2kO&yN03FM|$s8n00BZ^>6Ciqy*OyXlhTD(rOMQj(l;BOY
zVHac$4QEZE80oAFV?*QZYD1Qv1c<|w$9Zw&7~IIIbz$eyXt@YoIEkXen8U=2E`sdR
zsD9+E`;Vl{I5_neXN>>Odxr?JAs*l!g1p1)oazo=BOH^U=4U_0kI$)*;i3BWli&Lr
zPavx}L*{5NhnTnaj4Yh5tT9$YqrgTrS5{$FSial4jo4cxm_lZ$<RP#)a4H&$T4%HN
zMS#!L+o%OW<W6#G(oCBdI;FxSZjk^H0RRF10|NpLzk3<6Lq-;0BV7h}Hw0PGIqzaW
zZPmfwb)~Hj_)3pz<*^rFZOec)=6Qk2*)OP<68Y>%%aSx~cbbF&4V<lQ6UJ2i?BunY
zW~%~^@L~z$)_Rp#Xq4DD71`rP#!O7RR5JOlba3>n3CwNHHV$lvp}`Hb4P}^JH&it|
zvGT;ONt`<=Ufa{TiHFNcmA&RRTKI%=c804?&$Y-z($)yc6d<gf?97@W*S3FXv61h*
z)+}u57ljo-fKe{sv8_jxOhpvjA=|y?GytZ#Ndhj>^0HtV9?5H#fqhAI@r8(4Piia(
zcXrzQK;>NAB^;t)SRs!Z(VR6}KLaHlPXs4$+ZT%rN!<~)0?L3%5)DAR8&aZ_6Kxh8
z5nIU_$3end%WEQrI_@*6mn@DWt0OVAM13WD^#}74e6jqy5e`*}n%!xs<6Gn)Du>X#
zpdAfuOr;-e$aDjpd$XO`7Wpe}-F4EQ+kFQrrQjcDYt%HQzZ<$#x9%(z<j*I-I$p3u
zw|e9sxeSd?@FR25n{_i1b2G%zU~7#k!#5>7=CzTpO1zp!>p?rEBJh9E8ermIxTKSx
z{;reyzEI;?W(OO#v%+Z_ZFkP4B78@?)O@qF`~8x){)6UIvpJRMJ2q>8TF6Fuzn2&j
zze4B>Rns%{H$UBh3(WVv3aHUiC20nOUjS>XXG$*ajY@&zkfQf4hg>akk<90n-n$fU
zGnMn?SPF`DG^Y=3?(2X^;dNtodp>sok@+dV7~4Lqtff)JZdw2)@WJdzrtqf{AuqoT
zQ_OaVUq#moK(~}ru~I`_2gF2DfIbI9y(2)jG8{_|shjrGg+Fr&L)1sz%!J$Uv<*Ci
z@;=BOg|>_~iP(uX#anBX1_SGe3u-+fyTD(?C9`x*KTY)Yg;s-Hi2)x37y$wR2?YXH
zqJZrJ8w>yn2@ukNT0w&8pY#ol2mB3qlKs+`K!H*~C+T}%uuI(pte!cT&o)xEA2<!b
z@T6{&k>U?#PM|opzt_%^Wc&@46P&dCG8#sFV!tnKu6WQJw~coxrqjbR_+&yoW2AB7
zB}rb$1(<e-%h;q<R}izDjDE3|*FHrEiP9?3Ud_B+wb*mC_$7vG?-&C>hWg7UfC1Nf
z|M@kbagcv&ld#p9&dxVD5DnWmw++@7T+3{-LDjx_#U&sS`%UYE-IXyQABUlet44(v
zU8+q$09jEapaDmL5Ku;?MNiaVDCi{ZRAtK3wX*(OKbB>@PDs4pM+q^@Ie@GF#Nau-
Z=wXCE&5$MrA5w`gC`GME`Tnp1004(i#ti@f

diff --git a/tests/fixtures/gpg/user1/trustdb.gpg b/tests/fixtures/gpg/user1/trustdb.gpg
deleted file mode 100755
index 92e8847cf6a4a1e200fa2ae19008fa7e7ce684f3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1280
zcmZQfFGy!*W@Ke#Vqgec)bO4GJ7DC(E{-8OstzMazyhP;G8!(R5TI&0kfXAB)OH^Y
z%;RA=*L2tFk66*vpTf$8ml~oRn_kZU!UhUj1_pTu1tNJFmetxEzH;|)-W~s!mN6w;
PE;?2%QHH8RC}RKs-hLZy

diff --git a/tests/fixtures/gpg/user2/private.key b/tests/fixtures/gpg/user2/private.key
new file mode 100644
index 00000000..30afe973
--- /dev/null
+++ b/tests/fixtures/gpg/user2/private.key
@@ -0,0 +1,59 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQO9BFaigRUBCACgb+7xhV1nJZim3noxozslfrWXPYEVQt7Is8QjATaKg6ULqImi
+tpgnlUNCaEAd3PMufVSqd416KyytwUOBVaFIEej/SJcJ2UU4nFvJsvo4bNmInOc3
+cNSqJ5VcI7D++wdHSecr2YayWtsh85jt6xI2oGBN334Yl6sHnNGC/vmE0pWovpib
+rwAW7bWSOYOQxpzANm9O+9oJ6WsTGVVWkZ/SAaRo+VYDA5rwCI6STt+rEcKalr5C
+sbtqELDDDrYYviU4kZx6WYdiDcF5ATSiuGZrQTjEdBFc+GmFxbW+aumeC+Y1jYOp
+aYUhbDKffnrxvFjm5+3PBbrPmJ5rFWr1f00bABEBAAH+AwMC33BVxMhK6IpgUYTN
+9Se4Ys+bykytIN9jRVRzshJ/qYWU1L2wWwEc99P+4Yfi85x++KF8iD2jlym+/KKp
+27La2ke3Bx7IvWK3YMwyUalxw/ri8C08g8XHlOZeUJW894dYaTRq2vYMBUW0F10J
+uGF1HGWqUYO4NlOMbs9W+RmUXWlItjlpdCTJdRKRPYzokrKh232NH188mYUscx62
+trLq28nNZZ9WOFhsAiMji0qpUilPg8Pt/XupwiDscPYbVEXfTDRjkDbVbz+/Gpfx
+Hbt7aWT/2rFTp0lV2EVVp+e9je0qQaGSAED8cy3mw4lVJcTUcTWfSHauEJBN3FOI
+BV7bltO4UwIToSDvUV7zZR7u9CcnpuVWXcMWppHPc6383dJ+siTG5+zHLOG99eWA
+nwsnw1w/4j64uywJKPteMkSNGO+aFCawzMMi3LPwokVtmr8gklvb2v9wmWRVf1j6
+TKeWPhzBC2kkrymuttMZyeOkyZhAPR3097v9S8CyTKbjBi4hEREt2CI2Q1GpSYLJ
+c/6RMCKh7Y+4ODw/encswL71eY4c3HqELz+GS0nzaumdIH57t/pBj1dbl63Z6gjz
+EJaOtS5I/otayLjcXQtIlV8xQwXcsgzFUYejVeb5n5IXWxxYn0Qh6uBB0GxffBQD
+lI6R58Rygmd1JOwe6WL1eFc319qfxoaDlhxxkOctUeyRB3fU/K4/KAjlVUGCfdCe
+VTJqwNMyKUNhbPoSWamMHFoJRk5O7bSlvfct6LcUcjRmK+z5SowUYC5ZeyfoeEES
+r8wX/UCFCP+syWFAICU96U9jmQeE310YF32TgI9BZiwkB9WXoiDdwcCdlBHqEOW8
+7OISrpawan9hu1dV88P1LM13TcwJEt1yhzHHqDf6ZOopOt+LciBUlZ4wLLlsc+H/
+tBp1c2VyMiA8dXNlcjJAZ2l0c2VjcmV0LmlvPokBOAQTAQIAIgUCVqKBFQIbAwYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6qDk62szbIs/ewgAi4L2kIJEtqC0
+ZUFGV9GJmvj/guEyY5buUKVXUMpNd8NhZ9uRLBFmG68mtjIlN8twNucXUTO2lLWY
+hMJpUhjobdRPzw887rNqswSIpWavPZreMKgXJ72/2md9m7cr9FmEZ9fZx80tBwdL
+2+cYa1Iixuo2vk2Un0LD42qCbh0nRxSDf3g6yDtSHYZ4i6I89XwA5TSG1/C0uIcr
+RKGDBkhd05sqCJ9t/m6oAxk3A8nZM+i2uS0+dmOVwAmDv6/A64+Aff5hYsx87UeA
+dU76ni3rw0pZXTn90wv/aY0deicDlmSUattSNg/G6KoE6RERL47ityU07D4yUvTB
+GL5gVveBX50DvgRWooEVAQgAtDzDXdJSOwmDj/JhAk0wD+RBjxIzO/V/FXCotHaq
+iSSRvZ0Jn6CMrGa0EKksGXjqY6+jhC/HLb9hXjR+ciU/E64IVNJdtGp77rjVUygr
+sY0f0ZUSQufTC9lcVAP8wNx59Bk0nluO0zeH0lMRU/cLdyGCs7C3odO5xVvFl5IJ
+6jH/95y6BdRGSDNTnzeQXT+fUHxLZbPG6AbLIXDOAK2OAHnUY62uGLF8l69x1Hym
+LVqD9TYTU9VpYq9Il8e18O6fqE1MEp4zHkyTf6IvCgZrOFL+XApwHYy1NskKi9WN
+DdQCvpDqvNSPZSqrajTdeJ4NzuVip+ccDT/tZVTA8A+0aQARAQAB/gMDAt9wVcTI
+SuiKYDgqOvDcasfFXeOTZdQn9tXs5VFeauKvovg1B6yVSE9SM/dg0vnIpIQ+b2nV
+Wm7IZXYsI6CpYWzQeAbp25Jg2lqCgmcbh9vpF5d+y/Unu1Mn8gbCRAjrwx9QLwzE
+KWUL7mt2vjesZM883iwC6PKYZnEtTuxXF5STnhjZLr5yjrAX7dEQy4m03FfXoGj0
+tNo+sR+EE2zTSgrVD3VhUFmPTiND8wWUssjQHEMgjYJOc8C05HE2ftqI6GSF8pUP
+dZag3da0OwZVI8ww2Qcu8Dkkgblv3AulLv/oaiSrS7oJvDZC+aQw+3X91FFlwn+A
+Aiwa9bL6iAJb7KjgLIV4HDXLAC8FqiM5pPFu+fvPKsqP2x/iDvkJlAD8ZqXKHFQF
+9F/jKUXgQ7+7vmQy6SJ3RCB7pMS5tCo6kE184C5htppYuKztRVlkePmK8ioT0sJE
+1wpW6AGwaJsnXk1tza0C9yrl9TArO3R+JpImHj4AbOZ//WweOODHJFJQP6TcRZC9
+FOkEIBbPGq4cHKXwYSUlD5hGFCPhTI+EYPxGxKJcw73hYDAWRVtVTb2vdC20FiRM
+uSXBaMa6zisawidYo7+HLSICn1n9swP8YhBLWdQkxIW9dwA37AXbDfbJDxkWSJl8
+sGW+P5cTlhh+hA2sD28daBtFrbYOBVsIHQg6ozYk5RLR1Vddif8XN/tWEl2mvhKs
+5QYW31M496B/tD63JQt1N6ilMLodBho1R6++2hIthF+10gjKjUmC10cGbrRx8cgl
+wlRrHiVzLNL+co0WMAnEnCC9fA4gruN/mVCSkbMDkvv1VywXl5ogzRq3OjPXDXft
+4UgYKfNC5tTmWx+uFc9KcPFN7CS/hFovjRIV+grmWbJkG4HvGrK9AG/a84ufQ/si
+ZjprbtOy6amJAR8EGAECAAkFAlaigRUCGwwACgkQ6qDk62szbIvUZQf/adIYw+fH
+M1zlGJH+C/lEFoGi0AXOTqBH13T+haoykwrxnBOdaTGY196bj+uiSbtFqQWcuMNr
+OWNNH6NAl30Ujya/ltLv7FJ3DOuUyIU/3Bhp1t1+jEppMJRYk2pkRmmTg2lrOgSv
+PiqNgmK/FBx3t+JCtmQxtrTBBnJcmx5/8YGdOCEsiGJ2jl+5Im4XgT0OhQX320o8
+2XrK7/Pp+ttmc7ExT6pc53sSYRUfEyObpCYVIz1nWK1FujfW+ojFFUvhHPwSL3ny
+dkJORg8lcQm/zXjbgCeMZ/l3ynkvSA+X9/Q7aQWGrpU0LRLGAeA9PZZDYx9JTQUY
+FfGupHnbRtqsqQ==
+=7tcw
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/fixtures/gpg/user2/public.key b/tests/fixtures/gpg/user2/public.key
new file mode 100644
index 00000000..9ab5b183
--- /dev/null
+++ b/tests/fixtures/gpg/user2/public.key
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFaigRUBCACgb+7xhV1nJZim3noxozslfrWXPYEVQt7Is8QjATaKg6ULqImi
+tpgnlUNCaEAd3PMufVSqd416KyytwUOBVaFIEej/SJcJ2UU4nFvJsvo4bNmInOc3
+cNSqJ5VcI7D++wdHSecr2YayWtsh85jt6xI2oGBN334Yl6sHnNGC/vmE0pWovpib
+rwAW7bWSOYOQxpzANm9O+9oJ6WsTGVVWkZ/SAaRo+VYDA5rwCI6STt+rEcKalr5C
+sbtqELDDDrYYviU4kZx6WYdiDcF5ATSiuGZrQTjEdBFc+GmFxbW+aumeC+Y1jYOp
+aYUhbDKffnrxvFjm5+3PBbrPmJ5rFWr1f00bABEBAAG0GnVzZXIyIDx1c2VyMkBn
+aXRzZWNyZXQuaW8+iQE4BBMBAgAiBQJWooEVAhsDBgsJCAcDAgYVCAIJCgsEFgID
+AQIeAQIXgAAKCRDqoOTrazNsiz97CACLgvaQgkS2oLRlQUZX0Yma+P+C4TJjlu5Q
+pVdQyk13w2Fn25EsEWYbrya2MiU3y3A25xdRM7aUtZiEwmlSGOht1E/PDzzus2qz
+BIilZq89mt4wqBcnvb/aZ32btyv0WYRn19nHzS0HB0vb5xhrUiLG6ja+TZSfQsPj
+aoJuHSdHFIN/eDrIO1IdhniLojz1fADlNIbX8LS4hytEoYMGSF3TmyoIn23+bqgD
+GTcDydkz6La5LT52Y5XACYO/r8Drj4B9/mFizHztR4B1TvqeLevDSlldOf3TC/9p
+jR16JwOWZJRq21I2D8boqgTpEREvjuK3JTTsPjJS9MEYvmBW94FfuQENBFaigRUB
+CAC0PMNd0lI7CYOP8mECTTAP5EGPEjM79X8VcKi0dqqJJJG9nQmfoIysZrQQqSwZ
+eOpjr6OEL8ctv2FeNH5yJT8TrghU0l20anvuuNVTKCuxjR/RlRJC59ML2VxUA/zA
+3Hn0GTSeW47TN4fSUxFT9wt3IYKzsLeh07nFW8WXkgnqMf/3nLoF1EZIM1OfN5Bd
+P59QfEtls8boBsshcM4ArY4AedRjra4YsXyXr3HUfKYtWoP1NhNT1Wlir0iXx7Xw
+7p+oTUwSnjMeTJN/oi8KBms4Uv5cCnAdjLU2yQqL1Y0N1AK+kOq81I9lKqtqNN14
+ng3O5WKn5xwNP+1lVMDwD7RpABEBAAGJAR8EGAECAAkFAlaigRUCGwwACgkQ6qDk
+62szbIvUZQf/adIYw+fHM1zlGJH+C/lEFoGi0AXOTqBH13T+haoykwrxnBOdaTGY
+196bj+uiSbtFqQWcuMNrOWNNH6NAl30Ujya/ltLv7FJ3DOuUyIU/3Bhp1t1+jEpp
+MJRYk2pkRmmTg2lrOgSvPiqNgmK/FBx3t+JCtmQxtrTBBnJcmx5/8YGdOCEsiGJ2
+jl+5Im4XgT0OhQX320o82XrK7/Pp+ttmc7ExT6pc53sSYRUfEyObpCYVIz1nWK1F
+ujfW+ojFFUvhHPwSL3nydkJORg8lcQm/zXjbgCeMZ/l3ynkvSA+X9/Q7aQWGrpU0
+LRLGAeA9PZZDYx9JTQUYFfGupHnbRtqsqQ==
+=HLsH
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/fixtures/gpg/user2/pubring.gpg b/tests/fixtures/gpg/user2/pubring.gpg
deleted file mode 100755
index 4205f575984b9451c5baef5d11ba664c977edfea..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1185
zcmV;S1YY}@0SyFJqJb3w2mqjO?(v0PXC;`X-g+^kJ0*U#mpy?MLf*);#3KPVii4#K
zsEMMsm?xD(LTEr8-19DdRH}E4dMhlg!9#&np-2(v|45e!*+n><TgkHeIBeO7oaZ-i
z)T$?yTqCgl`v*r!=PTKUvRd0A^O)`H5;mY<P2YYPm#YVy(SrW@gwmC$zL=Y@02b}F
zk~xEr#+<-5Z%+H#3F&JS8C6!1pV9%OX!%wH1Dfy%j*?E_s}aJQmcBx<yJ`@y!w$9>
zz9l%3oO)S@VhzE00W_kxW@|w>#B>o{_-Td3wZ3ZUo(twRjf1Iag&}M*pMHAryjbSv
z?au|e&zPQT6>9Z=O&b6a0RREC8g+AJaxx%1b#rBMGC*f(baQ26a%FTbX>UG>0XPH`
z0RjLb1p-#0ffWK90|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@vX_<m+oQY>Pj8
z2mp(M_K<=^wxG0SK}J{6iJJKTg5fe_mhMocS5V4Lcf(<4+mS30W*e_2wlXC*%WyX5
z7f~~|l(m?I!f8?%=xx+b&ksEAvud*hh^1z)J(}Jys23-_zuISgo3|_US%hcT*~iT-
z2M0^r=NM~JBF5@AzD<;$Lc`-~f^HorM-+p9csj^CQXPhPi=sUBd;sM%hS%`4xQ8o5
zp@RlUUDKN?2%l~KZm0tpHv`GpGw8OtEk1T*mB0yuzpudSkAQvtVPedD?MHxhPWqlL
z>%&S}T{->J3;$`29eO7NmSmJ_+fp_U#^|a9=@Ahxj^ei^H0(YyQuM(XzF=1OfnTr!
z00X%J4Fp!AffWG=0JJ>AUD8rJ34@RFVFFDs59C3Q5;HsXe-&`3w05eAB$2(H37?>h
ztY)+jsVo_I>SM2?gfGV}zhPc9esU#06RrqU(p|J_d+xZ^Qz$F3jUUmK5<=(G3)x&$
z1N^|;dGr}Ho?DL7H;2+w5mWaIcOinau(zSpxy4(>my!wUG5`0Rx&_omNHbHPH;`RF
zpHO^DWwXZU2FoFE&H$~B0D077t*#ice3!3r)O@BbT7&gA6I0b`Vy{S-$F=b8pQuet
z5}q?2Op|}2FA4^0I8y#x3UD2awKmBLi`9({)B?Vc>b%sCWh$#`G~IZf4bJ6ar{^3E
zKka2y!0->WX#f!c00D^s9|RZy0ssjG0#>4d6#^R!0162Z>Y(K7Ycp(%)MW?%Y0?<O
z=f^W#<rtCv3;9GAfuhg_&Q735*L41csxp%b@thN#X)&1B-kXo>qDi|&sRf+4!)rNX
zO&_B`mwgnECcl=_@9a`{4C|E0g+JUFY1Z9-j7n)RlvtB$WJYO|gK29z1g}0Sje=so
z6dZTA;zG7$F}Ae9269}R9)IzHoj4&Zh+=k*U%4V~7lAzvg$4K9N<7(m%J1{(`rBr6
zu`y4oT<3cdVHF<}Bb%fq6(c=oSgl36H`e-y#T8589Q+b5dGdBbPDT$UaS6Z8c-w#{
zjA!|G%6TtH5104!J81=mu9Y+`62<}GJw28~V;@OP1sE0auB3U}M%t{YumS)Bw%`|@

diff --git a/tests/fixtures/gpg/user2/pubring.gpg~ b/tests/fixtures/gpg/user2/pubring.gpg~
deleted file mode 100755
index a91b44b9bf41035dd795c48ef085555a18730522..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1185
zcmV;S1YY}@0SyFJqJb3w2mqjO?(v0PXC;`X-g+^kJ0*U#mpy?MLf*);#3KPVii4#K
zsEMMsm?xD(LTEr8-19DdRH}E4dMhlg!9#&np-2(v|45e!*+n><TgkHeIBeO7oaZ-i
z)T$?yTqCgl`v*r!=PTKUvRd0A^O)`H5;mY<P2YYPm#YVy(SrW@gwmC$zL=Y@02b}F
zk~xEr#+<-5Z%+H#3F&JS8C6!1pV9%OX!%wH1Dfy%j*?E_s}aJQmcBx<yJ`@y!w$9>
zz9l%3oO)S@VhzE00W_kxW@|w>#B>o{_-Td3wZ3ZUo(twRjf1Iag&}M*pMHAryjbSv
z?au|e&zPQT6>9Z=O&b6a0RREC8g+AJaxx%1b#rBMGC*f(baQ26a%FTbX>UG>0XPH`
z0RjLb1p-#0ffWK90|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@vX_<m+oQY>Pj8
z2mp(M_K<=^wxG0SK}J{6iJJKTg5fe_mhMocS5V4Lcf(<4+mS30W*e_2wlXC*%WyX5
z7f~~|l(m?I!f8?%=xx+b&ksEAvud*hh^1z)J(}Jys23-_zuISgo3|_US%hcT*~iT-
z2M0^r=NM~JBF5@AzD<;$Lc`-~f^HorM-+p9csj^CQXPhPi=sUBd;sM%hS%`4xQ8o5
zp@RlUUDKN?2%l~KZm0tpHv`GpGw8OtEk1T*mB0yuzpudSkAQvtVPedD?MHxhPWqlL
z>%&S}T{->J3;$`29eO7NmSmJ_+fp_U#^|a9=@Ahxj^ei^H0(YyQuM(XzF=1OfnTr!
z006lG4Fp!AffWG=0JJ>AUD8rJ34@RFVFFDs59C3Q5;HsXe-&`3w05eAB$2(H37?>h
ztY)+jsVo_I>SM2?gfGV}zhPc9esU#06RrqU(p|J_d+xZ^Qz$F3jUUmK5<=(G3)x&$
z1N^|;dGr}Ho?DL7H;2+w5mWaIcOinau(zSpxy4(>my!wUG5`0Rx&_omNHbHPH;`RF
zpHO^DWwXZU2FoFE&H$~B0D077t*#ice3!3r)O@BbT7&gA6I0b`Vy{S-$F=b8pQuet
z5}q?2Op|}2FA4^0I8y#x3UD2awKmBLi`9({)B?Vc>b%sCWh$#`G~IZf4bJ6ar{^3E
zKka2y!0->WX#f!c00D^s9|RZy0ssjG0#>4d6#^R!0162Z>Y(K7Ycp(%)MW?%Y0?<O
z=f^W#<rtCv3;9GAfuhg_&Q735*L41csxp%b@thN#X)&1B-kXo>qDi|&sRf+4!)rNX
zO&_B`mwgnECcl=_@9a`{4C|E0g+JUFY1Z9-j7n)RlvtB$WJYO|gK29z1g}0Sje=so
z6dZTA;zG7$F}Ae9269}R9)IzHoj4&Zh+=k*U%4V~7lAzvg$4K9N<7(m%J1{(`rBr6
zu`y4oT<3cdVHF<}Bb%fq6(c=oSgl36H`e-y#T8589Q+b5dGdBbPDT$UaS6Z8c-w#{
zjA!|G%6TtH5104!J81=mu9Y+`62<}GJw28~V;@OP1sE0auB3U}M%t{YumS)8us9c(

diff --git a/tests/fixtures/gpg/user2/random_seed b/tests/fixtures/gpg/user2/random_seed
deleted file mode 100755
index d7dcb1b6383c9aad14c80b0cca8aa40ac5011087..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 600
zcmV-e0;l~b=XYmG=(~n2iW<djDi0iB=#`K}boc!F0CWPevXD!i5mT|J)@<EQOSvqQ
z_9>yOkHR-Z09xa~YgPuQSE04H(0ISdDn%8rfuW4-hWK)0B)|6&gM>|3iXi#{Wt){P
z4vdqsq%erYPrn(@+;~)sNuwHp6(P3S)aPT8od0W+$ad$}_%d5Hhgg}9v$L__s`Mgq
zFtCY3^}2T($S0_4-)}1;z7+)DhU@a%#D@QOhz>#3p2cX%9jSU{($$$FCUpv(>(45&
z<Mmk{_y75kH>S)5@L9hhRLZ{ZHI4ghtqVq-(ppk^xt99gP2$)=HgJF}%4Dj0d=S|7
zVaA8kGU}mb7vOjY??6RV3dWW9F2MtxBwHUh+Xh8a6=CC@O@K0G)bI&R!!@vpJEx>X
z1Du#we_TrVPqmzd<mb2&i|Pht>F|^o;ALSvIB5sdQzy0C?)BWEnCt84X47A(2x%x+
zAc|=rC-xxPS`1Rx-%)s16bb<qgg{kU2H}*&TeEa6haF4wAW}D+AEPUUf^qiJ<)LoR
zvCr$^kDs|a-}$KeJ18ru%$A!>4PFF_bhjsI1kiBe8?PS%>rT)Te(h+`J_?qID&owI
zc7A6dBM99MP8X>ePv4U}lBK2x@HldXG-7(LR@zgTHf1rshwdtU=@S5}>L`WypN3cu
z2dutl3VmNp8Dy;{{94nZ8^km|Z%1%CUftC7L)pU*KZXoa=`<3m5|$AuY~XrAsBM1@
m>vNHF6!R6)a7dAuS(br<4(>pDY(mSHY_|ax+4xtOukU@ZEGfVM

diff --git a/tests/fixtures/gpg/user2/secring.gpg b/tests/fixtures/gpg/user2/secring.gpg
deleted file mode 100755
index 79c030b5d18f8ab8aaf8a7c6b2e56ca8e8b23f01..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2562
zcmV+d3jOt!1HA-RqJb3w2mqjO?(v0PXC;`X-g+^kJ0*U#mpy?MLf*);#3KPVii4#K
zsEMMsm?xD(LTEr8-19DdRH}E4dMhlg!9#&np-2(v|45e!*+n><TgkHeIBeO7oaZ-i
z)T$?yTqCgl`v*r!=PTKUvRd0A^O)`H5;mY<P2YYPm#YVy(SrW@gwmC$zL=Y@02b}F
zk~xEr#+<-5Z%+H#3F&JS8C6!1pV9%OX!%wH1Dfy%j*?E_s}aJQmcBx<yJ`@y!w$9>
zz9l%3oO)S@VhzE00W_kxW@|w>#B>o{_-Td3wZ3ZUo(twRjf1Iag&}M*pMHAryjbSv
z?au|e&zPQT6>9Z=O&b6a0RRF10|Nrza8<;}O6ZDUQH0I)C%9tIo61bBAm3v}RCBTt
zf2oC()V;7<0UY<!{^5t>^PGP8p?ruvqn9bZ{GzGbvfA25w+9}`y<)du%ra4_al`uJ
z@GU%p#mAK9UQm_1_lH<%G-}%R3<X8B7hMUsVRam3s!@ZuHdBml&sO;vlwD~^wmE5Z
zB*}FWkv)v)lCq)OeT^SqJeh?oa~`&~vg+H(&1IifI9O}~BO{ASsZuFVgTw9pd#S=8
z>~QuQR7KxRG-Hr9)o(w)8kg}MyL)M5|Jt!rr%6@VMOCNgy^ZZEL7|cWK>Twp=EI3q
zCB)QmHJ?a!t`Lw-+*61JUfY(_xKjcXp&;*3Uh`!h?(`=orsY;$!xpBI&vUK(-O_%t
zB*y3L$1LH!_2qz{3n#-|KjJ>PyDSMP`(83cjTrBm6eh6D!y??X@S;U+n!g~DTie?I
zaG7LPe^~lVr<Oh(!3$|5uPLs!(;3O*q{)~-JstG-yZuYRvP`Dq1}-5H5iQsvHbYUV
zNrK69{*f>uq3w^jI6OakcPzlZ^?8mQ+<JsBKZZ+5^J?jxAbxwd`azFZTbHfb>Im}?
zmX5V9NdAjj$hh2H3rLk;F+&C1vJAyhhoe>I`Ja*(TO3%QL?P<nLC|bpd=vwej*;iY
za)M`dB<vpPV)b}eH`m&q#)gBI9C486Em7=|2Y1x`u0JRU<yAp~ebAm&GHSrnGATo0
zZ2A&esf-+22}Vv%?X;!6_buqR6mm3XEA077j1*ulS$ikwctH}c%oqJYg$Vzw$zebs
zB|Yg+W0?np-(46NeUpHXL1ru@2i2FNAl<>hos<#k5aqn=;u5Zwuxfu{yH{27!}To9
zcTLO*65Vo#F~_Jk`ef=UI^T<OAXJr}Ff6%jbK(EA8g+AJaxx%1b#rBMGC*f(baQ26
za%FTbX>UG>0XPH`0RjLb1p-#0ffWK90|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?
z2@vX_<m+oQY>Pj82mp(M_K<=^wxG0SK}J{6iJJKTg5fe_mhMocS5V4Lcf(<4+mS30
zW*e_2wlXC*%WyX57f~~|l(m?I!f8?%=xx+b&ksEAvud*hh^1z)J(}Jys23-_zuISg
zo3|_US%hcT*~iT-2M0^r=NM~JBF5@AzD<;$Lc`-~f^HorM-+p9csj^CQXPhPi=sUB
zd;sM%hS%`4xQ8o5p@RlUUDKN?2%l~KZm0tpHv`GpGw8OtEk1T*mB0yuzpudSkAQvt
zVPedD?MHxhPWqlL>%&S}T{->J3;$`29eO7NmSmJ_+fp_U#^|a9=@Ahxj^ei^H0(Yy
zQuM(XzF=1OfnTr!005l>z64gHffWG=0JJ>AUD8rJ34@RFVFFDs59C3Q5;HsXe-&`3
zw05eAB$2(H37?>htY)+jsVo_I>SM2?gfGV}zhPc9esU#06RrqU(p|J_d+xZ^Qz$F3
zjUUmK5<=(G3)x&$1N^|;dGr}Ho?DL7H;2+w5mWaIcOinau(zSpxy4(>my!wUG5`0R
zx&_omNHbHPH;`RFpHO^DWwXZU2FoFE&H$~B0D077t*#ice3!3r)O@BbT7&gA6I0b`
zVy{S-$F=b8pQuet5}q?2Op|}2FA4^0I8y#x3UD2awKmBLi`9({)B?Vc>b%sCWh$#`
zG~IZf4bJ6ar{^3EKka2y!0->WX#f!c00I630|MW0Rm8|j=!#%CDmw7oYRAQ0<CA67
zC-&9s<xyU0;;*9kH3zJfNKaBT_h8cb$fSfmZ)w$9ZpdYJEF++)VQkQN2I<?9VA@)O
zf@d3t+vyjVe#`YIyHh9f2Es%L>%$*VFAT&fWee_WcD^^PWY0X_ECT5Am}YS;PV83~
zl#`wq*)G0vj<6T)(GbgtwA@$MplI~8+CH%#gcEGjN($8vbzx9hk4_^)^97W$$j}@^
zAdP}fbHKFZaW;P1i0EX6@|6#DmZ06%v^xe>Bg`<_2QKhAB!Rha+zX{H|LAHYt4q2G
zyf#Alq%iw+{nSxq!he7QEE@H)`iKHs?5N-@g?Jn_%K$G0sv|k1@oxG1&nn7~+aKZ%
z`3aN&{AQ)f98?ALU*jo7;6uN=zGO1#B6ma}d!)p<v?@A~O?==kVYZrBxUB6(S!8(m
zit;KG(!xa73RdU=uxOhnUQKPytpfKd<@GQtJ9K^~k|rKL0Bq)e{cIjM;Kw9VP(P&H
zMUcG|=>#Aa&l;{A9HsDKB_$7-Mie9AOpk<M{6@s0T*JNLU@#U%TUAZHuXHW679>o$
zCBbOMy3Q*a!Y5dxzlSX%0-ss^vjhBM5KCFqB*cZicK|o+1=|hw$qyM8NSS=FWxhX`
z6P6f$gbl0@ZyjhGMXk0D1zQLm2s)!SB;^v()mL4K{}(s=RuWyNz7nkE1{U8_IQO7`
zv_7{b3w1ZBr7*f31{yU-ufEz6EregS(g@0pNrKl$25z)*@yI2@RBIk3b1c&Sa*Y-+
z3B;Try?hQJuH%21P?C|e1CsmoS1cEonjp;@w>mS|4R`I~NEj*eLgv)wTOY0!&q{Fd
zP3$DUgjz3+5*7Li=2^028-ec{vb_Lr+VhK_L;E6TI%{szvgxUb0Urby0RjLC1p-#0
zffWK93;+rV5bB`h>uWP?i_~QY|7p?~!{^5{T;&*%{tNj;7J;JB1<p>ON7r=zg{m@>
z3h|s1ooO+c*WR0t>!L}!MX3dxxWj8XV@)5UK$m?Kk0!sC((mk2cMR*4$b~=L7-`ns
zevC?KFqBx6YGg)flY?n%Is~siDvg3-zZ4vIx8g#!WHGk1!3J_%n;w7hft@%ZEQn%u
zj$gSVZWn<)4uu8x+e$pyddlzf>H6DdbFnc`s$A!L5@8h|6C<0XCKV$+XIQO8x;NJP
zh{Y94;T-%DFM0BILQX~xC2<MA&3M~@CyZzLcglG$NDr6y^gC$<hOU(~EfU57;5|K-
YLt`IFO$8Vg@vfwK+eX@~sjvb70Bt9}KmY&$

diff --git a/tests/fixtures/gpg/user2/trustdb.gpg b/tests/fixtures/gpg/user2/trustdb.gpg
deleted file mode 100755
index 1fdf84e1754ed9045bedb07075e725205e82c9b0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1280
zcmZQfFGy!*W@Ke#Vqgec)F{S)9WZiX7sn7C*6QRiyvs1G{fp_{QU78I6OhnoI=~(<
z)D9OO1}o)ftiBxUuI7rno_Mw3$?I(6oNhLV<?;wO@G^9LjGOT6p+(|0qa4G!xo;Vi
NPJa0fRfkZ<0051*88QF>


From 6ced466a84832ccece1775c74fbebd6f2c8bb107 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Tue, 12 Sep 2017 10:49:24 -0600
Subject: [PATCH 12/25] Making test compat with gnupg 2.1

---
 tests/_test_base.bash | 76 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 62 insertions(+), 14 deletions(-)

diff --git a/tests/_test_base.bash b/tests/_test_base.bash
index b8dfbb5c..90c8c306 100644
--- a/tests/_test_base.bash
+++ b/tests/_test_base.bash
@@ -11,7 +11,40 @@ source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
 # Constants:
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
 
-TEST_GPG_HOMEDIR="$BATS_TMPDIR"
+TEST_GPG_HOMEDIR="$BATS_TMPDIR/gnupg"
+
+AWK_GPG_VER_CHECK='
+/^gpg/{
+  version=$3
+  n=split(version,array,".")
+  if( n >= 2) {
+    if(array[1] >= 2)
+    {
+      if(array[2] >= 1)
+      {
+        print 1
+      }
+      else
+      {
+        print 0
+      }
+    }
+    else
+    {
+      print 0
+    }
+  }
+  else if(array[1] >= 2)
+  {
+    print 1
+  }
+  else
+  {
+    print 0
+  }
+}
+'
+
 
 # GPG-based stuff:
 : "${SECRETS_GPG_COMMAND:="gpg"}"
@@ -19,6 +52,9 @@ TEST_GPG_HOMEDIR="$BATS_TMPDIR"
 # This command is used with absolute homedir set and disabled warnings:
 GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
 
+# This is 1 is 2.1 or greater otherwise 0
+GPG_VER_21="$(gpg --version | gawk "$AWK_GPG_VER_CHECK")"
+
 
 # Personal data:
 
@@ -40,6 +76,21 @@ function test_user_email {
 
 # GPG:
 
+function stop_gpg_agent {
+  local username=$(id -u -n)
+  ps awx -u "$username" | gawk \
+    '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill -9"$1) } }' \
+    > /dev/null 2>&1
+}
+
+function get_gpgtest_prefix {
+  if [[ $GPG_VER_21 -eq 1  ]]; then
+    echo "echo \"$(test_user_password $1)\" | "
+  else
+    echo ""
+  fi
+}
+
 function get_gpg_fingerprint_by_email {
   local email="$1"
   local fingerprint
@@ -54,13 +105,9 @@ function get_gpg_fingerprint_by_email {
 
 function install_fixture_key {
   local public_key="$BATS_TMPDIR/public-${1}.key"
-  local email
 
-  email=$(test_user_email "$1")
-
-  $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
-    --no-permission-warning --output "$public_key" \
-    --armor --batch --yes --export "$email" > /dev/null 2>&1
+  \cp "$FIXTURES_DIR/gpg/${1}/public.key" "$public_key"
+  stop_gpg_agent
   $GPGTEST --import "$public_key" > /dev/null 2>&1
   rm -f "$public_key"
 }
@@ -68,17 +115,15 @@ function install_fixture_key {
 
 function install_fixture_full_key {
   local private_key="$BATS_TMPDIR/private-${1}.key"
-  local email
+  local gpgtest_prefix="$(get_gpgtest_prefix $1)"
+  local gpgtest_import="$gpgtest_prefix $GPGTEST"
   local fp
   local fingerprint
 
-  email=$(test_user_email "$1")
+  \cp "$FIXTURES_DIR/gpg/${1}/private.key" "$private_key"
 
-  $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
-    --no-permission-warning --output "$private_key" --armor \
-    --yes --export-secret-key "$email" > /dev/null 2>&1
-
-  $GPGTEST --allow-secret-key-import \
+  stop_gpg_agent
+  $gpgtest_import --allow-secret-key-import \
     --import "$private_key" > /dev/null 2>&1
 
   fp=$($GPGTEST --with-fingerprint "$private_key")
@@ -156,6 +201,9 @@ function remove_git_repository {
 function set_state_initial {
   cd "$BATS_TMPDIR" || exit 1
   rm -rf "${BATS_TMPDIR:?}/*"
+  rm -rf "$TEST_GPG_HOMEDIR"
+  mkdir -p "$TEST_GPG_HOMEDIR"
+  chmod 700 "$TEST_GPG_HOMEDIR"
 }
 
 

From d10c63c67f660a5a151e566a6e5460e480398639 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Wed, 13 Sep 2017 16:04:56 -0600
Subject: [PATCH 13/25] Ensuring hide is compat with gnupg2.1

---
 src/commands/git_secret_hide.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh
index b62ccc28..17a98f03 100644
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@@ -139,7 +139,7 @@ function hide {
     if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
       # shellcheck disable=2086
       $gpg_local --use-agent --yes --trust-model=always --encrypt \
-        $recipients -o "$output_path" "$input_path"
+        $recipients -o "$output_path" "$input_path" > /dev/null 2>&1
       # If -u option was provided, it will update unencrypted file hash
       local key="$filename"
       local hash="$file_hash"

From b78afdeff92914e0ee32bb1626e062862e8e2e2b Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Wed, 13 Sep 2017 16:05:24 -0600
Subject: [PATCH 14/25] Adding gpg version check to modify encrypt cmd

---
 src/_utils/_git_secret_tools.sh | 40 +++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
index 0a76f2f6..732a1395 100644
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@@ -47,6 +47,42 @@ BEGIN { FS=":"; OFS=":"; }
 }
 '
 
+AWK_GPG_VER_CHECK='
+/^gpg/{
+  version=$3
+  n=split(version,array,".")
+  if( n >= 2) {
+    if(array[1] >= 2)
+    {
+      if(array[2] >= 1)
+      {
+        print 1
+      }
+      else
+      {
+        print 0
+      }
+    }
+    else
+    {
+      print 0
+    }
+  }
+  else if(array[1] >= 2)
+  {
+    print 1
+  }
+  else
+  {
+    print 0
+  }
+}
+'
+
+# This is 1 for gpg vesion  2.1 or greater, otherwise 0
+GPG_VER_21="$(gpg --version | gawk "$AWK_GPG_VER_CHECK")"
+
+
 # Bash:
 
 function _function_exists {
@@ -524,6 +560,10 @@ function _decrypt {
     base="$base --homedir=$homedir"
   fi
 
+  if [[ "$GPG_VER_21" -eq 1 ]]; then
+    base="$base --pinentry-mode loopback"
+  fi
+
   if [[ ! -z "$passphrase" ]]; then
     echo "$passphrase" | $base --quiet --batch --yes --no-tty --passphrase-fd 0 \
       "$encrypted_filename"

From f9b70fbd16884c0d0dd6440dbbc48d2614432f3e Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Wed, 13 Sep 2017 16:06:16 -0600
Subject: [PATCH 15/25] Added fixes for gnupg >= 2.1

---
 tests/_test_base.bash | 75 ++++++++++++++++---------------------------
 1 file changed, 28 insertions(+), 47 deletions(-)

diff --git a/tests/_test_base.bash b/tests/_test_base.bash
index 90c8c306..b6efdc93 100644
--- a/tests/_test_base.bash
+++ b/tests/_test_base.bash
@@ -11,49 +11,24 @@ source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
 # Constants:
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
 
-TEST_GPG_HOMEDIR="$BATS_TMPDIR/gnupg"
+TEST_GPG_HOMEDIR="$BATS_TMPDIR"
 
-AWK_GPG_VER_CHECK='
-/^gpg/{
-  version=$3
-  n=split(version,array,".")
-  if( n >= 2) {
-    if(array[1] >= 2)
-    {
-      if(array[2] >= 1)
-      {
-        print 1
-      }
-      else
-      {
-        print 0
-      }
-    }
-    else
-    {
-      print 0
-    }
-  }
-  else if(array[1] >= 2)
+AWK_GPG_GET_FP='
+BEGIN { OFS=":"; FS=":"; }
+{
+  if ( $1 == "fpr" )
   {
-    print 1
-  }
-  else
-  {
-    print 0
+    print $10
+    exit
   }
 }
 '
 
-
 # GPG-based stuff:
 : "${SECRETS_GPG_COMMAND:="gpg"}"
 
 # This command is used with absolute homedir set and disabled warnings:
-GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
-
-# This is 1 is 2.1 or greater otherwise 0
-GPG_VER_21="$(gpg --version | gawk "$AWK_GPG_VER_CHECK")"
+GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning --batch"
 
 
 # Personal data:
@@ -79,10 +54,11 @@ function test_user_email {
 function stop_gpg_agent {
   local username=$(id -u -n)
   ps awx -u "$username" | gawk \
-    '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill -9"$1) } }' \
+    '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill -9 "$1) } }' \
     > /dev/null 2>&1
 }
 
+
 function get_gpgtest_prefix {
   if [[ $GPG_VER_21 -eq 1  ]]; then
     echo "echo \"$(test_user_password $1)\" | "
@@ -91,6 +67,7 @@ function get_gpgtest_prefix {
   fi
 }
 
+
 function get_gpg_fingerprint_by_email {
   local email="$1"
   local fingerprint
@@ -107,7 +84,6 @@ function install_fixture_key {
   local public_key="$BATS_TMPDIR/public-${1}.key"
 
   \cp "$FIXTURES_DIR/gpg/${1}/public.key" "$public_key"
-  stop_gpg_agent
   $GPGTEST --import "$public_key" > /dev/null 2>&1
   rm -f "$public_key"
 }
@@ -117,22 +93,25 @@ function install_fixture_full_key {
   local private_key="$BATS_TMPDIR/private-${1}.key"
   local gpgtest_prefix="$(get_gpgtest_prefix $1)"
   local gpgtest_import="$gpgtest_prefix $GPGTEST"
+  local email
   local fp
   local fingerprint
 
+  email=$(test_user_email "$1")
+
   \cp "$FIXTURES_DIR/gpg/${1}/private.key" "$private_key"
 
-  stop_gpg_agent
-  $gpgtest_import --allow-secret-key-import \
-    --import "$private_key" > /dev/null 2>&1
-
-  fp=$($GPGTEST --with-fingerprint "$private_key")
+  bash -c "$gpgtest_import --allow-secret-key-import \
+    --import \"$private_key\"" > /dev/null 2>&1
 
   # since 0.1.2 fingerprint is returned:
-  fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
+  fingerprint=$($GPGTEST --with-fingerprint \
+                         --with-colon \
+                         --list-secret-key $email | gawk "$AWK_GPG_GET_FP")
 
   install_fixture_key "$1"
 
+  rm -f "$private_key"
   # return fingerprint to delete it later:
   echo "$fingerprint"
 }
@@ -142,7 +121,7 @@ function uninstall_fixture_key {
   local email
 
   email=$(test_user_email "$1")
-  $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
+  $GPGTEST --yes --delete-key "$email" > /dev/null 2>&1
 }
 
 
@@ -156,7 +135,7 @@ function uninstall_fixture_full_key {
     fingerprint=$(get_gpg_fingerprint_by_email "$email")
   fi
 
-  $GPGTEST --batch --yes \
+  $GPGTEST --yes \
     --delete-secret-keys "$fingerprint" > /dev/null 2>&1
 
   uninstall_fixture_key "$1"
@@ -201,9 +180,6 @@ function remove_git_repository {
 function set_state_initial {
   cd "$BATS_TMPDIR" || exit 1
   rm -rf "${BATS_TMPDIR:?}/*"
-  rm -rf "$TEST_GPG_HOMEDIR"
-  mkdir -p "$TEST_GPG_HOMEDIR"
-  chmod 700 "$TEST_GPG_HOMEDIR"
 }
 
 
@@ -258,8 +234,13 @@ function unset_current_state {
   # unsets `git` state
   remove_git_repository
 
+  # stop gpg-agent
+  stop_gpg_agent
+
   # removes gpg homedir:
-  rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
+  find "$TEST_GPG_HOMEDIR" \
+    -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?" \
+    -exec rm {} +
 
   # return to the base dir:
   cd "$SECRET_PROJECT_ROOT" || exit 1

From fc334ea93899712ed49be8107e41732c8465ac63 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Wed, 20 Sep 2017 23:03:45 -0600
Subject: [PATCH 16/25] Updating ignore files

---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index 309b6085..45b8a5df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -133,3 +133,7 @@ temp/
 build/
 *.deb
 *.fpm
+
+# Kithcne files
+Gemfile.lock
+.kitchen/

From fea9c3201d703951c5cbd762879325cd1af49f3e Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sat, 23 Sep 2017 17:58:25 -0600
Subject: [PATCH 17/25] Remove left over files from tests

---
 tests/_test_base.bash | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/_test_base.bash b/tests/_test_base.bash
index b6efdc93..22b64ab2 100644
--- a/tests/_test_base.bash
+++ b/tests/_test_base.bash
@@ -239,8 +239,8 @@ function unset_current_state {
 
   # removes gpg homedir:
   find "$TEST_GPG_HOMEDIR" \
-    -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?" \
-    -exec rm {} +
+    -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?\|.*private-keys.*\|.*test_sub_dir\|.*S.gpg-agent\|.*file_to_hide.*" \
+    -exec rm -rf {} +
 
   # return to the base dir:
   cd "$SECRET_PROJECT_ROOT" || exit 1

From 41f9a004c426f54597fb208a77cce966b03cc777 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sat, 23 Sep 2017 17:59:37 -0600
Subject: [PATCH 18/25] Fix lint issues, disable false positives

---
 src/_utils/_git_secret_tools.sh | 14 ++++++++++----
 src/commands/git_secret_hide.sh | 12 +++++++-----
 src/commands/git_secret_init.sh |  1 +
 src/commands/git_secret_tell.sh |  1 +
 4 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
index 732a1395..6b970d17 100644
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@@ -19,6 +19,7 @@ _SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg"
 
 
 # AWK scripts:
+# shellcheck disable=2016
 AWK_FSDB_HAS_RECORD='
 BEGIN { FS=":"; OFS=":"; cnt=0; }
 {
@@ -30,6 +31,7 @@ BEGIN { FS=":"; OFS=":"; cnt=0; }
 END { if ( cnt > 0 ) print "0"; else print "1"; }
 '
 
+# shellcheck disable=2016
 AWK_FSDB_RM_RECORD='
 BEGIN { FS=":"; OFS=":"; }
 {
@@ -40,6 +42,7 @@ BEGIN { FS=":"; OFS=":"; }
 }
 '
 
+# shellcheck disable=2016
 AWK_FSDB_CLEAR_HASHES='
 BEGIN { FS=":"; OFS=":"; }
 {
@@ -47,6 +50,7 @@ BEGIN { FS=":"; OFS=":"; }
 }
 '
 
+# shellcheck disable=2016
 AWK_GPG_VER_CHECK='
 /^gpg/{
   version=$3
@@ -201,7 +205,8 @@ function _unique_filename {
 function _get_record_filename {
   # Returns 1st field from passed record
   local record="$1"
-  local filename=$(echo "$record" | awk -F: '{print $1}')
+  local filename
+  filename=$(echo "$record" | awk -F: '{print $1}')
 
   echo "$filename"
 }
@@ -210,7 +215,8 @@ function _get_record_filename {
 function _get_record_hash {
   # Returns 2nd field from passed record
   local record="$1"
-  local hash=$(echo "$record" | awk -F: '{print $2}')
+  local hash
+  hash=$(echo "$record" | awk -F: '{print $2}')
 
   echo "$hash"
 }
@@ -223,7 +229,7 @@ function _fsdb_has_record {
   local fsdb="$2" # required
 
   # 0 on contains, 1 for error.
-  gawk -v key=$key "$AWK_FSDB_HAS_RECORD" "$fsdb"
+  gawk -v key="$key" "$AWK_FSDB_HAS_RECORD" "$fsdb"
 }
 
 
@@ -233,7 +239,7 @@ function _fsdb_rm_record {
   local key="$1"  # required
   local fsdb="$2" # required
 
-  gawk -i inplace -v key=$key "$AWK_FSDB_RM_RECORD" "$fsdb"
+  gawk -i inplace -v key="$key" "$AWK_FSDB_RM_RECORD" "$fsdb"
 }
 
 function _fsdb_clear_hashes {
diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh
index 17a98f03..efcd0feb 100644
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+# shellcheck disable=2016
 AWK_FSDB_UPDATE_HASH='
 BEGIN { FS=":"; OFS=":"; }
 {
@@ -39,7 +40,8 @@ function _optional_delete {
 
     while read -r line; do
       # So the formating would not be repeated several times here:
-      local filename=$(_get_record_filename "$line")
+      local filename
+      filename=$(_get_record_filename "$line")
       _find_and_clean "*$filename" "$verbose"
     done < "$path_mappings"
 
@@ -59,8 +61,8 @@ function _get_file_hash {
   local checksum_local
   local file_hash
 
-  checksum_local=$(_get_checksum_local)
-  file_hash=$($checksum_local $input_path | awk '{print $1}')
+  checksum_local="$(_get_checksum_local)"
+  file_hash=$($checksum_local "$input_path" | awk '{print $1}')
 
   echo "$file_hash"
 }
@@ -72,7 +74,7 @@ function _optional_fsdb_update_hash {
 
   fsdb=$(_get_secrets_dir_paths_mapping)
 
-  gawk -i inplace -v key=$key -v hash=$hash "$AWK_FSDB_UPDATE_HASH" "$fsdb"
+  gawk -i inplace -v key="$key" -v hash="$hash" "$AWK_FSDB_UPDATE_HASH" "$fsdb"
 }
 
 
@@ -133,7 +135,7 @@ function hide {
     input_path=$(_append_root_path "$filename")
     output_path=$(_append_root_path "$encrypted_filename")
 
-    file_hash=$(_get_file_hash $input_path)
+    file_hash=$(_get_file_hash "$input_path")
 
     # encrypt file only if required
     if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
diff --git a/src/commands/git_secret_init.sh b/src/commands/git_secret_init.sh
index 80dccfa3..e3c64885 100644
--- a/src/commands/git_secret_init.sh
+++ b/src/commands/git_secret_init.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+# shellcheck disable=2016
 AWK_ADD_TO_GITIGNORE='
 BEGIN { cnt=0; }
 {
diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh
index 71b9fe3b..ecdd83b6 100644
--- a/src/commands/git_secret_tell.sh
+++ b/src/commands/git_secret_tell.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+# shellcheck disable=2016
 AWK_GPG_KEY_CNT='
 BEGIN { cnt=0; OFS=":"; FS=":"; }
 flag=0; $1 == "pub" { cnt++ }

From af98f731427da6ed1f6b5ea6b55d67333a0931d9 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sat, 23 Sep 2017 20:26:35 -0600
Subject: [PATCH 19/25] Document "-u" option for hide command

---
 man/man1/git-secret-hide.1      | Bin 1196 -> 1294 bytes
 man/man1/git-secret-hide.1.ronn |   1 +
 2 files changed, 1 insertion(+)

diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1
index 8e2764e586f2612b0e32983a2fdc2be59527545b..1a50edf7b6a2fa38ec94844213a6986fdc9589d4 100644
GIT binary patch
delta 106
zcmZ3(*~hg(n>n^rK_Nz0p|l_+u_U!vKQSexSRo^^I71;nO`$X|HMyv=pd>X#AuTf}
zwOFAfU!fqeBts!Lv7jI`FTGetK_fK}tfUyKB0o<dIU_MIJyjt;FQ-y-vl??7BLKfa
BB~}0c

delta 12
TcmeC<TEn?Pn|X6Db0Z@F8>s{F

diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn
index a4bf455f..3723aa43 100644
--- a/man/man1/git-secret-hide.1.ronn
+++ b/man/man1/git-secret-hide.1.ronn
@@ -17,6 +17,7 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX
     -v  - verbose, shows extra information.
     -c  - deletes encrypted files before creating new ones.
     -d  - deletes unencrypted files after encryption.
+    -u  - updates/adds hash of unecrypted files to path mappings (encrypts files only on change).
     -h  - shows help.
 
 

From fb29858dae822dca8547c03d04d6b329c9449010 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sun, 24 Sep 2017 07:51:46 -0600
Subject: [PATCH 20/25] doc encrypt on change option for hide cmd

---
 man/man1/git-secret-hide.1      | Bin 1294 -> 1239 bytes
 man/man1/git-secret-hide.1.ronn |   2 +-
 src/commands/git_secret_hide.sh |   6 +++---
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1
index 1a50edf7b6a2fa38ec94844213a6986fdc9589d4..cd5f48840a72e7553efa59aaf55c5f86b9d81600 100644
GIT binary patch
delta 51
zcmeC<y3V;ln^`SaK_Nz0AvG_#sIs6$AuTf}wOAoPFQ-zWJR>zvAvZrIGc7YUWpf8}
G8zTU}-Vx;h

delta 106
zcmcc4*~hg(n>n^rK_Nz0p|l_+u_U!vKQSexSRo^^I71;nO`$X|HMyv=pd>X#AuTf}
zwOFAfU!fqeBts!Lv7jI`FTGetK_fK}tfUyKB0o<dIU_MIJyjt;FQ-y-b0BjYBLLC6
BC9D7d

diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn
index 3723aa43..fe9475bf 100644
--- a/man/man1/git-secret-hide.1.ronn
+++ b/man/man1/git-secret-hide.1.ronn
@@ -17,7 +17,7 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX
     -v  - verbose, shows extra information.
     -c  - deletes encrypted files before creating new ones.
     -d  - deletes unencrypted files after encryption.
-    -u  - updates/adds hash of unecrypted files to path mappings (encrypts files only on change).
+    -m  - encrypt files only when modified.
     -h  - shows help.
 
 
diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh
index efcd0feb..9a1e3ab9 100644
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@@ -86,13 +86,13 @@ function hide {
 
   OPTIND=1
 
-  while getopts 'cduvh' opt; do
+  while getopts 'cdmvh' opt; do
     case "$opt" in
       c) clean=1;;
 
       d) delete=1;;
 
-      u) fsdb_update_hash=1;;
+      m) fsdb_update_hash=1;;
 
       v) verbose='v';;
 
@@ -142,7 +142,7 @@ function hide {
       # shellcheck disable=2086
       $gpg_local --use-agent --yes --trust-model=always --encrypt \
         $recipients -o "$output_path" "$input_path" > /dev/null 2>&1
-      # If -u option was provided, it will update unencrypted file hash
+      # If -m option was provided, it will update unencrypted file hash
       local key="$filename"
       local hash="$file_hash"
       # Update file hash if required in fsdb

From c9861a107902b196bdd42750d155bea613c29266 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Sun, 24 Sep 2017 08:03:05 -0600
Subject: [PATCH 21/25] Add local ci tests.

---
 .Dockerfiles/debian/stable/Dockerfile         |  66 +++++++++
 .Dockerfiles/fedora/latest/Dockerfile         |  69 +++++++++
 .Dockerfiles/ubuntu/latest/Dockerfile         |  66 +++++++++
 .Dockerfiles/ubuntu/rolling/Dockerfile        |  66 +++++++++
 .ci-tests/integration/gnupg-git/default.yml   | 131 ++++++++++++++++++
 .../gnupg-git/serverspec/default_spec.rb      |  45 ++++++
 .../gnupg-git/serverspec/spec_helper.rb       |  11 ++
 .ci-tests/integration/gnupg1/default.yml      |  34 +++++
 .../gnupg1/serverspec/default_spec.rb         |  45 ++++++
 .../gnupg1/serverspec/spec_helper.rb          |  11 ++
 .ci-tests/integration/gnupg2/default.yml      |  38 +++++
 .../gnupg2/serverspec/default_spec.rb         |  45 ++++++
 .../gnupg2/serverspec/spec_helper.rb          |  11 ++
 .ci-tests/integration/tasks/dependencies.yml  |  30 ++++
 .ci-tests/integration/tasks/prep-tests.yml    |  31 +++++
 .ci-tests/integration/tasks/run-tests.yml     |  65 +++++++++
 .ci-tests/integration/vars/Debian.yml         |  17 +++
 .ci-tests/integration/vars/Fedora.yml         |  20 +++
 .ci-tests/integration/vars/Ubuntu.yml         |  17 +++
 .ci-tests/integration/vars/default.yml        |  17 +++
 .kitchen.yml                                  | 112 +++++++++++++++
 CONTRIBUTING.md                               |  19 ++-
 Gemfile                                       |   7 +
 23 files changed, 971 insertions(+), 2 deletions(-)
 create mode 100644 .Dockerfiles/debian/stable/Dockerfile
 create mode 100644 .Dockerfiles/fedora/latest/Dockerfile
 create mode 100644 .Dockerfiles/ubuntu/latest/Dockerfile
 create mode 100644 .Dockerfiles/ubuntu/rolling/Dockerfile
 create mode 100644 .ci-tests/integration/gnupg-git/default.yml
 create mode 100644 .ci-tests/integration/gnupg-git/serverspec/default_spec.rb
 create mode 100644 .ci-tests/integration/gnupg-git/serverspec/spec_helper.rb
 create mode 100644 .ci-tests/integration/gnupg1/default.yml
 create mode 100644 .ci-tests/integration/gnupg1/serverspec/default_spec.rb
 create mode 100644 .ci-tests/integration/gnupg1/serverspec/spec_helper.rb
 create mode 100644 .ci-tests/integration/gnupg2/default.yml
 create mode 100644 .ci-tests/integration/gnupg2/serverspec/default_spec.rb
 create mode 100644 .ci-tests/integration/gnupg2/serverspec/spec_helper.rb
 create mode 100644 .ci-tests/integration/tasks/dependencies.yml
 create mode 100644 .ci-tests/integration/tasks/prep-tests.yml
 create mode 100644 .ci-tests/integration/tasks/run-tests.yml
 create mode 100644 .ci-tests/integration/vars/Debian.yml
 create mode 100644 .ci-tests/integration/vars/Fedora.yml
 create mode 100644 .ci-tests/integration/vars/Ubuntu.yml
 create mode 100644 .ci-tests/integration/vars/default.yml
 create mode 100644 .kitchen.yml
 create mode 100644 Gemfile

diff --git a/.Dockerfiles/debian/stable/Dockerfile b/.Dockerfiles/debian/stable/Dockerfile
new file mode 100644
index 00000000..0a6f4d92
--- /dev/null
+++ b/.Dockerfiles/debian/stable/Dockerfile
@@ -0,0 +1,66 @@
+FROM debian:stable
+
+ENV DEBIAN_FRONTEND="noninteractive" container="docker"
+
+RUN apt-get update \
+ && apt-get upgrade -y \
+ && apt-get install -y \
+	apt-utils \
+	curl \
+	locales \
+	lsb-release \
+	net-tools \
+	openssh-server \
+	python-pip \
+	python2.7 \
+	sudo \
+	systemd \
+ && pip install --upgrade pip \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+ && if ! getent passwd <%= @username %>; then \
+      useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen \
+ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
+ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
+ && /bin/rm -f /etc/systemd/system/*.wants/* \
+ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/*  \
+ && /bin/rm -f /lib/systemd/system/plymouth* \
+ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
+ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && systemctl set-default multi-user.target \
+ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
+ && echo $'[Unit]\
+\nDescription=Finish boot up\
+\nAfter=ssh.service\
+\n\
+\n[Service]\
+\nType=oneshot\
+\nRemainAfterExit=yes\
+\nExecStartPre=/bin/sleep 3s\
+\nExecStart=/bin/rm -f /run/nologin\
+\n\
+\n[Install]\
+\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
+ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]
diff --git a/.Dockerfiles/fedora/latest/Dockerfile b/.Dockerfiles/fedora/latest/Dockerfile
new file mode 100644
index 00000000..76df24ae
--- /dev/null
+++ b/.Dockerfiles/fedora/latest/Dockerfile
@@ -0,0 +1,69 @@
+FROM fedora:latest
+
+ENV container="docker"
+
+RUN dnf clean all \
+ && dnf makecache \
+ && dnf install -y \
+	curl \
+	findutils \
+	gcc \
+	glibc-langpack-en.x86_64  \
+	libffi-devel \
+	net-tools \
+	openssh-server \
+	openssl-devel \
+	python2-devel \
+	python2-pip \
+	redhat-lsb \
+	redhat-rpm-config \
+	sudo \
+	systemd \
+ && pip install --upgrade pip \
+ && dnf clean all \
+ && if ! getent passwd <%= @username %>; then \
+      useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \
+ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
+ && /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
+ && /usr/bin/rm -f /etc/systemd/system/*.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+ && /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \
+ && /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/*  \
+ && /usr/bin/rm -f /lib/systemd/system/plymouth* \
+ && /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && systemctl set-default multi-user.target \
+ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
+ && echo $'[Unit]\
+\nDescription=Finish boot up\
+\nAfter=ssh.service\
+\n\
+\n[Service]\
+\nType=oneshot\
+\nRemainAfterExit=yes\
+\nExecStartPre=/bin/sleep 3s\
+\nExecStart=/bin/rm -f /run/nologin\
+\n\
+\n[Install]\
+\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
+ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
+
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]
diff --git a/.Dockerfiles/ubuntu/latest/Dockerfile b/.Dockerfiles/ubuntu/latest/Dockerfile
new file mode 100644
index 00000000..c2ce45ed
--- /dev/null
+++ b/.Dockerfiles/ubuntu/latest/Dockerfile
@@ -0,0 +1,66 @@
+FROM ubuntu:latest
+
+ENV DEBIAN_FRONTEND="noninteractive" container="docker"
+
+RUN apt-get update \
+ && apt-get upgrade -y \
+ && apt-get install -y \
+	apt-utils \
+	curl \
+	locales \
+	lsb-release \
+	net-tools \
+	openssh-server \
+	python-pip \
+	python2.7 \
+	sudo \
+	systemd \
+ && pip install --upgrade pip \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+ && if ! getent passwd <%= @username %>; then \
+      useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
+ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
+ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
+ && /bin/rm -f /etc/systemd/system/*.wants/* \
+ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/*  \
+ && /bin/rm -f /lib/systemd/system/plymouth* \
+ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
+ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && systemctl set-default multi-user.target \
+ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
+ && echo $'[Unit]\
+\nDescription=Finish boot up\
+\nAfter=ssh.service\
+\n\
+\n[Service]\
+\nType=oneshot\
+\nRemainAfterExit=yes\
+\nExecStartPre=/bin/sleep 3s\
+\nExecStart=/bin/rm -f /run/nologin\
+\n\
+\n[Install]\
+\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
+ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]
diff --git a/.Dockerfiles/ubuntu/rolling/Dockerfile b/.Dockerfiles/ubuntu/rolling/Dockerfile
new file mode 100644
index 00000000..17b8dde7
--- /dev/null
+++ b/.Dockerfiles/ubuntu/rolling/Dockerfile
@@ -0,0 +1,66 @@
+FROM ubuntu:rolling
+
+ENV DEBIAN_FRONTEND="noninteractive" container="docker"
+
+RUN apt-get update \
+ && apt-get upgrade -y \
+ && apt-get install -y \
+	apt-utils \
+	curl \
+	locales \
+	lsb-release \
+	net-tools \
+	openssh-server \
+	python-pip \
+	python2.7 \
+	sudo \
+	systemd \
+ && pip install --upgrade pip \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+ && if ! getent passwd <%= @username %>; then \
+      useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
+ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
+ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
+ && /bin/rm -f /etc/systemd/system/*.wants/* \
+ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \
+ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/*  \
+ && /bin/rm -f /lib/systemd/system/plymouth* \
+ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
+ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && systemctl set-default multi-user.target \
+ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
+ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
+ && echo $'[Unit]\
+\nDescription=Finish boot up\
+\nAfter=ssh.service\
+\n\
+\n[Service]\
+\nType=oneshot\
+\nRemainAfterExit=yes\
+\nExecStartPre=/bin/sleep 3s\
+\nExecStart=/bin/rm -f /run/nologin\
+\n\
+\n[Install]\
+\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
+ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]
diff --git a/.ci-tests/integration/gnupg-git/default.yml b/.ci-tests/integration/gnupg-git/default.yml
new file mode 100644
index 00000000..bb92b633
--- /dev/null
+++ b/.ci-tests/integration/gnupg-git/default.yml
@@ -0,0 +1,131 @@
+---
+# host to test against
+- hosts: test-kitchen
+  remote_user: root
+  tasks:
+    - include_tasks: tasks/dependencies.yml
+
+    - name: Install build tools
+      package:
+        name: "{{ item }}"
+      with_items: "{{ build_tools }}"
+
+    - name: Check wether deb-src repos are enabled
+      command: grep -c -e "^deb-src.*" /etc/apt/sources.list
+      register: deb_src_check
+      ignore_errors: yes
+      when:
+        - ansible_os_family == "Debian"
+
+    - name: Set deb-src check results
+      set_fact:
+        deb_src_check_result: "{{ deb_src_check.stdout | default(0) | int }}"
+
+    - name: Enable Ubuntu main & restricted source repo
+      replace:
+        path: '/etc/apt/sources.list'
+        regexp: '^(#\s)(.*main\srestricted)$'
+        replace: '\2 # enabled'
+      when:
+        - ansible_distribution == "Ubuntu"
+        - deb_src_check_result >= 1
+
+    - name: Enable Debian source repos
+      replace:
+        path: '/etc/apt/sources.list'
+        regexp: '^(deb)(.*)$'
+        replace: '\1\2\ndeb-src\2'
+      when:
+        - ansible_distribution == "Debian"
+        - deb_src_check_result >= 1
+
+    - name: Install gnupg build dependencies for Debian based distros
+      apt:
+        name: gnupg2
+        state: build-dep
+        update_cache: yes
+      when:
+        - ansible_os_family == "Debian"
+
+    - name: Install gnupg build dependencies for RedHat based distros
+      command: bash -lc "yum --assumeyes install yum-utils && yum-builddep --assumeyes gnupg2"
+      when:
+        - ansible_os_family == "RedHat"
+
+    - name: Get GnuPG github api content
+      uri:
+        url: https://api.github.com/repos/gpg/gnupg/tags
+        method: GET
+        return_content: yes
+        body_format: json
+      register: gnupg_tags
+
+    - name: Set url for latest gnupg release source
+      set_fact:
+        gnupg_tarball_url: >-
+          {{
+            gnupg_tags.json |
+            selectattr('name','match','gnupg-2.*') |
+            map(attribute='tarball_url') | first
+          }}
+
+    - name: Download latest release of gnupg source
+      get_url:
+        url: "{{ gnupg_tarball_url }}"
+        dest: /tmp/gnupg.tar.gz
+        force: yes
+      retries: 5
+      delay: 10
+
+    - name: Extract gnupg source tarball
+      unarchive:
+        src: /tmp/gnupg.tar.gz
+        dest: /usr/local/src/
+
+    - name: Find gnupg src directory
+      find:
+        paths: /usr/local/src
+        patterns: "gpg-gnupg*"
+        file_type: directory
+        recurse: no
+      register: found_gpg_src
+
+    - name: Set gnupg src directory
+      set_fact:
+        gpg_src_path: "{{ found_gpg_src.files | map(attribute='path') | first }}"
+
+    - name: Run gnupg autogen
+      command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh "
+      changed_when: False
+
+    - name: Disable development msg for gnupg
+      lineinfile:
+        path: "{{ gpg_src_path }}/configure"
+        regexp: '^development_version=.*'
+        line: 'development_version=no'
+
+    - name: Set gnupg build config
+      set_fact:
+        gpg_build_config: >-
+          --sysconfdir=/etc
+          --prefix=/usr
+          --enable-symcryptrun
+          --docdir=/usr/share/doc/gnupg-2.2.0
+          --disable-rpath
+          --enable-maintainer-mode
+      changed_when: False
+
+    - name: Configure gnupg build
+      command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}"
+      changed_when: False
+
+    - name: Compile gnupg src
+      command: bash -lc "cd {{ gpg_src_path }} && make"
+      changed_when: False
+
+    - name: Install compiled gnupg
+      command: bash -lc "cd {{ gpg_src_path }}  && make install"
+      changed_when: False
+
+    - include_tasks: tasks/prep-tests.yml
+    - include_tasks: tasks/run-tests.yml
diff --git a/.ci-tests/integration/gnupg-git/serverspec/default_spec.rb b/.ci-tests/integration/gnupg-git/serverspec/default_spec.rb
new file mode 100644
index 00000000..9da394c6
--- /dev/null
+++ b/.ci-tests/integration/gnupg-git/serverspec/default_spec.rb
@@ -0,0 +1,45 @@
+require_relative './spec_helper'
+
+describe 'git-secret::test' do
+
+  describe package('git-secret') do
+    it { should be_installed }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('find /tmp/git-secret/build -name "*.rpm"') do
+      its(:stdout) { should match /git-secret.*rpm/ }
+    end
+  else
+    describe command('find /tmp/git-secret/build -name "*.deb"') do
+      its(:stdout) { should match /git-secret.*deb/ }
+    end
+  end
+
+  describe file('/.git-secret_test-passed') do
+    it { should exist }
+  end
+
+  describe file('/.git-secret_lint-passed') do
+    it { should exist }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('rpm --query --info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  else
+    describe command('dpkg-query --status git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  end
+
+  describe command('man --where "git-secret"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+  describe command('man --where "git-secret-init"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+end
diff --git a/.ci-tests/integration/gnupg-git/serverspec/spec_helper.rb b/.ci-tests/integration/gnupg-git/serverspec/spec_helper.rb
new file mode 100644
index 00000000..a9c6f99d
--- /dev/null
+++ b/.ci-tests/integration/gnupg-git/serverspec/spec_helper.rb
@@ -0,0 +1,11 @@
+require 'serverspec'
+
+# :backend can be either :exec or :ssh
+# since we are running local we use :exec
+set :backend, :exec
+
+RSpec.configure do |c|
+  c.before :all do
+    c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
+  end
+end
diff --git a/.ci-tests/integration/gnupg1/default.yml b/.ci-tests/integration/gnupg1/default.yml
new file mode 100644
index 00000000..bbe8afed
--- /dev/null
+++ b/.ci-tests/integration/gnupg1/default.yml
@@ -0,0 +1,34 @@
+---
+# host to test against
+- hosts: test-kitchen
+  remote_user: root
+  tasks:
+    - include_tasks: tasks/dependencies.yml
+
+    - name: Install gnupg
+      package:
+        name: "{{ item.name }}"
+        state: present
+      when:
+        - ansible_distribution == item.distribution
+      with_items:
+        - name: gnupg
+          distribution: Fedora
+        - name: gnupg1
+          distribution: Debian
+
+    - name: Check for gpg1 binary
+      stat:
+        path: /usr/bin/gpg1
+      register: gpg1
+
+    - name: Make gpg1 default binary
+      file:
+        src: /usr/bin/gpg1
+        dest: /usr/bin/gpg
+        state: link
+        force: yes
+      when: gpg1.stat.exists
+
+    - include_tasks: tasks/prep-tests.yml
+    - include_tasks: tasks/run-tests.yml
diff --git a/.ci-tests/integration/gnupg1/serverspec/default_spec.rb b/.ci-tests/integration/gnupg1/serverspec/default_spec.rb
new file mode 100644
index 00000000..9da394c6
--- /dev/null
+++ b/.ci-tests/integration/gnupg1/serverspec/default_spec.rb
@@ -0,0 +1,45 @@
+require_relative './spec_helper'
+
+describe 'git-secret::test' do
+
+  describe package('git-secret') do
+    it { should be_installed }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('find /tmp/git-secret/build -name "*.rpm"') do
+      its(:stdout) { should match /git-secret.*rpm/ }
+    end
+  else
+    describe command('find /tmp/git-secret/build -name "*.deb"') do
+      its(:stdout) { should match /git-secret.*deb/ }
+    end
+  end
+
+  describe file('/.git-secret_test-passed') do
+    it { should exist }
+  end
+
+  describe file('/.git-secret_lint-passed') do
+    it { should exist }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('rpm --query --info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  else
+    describe command('dpkg-query --status git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  end
+
+  describe command('man --where "git-secret"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+  describe command('man --where "git-secret-init"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+end
diff --git a/.ci-tests/integration/gnupg1/serverspec/spec_helper.rb b/.ci-tests/integration/gnupg1/serverspec/spec_helper.rb
new file mode 100644
index 00000000..a9c6f99d
--- /dev/null
+++ b/.ci-tests/integration/gnupg1/serverspec/spec_helper.rb
@@ -0,0 +1,11 @@
+require 'serverspec'
+
+# :backend can be either :exec or :ssh
+# since we are running local we use :exec
+set :backend, :exec
+
+RSpec.configure do |c|
+  c.before :all do
+    c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
+  end
+end
diff --git a/.ci-tests/integration/gnupg2/default.yml b/.ci-tests/integration/gnupg2/default.yml
new file mode 100644
index 00000000..662da7d2
--- /dev/null
+++ b/.ci-tests/integration/gnupg2/default.yml
@@ -0,0 +1,38 @@
+---
+# host to test against
+- hosts: test-kitchen
+  remote_user: root
+  tasks:
+    - include_tasks: tasks/dependencies.yml
+
+    - name: Install gnupg
+      package:
+        name: "{{ item.name }}"
+        state: present
+      when:
+        - ansible_distribution == item.distribution
+      with_items:
+        - name: gnupg2
+          distribution: Fedora
+        - name: gnupg2
+          distribution: Ubuntu
+        - name: gnupg
+          distribution: Debian
+
+    - name: Check for gpg2 binary
+      stat:
+        path: /usr/bin/gpg2
+      register: gpg2
+
+    - name: Make gpg2 default binary
+      file:
+        src: /usr/bin/gpg2
+        dest: /usr/bin/gpg
+        state: link
+        force: yes
+      when:
+        - gpg2.stat.exists
+        - gpg2.stat.islnk == False
+
+    - include_tasks: tasks/prep-tests.yml
+    - include_tasks: tasks/run-tests.yml
diff --git a/.ci-tests/integration/gnupg2/serverspec/default_spec.rb b/.ci-tests/integration/gnupg2/serverspec/default_spec.rb
new file mode 100644
index 00000000..9da394c6
--- /dev/null
+++ b/.ci-tests/integration/gnupg2/serverspec/default_spec.rb
@@ -0,0 +1,45 @@
+require_relative './spec_helper'
+
+describe 'git-secret::test' do
+
+  describe package('git-secret') do
+    it { should be_installed }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('find /tmp/git-secret/build -name "*.rpm"') do
+      its(:stdout) { should match /git-secret.*rpm/ }
+    end
+  else
+    describe command('find /tmp/git-secret/build -name "*.deb"') do
+      its(:stdout) { should match /git-secret.*deb/ }
+    end
+  end
+
+  describe file('/.git-secret_test-passed') do
+    it { should exist }
+  end
+
+  describe file('/.git-secret_lint-passed') do
+    it { should exist }
+  end
+
+  if host_inventory['platform'] == 'fedora'
+    describe command('rpm --query --info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  else
+    describe command('dpkg-query --status git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
+  end
+
+  describe command('man --where "git-secret"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+  describe command('man --where "git-secret-init"') do
+    its(:exit_status) { should eq 0 }
+  end
+
+end
diff --git a/.ci-tests/integration/gnupg2/serverspec/spec_helper.rb b/.ci-tests/integration/gnupg2/serverspec/spec_helper.rb
new file mode 100644
index 00000000..a9c6f99d
--- /dev/null
+++ b/.ci-tests/integration/gnupg2/serverspec/spec_helper.rb
@@ -0,0 +1,11 @@
+require 'serverspec'
+
+# :backend can be either :exec or :ssh
+# since we are running local we use :exec
+set :backend, :exec
+
+RSpec.configure do |c|
+  c.before :all do
+    c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
+  end
+end
diff --git a/.ci-tests/integration/tasks/dependencies.yml b/.ci-tests/integration/tasks/dependencies.yml
new file mode 100644
index 00000000..ce2f65d1
--- /dev/null
+++ b/.ci-tests/integration/tasks/dependencies.yml
@@ -0,0 +1,30 @@
+---
+- name: Load a variable file based on the OS type, or a default if not found.
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+    - "default.yml"
+
+- name: Install Dependencies
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ test_dependencies }}"
+
+- name: Get bats
+  git:
+    repo: 'https://github.com/sstephenson/bats.git'
+    dest: /opt/bats
+
+- name: Install bats
+  file:
+    src: /opt/bats/libexec/bats
+    dest: /usr/bin/bats
+    state: link
+
+- name: Install fpm
+  gem:
+    name: fpm
+    state: present
+    user_install: no
diff --git a/.ci-tests/integration/tasks/prep-tests.yml b/.ci-tests/integration/tasks/prep-tests.yml
new file mode 100644
index 00000000..d3993b10
--- /dev/null
+++ b/.ci-tests/integration/tasks/prep-tests.yml
@@ -0,0 +1,31 @@
+---
+- name: Get OS package type
+  set_fact:
+    os_pkg_type: "{{ item.os_pkg_type }}"
+  when:
+    - item.os_family == ansible_os_family
+  with_items:
+    - os_family: RedHat
+      os_pkg_type: "rpm"
+    - os_family: Debian
+      os_pkg_type: "deb"
+    - os_family: Suse
+      os_pkg_type: "rpm"
+  changed_when: false
+  tags:
+    - skip_ansible_lint
+
+- name: Get gpg version
+  command: gpg --version
+  register: gpg_version
+  changed_when: False
+
+- name: Print gpg version
+  debug:
+    msg: "Running test againts {{ gpg_version.stdout_lines | first | string }}."
+  changed_when: False
+
+- name: Copy git-secret src
+  synchronize:
+    src: /opt/workspace/
+    dest: /tmp/git-secret
diff --git a/.ci-tests/integration/tasks/run-tests.yml b/.ci-tests/integration/tasks/run-tests.yml
new file mode 100644
index 00000000..dbe8b371
--- /dev/null
+++ b/.ci-tests/integration/tasks/run-tests.yml
@@ -0,0 +1,65 @@
+---
+- name: Run ci-test
+  command: bash -lc "cd /tmp/git-secret && make test"
+  changed_when: False
+  ignore_errors: yes
+  register: test_results
+  environment:
+    PATH: /usr/local/bin:{{ ansible_env.PATH }}
+
+- name: Print ci-test results
+  debug:
+    var: test_results.stdout_lines
+
+- name: Create file when ci-test passes
+  file:
+    path: /.git-secret_test-passed
+    state: touch
+  when:
+    - test_results.rc == 0
+
+- name: Run lint
+  command: bash -lc "cd /tmp/git-secret && make lint"
+  ignore_errors: yes
+  register: lint_results
+  changed_when: False
+
+- name: Print lint results
+  debug:
+    var: lint_results.stdout_lines
+
+- name: Create file when lint passes
+  file:
+    path: /.git-secret_lint-passed
+    state: touch
+  when:
+    - lint_results.rc == 0
+
+- name: Create git-secret {{ os_pkg_type }} package
+  command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}"
+  changed_when: False
+  ignore_errors: yes
+  register: test_results
+  environment:
+    PATH: /usr/local/bin:{{ ansible_env.PATH }}
+
+- name: Find git-secret {{ os_pkg_type }} file
+  find:
+    paths: /tmp/git-secret/build
+    patterns: "*.{{ os_pkg_type }}"
+    recurse: yes
+  register: pkg_location
+
+- name: Set git-secret {{ os_pkg_type }} location
+  set_fact:
+    pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
+
+- name: Install git-secret {{ os_pkg_type }} package
+  command: bash -lc "{{ item.command }} {{ pkg_path }}"
+  when:
+    - item.os_family == ansible_os_family
+  with_items:
+    - command: "rpm --nodeps --install --force"
+      os_family: "RedHat"
+    - command: "dpkg --force-all --install"
+      os_family: "Debian"
diff --git a/.ci-tests/integration/vars/Debian.yml b/.ci-tests/integration/vars/Debian.yml
new file mode 100644
index 00000000..535c5222
--- /dev/null
+++ b/.ci-tests/integration/vars/Debian.yml
@@ -0,0 +1,17 @@
+---
+test_dependencies:
+  - gawk
+  - make
+  - git
+  - shellcheck
+  - ruby-dev
+  - rubygems
+  - man
+
+build_tools:
+  - autoconf
+  - automake
+  - build-essential
+  - imagemagick
+  - texinfo
+  - transfig
diff --git a/.ci-tests/integration/vars/Fedora.yml b/.ci-tests/integration/vars/Fedora.yml
new file mode 100644
index 00000000..9e85b2c1
--- /dev/null
+++ b/.ci-tests/integration/vars/Fedora.yml
@@ -0,0 +1,20 @@
+---
+test_dependencies:
+  - ShellCheck
+  - gawk
+  - git
+  - make
+  - man
+  - redhat-rpm-config
+  - rpm-build
+  - rsync
+  - ruby-devel
+  - rubygems
+  - rubygems-devel
+
+build_tools:
+  - ImageMagick
+  - autoconf
+  - automake
+  - texinfo
+  - transfig
diff --git a/.ci-tests/integration/vars/Ubuntu.yml b/.ci-tests/integration/vars/Ubuntu.yml
new file mode 100644
index 00000000..a55e4966
--- /dev/null
+++ b/.ci-tests/integration/vars/Ubuntu.yml
@@ -0,0 +1,17 @@
+---
+test_dependencies:
+  - gawk
+  - git
+  - make
+  - man
+  - ruby-dev
+  - rubygems
+  - shellcheck
+
+build_tools:
+  - autoconf
+  - automake
+  - build-essential
+  - imagemagick
+  - texinfo
+  - transfig
diff --git a/.ci-tests/integration/vars/default.yml b/.ci-tests/integration/vars/default.yml
new file mode 100644
index 00000000..535c5222
--- /dev/null
+++ b/.ci-tests/integration/vars/default.yml
@@ -0,0 +1,17 @@
+---
+test_dependencies:
+  - gawk
+  - make
+  - git
+  - shellcheck
+  - ruby-dev
+  - rubygems
+  - man
+
+build_tools:
+  - autoconf
+  - automake
+  - build-essential
+  - imagemagick
+  - texinfo
+  - transfig
diff --git a/.kitchen.yml b/.kitchen.yml
new file mode 100644
index 00000000..763547e2
--- /dev/null
+++ b/.kitchen.yml
@@ -0,0 +1,112 @@
+---
+driver:
+  name: docker
+  use_sudo: false
+
+provisioner:
+  # name of the host
+  hosts: test-kitchen
+  # use an ansible playbook to provision our server
+  name: ansible_playbook
+  ansible_verbose: false
+  require_ansible_repo: false
+  require_ansible_omnibus: true
+  ansible_version: 2.4
+  require_chef_for_busser: false
+  sudo_command: sudo -E -H
+  idempotency_test: false
+  sudo: true
+  ansible_extra_flags: "-e '{ kitchen_testrun: True }'"
+  additional_copy_path:
+    - ".ci-tests/integration/vars"
+    - ".ci-tests/integration/tasks"
+
+transport:
+  max_ssh_sessions: 3
+
+platforms:
+  - name: debian-stable
+    driver_config:
+      run_command: /lib/systemd/systemd
+      dockerfile: .Dockerfiles/debian/stable/Dockerfile
+      platform: debian
+      cap_add:
+        - SYS_ADMIN
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
+  - name: fedora-latest
+    driver_config:
+      run_command: /lib/systemd/systemd
+      dockerfile: .Dockerfiles/fedora/latest/Dockerfile
+      platform: fedora
+      cap_add:
+        - SYS_ADMIN
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
+  - name: ubuntu-latest
+    driver_config:
+      run_command: /lib/systemd/systemd
+      dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile
+      platform: ubuntu
+      cap_add:
+        - SYS_ADMIN
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
+  - name: ubuntu-rolling
+    driver_config:
+      run_command: /lib/systemd/systemd
+      dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile
+      platform: ubuntu
+      cap_add:
+        - SYS_ADMIN
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
+verifier:
+  name: serverspec
+  sudo_path: true
+
+suites:
+  # suites found at /test/integration/$test-name
+  # in container @/tmp/kitchen
+  - name: gnupg1
+    verifier:
+      patterns:
+        - roles/git-secret/.ci-tests/integration/gnupg1/serverspec/*_spec.rb
+      bundler_path: '/usr/local/bin'
+      rspec_path: '/usr/local/bin'
+  - name: gnupg2
+    verifier:
+      patterns:
+        - roles/git-secret/.ci-tests/integration/gnupg2/serverspec/*_spec.rb
+      bundler_path: '/usr/local/bin'
+      rspec_path: '/usr/local/bin'
+    excludes:
+      - ubuntu-latest
+  - name: gnupg-git
+    verifier:
+      patterns:
+        - roles/git-secret/.ci-tests/integration/gnupg-git/serverspec/*_spec.rb
+      bundler_path: '/usr/local/bin'
+      rspec_path: '/usr/local/bin'
+    excludes:
+      - ubuntu-latest
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b95d927b..405d1297 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,8 +10,14 @@ Before starting make sure you have:
 
 - git
 - bash
+- bundler
+- docker
+- gawk
 - gnupg (or gnupg2)
+- ruby
+- sha256sum
 - [shellcheck](https://github.com/koalaman/shellcheck)
+- test-kitchen
 
 Only required if dealing with manuals, `gh-pages` or releases:
 
@@ -21,7 +27,8 @@ Only required if dealing with manuals, `gh-pages` or releases:
 
 1. Create your own or pick an opened issue from the [tracker][tracker]. Take a look at the [`help-wanted` tag][help-wanted]
 2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git`
-3. Make sure that everything works fine by running `make test`
+3. Make sure that everything works on the current platform by running `make test`
+4. [Run local CI tests](#running-local-ci-tests) to verify functionality on supported platforms `bundle exec kitchen verify --test-base-path="$PWD/.ci-tests/integration"`.
 
 ### Development Process
 
@@ -46,12 +53,20 @@ It basically looks like that:
 
 ### Continuous integration
 
-CI is done with the help of `travis`. `travis` handles multiple environments:
+Local CI is done with the help [`test-kitchen`](http://kitchen.ci/). `test-kitchen` handles multiple test-suites on various platforms.
+`bundle exec kitchen list` will output the list of test suites to be run aginst supported platforms.
+
+Cloud CI is done with the help of `travis`. `travis` handles multiple environments:
 
 - `Docker`-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checks
 - `OSX` jobs, which handle basic unit-tests on `OSX`
 - Native `travis` jobs, which handle basic unit-tests and stylechecks
 
+### Running local ci-tests
+
+1. Install requied gems with `bundle install`.
+2. Run ci-tests with `bundle exec kitchen verify --test-base-path="$PWD/.ci-tests/integration"`
+
 ### Release process
 
 The release process is defined in the `git`-hooks and `.travis.yml`.
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 00000000..fef6d20e
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'test-kitchen'
+gem 'serverspec'
+gem 'kitchen-ansible'
+gem 'kitchen-docker'
+gem 'kitchen-verifier-serverspec'

From e3fe3b4222b4880c58324fcb3d5863b5e03ea15b Mon Sep 17 00:00:00 2001
From: sobolevn <mail@sobolevn.me>
Date: Thu, 1 Jun 2017 14:01:41 +0300
Subject: [PATCH 22/25] Adds documentation update

Documentation:
1. Adds security note, closes #78
2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93
3. Adds `git --version` into issue tamplate, closes #95
4. Improves `README.md`, refs #79
---
 .github/ISSUE_TEMPLATE.md       |  2 ++
 README.md                       | 18 +++++++++++-------
 man/man7/git-secret.7.ronn      | 16 +++++++++++++++-
 src/_utils/_git_secret_tools.sh |  2 +-
 src/main.sh                     |  3 ++-
 5 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index e7941f3a..3372b92f 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -30,6 +30,8 @@ What versions of software are you using?
 
 **`git-secret` version:** (`git secret --version`) …
 
+**`git` version:** (`git --version`) …
+
 **Shell type and version:** (`$SHELL --version`) …
 
 **`gpg` version:** (`gpg --version`) …
diff --git a/README.md b/README.md
index 6cdf6e7a..f92cfd31 100644
--- a/README.md
+++ b/README.md
@@ -12,21 +12,25 @@
 
 [![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1)
 
-## Usage
-
-See the [git-secret site](http://git-secret.io/).
-
 ## Installation
 
-See the [installation section](http://git-secret.io/#installation).
+`git-secret` supports `brew`, just type: `brew install git-secret`
+
+It also supports `apt` and `yum`. You can also use `make` if you want to.
+
+See the [installation section](http://git-secret.io/installation) for the details.
 
 ## Contributing
 
-See [CONTRIBUTING.md](CONTRIBUTING.md).
+Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues) and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.
+
+### Security
+
+If you found any security related issues, please do not enclose it in public. Send an email to `security@wemake.services`
 
 ## Changelog
 
-See [CHANGELOG.md](CHANGELOG.md).
+`git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md).
 
 ## License
 
diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn
index ec04aae3..e56ae712 100644
--- a/man/man7/git-secret.7.ronn
+++ b/man/man7/git-secret.7.ronn
@@ -1,4 +1,5 @@
 ## Usage
+
 These steps cover the basic process of using `git-secret`:
 
 0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address.
@@ -9,6 +10,7 @@ These steps cover the basic process of using `git-secret`:
 5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done!
 
 ### I want to add someone to the repository
+
 1. Get his `gpg` public-key. **You won't need their secret key.**
 2. Import this key inside your `gpg` by running `gpg --import KEY_NAME`
 3. Now add this person to the `git-secret` by running `git secret tell persons@email.id`
@@ -17,9 +19,21 @@ These steps cover the basic process of using `git-secret`:
 Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
 
 ## Configuration
+
 You can configure several things to suit your workflow better. To do so, just set the required variable to the value you need. This can be done in your shell environment file or with the each `git-secret` command.
 
 These settings are available to be changed:
 
-* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
+* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun the tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
 * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
+
+## Internals
+
+### `.gitsecret` folder
+
+This folder contains every piece of information about the project. It stores:
+
+* public keys for the project
+* path mappings. Or in other words: what files are tracked to be hidden and revealed
+
+This folder should not be ignored. In case it is application would not work raising an error: `'.gitsecret/' is ignored. abort.'`. However, it is possible to ignore [individual files](https://github.com/sobolevn/git-secret/issues/93) inside it: `random_seed` would be the most popular example.
diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
index 6b970d17..d34edcb6 100644
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@@ -454,7 +454,7 @@ function _secrets_dir_exists {
 
 
 function _secrets_dir_is_not_ignored {
-  # This function checks that "${_SECRETS_DIR}" is not ignored.
+  # This function checks that "$_SECRETS_DIR" is not ignored.
 
   local git_secret_dir
   git_secret_dir=$(_get_secrets_dir)
diff --git a/src/main.sh b/src/main.sh
index 8378acc3..f4f52eaf 100755
--- a/src/main.sh
+++ b/src/main.sh
@@ -19,7 +19,8 @@ function _check_setup {
 
   local secring="$keys_dir/secring.gpg"
   if [[ -f $secring ]] && [[ -s $secring ]]; then
-    # secring.gpg is not empty, someone has imported a private key.
+    # secring.gpg exists and is not empty,
+    # someone has imported a private key.
     _abort 'it seems that someone has imported a secret key.'
   fi
 }

From 684ca668c25a942847a7af53a2ab6da38cdd2487 Mon Sep 17 00:00:00 2001
From: sobolevn <mail@sobolevn.me>
Date: Mon, 17 Jul 2017 10:54:43 +0300
Subject: [PATCH 23/25] Fixes travis builds on macOS

Changes:
1. Updates `.travis.yml` with proper versions of `gpg`
2. Updates `README.md` with minimal versions requirements

Cloeses #96
---
 .travis.yml |  6 +++++-
 README.md   | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 6f4066de..fd5400f7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -40,7 +40,11 @@ matrix:
           packages:
           - shellcheck
     - os: osx
-      env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
+      env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gpg1"
+      sudo: false
+      language: generic
+    - os: osx
+      env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg@2.0"
       sudo: false
       language: generic
 
diff --git a/README.md b/README.md
index f92cfd31..a2b4b531 100644
--- a/README.md
+++ b/README.md
@@ -4,14 +4,17 @@
 
 [![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)
 
+
 ## What is `git-secret`?
 
 `git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore.
 
+
 ## Preview
 
 [![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1)
 
+
 ## Installation
 
 `git-secret` supports `brew`, just type: `brew install git-secret`
@@ -20,6 +23,15 @@ It also supports `apt` and `yum`. You can also use `make` if you want to.
 
 See the [installation section](http://git-secret.io/installation) for the details.
 
+### Requirements
+
+`git-secret` relies on several external packages:
+
+- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
+- `git` since `2.6`
+- `gpg` since `gnupg 1.4` to `gnupg 2.0`, versions `2.1` are not yet supported
+
+
 ## Contributing
 
 Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues) and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.
@@ -28,14 +40,17 @@ Do you want to help the project? Find an [issue](https://github.com/sobolevn/git
 
 If you found any security related issues, please do not enclose it in public. Send an email to `security@wemake.services`
 
+
 ## Changelog
 
 `git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md).
 
+
 ## License
 
 MIT. See [LICENSE.md](LICENSE.md) for details.
 
+
 ## Thanks
 
 Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.

From 674a880882bc049368296845f95ffc86b5017cee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?p=C7=9D=C9=AF=C9=90=C9=A5o=C9=AF?= <mo7_abd@hotmail.com>
Date: Tue, 5 Sep 2017 22:55:34 -0400
Subject: [PATCH 24/25] Fixed issue when initializing git-secret with an
 existing .gitignore

---
 src/_utils/_git_secret_tools.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
index d34edcb6..896fa20a 100644
--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@@ -460,10 +460,10 @@ function _secrets_dir_is_not_ignored {
   git_secret_dir=$(_get_secrets_dir)
 
   local ignores
-  ignores=$(_check_ignore "${_SECRETS_DIR}/")
+  ignores=$(_check_ignore "${_SECRETS_DIR}")
 
   if [[ ! $ignores -eq 1 ]]; then
-    _abort "'$git_secret_dir/' is ignored."
+    _abort "'$git_secret_dir' is ignored."
   fi
 }
 

From 8a03a41e4794cc471f6b330eeb8b449f7d3bc130 Mon Sep 17 00:00:00 2001
From: Carlos Hernandez <carlos@techbyte.ca>
Date: Mon, 25 Sep 2017 12:47:39 -0600
Subject: [PATCH 25/25] Fixing bug in test_usage

---
 tests/test_usage.bats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_usage.bats b/tests/test_usage.bats
index aff26b31..309e8d96 100644
--- a/tests/test_usage.bats
+++ b/tests/test_usage.bats
@@ -29,7 +29,7 @@ function teardown {
 
 
 @test "run 'usage' with ignored '.gitsecret/'" {
-  echo ".gitsecret/" >> ".gitignore"
+  echo ".gitsecret" >> ".gitignore"
 
   run git secret usage
   [ "$status" -eq 1 ]