From 4d14c98778bec6546c8f967dbba0bcc33c5d34e0 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 10 Jul 2016 15:40:35 +0300 Subject: [PATCH 01/16] readme fix --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 200ceb15..ca3afffd 100644 --- a/README.md +++ b/README.md @@ -22,11 +22,7 @@ See the [installation section](https://sobolevn.github.io/git-secret/#installati ## Contributing -<<<<<<< HEAD -This project is still under development. See [https://github.com/sobolevn/git-secret/milestones](milestones) for the reference. -======= See [CONTRIBUTING.md](CONTRIBUTING.md). ->>>>>>> develop ## Changelog From c9dfa68fb8858de66f2df6c006f3f563f678a958 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 20 Aug 2016 14:29:36 +0300 Subject: [PATCH 02/16] Changing deb distribution name --- utils/deb/deb-deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/deb/deb-deploy.sh b/utils/deb/deb-deploy.sh index 961468be..e05c3573 100755 --- a/utils/deb/deb-deploy.sh +++ b/utils/deb/deb-deploy.sh @@ -27,7 +27,7 @@ echo "{ \ \"includePattern\": \"build/buildroot/(.*\.deb)\", \ \"uploadPattern\": \"/git-secret_${SCRIPT_VERSION}_all.deb\", \ \"matrixParams\": { \ - \"deb_distribution\": \"stable\", \ + \"deb_distribution\": \"git-secret\", \ \"deb_component\": \"main\", \ \"deb_architecture\": \"all\" \ } \ From d9b5895bbe25b9191cf673fb45634a16db1f67c7 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 21 Aug 2016 16:28:52 +0300 Subject: [PATCH 03/16] Intallation instructions updated Improved github templates with the comments [ci skip] --- .github/ISSUE_TEMPLATE.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 4 ++-- man/man7/git-secret.7.ronn | 10 ++++++++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 985707f7..09ffc9cd 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,4 @@ -Thanks for reporting an issue! Please make sure you click the link above to view the issue guidelines, then fill out the blanks below. + What are the steps to reproduce this issue? ------------------------------------------- diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b713e315..37f0a84d 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,11 +1,11 @@ -Thanks for sending a pull request! + What does this implement/fix? Explain your changes. --------------------------------------------------- diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index af3553e6..f4618ebc 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -49,11 +49,17 @@ There are several ways to install `git-secret`: **** `deb` package **** -1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret stable" | sudo tee -a /etc/apt/sources.list` -2. Run `sudo apt-get install git-secret` +You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret). + +0. Pre-requirements: make sure you have installed `apt-transport-https` +1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list` +2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -` +3. Run `sudo apt-get update && sudo apt-get install git-secret` **** `rpm` package **** +You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret). + 1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` 2. Run `sudo yum install git-secret` From e1a627d36a652d96b2f00f229c7075517a5fa3f5 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 1 Oct 2016 23:07:36 +0300 Subject: [PATCH 04/16] Added test to cover #50 Changes: 1. Fixed typo in `add -h` 2. Removed unused function from `usage` --- src/commands/git_secret_add.sh | 2 +- src/commands/git_secret_usage.sh | 13 ------------- tests/test_add.bats | 16 ++++++++++++++++ 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh index 29da19d1..a9168ae9 100644 --- a/src/commands/git_secret_add.sh +++ b/src/commands/git_secret_add.sh @@ -8,7 +8,7 @@ function add { while getopts "ih" opt; do case "$opt" in i) auto_add=1;; - h) _show_manaul_for "add";; + h) _show_manual_for "add";; esac done diff --git a/src/commands/git_secret_usage.sh b/src/commands/git_secret_usage.sh index 0e468771..2359fbfe 100644 --- a/src/commands/git_secret_usage.sh +++ b/src/commands/git_secret_usage.sh @@ -1,19 +1,6 @@ #!/usr/bin/env bash -function _show_help_usage { - cat <<-EOF -usage: git secret usage -prints all the available commands. - -options: - -h shows this help. - -EOF - exit 0 -} - - function usage { OPTIND=1 diff --git a/tests/test_add.bats b/tests/test_add.bats index b65944d3..e3157484 100644 --- a/tests/test_add.bats +++ b/tests/test_add.bats @@ -59,6 +59,22 @@ function teardown { } +@test "run 'add' for file in subdirectory" { + local TEST_FILE='test_file' + local TEST_DIR='test_dir' + + mkdir "$TEST_DIR" + touch "$TEST_DIR/$TEST_FILE" + echo "content" > "$TEST_DIR/$TEST_FILE" + echo "$TEST_DIR/$TEST_FILE" > ".gitignore" + + run git secret add "$TEST_DIR/$TEST_FILE" + rm -rf "$TEST_DIR" + + [ "$status" -eq 0 ] +} + + @test "run 'add' twice for one file" { local filename="local_file" echo "content" > "$filename" From c7ac7ad2117295818bd65790c4740efc67e91d7a Mon Sep 17 00:00:00 2001 From: sobolevn Date: Mon, 3 Oct 2016 18:44:37 +0300 Subject: [PATCH 05/16] Fixed several issues Changes: 1. Fixed typo in tests_base 2. Fixed `--no-index` issue 3. Refactored `add` test to be more strict Closes #50 Refernces #46 --- src/_utils/_git_secret_tools.sh | 2 +- tests/_test_base.bash | 6 +++--- tests/test_add.bats | 21 +++++++++++---------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index b574bbfc..356985b8 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -128,7 +128,7 @@ function _show_manual_for { # VCS : function _check_ignore { - git check-ignore -q "$1"; + git check-ignore --no-index -q "$1"; echo $? } diff --git a/tests/_test_base.bash b/tests/_test_base.bash index 0ea845a6..c1cb59c3 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -53,7 +53,7 @@ function install_fixture_key { $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$public_key" \ - --armor --batch --yes --export "$email" > /dev/null 2>&1 + --armor --batch --yes --export "$email" $GPGTEST --import "$public_key" > /dev/null 2>&1 rm -f "$public_key" } @@ -65,7 +65,7 @@ function install_fixture_full_key { $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$private_key" --armor \ - --yes --export-secret-key "$email" > /dev/null 2>&1 + --yes --export-secret-key "$email" $GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1 @@ -93,7 +93,7 @@ function uninstall_fixture_full_key { local fingerprint="$2" if [[ -z "$fingerprint" ]]; then # see issue_12, fingerprint on `gpg2` has different format: - fingerprint=$(_get_gpg_fingerprint_by_email "$email") + fingerprint=$(get_gpg_fingerprint_by_email "$email") fi $GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1 diff --git a/tests/test_add.bats b/tests/test_add.bats index e3157484..80228a79 100644 --- a/tests/test_add.bats +++ b/tests/test_add.bats @@ -23,9 +23,9 @@ function teardown { echo "content" > "$TEST_FILE" run git secret add "$TEST_FILE" - rm -f "$TEST_FILE" - [ "$status" -eq 1 ] + + rm -f "$TEST_FILE" } @@ -50,10 +50,10 @@ function teardown { echo "$filename" > ".gitignore" run git secret add "$filename" - rm -f "$filename" ".gitignore" - [ "$status" -eq 0 ] + rm -f "$filename" ".gitignore" + local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING") [ "$files_list" = "$filename" ] } @@ -69,9 +69,10 @@ function teardown { echo "$TEST_DIR/$TEST_FILE" > ".gitignore" run git secret add "$TEST_DIR/$TEST_FILE" - rm -rf "$TEST_DIR" - [ "$status" -eq 0 ] + [[ "$output" == *"1 items added."* ]] + + rm -rf "$TEST_DIR" } @@ -82,11 +83,11 @@ function teardown { run git secret add "$filename" run git secret add "$filename" - rm -f "$filename" ".gitignore" - [ "$status" -eq 0 ] [ "$output" = "1 items added." ] + rm -f "$filename" ".gitignore" + local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"` [ "$files_list" = "$filename" ] } @@ -102,8 +103,8 @@ function teardown { echo "$filename2" >> ".gitignore" run git secret add "$filename1" "$filename2" - rm -f "$filename1" "$filename2" ".gitignore" - [ "$status" -eq 0 ] [ "$output" = "2 items added." ] + + rm -f "$filename1" "$filename2" ".gitignore" } From c6a13cf4053da0f07836dc29f990ce6e1a7dc812 Mon Sep 17 00:00:00 2001 From: Anton Maklakov Date: Thu, 1 Sep 2016 00:41:47 +0700 Subject: [PATCH 06/16] A simpler implementation of "usage" --- src/commands/git_secret_usage.sh | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/commands/git_secret_usage.sh b/src/commands/git_secret_usage.sh index 2359fbfe..0e02fe32 100644 --- a/src/commands/git_secret_usage.sh +++ b/src/commands/git_secret_usage.sh @@ -13,14 +13,7 @@ function usage { shift $((OPTIND-1)) [ "$1" = "--" ] && shift - local commands="" - local separator="|" + local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows" - for com in $(compgen -A function); do - if [[ ! $com == _* ]]; then - commands+="$com$separator" - fi - done - - echo "usage: git secret [${commands%?}]" + echo "usage: git secret [${commands}]" } From d7be9f92b137decc88cb88589a2cefa84e1aef44 Mon Sep 17 00:00:00 2001 From: Tim Churchard Date: Fri, 9 Dec 2016 09:00:06 +0000 Subject: [PATCH 07/16] Allow git-secret to run from any directory in the work tree --- src/_utils/_git_secret_tools.sh | 6 ++++++ src/main.sh | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 356985b8..19db5fcb 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -142,6 +142,12 @@ function _add_ignored_file { } +function _is_inside_git_tree { + git rev-parse --is-inside-work-tree >/dev/null 2>&1 + echo $? +} + + # Logic : function _abort { diff --git a/src/main.sh b/src/main.sh index a4884751..11c22598 100755 --- a/src/main.sh +++ b/src/main.sh @@ -4,7 +4,9 @@ set -e function _check_setup { # Checking git and secret-plugin setup: - if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then + local is_tree + is_tree=$(_is_inside_git_tree) + if [[ $is_tree != "0" ]]; then _abort "repository is broken. try running 'git init' or 'git clone'." fi From c4fa8e29185f3c0442dbb3e60f0e7fddd01a13e3 Mon Sep 17 00:00:00 2001 From: Haroen Viaene Date: Tue, 3 Jan 2017 15:27:04 +0100 Subject: [PATCH 08/16] Fix gendered language the person encrypting isn't necessarily male, so *their* works better in this case IMO --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca3afffd..b007fe61 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ ## What is `git-secret`? -`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. +`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. ## Preview From 51b1797203b1cfc43f8568bd195822ead27e1f15 Mon Sep 17 00:00:00 2001 From: Haroen Viaene Date: Sat, 7 Jan 2017 10:38:45 +0100 Subject: [PATCH 09/16] update from develop --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b007fe61..4be788bf 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ ## What is `git-secret`? -`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. +`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore. ## Preview From c1fa611f4dd8ba9f5f76931db39050941fb745ae Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sat, 4 Feb 2017 23:15:16 +0300 Subject: [PATCH 10/16] Adds an attempt to fix the CI Changes: 1. Fixes the licence information in the `plugin.zsh` to be MIT 2. Fixes link in the README 3. Fixes some tests Closes #54 --- .ci/script.sh | 4 +--- .travis.yml | 4 ---- README.md | 2 +- git-secret.plugin.zsh | 6 +----- src/main.sh | 2 +- tests/test_init.bats | 1 - 6 files changed, 4 insertions(+), 15 deletions(-) diff --git a/.ci/script.sh b/.ci/script.sh index 3a441376..a97d402c 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -15,7 +15,7 @@ if [[ ! -z "$DOCKER_DIST" ]]; then fi # Local builds: -if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "brew" ]]; then +if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "none" ]]; then # Only running `make test` on standard (non-docker) build, # since it is called inside the docker container anyway. make test @@ -25,6 +25,4 @@ if [[ ! -z "$(command -v shellcheck)" ]]; then # This means, that `shellcheck` does exist, so run it: echo 'running lint' find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} - # TODO: add tests to lint - # see: https://github.com/koalaman/shellcheck/issues/709 fi diff --git a/.travis.yml b/.travis.yml index fb99efa4..38cb4b9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,10 +39,6 @@ matrix: - debian-sid packages: - shellcheck - - os: osx - env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" - sudo: false - language: generic - os: osx env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" sudo: false diff --git a/README.md b/README.md index 4be788bf..a702095e 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks -Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for the awesome logo. +Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo. diff --git a/git-secret.plugin.zsh b/git-secret.plugin.zsh index 61977e1f..824a57be 100644 --- a/git-secret.plugin.zsh +++ b/git-secret.plugin.zsh @@ -2,11 +2,7 @@ # Copyright 2016 Sobolev Nikita # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 +# Licensed under the MIT License # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/src/main.sh b/src/main.sh index 11c22598..100576d0 100755 --- a/src/main.sh +++ b/src/main.sh @@ -6,7 +6,7 @@ function _check_setup { # Checking git and secret-plugin setup: local is_tree is_tree=$(_is_inside_git_tree) - if [[ $is_tree != "0" ]]; then + if [[ ! $is_tree -eq 0 ]]; then _abort "repository is broken. try running 'git init' or 'git clone'." fi diff --git a/tests/test_init.bats b/tests/test_init.bats index 3f6b0241..0d93aaf1 100644 --- a/tests/test_init.bats +++ b/tests/test_init.bats @@ -18,7 +18,6 @@ function teardown { run git secret init [ "$status" -eq 1 ] - [ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ] } From 221fd88efcee5920f9dd0de2bf4b4a1efd81b965 Mon Sep 17 00:00:00 2001 From: Tim Churchard Date: Sat, 11 Feb 2017 19:59:34 +0000 Subject: [PATCH 11/16] Add -d option to hide command to remove unencrypted files. --- man/man1/git-secret-hide.1 | 3 ++- man/man1/git-secret-hide.1.ronn | 1 + src/commands/git_secret_hide.sh | 38 ++++++++++++++++++++++++++++++++- tests/test_hide.bats | 9 +++++++- 4 files changed, 48 insertions(+), 3 deletions(-) diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index bf7e14f9..581be2e9 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "" "" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. @@ -26,6 +26,7 @@ It is possible to modify the names of the encrypted files by setting \fBSECRETS_ \-v \- verbose, shows extra information\. \-c \- deletes encrypted files before creating new ones\. +\-d \- deletes unencrypted files after encryption\. \-h \- shows help\. . .fi diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index 30c3545c..0998df84 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -16,6 +16,7 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX -v - verbose, shows extra information. -c - deletes encrypted files before creating new ones. + -d - deletes unencrypted files after encryption. -h - shows help. diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index ec781bc7..5d0fc05c 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -6,7 +6,7 @@ function _optional_clean { local clean=0 local opt_string='' - while getopts 'cvh' opt; do + while getopts 'cdvh' opt; do case "$opt" in c) clean=1;; @@ -27,6 +27,40 @@ function _optional_clean { } +function _optional_delete { + local verbose='' + local delete=0 + + OPTIND=1 + + while getopts 'vd' opt; do + case "$opt" in + d) delete=1;; + + v) verbose="v";; + esac + done + + shift $((OPTIND-1)) + [ "$1" = '--' ] && shift + + if [[ $delete -eq 1 ]]; then + if [[ ! -z "$verbose" ]]; then + echo && echo 'removing unencrypted files:' + fi + + while read -r line; do + find . -name "*$line" -type f -print0 | xargs -0 rm -f$verbose + done < "$SECRETS_DIR_PATHS_MAPPING" + + if [[ ! -z "$verbose" ]]; then + echo + fi + fi + +} + + function hide { _optional_clean "$@" @@ -45,5 +79,7 @@ function hide { counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" + _optional_delete "$@" + echo "done. all $counter files are hidden." } diff --git a/tests/test_hide.bats b/tests/test_hide.bats index 45cd29bb..5196a0c3 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -31,12 +31,19 @@ function teardown { } -@test "run 'hide' with params" { +@test "run 'hide' with -c param" { run git secret hide -v -c [ "$status" -eq 0 ] } +@test "run 'hide' with -d param" { + run git secret hide -v -d + [ "$status" -eq 0 ] + [ ! -f "$FILE_TO_HIDE" ] +} + + @test "run 'hide' for multiple users" { local new_user="user2" From 83709ec170a2a5c81a5400a6d611d7aef0119723 Mon Sep 17 00:00:00 2001 From: Miguel Silvestre Date: Fri, 17 Feb 2017 18:40:49 +0000 Subject: [PATCH 12/16] Fix bug when passing more than one file to changes --- src/commands/git_secret_changes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/git_secret_changes.sh b/src/commands/git_secret_changes.sh index b669cda9..11bc88a4 100644 --- a/src/commands/git_secret_changes.sh +++ b/src/commands/git_secret_changes.sh @@ -18,7 +18,7 @@ function changes { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - local filenames="$1" + local filenames="$@" if [[ -z "$filenames" ]]; then # Checking if no filenames are passed, show diff for all files. filenames=$(git secret list) From 19030e9cd0b73d865ed01f4204369dcb526f8064 Mon Sep 17 00:00:00 2001 From: Miguel Silvestre Date: Tue, 21 Feb 2017 18:50:13 +0000 Subject: [PATCH 13/16] Clean code using shellspeck --- src/commands/git_secret_changes.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/commands/git_secret_changes.sh b/src/commands/git_secret_changes.sh index 11bc88a4..b1ad3c82 100644 --- a/src/commands/git_secret_changes.sh +++ b/src/commands/git_secret_changes.sh @@ -18,15 +18,15 @@ function changes { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - local filenames="$@" - if [[ -z "$filenames" ]]; then + local filenames=( "$@" ) + if [[ ${#filenames[@]} -eq 0 ]]; then # Checking if no filenames are passed, show diff for all files. - filenames=$(git secret list) + filenames=( $(git secret list) ) fi IFS=' ' - for filename in $filenames; do + for filename in "${filenames[@]}"; do local decrypted local content local diff_result From fe7da439ed8d2321a30ceff351c271ebe289242b Mon Sep 17 00:00:00 2001 From: Miguel Silvestre Date: Tue, 21 Feb 2017 18:52:02 +0000 Subject: [PATCH 14/16] Test changes using multiple files passed as argument --- tests/test_changes.bats | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/test_changes.bats b/tests/test_changes.bats index b151b22e..7902baf6 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -66,3 +66,21 @@ function teardown { [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] [[ "$output" == *"$second_file_to_hide"* ]] } + +@test "run 'changes' with multiple selected files changed" { + local password=$(test_user_password "$TEST_DEFAULT_USER") + local new_content="new content" + local second_new_content="something different" + echo "$new_content" >> "$FILE_TO_HIDE" + echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" + + run git secret changes "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" -d "$TEST_GPG_HOMEDIR" -p "$password" + [ "$status" -eq 2 ] + + # Testing that output has both filename and changes: + [[ "$output" == *"changes in $FILE_TO_HIDE"* ]] + [[ "$output" == *"$new_content"* ]] + + [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] + [[ "$output" == *"$second_file_to_hide"* ]] +} From 5c25233b892c2d24b1ba2ce4d0f7d7a596d3810f Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 26 Feb 2017 16:38:46 +0300 Subject: [PATCH 15/16] Version 0.2.2 pre-release There are a lot of changes, multiple things were refactored: tests, some commands, building and meta. Several critical bugs fixed. Changes: 1. Fixed #74, when `_user_required` was not working after reimporting keys 2. Closes #73, now it is possible to provide multiple emails to the `killperson` command 3. Closes #72, now it is possible to provide multiple emails to the `tell` command 4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website 5. Closes #70, now installation section is removed from main `man` file 6. Closes #69, now "See also" section in the `man`s are clickable 7. Closes #61, added "Manual" section to the manuals 8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing 9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases 10. Refactored `hide` and `clean` commands to be shorter 11. `shellcheck` is now supported with `make lint` Additional features are not comming to 0.2.2 after this commit. --- .ci/script.sh | 2 +- .docker/deb/debian/Dockerfile | 4 +- .docker/rpm/centos/Dockerfile | 26 ++++++ .github/ISSUE_TEMPLATE.md | 1 - .github/PULL_REQUEST_TEMPLATE.md | 9 -- .gitignore | 1 - CONTRIBUTING.md | 8 +- Makefile | 12 ++- README.md | 6 +- man/man1/git-secret-add.1 | 7 +- man/man1/git-secret-add.1.ronn | 7 +- man/man1/git-secret-changes.1 | 11 ++- man/man1/git-secret-changes.1.ronn | 11 ++- man/man1/git-secret-clean.1 | 7 +- man/man1/git-secret-clean.1.ronn | 7 +- man/man1/git-secret-hide.1 | 7 +- man/man1/git-secret-hide.1.ronn | 7 +- man/man1/git-secret-init.1 | 7 +- man/man1/git-secret-init.1.ronn | 7 +- man/man1/git-secret-killperson.1 | 11 ++- man/man1/git-secret-killperson.1.ronn | 11 ++- man/man1/git-secret-list.1 | 7 +- man/man1/git-secret-list.1.ronn | 7 +- man/man1/git-secret-remove.1 | 9 +- man/man1/git-secret-remove.1.ronn | 9 +- man/man1/git-secret-reveal.1 | 7 +- man/man1/git-secret-reveal.1.ronn | 7 +- man/man1/git-secret-tell.1 | 11 ++- man/man1/git-secret-tell.1.ronn | 11 ++- man/man1/git-secret-usage.1 | 7 +- man/man1/git-secret-usage.1.ronn | 7 +- man/man1/git-secret-whoknows.1 | 7 +- man/man1/git-secret-whoknows.1.ronn | 7 +- man/man7/git-secret.7 | 128 +------------------------- man/man7/git-secret.7.ronn | 79 ---------------- src/_utils/_git_secret_tools.sh | 71 +++++++++++--- src/commands/git_secret_add.sh | 1 + src/commands/git_secret_changes.sh | 11 ++- src/commands/git_secret_clean.sh | 12 +-- src/commands/git_secret_hide.sh | 75 +++++++-------- src/commands/git_secret_killperson.sh | 10 +- src/commands/git_secret_reveal.sh | 2 +- src/commands/git_secret_tell.sh | 68 ++++++++------ src/commands/git_secret_usage.sh | 6 +- src/commands/git_secret_whoknows.sh | 2 +- tests/_test_base.bash | 76 ++++++++++----- tests/test_add.bats | 6 +- tests/test_changes.bats | 7 +- tests/test_clean.bats | 66 ++++++++++++- tests/test_hide.bats | 58 ++++++++++-- tests/test_init.bats | 3 +- tests/test_killperson.bats | 20 ++++ tests/test_list.bats | 19 ++++ tests/test_main.bats | 15 +++ tests/test_remove.bats | 60 +++++++++--- tests/test_reveal.bats | 46 +++++++-- tests/test_reveal_filename.bats | 1 + tests/test_tell.bats | 60 ++++++++++-- tests/test_usage.bats | 1 + tests/test_whoknows.bats | 26 +++++- utils/rpm/rpm-ci.sh | 3 + 61 files changed, 749 insertions(+), 448 deletions(-) create mode 100644 .docker/rpm/centos/Dockerfile diff --git a/.ci/script.sh b/.ci/script.sh index a97d402c..4dc6473d 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -24,5 +24,5 @@ fi if [[ ! -z "$(command -v shellcheck)" ]]; then # This means, that `shellcheck` does exist, so run it: echo 'running lint' - find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + make lint fi diff --git a/.docker/deb/debian/Dockerfile b/.docker/deb/debian/Dockerfile index 1ea5e015..e3d9916f 100644 --- a/.docker/deb/debian/Dockerfile +++ b/.docker/deb/debian/Dockerfile @@ -7,12 +7,12 @@ MAINTAINER Nikita Sobolev (mail@sobolevn.me) RUN apt-get update && \ apt-get install -y man make git apt-transport-https && \ apt-get install -y ruby ruby-dev ruby-build && \ - apt-get autoremove && apt-get autoclean + apt-get autoremove && apt-get autoclean && \ + mkdir /code # This will increase the container size, but speed up the build, # since this part will change, while the dependencies won't: -RUN mkdir /code WORKDIR /code # Removing `origin` for good: diff --git a/.docker/rpm/centos/Dockerfile b/.docker/rpm/centos/Dockerfile new file mode 100644 index 00000000..630aff04 --- /dev/null +++ b/.docker/rpm/centos/Dockerfile @@ -0,0 +1,26 @@ +FROM centos:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +ENV HOME /root + +RUN yum update -y && \ + yum install -y epel-release && \ + yum install -y dnf && \ + dnf update -y && \ + rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \ + dnf install -y gnupg man make gcc git tar > /dev/null && \ + dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \ + dnf -y group install 'Development tools' && \ + dnf install -y ruby ruby-devel rubygems && \ + dnf -y autoremove && \ + mkdir /code + +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 09ffc9cd..3e52bc69 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -18,7 +18,6 @@ Any logs, error output, etc? ---------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) - Any other comments? ------------------- … diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 37f0a84d..e2f37725 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -15,7 +15,6 @@ Does this close any currently open issues? ------------------------------------------ … - Any relevant logs, error output, etc? ------------------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) @@ -23,11 +22,3 @@ Any relevant logs, error output, etc? Any other comments? ------------------- … - -Where has this been tested? ---------------------------- -**Operating system:** … - -**`git-secret` version:** … - -**Shell type and version:** … diff --git a/.gitignore b/.gitignore index 6eff042b..309b6085 100644 --- a/.gitignore +++ b/.gitignore @@ -133,4 +133,3 @@ temp/ build/ *.deb *.fpm -test.txt diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c94d6f74..bf9806f1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -28,10 +28,10 @@ Only required if dealing with manuals, `gh-pages` or releases: 1. Firstly, you will need to setup development hooks with `make install-hooks` 2. Make changes to the files that need to be changed 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command -4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` +4. Run [`shellcheck`][shellcheck] against all your changes with `make lint` 5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work 6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail -7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request +7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways ### Branches @@ -55,7 +55,7 @@ CI is done with the help of `travis`. `travis` handles multiple environments: ### Release process -The release process is defined in the `git`-hooks and `.travis.yml`. +The release process is defined in the `git`-hooks and `.travis.yml`. When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events. @@ -88,6 +88,6 @@ Releases to `brew` are made manually. [tracker]: https://github.com/sobolevn/git-secret/issues [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 [shellcheck]: https://github.com/koalaman/shellcheck -[git-secret-site]: https://sobolevn.github.io/git-secret/ +[git-secret-site]: http://git-secret.io [bintray]: https://bintray.com/sobolevn [Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/ diff --git a/Makefile b/Makefile index 5ce122e8..f2d7dd2b 100644 --- a/Makefile +++ b/Makefile @@ -53,9 +53,13 @@ test: install-test clean build install-ronn: @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi +.PHONY: clean-man +clean-man: + @find "man/" -type f ! -name "*.ronn" -delete + .PHONY: build-man -build-man: install-ronn - @ronn --roff man/*/*.ronn +build-man: install-ronn clean-man + @ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn .PHONY: build-gh-pages build-gh-pages: @@ -76,6 +80,10 @@ install-hooks: .PHONY: develop develop: clean build install-hooks +.PHONY: lint +lint: + @find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + # # Packaging: # diff --git a/README.md b/README.md index a702095e..6cdf6e7a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) -[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) +[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/) ## What is `git-secret`? @@ -14,11 +14,11 @@ ## Usage -See the [git-secret site](https://sobolevn.github.io/git-secret/). +See the [git-secret site](http://git-secret.io/). ## Installation -See the [installation section](https://sobolevn.github.io/git-secret/#installation). +See the [installation section](http://git-secret.io/#installation). ## Contributing diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index 313253bc..073525df 100644 --- a/man/man1/git-secret-add.1 +++ b/man/man1/git-secret-add.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-ADD" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-ADD" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. @@ -32,5 +32,8 @@ It is not recommened to add filenames directly into the \fB\.gitsecret/paths/map . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-add\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-add.1.ronn b/man/man1/git-secret-add.1.ronn index 0ba41f3e..3f182027 100644 --- a/man/man1/git-secret-add.1.ronn +++ b/man/man1/git-secret-add.1.ronn @@ -20,6 +20,11 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin -h - shows this help. +## MANUAL + +Run `man git-secret-add` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index eee5f776..c57aaefc 100644 --- a/man/man1/git-secret-changes.1 +++ b/man/man1/git-secret-changes.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CHANGES" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-CHANGES" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. @@ -10,12 +10,12 @@ . .nf -git secret changes [\-h] [\-d dir] [\-p password] \.\.\. +git secret changes [\-h] [\-d dir] [\-p password] [pathspec]\.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. +\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. You can provide any number of files to this command as arguments, so it will show changes for these files only\. If no arguments are provided \- information about all files will be shown\. . .SH "OPTIONS" . @@ -27,5 +27,8 @@ git secret changes [\-h] [\-d dir] [\-p password] \.\.\. . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-changes\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-changes.1.ronn b/man/man1/git-secret-changes.1.ronn index 2aa1b36b..d0a75983 100644 --- a/man/man1/git-secret-changes.1.ronn +++ b/man/man1/git-secret-changes.1.ronn @@ -3,11 +3,11 @@ git-secret-changes - view diff of the hidden files. ## SYNOPSIS - git secret changes [-h] [-d dir] [-p password] ... + git secret changes [-h] [-d dir] [-p password] [pathspec]... ## DESCRIPTION -`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. +`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown. ## OPTIONS @@ -17,6 +17,11 @@ git-secret-changes - view diff of the hidden files. -h - shows help. +## MANUAL + +Run `man git-secret-changes` to see this note. + + ## SEE ALSO -git-secret-add(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index 6de1440e..aa939ffc 100644 --- a/man/man1/git-secret-clean.1 +++ b/man/man1/git-secret-clean.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CLEAN" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-CLEAN" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. @@ -26,5 +26,8 @@ git secret clean [\-v] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-clean\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-clean.1.ronn b/man/man1/git-secret-clean.1.ronn index d7ef74e8..5d7ad07d 100644 --- a/man/man1/git-secret-clean.1.ronn +++ b/man/man1/git-secret-clean.1.ronn @@ -16,6 +16,11 @@ git-secret-clean - removes all the hidden files. -h - shows this help. +## MANUAL + +Run `man git-secret-clean` to see this note. + + ## SEE ALSO -git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 581be2e9..8e2764e5 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "" "" +.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. @@ -31,5 +31,8 @@ It is possible to modify the names of the encrypted files by setting \fBSECRETS_ . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-hide\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index 0998df84..a4bf455f 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -20,6 +20,11 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX -h - shows help. +## MANUAL + +Run `man git-secret-hide` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index b9552171..62a2aed1 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-INIT" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. @@ -25,5 +25,8 @@ git secret init . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-init\fR to see this note\. +. .SH "SEE ALSO" -git\-init(1), git\-secret\-tell(1) +git\-secret\-usage(1) \fIhttp://git\-secret\.io/git\-secret\-usage\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR diff --git a/man/man1/git-secret-init.1.ronn b/man/man1/git-secret-init.1.ronn index a9640389..e7416e4b 100644 --- a/man/man1/git-secret-init.1.ronn +++ b/man/man1/git-secret-init.1.ronn @@ -15,6 +15,11 @@ git-secret-init - initializes git-secret repository. -h - shows this help. +## MANUAL + +Run `man git-secret-init` to see this note. + + ## SEE ALSO -git-init(1), git-secret-tell(1) +[git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell) diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index 4fe16d8e..d69ce6ae 100644 --- a/man/man1/git-secret-killperson.1 +++ b/man/man1/git-secret-killperson.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. @@ -10,12 +10,12 @@ . .nf -git secret killperson [email] +git secret killperson \.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-killperson\fR makes it impossible for given user to decrypt the hidden file in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring\. +This command removes selected email addresses from the keyring\. \fBgit\-secret\-killperson\fR makes it impossible for given users to decrypt the hidden files in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring to renew the encryption\. . .SH "OPTIONS" . @@ -25,5 +25,8 @@ git secret killperson [email] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-killperson\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR diff --git a/man/man1/git-secret-killperson.1.ronn b/man/man1/git-secret-killperson.1.ronn index b3eee105..17b6cdd5 100644 --- a/man/man1/git-secret-killperson.1.ronn +++ b/man/man1/git-secret-killperson.1.ronn @@ -3,11 +3,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin ## SYNOPSIS - git secret killperson [email] + git secret killperson ... ## DESCRIPTION -`git-secret-killperson` makes it impossible for given user to decrypt the hidden file in the future. It is required to run `git-secret-hide` once again with the updated keyring. +This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption. ## OPTIONS @@ -15,6 +15,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin -h - shows this help. +## MANUAL + +Run `man git-secret-killperson` to see this note. + + ## SEE ALSO -git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean) diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index 8c07ad3b..0a4bc2d0 100644 --- a/man/man1/git-secret-list.1 +++ b/man/man1/git-secret-list.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-LIST" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-LIST" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. @@ -25,5 +25,8 @@ git secret list . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-list\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-list.1.ronn b/man/man1/git-secret-list.1.ronn index 9f988283..892380f7 100644 --- a/man/man1/git-secret-list.1.ronn +++ b/man/man1/git-secret-list.1.ronn @@ -15,6 +15,11 @@ git-secret-list - prints all the added files. -h - shows this help. +## MANUAL + +Run `man git-secret-list` to see this note. + + ## SEE ALSO -git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index dcb7863a..863c09bf 100644 --- a/man/man1/git-secret-remove.1 +++ b/man/man1/git-secret-remove.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REMOVE" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-REMOVE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. @@ -10,7 +10,7 @@ . .nf -git secret remove [\-c] +git secret remove [\-c] \.\.\. . .fi . @@ -26,5 +26,8 @@ git secret remove [\-c] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-remove\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-reveal(1), git\-secret\-hide(1) +git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-remove.1.ronn b/man/man1/git-secret-remove.1.ronn index 1a720461..e865f09b 100644 --- a/man/man1/git-secret-remove.1.ronn +++ b/man/man1/git-secret-remove.1.ronn @@ -3,7 +3,7 @@ git-secret-remove - removes files from index. ## SYNOPSIS - git secret remove [-c] + git secret remove [-c] ... ## DESCRIPTION @@ -16,6 +16,11 @@ git-secret-remove - removes files from index. -h - shows help. +## MANUAL + +Run `man git-secret-remove` to see this note. + + ## SEE ALSO -git-secret-add(1), git-secret-reveal(1), git-secret-hide(1) +[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index 1125954f..0c9a8675 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REVEAL" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-REVEAL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. @@ -28,5 +28,8 @@ git secret reveal [\-f] [\-d dir] [\-p password] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-reveal\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index 0c7c2bdf..0dcc6951 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -18,6 +18,11 @@ git-secret-reveal - decrypts all added files. -h - shows help. +## MANUAL + +Run `man git-secret-reveal` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide) diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 9368e4f7..fe3b14b8 100644 --- a/man/man1/git-secret-tell.1 +++ b/man/man1/git-secret-tell.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-TELL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-tell\fR \- adds a person, who can access private data\. @@ -10,12 +10,12 @@ . .nf -git secret tell [\-m] [\-d dir] [email] +git secret tell [\-m] [\-d dir] [emails]\.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. +\fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. . .P \fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. @@ -30,5 +30,8 @@ git secret tell [\-m] [\-d dir] [email] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-tell\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-tell.1.ronn b/man/man1/git-secret-tell.1.ronn index e0576e7c..86c36672 100644 --- a/man/man1/git-secret-tell.1.ronn +++ b/man/man1/git-secret-tell.1.ronn @@ -3,11 +3,11 @@ git-secret-tell - adds a person, who can access private data. ## SYNOPSIS - git secret tell [-m] [-d dir] [email] + git secret tell [-m] [-d dir] [emails]... ## DESCRIPTION -`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. +`git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. **Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported. @@ -19,6 +19,11 @@ git-secret-tell - adds a person, who can access private data. -h - shows help. +## MANUAL + +Run `man git-secret-tell` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-usage.1 b/man/man1/git-secret-usage.1 index d6071a5c..5a7d2278 100644 --- a/man/man1/git-secret-usage.1 +++ b/man/man1/git-secret-usage.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-USAGE" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-USAGE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-usage\fR \- prints all the available commands\. @@ -25,5 +25,8 @@ git secret usage . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-usage\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-usage.1.ronn b/man/man1/git-secret-usage.1.ronn index 3c469f97..50b6bb37 100644 --- a/man/man1/git-secret-usage.1.ronn +++ b/man/man1/git-secret-usage.1.ronn @@ -15,6 +15,11 @@ git-secret-usage - prints all the available commands. -h - shows this help. +## MANUAL + +Run `man git-secret-usage` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 3c4c3935..e532e29f 100644 --- a/man/man1/git-secret-whoknows.1 +++ b/man/man1/git-secret-whoknows.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. @@ -25,5 +25,8 @@ git secret whoknows . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-whoknows\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-list(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-list(1) \fIhttp://git\-secret\.io/git\-secret\-list\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-whoknows.1.ronn b/man/man1/git-secret-whoknows.1.ronn index f3d1ff8e..ab1b2bec 100644 --- a/man/man1/git-secret-whoknows.1.ronn +++ b/man/man1/git-secret-whoknows.1.ronn @@ -15,6 +15,11 @@ git-secret-whoknows - prints email-labels for each key in the keyring. -h - shows this help. +## MANUAL + +Run `man git-secret-whoknows` to see this note. + + ## SEE ALSO -git-secret-list(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 2e4166d9..39f54b09 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,137 +1,11 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "July 2016" "" "" +.TH "GIT\-SECRET" "7" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\fR . -.SH "Content" -. -.IP "1." 4 -\fIIntro\fR -. -.IP "2." 4 -\fIInstallation\fR -. -.IP "3." 4 -\fIUsage\fR -. -.IP "4." 4 -\fIConfiguration\fR -. -.IP "" 0 -. -.SH "Intro" -There\'s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret\-keys, OAuth secret keys and so on, outside of the git repository\. Even if this repository is private, it is a security risk to just publish them into the world wide web\. What are the drawbacks of storing them separately? -. -.IP "1." 4 -These files are not version controlled\. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed\. And you can not tell for sure which version of the configuration file was used with each commit\. -. -.IP "2." 4 -When building the automated deployment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. -. -.IP "" 0 -. -.SS "How does git\-secret solve these problems?" -. -.IP "1." 4 -\fBgit\-secret\fR encrypts files and stores them inside the \fBgit\fR repository, so you will have all the changes for every commit\. -. -.IP "2." 4 -\fBgit\-secret\fR doesn\'t require any other deploy operations rather than \fBgit secret reveal\fR, so it will automatically decrypt all the required files\. -. -.IP "" 0 -. -.SS "What is git\-secret?" -\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why deal with all this private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\. -. -.SH "Installation" -. -.SS "Dependencies" -\fBgit\-secret\fR relies on two dependencies: \fBgit\fR \fIhttps://git\-scm\.com/\fR and \fBgpg\fR \fIhttps://www\.gnupg\.org/\fR\. Download and install them before using this project\. \fBgit\-secret\fR is tested to work with: -. -.IP "" 4 -. -.nf - -git version 2\.7\.0 -gpg (GnuPG) 1\.4\.20 -. -.fi -. -.IP "" 0 -. -.SS "Supported platforms" -\fBgit\-secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add your platform to this list, if all the tests pass for you\. \fBCygwin\fR support is planned\. -. -.SS "Installation process" -There are several ways to install \fBgit\-secret\fR: -. -.P -\fB\fBHomebrew\fR\fR -. -.IP "1." 4 -Run \fBbrew install git\-secret\fR\. That will do\. Also, there are two options: -. -.IP "2." 4 -\fB\-\-without\-gpg\fR to build without \fBgpg\fR support -. -.IP "3." 4 -\fB\-\-HEAD\fR to install \fBHEAD\fR version -. -.IP "4." 4 -Note, that we have migrated from \fBtap\fR to the official \fBbrew\fR repo -. -.IP "" 0 -. -.P -\fB\fB\fBdeb\fR package\fR\fR -. -.IP "1." 4 -Run \fBecho "deb https://dl\.bintray\.com/sobolevn/deb git\-secret stable" | sudo tee \-a /etc/apt/sources\.list\fR -. -.IP "2." 4 -Run \fBsudo apt\-get install git\-secret\fR -. -.IP "" 0 -. -.P -\fB\fB\fBrpm\fR package\fR\fR -. -.IP "1." 4 -Run \fBwget https://bintray\.com/sobolevn/rpm/rpm \-O bintray\-sobolevn\-rpm\.repo && sudo mv bintray\-sobolevn\-rpm\.repo /etc/yum\.repos\.d/\fR -. -.IP "2." 4 -Run \fBsudo yum install git\-secret\fR -. -.IP "" 0 -. -.P -\fB\fBManual\fR\fR -. -.IP "1." 4 -Clone the repository first: \fBgit clone https://github\.com/sobolevn/git\-secret\.git git\-secret\fR -. -.IP "2." 4 -Run \fBcd git\-secret && make build\fR -. -.IP "3." 4 -Run \fBPREFIX="/usr/local" make install\fR, note that you can install to any prefix in your \fBPATH\fR -. -.IP "" 0 -. -.P -\fB\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR\fR -. -.IP "1." 4 -Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB~/\.zshrc\fR -. -.IP "2." 4 -Run \fBsource ~/\.zshrc\fR or reopen the terminal -. -.IP "" 0 -. .SH "Usage" These steps cover the basic process of using \fBgit\-secret\fR: . diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index f4618ebc..36cc7802 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -1,80 +1,3 @@ -## Content - -1. [Intro](#intro) -2. [Installation](#installation) -3. [Usage](#usage) -4. [Configuration](#configuration) - -## Intro - -There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately? - -1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit. -2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. - -### How does `git-secret` solve these problems? - -1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit. -2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files. - -### What is `git-secret`? - -`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore. - -## Installation - -### Dependencies - -`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: - - git version 2.7.0 - gpg (GnuPG) 1.4.20 - -### Supported platforms - -`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3 -You can add your platform to this list, if all the tests pass for you. -`Cygwin` support is planned. - -### Installation process - -There are several ways to install `git-secret`: - -**** Homebrew **** - -1. Run `brew install git-secret`. That will do. Also, there are two options: - * `--without-gpg` to build without `gpg` support - * `--HEAD` to install `HEAD` version -2. Note, that we have migrated from `tap` to the official `brew` repo - -**** `deb` package **** - -You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret). - -0. Pre-requirements: make sure you have installed `apt-transport-https` -1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list` -2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -` -3. Run `sudo apt-get update && sudo apt-get install git-secret` - -**** `rpm` package **** - -You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret). - -1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` -2. Run `sudo yum install git-secret` - -**** Manual **** - -1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `cd git-secret && make build` -3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` - -**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) **** - -1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc` -2. Run `source ~/.zshrc` or reopen the terminal - - ## Usage These steps cover the basic process of using `git-secret`: @@ -101,5 +24,3 @@ These settings are available to be changed: * `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. -[1]: https://git-scm.com/ -[2]: https://www.gnupg.org/ diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 19db5fcb..d605c021 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -21,15 +21,15 @@ SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning" -# Inner bash : +# Inner bash: function _function_exists { - declare -f -F "$1" > /dev/null + declare -f -F "$1" > /dev/null 2>&1 echo $? } -# OS based : +# OS based: function _os_based { # Pass function name as first parameter. @@ -57,7 +57,7 @@ function _os_based { } -# File System : +# File System: function _set_config { # First parameter is the KEY, second is VALUE, third is filename. @@ -125,7 +125,7 @@ function _show_manual_for { } -# VCS : +# VCS: function _check_ignore { git check-ignore --no-index -q "$1"; @@ -143,22 +143,67 @@ function _add_ignored_file { function _is_inside_git_tree { - git rev-parse --is-inside-work-tree >/dev/null 2>&1 - echo $? + git rev-parse --is-inside-work-tree >/dev/null 2>&1 + echo $? } -# Logic : +function _get_git_root_path { + # We need this function to get the location of the `.git` folder, + # since `.gitsecret` must be on the same level. + local result + result=$(git rev-parse --show-toplevel) + echo "$result" +} + + +# Logic: function _abort { >&2 echo "$1 abort." exit 1 } +function _find_and_clean { + # required: + local pattern="$1" # can be any string pattern + + # optional: + local verbose=${2:-""} # can be empty or should be equal to "v" + + # shellcheck disable=2086 + find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose +} + + +function _find_and_clean_formated { + # required: + local pattern="$1" # can be any string pattern + + # optional: + local verbose=${2:-""} # can be empty or should be equal to "v" + local message=${3:-"cleaning:"} # can be any string + + if [[ ! -z "$verbose" ]]; then + echo && echo "$message" + fi + + _find_and_clean "$pattern" "$verbose" + + if [[ ! -z "$verbose" ]]; then + echo + fi +} + function _secrets_dir_exists { - if [[ ! -d "$SECRETS_DIR" ]]; then - _abort "$SECRETS_DIR does not exist." + local root_path + root_path=$(_get_git_root_path) + + local full_path="$root_path/$SECRETS_DIR" + + if [[ ! -d "$full_path" ]]; then + _abort "$full_path does not exist." fi } @@ -172,7 +217,7 @@ function _user_required { fi local keys_exist - keys_exist=$($GPGLOCAL -n --list-keys --with-colon) + keys_exist=$($GPGLOCAL -n --list-keys) if [[ -z "$keys_exist" ]]; then _abort "$error_message" fi @@ -234,8 +279,8 @@ function _decrypt { if [[ ! -z "$passphrase" ]]; then echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \ - "$encrypted_filename" + "$encrypted_filename" > /dev/null 2>&1 else - $base "$encrypted_filename" + $base "$encrypted_filename" > /dev/null 2>&1 fi } diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh index a9168ae9..8c04fc15 100644 --- a/src/commands/git_secret_add.sh +++ b/src/commands/git_secret_add.sh @@ -8,6 +8,7 @@ function add { while getopts "ih" opt; do case "$opt" in i) auto_add=1;; + h) _show_manual_for "add";; esac done diff --git a/src/commands/git_secret_changes.sh b/src/commands/git_secret_changes.sh index b1ad3c82..2d9f8330 100644 --- a/src/commands/git_secret_changes.sh +++ b/src/commands/git_secret_changes.sh @@ -18,15 +18,18 @@ function changes { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - local filenames=( "$@" ) - if [[ ${#filenames[@]} -eq 0 ]]; then + _user_required + + local filenames="$*" + if [[ -z $filenames ]]; then # Checking if no filenames are passed, show diff for all files. - filenames=( $(git secret list) ) + filenames=$(git secret list) fi IFS=' ' - for filename in "${filenames[@]}"; do + + for filename in $filenames; do local decrypted local content local diff_result diff --git a/src/commands/git_secret_clean.sh b/src/commands/git_secret_clean.sh index 7068a05a..09f6653a 100644 --- a/src/commands/git_secret_clean.sh +++ b/src/commands/git_secret_clean.sh @@ -17,14 +17,8 @@ function clean { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - if [[ ! -z "$verbose" ]]; then - echo && echo 'cleaing:' - fi - - find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose - - if [[ ! -z "$verbose" ]]; then - echo - fi + _user_required + # User should see properly formated output: + _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" } diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index 5d0fc05c..effcacc7 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -2,55 +2,28 @@ function _optional_clean { - OPTIND=1 - local clean=0 - local opt_string='' - - while getopts 'cdvh' opt; do - case "$opt" in - c) clean=1;; - - h) _show_manual_for 'hide';; - - v) opt_string='-v';; - esac - done - - shift $((OPTIND-1)) - [ "$1" = '--' ] && shift - - _user_required + local clean="$1" + local verbose=${2:-""} if [[ $clean -eq 1 ]]; then - clean "$opt_string" + _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" fi } function _optional_delete { - local verbose='' - local delete=0 - - OPTIND=1 - - while getopts 'vd' opt; do - case "$opt" in - d) delete=1;; - - v) verbose="v";; - esac - done - - shift $((OPTIND-1)) - [ "$1" = '--' ] && shift + local delete="$1" + local verbose=${2:-""} if [[ $delete -eq 1 ]]; then + # We use custom formating here: if [[ ! -z "$verbose" ]]; then echo && echo 'removing unencrypted files:' fi while read -r line; do - find . -name "*$line" -type f -print0 | xargs -0 rm -f$verbose + # So the formating would not be repeated several times here: + _find_and_clean "*$line" "$verbose" done < "$SECRETS_DIR_PATHS_MAPPING" if [[ ! -z "$verbose" ]]; then @@ -62,7 +35,33 @@ function _optional_delete { function hide { - _optional_clean "$@" + local clean=0 + local delete=0 + local verbose='' + + OPTIND=1 + + while getopts 'cdvh' opt; do + case "$opt" in + c) clean=1;; + + d) delete=1;; + + v) verbose='v';; + + h) _show_manual_for 'hide';; + esac + done + + shift $((OPTIND-1)) + [ "$1" = '--' ] && shift + + # We need user to continue: + _user_required + + # If -c option was provided, it would clean the hidden files + # before creating new ones. + _optional_clean "$clean" "$verbose" local counter=0 while read -r line; do @@ -79,7 +78,9 @@ function hide { counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" - _optional_delete "$@" + # If -d option was provided, it would delete the source files + # after we have already hidden them. + _optional_delete "$delete" "$verbose" echo "done. all $counter files are hidden." } diff --git a/src/commands/git_secret_killperson.sh b/src/commands/git_secret_killperson.sh index 371a2bb2..f4ec07e9 100644 --- a/src/commands/git_secret_killperson.sh +++ b/src/commands/git_secret_killperson.sh @@ -15,9 +15,13 @@ function killperson { _user_required - if [[ ${#@} -eq 0 ]]; then - _abort "email is required." + local emails=( "$@" ) + + if [[ ${#emails[@]} -eq 0 ]]; then + _abort "at least one email is required." fi - $GPGLOCAL --batch --yes --delete-key "$1" + for email in "${emails[@]}"; do + $GPGLOCAL --batch --yes --delete-key "$email" + done } diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 7f6a389c..7b60fc00 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -23,7 +23,7 @@ function reveal { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - _user_required + _user_required local counter=0 while read -r line; do diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh index efdcc316..57e05a23 100644 --- a/src/commands/git_secret_tell.sh +++ b/src/commands/git_secret_tell.sh @@ -2,20 +2,19 @@ function tell { - local email + local emails + local self_email=0 local homedir # A POSIX variable # Reset in case getopts has been used previously in the shell. OPTIND=1 - while getopts "h?md:" opt; do + while getopts "hmd:" opt; do case "$opt" in h) _show_manual_for "tell";; - m) # Set email of the git current user: - email=$(git config user.email) || _abort "'git config user.email' is not set." - ;; + m) self_email=1;; d) homedir=$OPTARG;; esac @@ -24,34 +23,49 @@ function tell { shift $((OPTIND-1)) [ "$1" = "--" ] && shift - # Moved to enable viewing a manual without validation: + # Validates that application is inited: _secrets_dir_exists - # Custom argument-parsing: - if [[ -z $email ]]; then - # Email was not set via `-m` and is in $1: - test ! -z "$1" && email="$1"; shift || _abort "first argument must be an email address." - fi + emails=( "$@" ) + local git_email + + if [[ "$self_email" -eq 1 ]]; then + git_email=$(git config user.email) - # This file will be removed automatically: - _temporary_file # note, that `_temporary_file` will export `filename` var. - # shellcheck disable=2154 - local keyfile="$filename" - - if [[ -z "$homedir" ]]; then - $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" - else - # It means that homedir is set as an extra argument via `-d`: - $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ - --export -a "$email" > "$keyfile" + if [[ -z "$git_email" ]]; then + _abort "'git config user.email' is not set." + fi + + emails+=("$git_email") fi - if [[ ! -s "$keyfile" ]]; then - _abort 'gpg key is empty. check your key name: "gpg --list-keys".' + if [[ "${#emails[@]}" -eq 0 ]]; then + # If after possible addition of git_email, emails are still empty, + # we should raise an exception. + _abort "you must provide at least one email address." fi - # Importing public key to the local keychain: - $GPGLOCAL --import "$keyfile" > /dev/null 2>&1 + for email in "${emails[@]}"; do + # This file will be removed automatically: + _temporary_file # note, that `_temporary_file` will export `filename` var. + # shellcheck disable=2154 + local keyfile="$filename" + + if [[ -z "$homedir" ]]; then + $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" + else + # It means that homedir is set as an extra argument via `-d`: + $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ + --export -a "$email" > "$keyfile" + fi + + if [[ ! -s "$keyfile" ]]; then + _abort 'gpg key is empty. check your key name: "gpg --list-keys".' + fi + + # Importing public key to the local keychain: + $GPGLOCAL --import "$keyfile" > /dev/null 2>&1 + done - echo "done. $email added as a person who knows the secret." + echo "done. ${emails[*]} added as someone who know(s) the secret." } diff --git a/src/commands/git_secret_usage.sh b/src/commands/git_secret_usage.sh index 0e02fe32..a2c07c64 100644 --- a/src/commands/git_secret_usage.sh +++ b/src/commands/git_secret_usage.sh @@ -13,7 +13,11 @@ function usage { shift $((OPTIND-1)) [ "$1" = "--" ] && shift + # There was a bug with some shells, which were adding extra commands + # to the old dynamic-loading version of this code. + # thanks to @antmak it is now fixed, see: + # https://github.com/sobolevn/git-secret/issues/47 local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows" - echo "usage: git secret [${commands}]" + echo "usage: git secret [$commands]" } diff --git a/src/commands/git_secret_whoknows.sh b/src/commands/git_secret_whoknows.sh index 9b35c854..066d8aed 100644 --- a/src/commands/git_secret_whoknows.sh +++ b/src/commands/git_secret_whoknows.sh @@ -18,7 +18,7 @@ function whoknows { local keys - # Just to the point: + # Getting the users from gpg: keys=$(_get_users_in_keyring) echo "$keys" } diff --git a/tests/_test_base.bash b/tests/_test_base.bash index c1cb59c3..68fda84c 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -3,34 +3,35 @@ # This file is following a name convention defined in: # https://github.com/sstephenson/bats +# shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/version.sh" +# shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" # Constants: - FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" -# Folders: -TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR" -TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING" - -TEST_GPG_HOMEDIR="$PWD" +TEST_GPG_HOMEDIR="$BATS_TMPDIR" # GPG-based stuff: -: ${SECRETS_GPG_COMMAND:="gpg"} +: "${SECRETS_GPG_COMMAND:="gpg"}" GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning" # Personal data: TEST_DEFAULT_USER="user1" +TEST_SECOND_USER="user2" # shellcheck disable=2034 +TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034 function test_user_password { + # It was set on key creation: echo "${1}pass" } function test_user_email { + # It was set on key creation: echo "${1}@gitsecret.io" } @@ -39,21 +40,25 @@ function test_user_email { function get_gpg_fingerprint_by_email { local email="$1" - local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ - sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \ + local fingerprint + + fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ + sed -e '/<'"$email"'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \ sed -e '/fpr/!d' | \ sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p') - echo $fingerprint + echo "$fingerprint" } function install_fixture_key { local public_key="$BATS_TMPDIR/public-${1}.key" - local email=$(test_user_email "$1") + local email + + email=$(test_user_email "$1") $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$public_key" \ - --armor --batch --yes --export "$email" + --armor --batch --yes --export "$email" > /dev/null 2>&1 $GPGTEST --import "$public_key" > /dev/null 2>&1 rm -f "$public_key" } @@ -61,18 +66,23 @@ function install_fixture_key { function install_fixture_full_key { local private_key="$BATS_TMPDIR/private-${1}.key" - local email=$(test_user_email "$1") + local email + local fp + local fingerprint + + email=$(test_user_email "$1") $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$private_key" --armor \ - --yes --export-secret-key "$email" + --yes --export-secret-key "$email" > /dev/null 2>&1 - $GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1 + $GPGTEST --allow-secret-key-import \ + --import "$private_key" > /dev/null 2>&1 - local fp=$($GPGTEST --with-fingerprint "$private_key") + fp=$($GPGTEST --with-fingerprint "$private_key") # since 0.1.2 fingerprint is returned: - local fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g') + fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g') install_fixture_key "$1" @@ -82,13 +92,16 @@ function install_fixture_full_key { function uninstall_fixture_key { - local email=$(test_user_email "$1") + local email + + email=$(test_user_email "$1") $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1 } function uninstall_fixture_full_key { - local email=$(test_user_email "$1") + local email + email=$(test_user_email "$1") local fingerprint="$2" if [[ -z "$fingerprint" ]]; then @@ -96,7 +109,8 @@ function uninstall_fixture_full_key { fingerprint=$(get_gpg_fingerprint_by_email "$email") fi - $GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1 + $GPGTEST --batch --yes \ + --delete-secret-keys "$fingerprint" > /dev/null 2>&1 uninstall_fixture_key "$1" } @@ -112,8 +126,12 @@ function git_set_config_email { function git_commit { git_set_config_email "$1" - local user_name=$(git config user.name) - local commit_gpgsign=$(git config commit.gpgsign) + local user_name + local commit_gpgsign + + user_name=$(git config user.name) + + commit_gpgsign=$(git config commit.gpgsign) git config --local user.name "$TEST_DEFAULT_USER" git config --local commit.gpgsign false @@ -133,6 +151,11 @@ function remove_git_repository { # Git Secret: +function set_state_initial { + cd "$BATS_TMPDIR" || exit 1 +} + + function set_state_git { git init > /dev/null 2>&1 } @@ -144,7 +167,9 @@ function set_state_secret_init { function set_state_secret_tell { - local email=$(test_user_email $1) + local email + + email=$(test_user_email "$1") git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1 } @@ -166,7 +191,7 @@ function set_state_secret_hide { function unset_current_state { # states order: - # git, secret_init, secret_tell, secret_add, secret_hide + # initial, git, secret_init, secret_tell, secret_add, secret_hide # unsets `secret_hide` # removes .secret files: @@ -181,4 +206,7 @@ function unset_current_state { # removes gpg homedir: rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed" + + # return to the base dir: + cd "$SECRET_PROJECT_ROOT" || exit 1 } diff --git a/tests/test_add.bats b/tests/test_add.bats index 80228a79..36d048ea 100644 --- a/tests/test_add.bats +++ b/tests/test_add.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -29,7 +31,7 @@ function teardown { } -@test "run 'add' for unignored file with '-i' option" { +@test "run 'add' for unignored file with '-i'" { local TEST_FILE='test_file.auto_ignore' touch "$TEST_FILE" echo "content" > "$TEST_FILE" @@ -63,7 +65,7 @@ function teardown { local TEST_FILE='test_file' local TEST_DIR='test_dir' - mkdir "$TEST_DIR" + mkdir -p "$TEST_DIR" touch "$TEST_DIR/$TEST_FILE" echo "content" > "$TEST_DIR/$TEST_FILE" echo "$TEST_DIR/$TEST_FILE" > ".gitignore" diff --git a/tests/test_changes.bats b/tests/test_changes.bats index 7902baf6..6bcedf0c 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -12,6 +12,7 @@ FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -74,8 +75,10 @@ function teardown { echo "$new_content" >> "$FILE_TO_HIDE" echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" - run git secret changes "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" -d "$TEST_GPG_HOMEDIR" -p "$password" - [ "$status" -eq 2 ] + run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \ + "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" + + [ "$status" -eq 0 ] # Testing that output has both filename and changes: [[ "$output" == *"changes in $FILE_TO_HIDE"* ]] diff --git a/tests/test_clean.bats b/tests/test_clean.bats index 882527c1..1f44916b 100644 --- a/tests/test_clean.bats +++ b/tests/test_clean.bats @@ -1,3 +1,67 @@ #!/usr/bin/env bats -# TODO: create tests for this command. +load _test_base + +FIRST_FILE="file_to_hide1" +SECOND_FILE="file_to_hide2" + +FOLDER="somedir" +FILE_IN_FOLDER="${FOLDER}/file_to_hide3" + + +function setup { + install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial + set_state_git + set_state_secret_init + set_state_secret_tell "$TEST_DEFAULT_USER" + set_state_secret_add "$FIRST_FILE" "somecontent" + set_state_secret_add "$SECOND_FILE" "somecontent2" + set_state_secret_hide +} + + +function teardown { + uninstall_fixture_key "$TEST_DEFAULT_USER" + unset_current_state + + # This also needs to be cleaned: + rm -f "$FIRST_FILE" "$SECOND_FILE" + rm -rf "$FOLDER" +} + + +function _secret_files_exists { + local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \ + -print0 2>/dev/null | grep -q .; echo "$?") + echo "$result" +} + + +@test "run 'clean' normally" { + run git secret clean + [ "$status" -eq 0 ] + + # There must be no .secret files: + local exists=$(_secret_files_exists) + [ "$exists" -ne 0 ] +} + + +@test "run 'clean' with '-v'" { + run git secret clean -v + [ "$status" -eq 0 ] + + # There must be no .secret files: + local exists=$(_secret_files_exists) + [ "$exists" -ne 0 ] + + local first_filename=$(_get_encrypted_filename "$FIRST_FILE") + local second_filename=$(_get_encrypted_filename "$SECOND_FILE") + + # Output must be verbose: + [[ "$output" == *"cleaning"* ]] + [[ "$output" == *"$first_filename"* ]] + [[ "$output" == *"$second_filename"* ]] +} diff --git a/tests/test_hide.bats b/tests/test_hide.bats index 5196a0c3..b95f8619 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -26,29 +27,72 @@ function teardown { @test "run 'hide' normally" { run git secret hide + + # Command must execute normally: [ "$status" -eq 0 ] [ "$output" = "done. all 1 files are hidden." ] + + # New files should be crated: + local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") + [ -f "$encrypted_file" ] +} + + +@test "run 'hide' with multiple files" { + # Preparations: + local second_file="second_file.txt" + local second_content="some content" + set_state_secret_add "$second_file" "$second_content" + + # Now it should hide 2 files: + run git secret hide + [ "$status" -eq 0 ] + [ "$output" = "done. all 2 files are hidden." ] } -@test "run 'hide' with -c param" { +@test "run 'hide' with '-c' and '-v'" { + # Preparations: + local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE") + set_state_secret_hide # so it would be data to clean + run git secret hide -v -c [ "$status" -eq 0 ] + + # File should be still there (it is not deletion): + [ -f "$FILE_TO_HIDE" ] + + # Output should be verbose: + [[ "$output" == *"cleaning"* ]] + [[ "$output" == *"$encrypted_filename"* ]] +} + + +@test "run 'hide' with '-d'" { + run git secret hide -d + [ "$status" -eq 0 ] + + # File must be removed: + [ ! -f "$FILE_TO_HIDE" ] } -@test "run 'hide' with -d param" { +@test "run 'hide' with '-d' and '-v'" { run git secret hide -v -d [ "$status" -eq 0 ] + + # File must be removed: [ ! -f "$FILE_TO_HIDE" ] -} + # It should be verbose: + [[ "$output" == *"removing unencrypted files"* ]] + [[ "$output" == *"$FILE_TO_HIDE"* ]] +} -@test "run 'hide' for multiple users" { - local new_user="user2" - install_fixture_key "$new_user" - set_state_secret_tell "$new_user" +@test "run 'hide' with multiple users" { + install_fixture_key "$TEST_SECOND_USER" + set_state_secret_tell "$TEST_SECOND_USER" run git secret hide [ "$status" -eq 0 ] diff --git a/tests/test_init.bats b/tests/test_init.bats index 0d93aaf1..95a1bd48 100644 --- a/tests/test_init.bats +++ b/tests/test_init.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } @@ -13,7 +14,7 @@ function teardown { } -@test "run 'init' without .git" { +@test "run 'init' without '.git'" { remove_git_repository run git secret init diff --git a/tests/test_killperson.bats b/tests/test_killperson.bats index b749623b..fc7dbd17 100644 --- a/tests/test_killperson.bats +++ b/tests/test_killperson.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -26,4 +28,22 @@ function teardown { @test "run 'killperson' normally" { run git secret killperson "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] + + # Then whoknows must return an error with status code 1: + run git secret whoknows + [ "$status" -eq 1 ] +} + + +@test "run 'killperson' with multiple arguments" { + # Adding second user: + install_fixture_key "$TEST_SECOND_USER" + set_state_secret_tell "$TEST_SECOND_USER" + + run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER" + [ "$status" -eq 0 ] + + # Nothing to show: + run git secret whoknows + [ "$status" -eq 1 ] } diff --git a/tests/test_list.bats b/tests/test_list.bats index d30e0e19..2eab9d95 100644 --- a/tests/test_list.bats +++ b/tests/test_list.bats @@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -31,9 +32,27 @@ function teardown { } +@test "run 'list' with multiple files" { + # Preparations: + local second_file="second_file.txt" + set_state_secret_add "$second_file" "$FILE_CONTENTS" + + run git secret list + [ "$status" -eq 0 ] + + # Now it should list two files: + [[ "$output" == *"$FILE_TO_HIDE"* ]] + [[ "$output" == *"$second_file"* ]] + + # Cleaning up: + rm -f "$second_file" +} + + @test "run 'list' on empty repo" { git secret remove "$FILE_TO_HIDE" + # Running `list` on empty mapping should result an error: run git secret list [ "$status" -eq 1 ] } diff --git a/tests/test_main.bats b/tests/test_main.bats index 6a1d5838..559cbca1 100644 --- a/tests/test_main.bats +++ b/tests/test_main.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } @@ -29,3 +30,17 @@ function teardown { run git secret --version [ "$output" == "$GITSECRET_VERSION" ] } + + +@test "run 'git secret --dry-run'" { + # We will break things apart, so normally it won't run: + rm -rf ".git" + + # This must fail: + run git secret usage + [ "$status" -eq 1 ] + + # Dry run won't fail: + run git secret --dry-run + [ "$status" -eq 0 ] +} diff --git a/tests/test_remove.bats b/tests/test_remove.bats index 0135e259..8bd96d64 100644 --- a/tests/test_remove.bats +++ b/tests/test_remove.bats @@ -5,42 +5,71 @@ load _test_base FIRST_FILE="file_to_hide1" SECOND_FILE="file_to_hide2" -# There was a bug with `sed` an slashes: -# see https://github.com/sobolevn/git-secret/issues/23 FOLDER="somedir" FILE_IN_FOLDER="${FOLDER}/file_to_hide3" function setup { - install_fixture_full_key "$TEST_DEFAULT_USER" + install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FIRST_FILE" "somecontent" set_state_secret_add "$SECOND_FILE" "somecontent2" + set_state_secret_hide } function teardown { - uninstall_fixture_full_key "$TEST_DEFAULT_USER" + uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state - rm -f "$FIRST_FILE" "$SECOND_FILE" - # This needs to be cleaned + # This also needs to be cleaned: + rm -f "$FIRST_FILE" "$SECOND_FILE" rm -rf "$FOLDER" } -@test "run 'remove' normally" { - git secret hide +function _has_line { + local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + echo "$result" +} + +@test "run 'remove' normally" { run git secret remove "$SECOND_FILE" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + # Mapping should not contain the second file: + local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] + # But the first file must not change: + local other_files=$(_has_line "$FIRST_FILE") + [ "$other_files" -eq 0 ] + + # Both files should be present: + local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) + local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) + + [ -f "$first_enctypted_file" ] + [ -f "$second_enctypted_file" ] +} + + +@test "run 'remove' with multiple arguments" { + run git secret remove "$FIRST_FILE" "$SECOND_FILE" + [ "$status" -eq 0 ] + + local first_line=$(_has_line "$FIRST_FILE") + [ "$first_line" -eq 1 ] + + local second_line=$(_has_line "$SECOND_FILE") + [ "$second_line" -eq 1 ] + + # Both files should be present: local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) @@ -50,14 +79,19 @@ function teardown { @test "run 'remove' with slashes in filename" { + # There was a bug with `sed` an slashes: + # see https://github.com/sobolevn/git-secret/issues/23 + + # Prepartions: mkdir -p "$FOLDER" set_state_secret_add "$FILE_IN_FOLDER" "somecontent3" - git secret hide + set_state_secret_hide # runing hide again to hide new data + # Now it should remove filename with slashes from the mapping: run git secret remove "$FILE_IN_FOLDER" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$FILE_IN_FOLDER" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + local mapping_contains=$(_has_line "$FILE_IN_FOLDER") [ "$mapping_contains" -eq 1 ] local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER) @@ -65,14 +99,14 @@ function teardown { } -@test "run 'remove -c'" { +@test "run 'remove' with '-c'" { git secret hide run git secret remove -c "$SECOND_FILE" echo "$output" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 32dde2e7..f88977dc 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -11,6 +11,7 @@ FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -22,6 +23,7 @@ function setup { function teardown { uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" unset_current_state + rm -f "$FILE_TO_HIDE" } @@ -63,32 +65,58 @@ function teardown { @test "run 'reveal' for attacker" { + # Preparations rm -f "$FILE_TO_HIDE" - local attacker="attacker1" - local atacker_fingerprint=$(install_fixture_full_key "$attacker") + local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER") + local password=$(test_user_password "$TEST_ATTACKER_USER") - local password=$(test_user_password "$attacker") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + # This should fail, nothing should be created: [ "$status" -eq 2 ] [ ! -f "$FILE_TO_HIDE" ] - uninstall_fixture_full_key "$attacker" "$atacker_fingerprint" + # Cleaning up: + uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint" } -@test "run 'reveal' for multiple users" { - local new_user="user2" - install_fixture_full_key "$new_user" - set_state_secret_tell "$new_user" +@test "run 'reveal' for multiple users (with key deletion)" { + # Preparations: + local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") + local password=$(test_user_password "$TEST_SECOND_USER") + set_state_secret_tell "$TEST_SECOND_USER" set_state_secret_hide + # We are removing a secret key of the first user to be sure + # that it is not used in decryption: uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" - local password=$(test_user_password "$new_user") + # Testing: + run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + + [ "$status" -eq 0 ] + [ -f "$FILE_TO_HIDE" ] + + # Cleaning up: + uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" +} + + +@test "run 'reveal' for multiple users (normally)" { + # Preparations: + local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") + local password=$(test_user_password "$TEST_SECOND_USER") + set_state_secret_tell "$TEST_SECOND_USER" + set_state_secret_hide + + # Testing: run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] + + # Cleaning up: + uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" } diff --git a/tests/test_reveal_filename.bats b/tests/test_reveal_filename.bats index 279a19f3..75f0607e 100644 --- a/tests/test_reveal_filename.bats +++ b/tests/test_reveal_filename.bats @@ -12,6 +12,7 @@ OLD_SECRETS_EXTENSION="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" diff --git a/tests/test_tell.bats b/tests/test_tell.bats index da5e1804..45e35bf8 100644 --- a/tests/test_tell.bats +++ b/tests/test_tell.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init } @@ -16,12 +18,23 @@ function teardown { } -function git_secret_tell_test { - git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" +@test "fail on no users" { + run _user_required + [ "$status" -eq 1 ] } -@test "fail on no users" { +@test "constantly fail on no users" { + # We had a serious bug with _user_required, + # see this link for the details: + # https://github.com/sobolevn/git-secret/issues/74 + + # Preparations: + git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" + git secret killperson "$TEST_DEFAULT_USER" + + # It was showing something like `tru::1:1289775241:0:2:1:6` + # after the preparations done and the error was not generated. run _user_required [ "$status" -eq 1 ] } @@ -32,7 +45,7 @@ function git_secret_tell_test { echo "private key" > "$private_key" [ -s "$private_key" ] - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @@ -40,7 +53,7 @@ function git_secret_tell_test { @test "run 'tell' without '.gitsecret'" { rm -rf "$SECRETS_DIR" - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @@ -52,15 +65,20 @@ function git_secret_tell_test { @test "run 'tell' normally" { - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] + # Testing that now user is found: run _user_required [ "$status" -eq 0 ] + + # Testing that now user is in the list of people who knows the secret: + run git secret whoknows + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] } -@test "run 'tell -m'" { +@test "run 'tell' with '-m'" { email=$(test_user_email $TEST_DEFAULT_USER) git_set_config_email "$email" @@ -69,8 +87,32 @@ function git_secret_tell_test { } -@test "run 'tell -m' with empty email" { - git_set_config_email "" +@test "run 'tell' with '-m' (empty email)" { + # Prepartions: + git_set_config_email "" # now it should not allow to add yourself + run git secret tell -d "$TEST_GPG_HOMEDIR" -m [ "$status" -eq 1 ] } + + +@test "run 'tell' with multiple emails" { + # Preparations: + install_fixture_key "$TEST_SECOND_USER" + + # Testing the command iteself: + run git secret tell -d "$TEST_GPG_HOMEDIR" \ + "$TEST_DEFAULT_USER" "$TEST_SECOND_USER" + + [ "$status" -eq 0 ] + + # Testing that these users are presented in the + # list of people who knows secret: + run git secret whoknows + + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] + [[ "$output" == *"$TEST_SECOND_USER"* ]] + + # Cleaning up: + uninstall_fixture_key "$TEST_SECOND_USER" +} diff --git a/tests/test_usage.bats b/tests/test_usage.bats index 7a7c45e0..34712518 100644 --- a/tests/test_usage.bats +++ b/tests/test_usage.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } diff --git a/tests/test_whoknows.bats b/tests/test_whoknows.bats index c204cad9..2b18e36e 100644 --- a/tests/test_whoknows.bats +++ b/tests/test_whoknows.bats @@ -5,24 +5,40 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" - install_fixture_key "user2" + install_fixture_key "$TEST_SECOND_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" - set_state_secret_tell "user2" + set_state_secret_tell "$TEST_SECOND_USER" } function teardown { - uninstall_fixture_key $TEST_DEFAULT_USER + uninstall_fixture_key "$TEST_DEFAULT_USER" + uninstall_fixture_key "$TEST_SECOND_USER" unset_current_state - - rm -f "$FILE_TO_HIDE" } @test "run 'whoknows' normally" { run git secret whoknows [ "$status" -eq 0 ] + + # Now test the output, both users should be present: + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] + [[ "$output" == *"$TEST_SECOND_USER"* ]] +} + + +@test "run 'whoknows' without any users" { + # Preparations, removing users: + local email1=$(test_user_email "$TEST_DEFAULT_USER") + local email2=$(test_user_email "$TEST_SECOND_USER") + git secret killperson "$email1" "$email2" + + # Now whoknows should raise an error: there are no users. + run git secret whoknows + [ "$status" -eq 1 ] } diff --git a/utils/rpm/rpm-ci.sh b/utils/rpm/rpm-ci.sh index 4bb7c4ac..1f2e38f6 100644 --- a/utils/rpm/rpm-ci.sh +++ b/utils/rpm/rpm-ci.sh @@ -16,6 +16,9 @@ RPM_FILE_LOCATION=$(locate_rpm) # Integration tests function integration_tests { + # Note that `dnf` must be installed. + # CentOS 6 does not support `dnf`. + # Installing the package: dnf install -y "$RPM_FILE_LOCATION" From 21d8c7af3ec0edeaadc58d777c7955511a1d2529 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Sun, 26 Feb 2017 18:26:37 +0300 Subject: [PATCH 16/16] Version 0.2.2 release --- CHANGELOG.md | 19 +++++++++++++++++++ src/version.sh | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0202a7d9..cb48f190 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## Version 0.2.2 + +- Change how the `usage` command works (#48) +- Now `git-secret` works from any place inside `git-tree` (#56) +- Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62) +- Added new command `changes` to see the diff between the secret files (#64) +- Fixed bug when `_user_required` was not working after reimporting keys (#74) +- Now it is possible to provide multiple emails to the `killperson` command (#73) +- Now it is possible to provide multiple emails to the `tell` command (#72) +- Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71) +- Now installation section is removed from main `man` file (#70) +- Now "See also" section in the `man`s are clickable (#69) +- Added "Manual" section to the manuals (#61) +- Added `centos` container for `ci` testing (#38) +- Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52) +- Refactored `hide` and `clean` commands to be shorter +- `shellcheck` is now supported with `make lint` + + ## Version 0.2.1 - Now everything is tested inside the `docker`-containers and `OSX` images on `travis`. diff --git a/src/version.sh b/src/version.sh index eb715ac9..6b5c7a3a 100644 --- a/src/version.sh +++ b/src/version.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -GITSECRET_VERSION='0.2.1' # shellcheck disable=2034 +GITSECRET_VERSION='0.2.2' # shellcheck disable=2034