mirror of
https://github.com/sobolevn/git-secret
synced 2024-11-02 21:40:18 +00:00
Publish
This commit is contained in:
commit
d6f01b8ee6
@ -15,7 +15,7 @@ if [[ ! -z "$DOCKER_DIST" ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Local builds:
|
# Local builds:
|
||||||
if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "brew" ]]; then
|
if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "none" ]]; then
|
||||||
# Only running `make test` on standard (non-docker) build,
|
# Only running `make test` on standard (non-docker) build,
|
||||||
# since it is called inside the docker container anyway.
|
# since it is called inside the docker container anyway.
|
||||||
make test
|
make test
|
||||||
@ -24,7 +24,5 @@ fi
|
|||||||
if [[ ! -z "$(command -v shellcheck)" ]]; then
|
if [[ ! -z "$(command -v shellcheck)" ]]; then
|
||||||
# This means, that `shellcheck` does exist, so run it:
|
# This means, that `shellcheck` does exist, so run it:
|
||||||
echo 'running lint'
|
echo 'running lint'
|
||||||
find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
|
make lint
|
||||||
# TODO: add tests to lint
|
|
||||||
# see: https://github.com/koalaman/shellcheck/issues/709
|
|
||||||
fi
|
fi
|
||||||
|
@ -7,12 +7,12 @@ MAINTAINER Nikita Sobolev (mail@sobolevn.me)
|
|||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y man make git apt-transport-https && \
|
apt-get install -y man make git apt-transport-https && \
|
||||||
apt-get install -y ruby ruby-dev ruby-build && \
|
apt-get install -y ruby ruby-dev ruby-build && \
|
||||||
apt-get autoremove && apt-get autoclean
|
apt-get autoremove && apt-get autoclean && \
|
||||||
|
mkdir /code
|
||||||
|
|
||||||
# This will increase the container size, but speed up the build,
|
# This will increase the container size, but speed up the build,
|
||||||
# since this part will change, while the dependencies won't:
|
# since this part will change, while the dependencies won't:
|
||||||
|
|
||||||
RUN mkdir /code
|
|
||||||
WORKDIR /code
|
WORKDIR /code
|
||||||
|
|
||||||
# Removing `origin` for good:
|
# Removing `origin` for good:
|
||||||
|
26
.docker/rpm/centos/Dockerfile
Normal file
26
.docker/rpm/centos/Dockerfile
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
FROM centos:latest
|
||||||
|
|
||||||
|
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
|
||||||
|
|
||||||
|
ENV HOME /root
|
||||||
|
|
||||||
|
RUN yum update -y && \
|
||||||
|
yum install -y epel-release && \
|
||||||
|
yum install -y dnf && \
|
||||||
|
dnf update -y && \
|
||||||
|
rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \
|
||||||
|
dnf install -y gnupg man make gcc git tar > /dev/null && \
|
||||||
|
dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \
|
||||||
|
dnf -y group install 'Development tools' && \
|
||||||
|
dnf install -y ruby ruby-devel rubygems && \
|
||||||
|
dnf -y autoremove && \
|
||||||
|
mkdir /code
|
||||||
|
|
||||||
|
WORKDIR /code
|
||||||
|
|
||||||
|
# Removing `origin` for good:
|
||||||
|
|
||||||
|
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
|
||||||
|
cd git-secret && git remote rm origin
|
||||||
|
|
||||||
|
WORKDIR /code/git-secret
|
1
.github/ISSUE_TEMPLATE.md
vendored
1
.github/ISSUE_TEMPLATE.md
vendored
@ -18,7 +18,6 @@ Any logs, error output, etc?
|
|||||||
----------------------------
|
----------------------------
|
||||||
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
|
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
|
||||||
|
|
||||||
|
|
||||||
Any other comments?
|
Any other comments?
|
||||||
-------------------
|
-------------------
|
||||||
…
|
…
|
||||||
|
9
.github/PULL_REQUEST_TEMPLATE.md
vendored
9
.github/PULL_REQUEST_TEMPLATE.md
vendored
@ -15,7 +15,6 @@ Does this close any currently open issues?
|
|||||||
------------------------------------------
|
------------------------------------------
|
||||||
…
|
…
|
||||||
|
|
||||||
|
|
||||||
Any relevant logs, error output, etc?
|
Any relevant logs, error output, etc?
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
|
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
|
||||||
@ -23,11 +22,3 @@ Any relevant logs, error output, etc?
|
|||||||
Any other comments?
|
Any other comments?
|
||||||
-------------------
|
-------------------
|
||||||
…
|
…
|
||||||
|
|
||||||
Where has this been tested?
|
|
||||||
---------------------------
|
|
||||||
**Operating system:** …
|
|
||||||
|
|
||||||
**`git-secret` version:** …
|
|
||||||
|
|
||||||
**Shell type and version:** …
|
|
||||||
|
1
.gitignore
vendored
1
.gitignore
vendored
@ -133,4 +133,3 @@ temp/
|
|||||||
build/
|
build/
|
||||||
*.deb
|
*.deb
|
||||||
*.fpm
|
*.fpm
|
||||||
test.txt
|
|
||||||
|
@ -39,10 +39,6 @@ matrix:
|
|||||||
- debian-sid
|
- debian-sid
|
||||||
packages:
|
packages:
|
||||||
- shellcheck
|
- shellcheck
|
||||||
- os: osx
|
|
||||||
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"
|
|
||||||
sudo: false
|
|
||||||
language: generic
|
|
||||||
- os: osx
|
- os: osx
|
||||||
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
|
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
|
||||||
sudo: false
|
sudo: false
|
||||||
|
19
CHANGELOG.md
19
CHANGELOG.md
@ -1,5 +1,24 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## Version 0.2.2
|
||||||
|
|
||||||
|
- Change how the `usage` command works (#48)
|
||||||
|
- Now `git-secret` works from any place inside `git-tree` (#56)
|
||||||
|
- Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62)
|
||||||
|
- Added new command `changes` to see the diff between the secret files (#64)
|
||||||
|
- Fixed bug when `_user_required` was not working after reimporting keys (#74)
|
||||||
|
- Now it is possible to provide multiple emails to the `killperson` command (#73)
|
||||||
|
- Now it is possible to provide multiple emails to the `tell` command (#72)
|
||||||
|
- Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71)
|
||||||
|
- Now installation section is removed from main `man` file (#70)
|
||||||
|
- Now "See also" section in the `man`s are clickable (#69)
|
||||||
|
- Added "Manual" section to the manuals (#61)
|
||||||
|
- Added `centos` container for `ci` testing (#38)
|
||||||
|
- Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52)
|
||||||
|
- Refactored `hide` and `clean` commands to be shorter
|
||||||
|
- `shellcheck` is now supported with `make lint`
|
||||||
|
|
||||||
|
|
||||||
## Version 0.2.1
|
## Version 0.2.1
|
||||||
|
|
||||||
- Now everything is tested inside the `docker`-containers and `OSX` images on `travis`.
|
- Now everything is tested inside the `docker`-containers and `OSX` images on `travis`.
|
||||||
|
@ -28,10 +28,10 @@ Only required if dealing with manuals, `gh-pages` or releases:
|
|||||||
1. Firstly, you will need to setup development hooks with `make install-hooks`
|
1. Firstly, you will need to setup development hooks with `make install-hooks`
|
||||||
2. Make changes to the files that need to be changed
|
2. Make changes to the files that need to be changed
|
||||||
3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command
|
3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command
|
||||||
4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}`
|
4. Run [`shellcheck`][shellcheck] against all your changes with `make lint`
|
||||||
5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work
|
5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work
|
||||||
6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail
|
6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail
|
||||||
7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request
|
7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways
|
||||||
|
|
||||||
### Branches
|
### Branches
|
||||||
|
|
||||||
@ -88,6 +88,6 @@ Releases to `brew` are made manually.
|
|||||||
[tracker]: https://github.com/sobolevn/git-secret/issues
|
[tracker]: https://github.com/sobolevn/git-secret/issues
|
||||||
[help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
|
[help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
|
||||||
[shellcheck]: https://github.com/koalaman/shellcheck
|
[shellcheck]: https://github.com/koalaman/shellcheck
|
||||||
[git-secret-site]: https://sobolevn.github.io/git-secret/
|
[git-secret-site]: http://git-secret.io
|
||||||
[bintray]: https://bintray.com/sobolevn
|
[bintray]: https://bintray.com/sobolevn
|
||||||
[Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/
|
[Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/
|
||||||
|
12
Makefile
12
Makefile
@ -53,9 +53,13 @@ test: install-test clean build
|
|||||||
install-ronn:
|
install-ronn:
|
||||||
@if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi
|
@if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi
|
||||||
|
|
||||||
|
.PHONY: clean-man
|
||||||
|
clean-man:
|
||||||
|
@find "man/" -type f ! -name "*.ronn" -delete
|
||||||
|
|
||||||
.PHONY: build-man
|
.PHONY: build-man
|
||||||
build-man: install-ronn
|
build-man: install-ronn clean-man
|
||||||
@ronn --roff man/*/*.ronn
|
@ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn
|
||||||
|
|
||||||
.PHONY: build-gh-pages
|
.PHONY: build-gh-pages
|
||||||
build-gh-pages:
|
build-gh-pages:
|
||||||
@ -76,6 +80,10 @@ install-hooks:
|
|||||||
.PHONY: develop
|
.PHONY: develop
|
||||||
develop: clean build install-hooks
|
develop: clean build install-hooks
|
||||||
|
|
||||||
|
.PHONY: lint
|
||||||
|
lint:
|
||||||
|
@find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Packaging:
|
# Packaging:
|
||||||
#
|
#
|
||||||
|
10
README.md
10
README.md
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/)
|
[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/)
|
||||||
|
|
||||||
[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/)
|
[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)
|
||||||
|
|
||||||
## What is `git-secret`?
|
## What is `git-secret`?
|
||||||
|
|
||||||
`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore.
|
`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore.
|
||||||
|
|
||||||
## Preview
|
## Preview
|
||||||
|
|
||||||
@ -14,11 +14,11 @@
|
|||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
See the [git-secret site](https://sobolevn.github.io/git-secret/).
|
See the [git-secret site](http://git-secret.io/).
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
See the [installation section](https://sobolevn.github.io/git-secret/#installation).
|
See the [installation section](http://git-secret.io/#installation).
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details.
|
|||||||
|
|
||||||
## Thanks
|
## Thanks
|
||||||
|
|
||||||
Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for the awesome logo.
|
Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.
|
||||||
|
@ -2,11 +2,7 @@
|
|||||||
|
|
||||||
# Copyright 2016 Sobolev Nikita <mail@sobolevn.me>
|
# Copyright 2016 Sobolev Nikita <mail@sobolevn.me>
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the MIT License
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
Binary file not shown.
@ -20,6 +20,11 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-add` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -3,11 +3,11 @@ git-secret-changes - view diff of the hidden files.
|
|||||||
|
|
||||||
## SYNOPSIS
|
## SYNOPSIS
|
||||||
|
|
||||||
git secret changes [-h] [-d dir] [-p password] <pathspec>...
|
git secret changes [-h] [-d dir] [-p password] [pathspec]...
|
||||||
|
|
||||||
|
|
||||||
## DESCRIPTION
|
## DESCRIPTION
|
||||||
`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited.
|
`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown.
|
||||||
|
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
@ -17,6 +17,11 @@ git-secret-changes - view diff of the hidden files.
|
|||||||
-h - shows help.
|
-h - shows help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-changes` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-add(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -16,6 +16,11 @@ git-secret-clean - removes all the hidden files.
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-clean` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)
|
||||||
|
Binary file not shown.
@ -16,9 +16,15 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX
|
|||||||
|
|
||||||
-v - verbose, shows extra information.
|
-v - verbose, shows extra information.
|
||||||
-c - deletes encrypted files before creating new ones.
|
-c - deletes encrypted files before creating new ones.
|
||||||
|
-d - deletes unencrypted files after encryption.
|
||||||
-h - shows help.
|
-h - shows help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-hide` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1)
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -15,6 +15,11 @@ git-secret-init - initializes git-secret repository.
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-init` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-init(1), git-secret-tell(1)
|
[git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell)
|
||||||
|
Binary file not shown.
@ -3,11 +3,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
|
|||||||
|
|
||||||
## SYNOPSIS
|
## SYNOPSIS
|
||||||
|
|
||||||
git secret killperson [email]
|
git secret killperson <emails>...
|
||||||
|
|
||||||
|
|
||||||
## DESCRIPTION
|
## DESCRIPTION
|
||||||
`git-secret-killperson` makes it impossible for given user to decrypt the hidden file in the future. It is required to run `git-secret-hide` once again with the updated keyring.
|
This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption.
|
||||||
|
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
@ -15,6 +15,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-killperson` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean)
|
||||||
|
Binary file not shown.
@ -15,6 +15,11 @@ git-secret-list - prints all the added files.
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-list` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -3,7 +3,7 @@ git-secret-remove - removes files from index.
|
|||||||
|
|
||||||
## SYNOPSIS
|
## SYNOPSIS
|
||||||
|
|
||||||
git secret remove [-c] <pathspec..>
|
git secret remove [-c] <pathspec>...
|
||||||
|
|
||||||
|
|
||||||
## DESCRIPTION
|
## DESCRIPTION
|
||||||
@ -16,6 +16,11 @@ git-secret-remove - removes files from index.
|
|||||||
-h - shows help.
|
-h - shows help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-remove` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-add(1), git-secret-reveal(1), git-secret-hide(1)
|
[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)
|
||||||
|
Binary file not shown.
@ -18,6 +18,11 @@ git-secret-reveal - decrypts all added files.
|
|||||||
-h - shows help.
|
-h - shows help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-reveal` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1)
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide)
|
||||||
|
Binary file not shown.
@ -3,11 +3,11 @@ git-secret-tell - adds a person, who can access private data.
|
|||||||
|
|
||||||
## SYNOPSIS
|
## SYNOPSIS
|
||||||
|
|
||||||
git secret tell [-m] [-d dir] [email]
|
git secret tell [-m] [-d dir] [emails]...
|
||||||
|
|
||||||
|
|
||||||
## DESCRIPTION
|
## DESCRIPTION
|
||||||
`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
|
`git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
|
||||||
|
|
||||||
**Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported.
|
**Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported.
|
||||||
|
|
||||||
@ -19,6 +19,11 @@ git-secret-tell - adds a person, who can access private data.
|
|||||||
-h - shows help.
|
-h - shows help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-tell` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)
|
||||||
|
Binary file not shown.
@ -15,6 +15,11 @@ git-secret-usage - prints all the available commands.
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-usage` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -15,6 +15,11 @@ git-secret-whoknows - prints email-labels for each key in the keyring.
|
|||||||
-h - shows this help.
|
-h - shows this help.
|
||||||
|
|
||||||
|
|
||||||
|
## MANUAL
|
||||||
|
|
||||||
|
Run `man git-secret-whoknows` to see this note.
|
||||||
|
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
|
|
||||||
git-secret-list(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)
|
[git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)
|
||||||
|
Binary file not shown.
@ -1,80 +1,3 @@
|
|||||||
## Content
|
|
||||||
|
|
||||||
1. [Intro](#intro)
|
|
||||||
2. [Installation](#installation)
|
|
||||||
3. [Usage](#usage)
|
|
||||||
4. [Configuration](#configuration)
|
|
||||||
|
|
||||||
## Intro
|
|
||||||
|
|
||||||
There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
|
|
||||||
|
|
||||||
1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit.
|
|
||||||
2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
|
|
||||||
|
|
||||||
### How does `git-secret` solve these problems?
|
|
||||||
|
|
||||||
1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit.
|
|
||||||
2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files.
|
|
||||||
|
|
||||||
### What is `git-secret`?
|
|
||||||
|
|
||||||
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
|
|
||||||
|
|
||||||
## Installation
|
|
||||||
|
|
||||||
### Dependencies
|
|
||||||
|
|
||||||
`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with:
|
|
||||||
|
|
||||||
git version 2.7.0
|
|
||||||
gpg (GnuPG) 1.4.20
|
|
||||||
|
|
||||||
### Supported platforms
|
|
||||||
|
|
||||||
`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3
|
|
||||||
You can add your platform to this list, if all the tests pass for you.
|
|
||||||
`Cygwin` support is planned.
|
|
||||||
|
|
||||||
### Installation process
|
|
||||||
|
|
||||||
There are several ways to install `git-secret`:
|
|
||||||
|
|
||||||
**** Homebrew ****
|
|
||||||
|
|
||||||
1. Run `brew install git-secret`. That will do. Also, there are two options:
|
|
||||||
* `--without-gpg` to build without `gpg` support
|
|
||||||
* `--HEAD` to install `HEAD` version
|
|
||||||
2. Note, that we have migrated from `tap` to the official `brew` repo
|
|
||||||
|
|
||||||
**** `deb` package ****
|
|
||||||
|
|
||||||
You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret).
|
|
||||||
|
|
||||||
0. Pre-requirements: make sure you have installed `apt-transport-https`
|
|
||||||
1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list`
|
|
||||||
2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -`
|
|
||||||
3. Run `sudo apt-get update && sudo apt-get install git-secret`
|
|
||||||
|
|
||||||
**** `rpm` package ****
|
|
||||||
|
|
||||||
You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret).
|
|
||||||
|
|
||||||
1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/`
|
|
||||||
2. Run `sudo yum install git-secret`
|
|
||||||
|
|
||||||
**** Manual ****
|
|
||||||
|
|
||||||
1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret`
|
|
||||||
2. Run `cd git-secret && make build`
|
|
||||||
3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH`
|
|
||||||
|
|
||||||
**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) ****
|
|
||||||
|
|
||||||
1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc`
|
|
||||||
2. Run `source ~/.zshrc` or reopen the terminal
|
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
These steps cover the basic process of using `git-secret`:
|
These steps cover the basic process of using `git-secret`:
|
||||||
|
|
||||||
@ -100,6 +23,3 @@ These settings are available to be changed:
|
|||||||
|
|
||||||
* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
|
* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
|
||||||
* `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
|
* `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
|
||||||
|
|
||||||
[1]: https://git-scm.com/
|
|
||||||
[2]: https://www.gnupg.org/
|
|
||||||
|
@ -21,15 +21,15 @@ SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable
|
|||||||
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
|
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
|
||||||
|
|
||||||
|
|
||||||
# Inner bash :
|
# Inner bash:
|
||||||
|
|
||||||
function _function_exists {
|
function _function_exists {
|
||||||
declare -f -F "$1" > /dev/null
|
declare -f -F "$1" > /dev/null 2>&1
|
||||||
echo $?
|
echo $?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# OS based :
|
# OS based:
|
||||||
|
|
||||||
function _os_based {
|
function _os_based {
|
||||||
# Pass function name as first parameter.
|
# Pass function name as first parameter.
|
||||||
@ -57,7 +57,7 @@ function _os_based {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# File System :
|
# File System:
|
||||||
|
|
||||||
function _set_config {
|
function _set_config {
|
||||||
# First parameter is the KEY, second is VALUE, third is filename.
|
# First parameter is the KEY, second is VALUE, third is filename.
|
||||||
@ -125,10 +125,10 @@ function _show_manual_for {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# VCS :
|
# VCS:
|
||||||
|
|
||||||
function _check_ignore {
|
function _check_ignore {
|
||||||
git check-ignore -q "$1";
|
git check-ignore --no-index -q "$1";
|
||||||
echo $?
|
echo $?
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -142,17 +142,68 @@ function _add_ignored_file {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Logic :
|
function _is_inside_git_tree {
|
||||||
|
git rev-parse --is-inside-work-tree >/dev/null 2>&1
|
||||||
|
echo $?
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function _get_git_root_path {
|
||||||
|
# We need this function to get the location of the `.git` folder,
|
||||||
|
# since `.gitsecret` must be on the same level.
|
||||||
|
local result
|
||||||
|
result=$(git rev-parse --show-toplevel)
|
||||||
|
echo "$result"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Logic:
|
||||||
|
|
||||||
function _abort {
|
function _abort {
|
||||||
>&2 echo "$1 abort."
|
>&2 echo "$1 abort."
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _find_and_clean {
|
||||||
|
# required:
|
||||||
|
local pattern="$1" # can be any string pattern
|
||||||
|
|
||||||
|
# optional:
|
||||||
|
local verbose=${2:-""} # can be empty or should be equal to "v"
|
||||||
|
|
||||||
|
# shellcheck disable=2086
|
||||||
|
find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function _find_and_clean_formated {
|
||||||
|
# required:
|
||||||
|
local pattern="$1" # can be any string pattern
|
||||||
|
|
||||||
|
# optional:
|
||||||
|
local verbose=${2:-""} # can be empty or should be equal to "v"
|
||||||
|
local message=${3:-"cleaning:"} # can be any string
|
||||||
|
|
||||||
|
if [[ ! -z "$verbose" ]]; then
|
||||||
|
echo && echo "$message"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_find_and_clean "$pattern" "$verbose"
|
||||||
|
|
||||||
|
if [[ ! -z "$verbose" ]]; then
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function _secrets_dir_exists {
|
function _secrets_dir_exists {
|
||||||
if [[ ! -d "$SECRETS_DIR" ]]; then
|
local root_path
|
||||||
_abort "$SECRETS_DIR does not exist."
|
root_path=$(_get_git_root_path)
|
||||||
|
|
||||||
|
local full_path="$root_path/$SECRETS_DIR"
|
||||||
|
|
||||||
|
if [[ ! -d "$full_path" ]]; then
|
||||||
|
_abort "$full_path does not exist."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -166,7 +217,7 @@ function _user_required {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
local keys_exist
|
local keys_exist
|
||||||
keys_exist=$($GPGLOCAL -n --list-keys --with-colon)
|
keys_exist=$($GPGLOCAL -n --list-keys)
|
||||||
if [[ -z "$keys_exist" ]]; then
|
if [[ -z "$keys_exist" ]]; then
|
||||||
_abort "$error_message"
|
_abort "$error_message"
|
||||||
fi
|
fi
|
||||||
@ -228,8 +279,8 @@ function _decrypt {
|
|||||||
|
|
||||||
if [[ ! -z "$passphrase" ]]; then
|
if [[ ! -z "$passphrase" ]]; then
|
||||||
echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \
|
echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \
|
||||||
"$encrypted_filename"
|
"$encrypted_filename" > /dev/null 2>&1
|
||||||
else
|
else
|
||||||
$base "$encrypted_filename"
|
$base "$encrypted_filename" > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,8 @@ function add {
|
|||||||
while getopts "ih" opt; do
|
while getopts "ih" opt; do
|
||||||
case "$opt" in
|
case "$opt" in
|
||||||
i) auto_add=1;;
|
i) auto_add=1;;
|
||||||
h) _show_manaul_for "add";;
|
|
||||||
|
h) _show_manual_for "add";;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -18,14 +18,17 @@ function changes {
|
|||||||
shift $((OPTIND-1))
|
shift $((OPTIND-1))
|
||||||
[ "$1" = '--' ] && shift
|
[ "$1" = '--' ] && shift
|
||||||
|
|
||||||
local filenames="$1"
|
_user_required
|
||||||
if [[ -z "$filenames" ]]; then
|
|
||||||
|
local filenames="$*"
|
||||||
|
if [[ -z $filenames ]]; then
|
||||||
# Checking if no filenames are passed, show diff for all files.
|
# Checking if no filenames are passed, show diff for all files.
|
||||||
filenames=$(git secret list)
|
filenames=$(git secret list)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
IFS='
|
IFS='
|
||||||
'
|
'
|
||||||
|
|
||||||
for filename in $filenames; do
|
for filename in $filenames; do
|
||||||
local decrypted
|
local decrypted
|
||||||
local content
|
local content
|
||||||
|
@ -17,14 +17,8 @@ function clean {
|
|||||||
shift $((OPTIND-1))
|
shift $((OPTIND-1))
|
||||||
[ "$1" = '--' ] && shift
|
[ "$1" = '--' ] && shift
|
||||||
|
|
||||||
if [[ ! -z "$verbose" ]]; then
|
_user_required
|
||||||
echo && echo 'cleaing:'
|
|
||||||
fi
|
|
||||||
|
|
||||||
find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose
|
|
||||||
|
|
||||||
if [[ ! -z "$verbose" ]]; then
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# User should see properly formated output:
|
||||||
|
_find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
|
||||||
}
|
}
|
||||||
|
@ -2,33 +2,66 @@
|
|||||||
|
|
||||||
|
|
||||||
function _optional_clean {
|
function _optional_clean {
|
||||||
OPTIND=1
|
local clean="$1"
|
||||||
local clean=0
|
local verbose=${2:-""}
|
||||||
local opt_string=''
|
|
||||||
|
|
||||||
while getopts 'cvh' opt; do
|
if [[ $clean -eq 1 ]]; then
|
||||||
|
_find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function _optional_delete {
|
||||||
|
local delete="$1"
|
||||||
|
local verbose=${2:-""}
|
||||||
|
|
||||||
|
if [[ $delete -eq 1 ]]; then
|
||||||
|
# We use custom formating here:
|
||||||
|
if [[ ! -z "$verbose" ]]; then
|
||||||
|
echo && echo 'removing unencrypted files:'
|
||||||
|
fi
|
||||||
|
|
||||||
|
while read -r line; do
|
||||||
|
# So the formating would not be repeated several times here:
|
||||||
|
_find_and_clean "*$line" "$verbose"
|
||||||
|
done < "$SECRETS_DIR_PATHS_MAPPING"
|
||||||
|
|
||||||
|
if [[ ! -z "$verbose" ]]; then
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function hide {
|
||||||
|
local clean=0
|
||||||
|
local delete=0
|
||||||
|
local verbose=''
|
||||||
|
|
||||||
|
OPTIND=1
|
||||||
|
|
||||||
|
while getopts 'cdvh' opt; do
|
||||||
case "$opt" in
|
case "$opt" in
|
||||||
c) clean=1;;
|
c) clean=1;;
|
||||||
|
|
||||||
h) _show_manual_for 'hide';;
|
d) delete=1;;
|
||||||
|
|
||||||
v) opt_string='-v';;
|
v) verbose='v';;
|
||||||
|
|
||||||
|
h) _show_manual_for 'hide';;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
shift $((OPTIND-1))
|
shift $((OPTIND-1))
|
||||||
[ "$1" = '--' ] && shift
|
[ "$1" = '--' ] && shift
|
||||||
|
|
||||||
|
# We need user to continue:
|
||||||
_user_required
|
_user_required
|
||||||
|
|
||||||
if [[ $clean -eq 1 ]]; then
|
# If -c option was provided, it would clean the hidden files
|
||||||
clean "$opt_string"
|
# before creating new ones.
|
||||||
fi
|
_optional_clean "$clean" "$verbose"
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function hide {
|
|
||||||
_optional_clean "$@"
|
|
||||||
|
|
||||||
local counter=0
|
local counter=0
|
||||||
while read -r line; do
|
while read -r line; do
|
||||||
@ -45,5 +78,9 @@ function hide {
|
|||||||
counter=$((counter+1))
|
counter=$((counter+1))
|
||||||
done < "$SECRETS_DIR_PATHS_MAPPING"
|
done < "$SECRETS_DIR_PATHS_MAPPING"
|
||||||
|
|
||||||
|
# If -d option was provided, it would delete the source files
|
||||||
|
# after we have already hidden them.
|
||||||
|
_optional_delete "$delete" "$verbose"
|
||||||
|
|
||||||
echo "done. all $counter files are hidden."
|
echo "done. all $counter files are hidden."
|
||||||
}
|
}
|
||||||
|
@ -15,9 +15,13 @@ function killperson {
|
|||||||
|
|
||||||
_user_required
|
_user_required
|
||||||
|
|
||||||
if [[ ${#@} -eq 0 ]]; then
|
local emails=( "$@" )
|
||||||
_abort "email is required."
|
|
||||||
|
if [[ ${#emails[@]} -eq 0 ]]; then
|
||||||
|
_abort "at least one email is required."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$GPGLOCAL --batch --yes --delete-key "$1"
|
for email in "${emails[@]}"; do
|
||||||
|
$GPGLOCAL --batch --yes --delete-key "$email"
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
@ -2,20 +2,19 @@
|
|||||||
|
|
||||||
|
|
||||||
function tell {
|
function tell {
|
||||||
local email
|
local emails
|
||||||
|
local self_email=0
|
||||||
local homedir
|
local homedir
|
||||||
|
|
||||||
# A POSIX variable
|
# A POSIX variable
|
||||||
# Reset in case getopts has been used previously in the shell.
|
# Reset in case getopts has been used previously in the shell.
|
||||||
OPTIND=1
|
OPTIND=1
|
||||||
|
|
||||||
while getopts "h?md:" opt; do
|
while getopts "hmd:" opt; do
|
||||||
case "$opt" in
|
case "$opt" in
|
||||||
h) _show_manual_for "tell";;
|
h) _show_manual_for "tell";;
|
||||||
|
|
||||||
m) # Set email of the git current user:
|
m) self_email=1;;
|
||||||
email=$(git config user.email) || _abort "'git config user.email' is not set."
|
|
||||||
;;
|
|
||||||
|
|
||||||
d) homedir=$OPTARG;;
|
d) homedir=$OPTARG;;
|
||||||
esac
|
esac
|
||||||
@ -24,15 +23,29 @@ function tell {
|
|||||||
shift $((OPTIND-1))
|
shift $((OPTIND-1))
|
||||||
[ "$1" = "--" ] && shift
|
[ "$1" = "--" ] && shift
|
||||||
|
|
||||||
# Moved to enable viewing a manual without validation:
|
# Validates that application is inited:
|
||||||
_secrets_dir_exists
|
_secrets_dir_exists
|
||||||
|
|
||||||
# Custom argument-parsing:
|
emails=( "$@" )
|
||||||
if [[ -z $email ]]; then
|
local git_email
|
||||||
# Email was not set via `-m` and is in $1:
|
|
||||||
test ! -z "$1" && email="$1"; shift || _abort "first argument must be an email address."
|
if [[ "$self_email" -eq 1 ]]; then
|
||||||
|
git_email=$(git config user.email)
|
||||||
|
|
||||||
|
if [[ -z "$git_email" ]]; then
|
||||||
|
_abort "'git config user.email' is not set."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
emails+=("$git_email")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${#emails[@]}" -eq 0 ]]; then
|
||||||
|
# If after possible addition of git_email, emails are still empty,
|
||||||
|
# we should raise an exception.
|
||||||
|
_abort "you must provide at least one email address."
|
||||||
|
fi
|
||||||
|
|
||||||
|
for email in "${emails[@]}"; do
|
||||||
# This file will be removed automatically:
|
# This file will be removed automatically:
|
||||||
_temporary_file # note, that `_temporary_file` will export `filename` var.
|
_temporary_file # note, that `_temporary_file` will export `filename` var.
|
||||||
# shellcheck disable=2154
|
# shellcheck disable=2154
|
||||||
@ -52,6 +65,7 @@ function tell {
|
|||||||
|
|
||||||
# Importing public key to the local keychain:
|
# Importing public key to the local keychain:
|
||||||
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1
|
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1
|
||||||
|
done
|
||||||
|
|
||||||
echo "done. $email added as a person who knows the secret."
|
echo "done. ${emails[*]} added as someone who know(s) the secret."
|
||||||
}
|
}
|
||||||
|
@ -1,19 +1,6 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
|
||||||
function _show_help_usage {
|
|
||||||
cat <<-EOF
|
|
||||||
usage: git secret usage
|
|
||||||
prints all the available commands.
|
|
||||||
|
|
||||||
options:
|
|
||||||
-h shows this help.
|
|
||||||
|
|
||||||
EOF
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function usage {
|
function usage {
|
||||||
OPTIND=1
|
OPTIND=1
|
||||||
|
|
||||||
@ -26,14 +13,11 @@ function usage {
|
|||||||
shift $((OPTIND-1))
|
shift $((OPTIND-1))
|
||||||
[ "$1" = "--" ] && shift
|
[ "$1" = "--" ] && shift
|
||||||
|
|
||||||
local commands=""
|
# There was a bug with some shells, which were adding extra commands
|
||||||
local separator="|"
|
# to the old dynamic-loading version of this code.
|
||||||
|
# thanks to @antmak it is now fixed, see:
|
||||||
|
# https://github.com/sobolevn/git-secret/issues/47
|
||||||
|
local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows"
|
||||||
|
|
||||||
for com in $(compgen -A function); do
|
echo "usage: git secret [$commands]"
|
||||||
if [[ ! $com == _* ]]; then
|
|
||||||
commands+="$com$separator"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "usage: git secret [${commands%?}]"
|
|
||||||
}
|
}
|
||||||
|
@ -18,7 +18,7 @@ function whoknows {
|
|||||||
|
|
||||||
local keys
|
local keys
|
||||||
|
|
||||||
# Just to the point:
|
# Getting the users from gpg:
|
||||||
keys=$(_get_users_in_keyring)
|
keys=$(_get_users_in_keyring)
|
||||||
echo "$keys"
|
echo "$keys"
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,9 @@ set -e
|
|||||||
|
|
||||||
function _check_setup {
|
function _check_setup {
|
||||||
# Checking git and secret-plugin setup:
|
# Checking git and secret-plugin setup:
|
||||||
if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then
|
local is_tree
|
||||||
|
is_tree=$(_is_inside_git_tree)
|
||||||
|
if [[ ! $is_tree -eq 0 ]]; then
|
||||||
_abort "repository is broken. try running 'git init' or 'git clone'."
|
_abort "repository is broken. try running 'git init' or 'git clone'."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
GITSECRET_VERSION='0.2.1' # shellcheck disable=2034
|
GITSECRET_VERSION='0.2.2' # shellcheck disable=2034
|
||||||
|
@ -3,34 +3,35 @@
|
|||||||
# This file is following a name convention defined in:
|
# This file is following a name convention defined in:
|
||||||
# https://github.com/sstephenson/bats
|
# https://github.com/sstephenson/bats
|
||||||
|
|
||||||
|
# shellcheck disable=1090
|
||||||
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
||||||
|
# shellcheck disable=1090
|
||||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
||||||
|
|
||||||
# Constants:
|
# Constants:
|
||||||
|
|
||||||
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
||||||
|
|
||||||
# Folders:
|
TEST_GPG_HOMEDIR="$BATS_TMPDIR"
|
||||||
TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR"
|
|
||||||
TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING"
|
|
||||||
|
|
||||||
TEST_GPG_HOMEDIR="$PWD"
|
|
||||||
|
|
||||||
# GPG-based stuff:
|
# GPG-based stuff:
|
||||||
: ${SECRETS_GPG_COMMAND:="gpg"}
|
: "${SECRETS_GPG_COMMAND:="gpg"}"
|
||||||
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
|
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
|
||||||
|
|
||||||
|
|
||||||
# Personal data:
|
# Personal data:
|
||||||
|
|
||||||
TEST_DEFAULT_USER="user1"
|
TEST_DEFAULT_USER="user1"
|
||||||
|
TEST_SECOND_USER="user2" # shellcheck disable=2034
|
||||||
|
TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034
|
||||||
|
|
||||||
function test_user_password {
|
function test_user_password {
|
||||||
|
# It was set on key creation:
|
||||||
echo "${1}pass"
|
echo "${1}pass"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function test_user_email {
|
function test_user_email {
|
||||||
|
# It was set on key creation:
|
||||||
echo "${1}@gitsecret.io"
|
echo "${1}@gitsecret.io"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -39,17 +40,21 @@ function test_user_email {
|
|||||||
|
|
||||||
function get_gpg_fingerprint_by_email {
|
function get_gpg_fingerprint_by_email {
|
||||||
local email="$1"
|
local email="$1"
|
||||||
local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \
|
local fingerprint
|
||||||
sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
|
|
||||||
|
fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \
|
||||||
|
sed -e '/<'"$email"'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
|
||||||
sed -e '/fpr/!d' | \
|
sed -e '/fpr/!d' | \
|
||||||
sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p')
|
sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p')
|
||||||
echo $fingerprint
|
echo "$fingerprint"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function install_fixture_key {
|
function install_fixture_key {
|
||||||
local public_key="$BATS_TMPDIR/public-${1}.key"
|
local public_key="$BATS_TMPDIR/public-${1}.key"
|
||||||
local email=$(test_user_email "$1")
|
local email
|
||||||
|
|
||||||
|
email=$(test_user_email "$1")
|
||||||
|
|
||||||
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
||||||
--no-permission-warning --output "$public_key" \
|
--no-permission-warning --output "$public_key" \
|
||||||
@ -61,18 +66,23 @@ function install_fixture_key {
|
|||||||
|
|
||||||
function install_fixture_full_key {
|
function install_fixture_full_key {
|
||||||
local private_key="$BATS_TMPDIR/private-${1}.key"
|
local private_key="$BATS_TMPDIR/private-${1}.key"
|
||||||
local email=$(test_user_email "$1")
|
local email
|
||||||
|
local fp
|
||||||
|
local fingerprint
|
||||||
|
|
||||||
|
email=$(test_user_email "$1")
|
||||||
|
|
||||||
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
|
||||||
--no-permission-warning --output "$private_key" --armor \
|
--no-permission-warning --output "$private_key" --armor \
|
||||||
--yes --export-secret-key "$email" > /dev/null 2>&1
|
--yes --export-secret-key "$email" > /dev/null 2>&1
|
||||||
|
|
||||||
$GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1
|
$GPGTEST --allow-secret-key-import \
|
||||||
|
--import "$private_key" > /dev/null 2>&1
|
||||||
|
|
||||||
local fp=$($GPGTEST --with-fingerprint "$private_key")
|
fp=$($GPGTEST --with-fingerprint "$private_key")
|
||||||
|
|
||||||
# since 0.1.2 fingerprint is returned:
|
# since 0.1.2 fingerprint is returned:
|
||||||
local fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
|
fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
|
||||||
|
|
||||||
install_fixture_key "$1"
|
install_fixture_key "$1"
|
||||||
|
|
||||||
@ -82,21 +92,25 @@ function install_fixture_full_key {
|
|||||||
|
|
||||||
|
|
||||||
function uninstall_fixture_key {
|
function uninstall_fixture_key {
|
||||||
local email=$(test_user_email "$1")
|
local email
|
||||||
|
|
||||||
|
email=$(test_user_email "$1")
|
||||||
$GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
|
$GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function uninstall_fixture_full_key {
|
function uninstall_fixture_full_key {
|
||||||
local email=$(test_user_email "$1")
|
local email
|
||||||
|
email=$(test_user_email "$1")
|
||||||
|
|
||||||
local fingerprint="$2"
|
local fingerprint="$2"
|
||||||
if [[ -z "$fingerprint" ]]; then
|
if [[ -z "$fingerprint" ]]; then
|
||||||
# see issue_12, fingerprint on `gpg2` has different format:
|
# see issue_12, fingerprint on `gpg2` has different format:
|
||||||
fingerprint=$(_get_gpg_fingerprint_by_email "$email")
|
fingerprint=$(get_gpg_fingerprint_by_email "$email")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1
|
$GPGTEST --batch --yes \
|
||||||
|
--delete-secret-keys "$fingerprint" > /dev/null 2>&1
|
||||||
|
|
||||||
uninstall_fixture_key "$1"
|
uninstall_fixture_key "$1"
|
||||||
}
|
}
|
||||||
@ -112,8 +126,12 @@ function git_set_config_email {
|
|||||||
function git_commit {
|
function git_commit {
|
||||||
git_set_config_email "$1"
|
git_set_config_email "$1"
|
||||||
|
|
||||||
local user_name=$(git config user.name)
|
local user_name
|
||||||
local commit_gpgsign=$(git config commit.gpgsign)
|
local commit_gpgsign
|
||||||
|
|
||||||
|
user_name=$(git config user.name)
|
||||||
|
|
||||||
|
commit_gpgsign=$(git config commit.gpgsign)
|
||||||
|
|
||||||
git config --local user.name "$TEST_DEFAULT_USER"
|
git config --local user.name "$TEST_DEFAULT_USER"
|
||||||
git config --local commit.gpgsign false
|
git config --local commit.gpgsign false
|
||||||
@ -133,6 +151,11 @@ function remove_git_repository {
|
|||||||
|
|
||||||
# Git Secret:
|
# Git Secret:
|
||||||
|
|
||||||
|
function set_state_initial {
|
||||||
|
cd "$BATS_TMPDIR" || exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function set_state_git {
|
function set_state_git {
|
||||||
git init > /dev/null 2>&1
|
git init > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
@ -144,7 +167,9 @@ function set_state_secret_init {
|
|||||||
|
|
||||||
|
|
||||||
function set_state_secret_tell {
|
function set_state_secret_tell {
|
||||||
local email=$(test_user_email $1)
|
local email
|
||||||
|
|
||||||
|
email=$(test_user_email "$1")
|
||||||
git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1
|
git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -166,7 +191,7 @@ function set_state_secret_hide {
|
|||||||
|
|
||||||
function unset_current_state {
|
function unset_current_state {
|
||||||
# states order:
|
# states order:
|
||||||
# git, secret_init, secret_tell, secret_add, secret_hide
|
# initial, git, secret_init, secret_tell, secret_add, secret_hide
|
||||||
|
|
||||||
# unsets `secret_hide`
|
# unsets `secret_hide`
|
||||||
# removes .secret files:
|
# removes .secret files:
|
||||||
@ -181,4 +206,7 @@ function unset_current_state {
|
|||||||
|
|
||||||
# removes gpg homedir:
|
# removes gpg homedir:
|
||||||
rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
|
rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
|
||||||
|
|
||||||
|
# return to the base dir:
|
||||||
|
cd "$SECRET_PROJECT_ROOT" || exit 1
|
||||||
}
|
}
|
||||||
|
@ -5,6 +5,8 @@ load _test_base
|
|||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -23,13 +25,13 @@ function teardown {
|
|||||||
echo "content" > "$TEST_FILE"
|
echo "content" > "$TEST_FILE"
|
||||||
|
|
||||||
run git secret add "$TEST_FILE"
|
run git secret add "$TEST_FILE"
|
||||||
rm -f "$TEST_FILE"
|
|
||||||
|
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
|
|
||||||
|
rm -f "$TEST_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'add' for unignored file with '-i' option" {
|
@test "run 'add' for unignored file with '-i'" {
|
||||||
local TEST_FILE='test_file.auto_ignore'
|
local TEST_FILE='test_file.auto_ignore'
|
||||||
touch "$TEST_FILE"
|
touch "$TEST_FILE"
|
||||||
echo "content" > "$TEST_FILE"
|
echo "content" > "$TEST_FILE"
|
||||||
@ -50,15 +52,32 @@ function teardown {
|
|||||||
echo "$filename" > ".gitignore"
|
echo "$filename" > ".gitignore"
|
||||||
|
|
||||||
run git secret add "$filename"
|
run git secret add "$filename"
|
||||||
rm -f "$filename" ".gitignore"
|
|
||||||
|
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
rm -f "$filename" ".gitignore"
|
||||||
|
|
||||||
local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING")
|
local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING")
|
||||||
[ "$files_list" = "$filename" ]
|
[ "$files_list" = "$filename" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'add' for file in subdirectory" {
|
||||||
|
local TEST_FILE='test_file'
|
||||||
|
local TEST_DIR='test_dir'
|
||||||
|
|
||||||
|
mkdir -p "$TEST_DIR"
|
||||||
|
touch "$TEST_DIR/$TEST_FILE"
|
||||||
|
echo "content" > "$TEST_DIR/$TEST_FILE"
|
||||||
|
echo "$TEST_DIR/$TEST_FILE" > ".gitignore"
|
||||||
|
|
||||||
|
run git secret add "$TEST_DIR/$TEST_FILE"
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
[[ "$output" == *"1 items added."* ]]
|
||||||
|
|
||||||
|
rm -rf "$TEST_DIR"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'add' twice for one file" {
|
@test "run 'add' twice for one file" {
|
||||||
local filename="local_file"
|
local filename="local_file"
|
||||||
echo "content" > "$filename"
|
echo "content" > "$filename"
|
||||||
@ -66,11 +85,11 @@ function teardown {
|
|||||||
|
|
||||||
run git secret add "$filename"
|
run git secret add "$filename"
|
||||||
run git secret add "$filename"
|
run git secret add "$filename"
|
||||||
rm -f "$filename" ".gitignore"
|
|
||||||
|
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
[ "$output" = "1 items added." ]
|
[ "$output" = "1 items added." ]
|
||||||
|
|
||||||
|
rm -f "$filename" ".gitignore"
|
||||||
|
|
||||||
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
|
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
|
||||||
[ "$files_list" = "$filename" ]
|
[ "$files_list" = "$filename" ]
|
||||||
}
|
}
|
||||||
@ -86,8 +105,8 @@ function teardown {
|
|||||||
echo "$filename2" >> ".gitignore"
|
echo "$filename2" >> ".gitignore"
|
||||||
|
|
||||||
run git secret add "$filename1" "$filename2"
|
run git secret add "$filename1" "$filename2"
|
||||||
rm -f "$filename1" "$filename2" ".gitignore"
|
|
||||||
|
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
[ "$output" = "2 items added." ]
|
[ "$output" = "2 items added." ]
|
||||||
|
|
||||||
|
rm -f "$filename1" "$filename2" ".gitignore"
|
||||||
}
|
}
|
||||||
|
@ -12,6 +12,7 @@ FINGERPRINT=""
|
|||||||
function setup {
|
function setup {
|
||||||
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -66,3 +67,23 @@ function teardown {
|
|||||||
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
|
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
|
||||||
[[ "$output" == *"$second_file_to_hide"* ]]
|
[[ "$output" == *"$second_file_to_hide"* ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "run 'changes' with multiple selected files changed" {
|
||||||
|
local password=$(test_user_password "$TEST_DEFAULT_USER")
|
||||||
|
local new_content="new content"
|
||||||
|
local second_new_content="something different"
|
||||||
|
echo "$new_content" >> "$FILE_TO_HIDE"
|
||||||
|
echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE"
|
||||||
|
|
||||||
|
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \
|
||||||
|
"$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE"
|
||||||
|
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Testing that output has both filename and changes:
|
||||||
|
[[ "$output" == *"changes in $FILE_TO_HIDE"* ]]
|
||||||
|
[[ "$output" == *"$new_content"* ]]
|
||||||
|
|
||||||
|
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
|
||||||
|
[[ "$output" == *"$second_file_to_hide"* ]]
|
||||||
|
}
|
||||||
|
@ -1,3 +1,67 @@
|
|||||||
#!/usr/bin/env bats
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
# TODO: create tests for this command.
|
load _test_base
|
||||||
|
|
||||||
|
FIRST_FILE="file_to_hide1"
|
||||||
|
SECOND_FILE="file_to_hide2"
|
||||||
|
|
||||||
|
FOLDER="somedir"
|
||||||
|
FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
|
||||||
|
|
||||||
|
|
||||||
|
function setup {
|
||||||
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
|
set_state_git
|
||||||
|
set_state_secret_init
|
||||||
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
|
set_state_secret_add "$FIRST_FILE" "somecontent"
|
||||||
|
set_state_secret_add "$SECOND_FILE" "somecontent2"
|
||||||
|
set_state_secret_hide
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function teardown {
|
||||||
|
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
unset_current_state
|
||||||
|
|
||||||
|
# This also needs to be cleaned:
|
||||||
|
rm -f "$FIRST_FILE" "$SECOND_FILE"
|
||||||
|
rm -rf "$FOLDER"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function _secret_files_exists {
|
||||||
|
local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \
|
||||||
|
-print0 2>/dev/null | grep -q .; echo "$?")
|
||||||
|
echo "$result"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'clean' normally" {
|
||||||
|
run git secret clean
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# There must be no .secret files:
|
||||||
|
local exists=$(_secret_files_exists)
|
||||||
|
[ "$exists" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'clean' with '-v'" {
|
||||||
|
run git secret clean -v
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# There must be no .secret files:
|
||||||
|
local exists=$(_secret_files_exists)
|
||||||
|
[ "$exists" -ne 0 ]
|
||||||
|
|
||||||
|
local first_filename=$(_get_encrypted_filename "$FIRST_FILE")
|
||||||
|
local second_filename=$(_get_encrypted_filename "$SECOND_FILE")
|
||||||
|
|
||||||
|
# Output must be verbose:
|
||||||
|
[[ "$output" == *"cleaning"* ]]
|
||||||
|
[[ "$output" == *"$first_filename"* ]]
|
||||||
|
[[ "$output" == *"$second_filename"* ]]
|
||||||
|
}
|
||||||
|
@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
|
|||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -26,22 +27,72 @@ function teardown {
|
|||||||
|
|
||||||
@test "run 'hide' normally" {
|
@test "run 'hide' normally" {
|
||||||
run git secret hide
|
run git secret hide
|
||||||
|
|
||||||
|
# Command must execute normally:
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
[ "$output" = "done. all 1 files are hidden." ]
|
[ "$output" = "done. all 1 files are hidden." ]
|
||||||
|
|
||||||
|
# New files should be crated:
|
||||||
|
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
|
||||||
|
[ -f "$encrypted_file" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'hide' with params" {
|
@test "run 'hide' with multiple files" {
|
||||||
|
# Preparations:
|
||||||
|
local second_file="second_file.txt"
|
||||||
|
local second_content="some content"
|
||||||
|
set_state_secret_add "$second_file" "$second_content"
|
||||||
|
|
||||||
|
# Now it should hide 2 files:
|
||||||
|
run git secret hide
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
[ "$output" = "done. all 2 files are hidden." ]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'hide' with '-c' and '-v'" {
|
||||||
|
# Preparations:
|
||||||
|
local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE")
|
||||||
|
set_state_secret_hide # so it would be data to clean
|
||||||
|
|
||||||
run git secret hide -v -c
|
run git secret hide -v -c
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# File should be still there (it is not deletion):
|
||||||
|
[ -f "$FILE_TO_HIDE" ]
|
||||||
|
|
||||||
|
# Output should be verbose:
|
||||||
|
[[ "$output" == *"cleaning"* ]]
|
||||||
|
[[ "$output" == *"$encrypted_filename"* ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'hide' for multiple users" {
|
@test "run 'hide' with '-d'" {
|
||||||
local new_user="user2"
|
run git secret hide -d
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
install_fixture_key "$new_user"
|
# File must be removed:
|
||||||
set_state_secret_tell "$new_user"
|
[ ! -f "$FILE_TO_HIDE" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'hide' with '-d' and '-v'" {
|
||||||
|
run git secret hide -v -d
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# File must be removed:
|
||||||
|
[ ! -f "$FILE_TO_HIDE" ]
|
||||||
|
|
||||||
|
# It should be verbose:
|
||||||
|
[[ "$output" == *"removing unencrypted files"* ]]
|
||||||
|
[[ "$output" == *"$FILE_TO_HIDE"* ]]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'hide' with multiple users" {
|
||||||
|
install_fixture_key "$TEST_SECOND_USER"
|
||||||
|
set_state_secret_tell "$TEST_SECOND_USER"
|
||||||
|
|
||||||
run git secret hide
|
run git secret hide
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
@ -4,6 +4,7 @@ load _test_base
|
|||||||
|
|
||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -13,12 +14,11 @@ function teardown {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'init' without .git" {
|
@test "run 'init' without '.git'" {
|
||||||
remove_git_repository
|
remove_git_repository
|
||||||
|
|
||||||
run git secret init
|
run git secret init
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
[ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,6 +5,8 @@ load _test_base
|
|||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -26,4 +28,22 @@ function teardown {
|
|||||||
@test "run 'killperson' normally" {
|
@test "run 'killperson' normally" {
|
||||||
run git secret killperson "$TEST_DEFAULT_USER"
|
run git secret killperson "$TEST_DEFAULT_USER"
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Then whoknows must return an error with status code 1:
|
||||||
|
run git secret whoknows
|
||||||
|
[ "$status" -eq 1 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'killperson' with multiple arguments" {
|
||||||
|
# Adding second user:
|
||||||
|
install_fixture_key "$TEST_SECOND_USER"
|
||||||
|
set_state_secret_tell "$TEST_SECOND_USER"
|
||||||
|
|
||||||
|
run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Nothing to show:
|
||||||
|
run git secret whoknows
|
||||||
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
|
|||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -31,9 +32,27 @@ function teardown {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'list' with multiple files" {
|
||||||
|
# Preparations:
|
||||||
|
local second_file="second_file.txt"
|
||||||
|
set_state_secret_add "$second_file" "$FILE_CONTENTS"
|
||||||
|
|
||||||
|
run git secret list
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Now it should list two files:
|
||||||
|
[[ "$output" == *"$FILE_TO_HIDE"* ]]
|
||||||
|
[[ "$output" == *"$second_file"* ]]
|
||||||
|
|
||||||
|
# Cleaning up:
|
||||||
|
rm -f "$second_file"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'list' on empty repo" {
|
@test "run 'list' on empty repo" {
|
||||||
git secret remove "$FILE_TO_HIDE"
|
git secret remove "$FILE_TO_HIDE"
|
||||||
|
|
||||||
|
# Running `list` on empty mapping should result an error:
|
||||||
run git secret list
|
run git secret list
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
@ -4,6 +4,7 @@ load _test_base
|
|||||||
|
|
||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -29,3 +30,17 @@ function teardown {
|
|||||||
run git secret --version
|
run git secret --version
|
||||||
[ "$output" == "$GITSECRET_VERSION" ]
|
[ "$output" == "$GITSECRET_VERSION" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'git secret --dry-run'" {
|
||||||
|
# We will break things apart, so normally it won't run:
|
||||||
|
rm -rf ".git"
|
||||||
|
|
||||||
|
# This must fail:
|
||||||
|
run git secret usage
|
||||||
|
[ "$status" -eq 1 ]
|
||||||
|
|
||||||
|
# Dry run won't fail:
|
||||||
|
run git secret --dry-run
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
}
|
||||||
|
@ -5,42 +5,71 @@ load _test_base
|
|||||||
FIRST_FILE="file_to_hide1"
|
FIRST_FILE="file_to_hide1"
|
||||||
SECOND_FILE="file_to_hide2"
|
SECOND_FILE="file_to_hide2"
|
||||||
|
|
||||||
# There was a bug with `sed` an slashes:
|
|
||||||
# see https://github.com/sobolevn/git-secret/issues/23
|
|
||||||
FOLDER="somedir"
|
FOLDER="somedir"
|
||||||
FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
|
FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
|
||||||
|
|
||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
install_fixture_full_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
set_state_secret_add "$FIRST_FILE" "somecontent"
|
set_state_secret_add "$FIRST_FILE" "somecontent"
|
||||||
set_state_secret_add "$SECOND_FILE" "somecontent2"
|
set_state_secret_add "$SECOND_FILE" "somecontent2"
|
||||||
|
set_state_secret_hide
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function teardown {
|
function teardown {
|
||||||
uninstall_fixture_full_key "$TEST_DEFAULT_USER"
|
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||||
unset_current_state
|
unset_current_state
|
||||||
rm -f "$FIRST_FILE" "$SECOND_FILE"
|
|
||||||
|
|
||||||
# This needs to be cleaned
|
# This also needs to be cleaned:
|
||||||
|
rm -f "$FIRST_FILE" "$SECOND_FILE"
|
||||||
rm -rf "$FOLDER"
|
rm -rf "$FOLDER"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'remove' normally" {
|
function _has_line {
|
||||||
git secret hide
|
local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
|
||||||
|
echo "$result"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'remove' normally" {
|
||||||
run git secret remove "$SECOND_FILE"
|
run git secret remove "$SECOND_FILE"
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
|
# Mapping should not contain the second file:
|
||||||
|
local mapping_contains=$(_has_line "$SECOND_FILE")
|
||||||
[ "$mapping_contains" -eq 1 ]
|
[ "$mapping_contains" -eq 1 ]
|
||||||
|
|
||||||
|
# But the first file must not change:
|
||||||
|
local other_files=$(_has_line "$FIRST_FILE")
|
||||||
|
[ "$other_files" -eq 0 ]
|
||||||
|
|
||||||
|
# Both files should be present:
|
||||||
|
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
|
||||||
|
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
|
||||||
|
|
||||||
|
[ -f "$first_enctypted_file" ]
|
||||||
|
[ -f "$second_enctypted_file" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'remove' with multiple arguments" {
|
||||||
|
run git secret remove "$FIRST_FILE" "$SECOND_FILE"
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
local first_line=$(_has_line "$FIRST_FILE")
|
||||||
|
[ "$first_line" -eq 1 ]
|
||||||
|
|
||||||
|
local second_line=$(_has_line "$SECOND_FILE")
|
||||||
|
[ "$second_line" -eq 1 ]
|
||||||
|
|
||||||
|
# Both files should be present:
|
||||||
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
|
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
|
||||||
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
|
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
|
||||||
|
|
||||||
@ -50,14 +79,19 @@ function teardown {
|
|||||||
|
|
||||||
|
|
||||||
@test "run 'remove' with slashes in filename" {
|
@test "run 'remove' with slashes in filename" {
|
||||||
|
# There was a bug with `sed` an slashes:
|
||||||
|
# see https://github.com/sobolevn/git-secret/issues/23
|
||||||
|
|
||||||
|
# Prepartions:
|
||||||
mkdir -p "$FOLDER"
|
mkdir -p "$FOLDER"
|
||||||
set_state_secret_add "$FILE_IN_FOLDER" "somecontent3"
|
set_state_secret_add "$FILE_IN_FOLDER" "somecontent3"
|
||||||
git secret hide
|
set_state_secret_hide # runing hide again to hide new data
|
||||||
|
|
||||||
|
# Now it should remove filename with slashes from the mapping:
|
||||||
run git secret remove "$FILE_IN_FOLDER"
|
run git secret remove "$FILE_IN_FOLDER"
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
local mapping_contains=$(grep "$FILE_IN_FOLDER" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
|
local mapping_contains=$(_has_line "$FILE_IN_FOLDER")
|
||||||
[ "$mapping_contains" -eq 1 ]
|
[ "$mapping_contains" -eq 1 ]
|
||||||
|
|
||||||
local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER)
|
local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER)
|
||||||
@ -65,14 +99,14 @@ function teardown {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'remove -c'" {
|
@test "run 'remove' with '-c'" {
|
||||||
git secret hide
|
git secret hide
|
||||||
|
|
||||||
run git secret remove -c "$SECOND_FILE"
|
run git secret remove -c "$SECOND_FILE"
|
||||||
echo "$output"
|
echo "$output"
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
|
local mapping_contains=$(_has_line "$SECOND_FILE")
|
||||||
[ "$mapping_contains" -eq 1 ]
|
[ "$mapping_contains" -eq 1 ]
|
||||||
|
|
||||||
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
|
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
|
||||||
|
@ -11,6 +11,7 @@ FINGERPRINT=""
|
|||||||
function setup {
|
function setup {
|
||||||
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
@ -22,6 +23,7 @@ function setup {
|
|||||||
function teardown {
|
function teardown {
|
||||||
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
|
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
|
||||||
unset_current_state
|
unset_current_state
|
||||||
|
|
||||||
rm -f "$FILE_TO_HIDE"
|
rm -f "$FILE_TO_HIDE"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -63,32 +65,58 @@ function teardown {
|
|||||||
|
|
||||||
|
|
||||||
@test "run 'reveal' for attacker" {
|
@test "run 'reveal' for attacker" {
|
||||||
|
# Preparations
|
||||||
rm -f "$FILE_TO_HIDE"
|
rm -f "$FILE_TO_HIDE"
|
||||||
|
|
||||||
local attacker="attacker1"
|
local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER")
|
||||||
local atacker_fingerprint=$(install_fixture_full_key "$attacker")
|
local password=$(test_user_password "$TEST_ATTACKER_USER")
|
||||||
|
|
||||||
local password=$(test_user_password "$attacker")
|
|
||||||
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
||||||
|
|
||||||
|
# This should fail, nothing should be created:
|
||||||
[ "$status" -eq 2 ]
|
[ "$status" -eq 2 ]
|
||||||
[ ! -f "$FILE_TO_HIDE" ]
|
[ ! -f "$FILE_TO_HIDE" ]
|
||||||
|
|
||||||
uninstall_fixture_full_key "$attacker" "$atacker_fingerprint"
|
# Cleaning up:
|
||||||
|
uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'reveal' for multiple users" {
|
@test "run 'reveal' for multiple users (with key deletion)" {
|
||||||
local new_user="user2"
|
# Preparations:
|
||||||
install_fixture_full_key "$new_user"
|
local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
|
||||||
set_state_secret_tell "$new_user"
|
local password=$(test_user_password "$TEST_SECOND_USER")
|
||||||
|
set_state_secret_tell "$TEST_SECOND_USER"
|
||||||
set_state_secret_hide
|
set_state_secret_hide
|
||||||
|
|
||||||
|
# We are removing a secret key of the first user to be sure
|
||||||
|
# that it is not used in decryption:
|
||||||
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
|
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
|
||||||
|
|
||||||
local password=$(test_user_password "$new_user")
|
# Testing:
|
||||||
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
||||||
|
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
[ -f "$FILE_TO_HIDE" ]
|
[ -f "$FILE_TO_HIDE" ]
|
||||||
|
|
||||||
|
# Cleaning up:
|
||||||
|
uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'reveal' for multiple users (normally)" {
|
||||||
|
# Preparations:
|
||||||
|
local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
|
||||||
|
local password=$(test_user_password "$TEST_SECOND_USER")
|
||||||
|
set_state_secret_tell "$TEST_SECOND_USER"
|
||||||
|
set_state_secret_hide
|
||||||
|
|
||||||
|
# Testing:
|
||||||
|
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
|
||||||
|
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
[ -f "$FILE_TO_HIDE" ]
|
||||||
|
|
||||||
|
# Cleaning up:
|
||||||
|
uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
|
||||||
}
|
}
|
||||||
|
@ -12,6 +12,7 @@ OLD_SECRETS_EXTENSION=""
|
|||||||
function setup {
|
function setup {
|
||||||
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
|
@ -5,6 +5,8 @@ load _test_base
|
|||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
}
|
}
|
||||||
@ -16,12 +18,23 @@ function teardown {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function git_secret_tell_test {
|
@test "fail on no users" {
|
||||||
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
run _user_required
|
||||||
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "fail on no users" {
|
@test "constantly fail on no users" {
|
||||||
|
# We had a serious bug with _user_required,
|
||||||
|
# see this link for the details:
|
||||||
|
# https://github.com/sobolevn/git-secret/issues/74
|
||||||
|
|
||||||
|
# Preparations:
|
||||||
|
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
||||||
|
git secret killperson "$TEST_DEFAULT_USER"
|
||||||
|
|
||||||
|
# It was showing something like `tru::1:1289775241:0:2:1:6`
|
||||||
|
# after the preparations done and the error was not generated.
|
||||||
run _user_required
|
run _user_required
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
@ -32,7 +45,7 @@ function git_secret_tell_test {
|
|||||||
echo "private key" > "$private_key"
|
echo "private key" > "$private_key"
|
||||||
[ -s "$private_key" ]
|
[ -s "$private_key" ]
|
||||||
|
|
||||||
run git_secret_tell_test
|
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -40,7 +53,7 @@ function git_secret_tell_test {
|
|||||||
@test "run 'tell' without '.gitsecret'" {
|
@test "run 'tell' without '.gitsecret'" {
|
||||||
rm -rf "$SECRETS_DIR"
|
rm -rf "$SECRETS_DIR"
|
||||||
|
|
||||||
run git_secret_tell_test
|
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -52,15 +65,20 @@ function git_secret_tell_test {
|
|||||||
|
|
||||||
|
|
||||||
@test "run 'tell' normally" {
|
@test "run 'tell' normally" {
|
||||||
run git_secret_tell_test
|
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Testing that now user is found:
|
||||||
run _user_required
|
run _user_required
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Testing that now user is in the list of people who knows the secret:
|
||||||
|
run git secret whoknows
|
||||||
|
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'tell -m'" {
|
@test "run 'tell' with '-m'" {
|
||||||
email=$(test_user_email $TEST_DEFAULT_USER)
|
email=$(test_user_email $TEST_DEFAULT_USER)
|
||||||
|
|
||||||
git_set_config_email "$email"
|
git_set_config_email "$email"
|
||||||
@ -69,8 +87,32 @@ function git_secret_tell_test {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'tell -m' with empty email" {
|
@test "run 'tell' with '-m' (empty email)" {
|
||||||
git_set_config_email ""
|
# Prepartions:
|
||||||
|
git_set_config_email "" # now it should not allow to add yourself
|
||||||
|
|
||||||
run git secret tell -d "$TEST_GPG_HOMEDIR" -m
|
run git secret tell -d "$TEST_GPG_HOMEDIR" -m
|
||||||
[ "$status" -eq 1 ]
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'tell' with multiple emails" {
|
||||||
|
# Preparations:
|
||||||
|
install_fixture_key "$TEST_SECOND_USER"
|
||||||
|
|
||||||
|
# Testing the command iteself:
|
||||||
|
run git secret tell -d "$TEST_GPG_HOMEDIR" \
|
||||||
|
"$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
|
||||||
|
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Testing that these users are presented in the
|
||||||
|
# list of people who knows secret:
|
||||||
|
run git secret whoknows
|
||||||
|
|
||||||
|
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
|
||||||
|
[[ "$output" == *"$TEST_SECOND_USER"* ]]
|
||||||
|
|
||||||
|
# Cleaning up:
|
||||||
|
uninstall_fixture_key "$TEST_SECOND_USER"
|
||||||
|
}
|
||||||
|
@ -4,6 +4,7 @@ load _test_base
|
|||||||
|
|
||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5,24 +5,40 @@ load _test_base
|
|||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
install_fixture_key "$TEST_DEFAULT_USER"
|
install_fixture_key "$TEST_DEFAULT_USER"
|
||||||
install_fixture_key "user2"
|
install_fixture_key "$TEST_SECOND_USER"
|
||||||
|
|
||||||
|
set_state_initial
|
||||||
set_state_git
|
set_state_git
|
||||||
set_state_secret_init
|
set_state_secret_init
|
||||||
set_state_secret_tell "$TEST_DEFAULT_USER"
|
set_state_secret_tell "$TEST_DEFAULT_USER"
|
||||||
set_state_secret_tell "user2"
|
set_state_secret_tell "$TEST_SECOND_USER"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function teardown {
|
function teardown {
|
||||||
uninstall_fixture_key $TEST_DEFAULT_USER
|
uninstall_fixture_key "$TEST_DEFAULT_USER"
|
||||||
|
uninstall_fixture_key "$TEST_SECOND_USER"
|
||||||
unset_current_state
|
unset_current_state
|
||||||
|
|
||||||
rm -f "$FILE_TO_HIDE"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@test "run 'whoknows' normally" {
|
@test "run 'whoknows' normally" {
|
||||||
run git secret whoknows
|
run git secret whoknows
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
|
|
||||||
|
# Now test the output, both users should be present:
|
||||||
|
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
|
||||||
|
[[ "$output" == *"$TEST_SECOND_USER"* ]]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@test "run 'whoknows' without any users" {
|
||||||
|
# Preparations, removing users:
|
||||||
|
local email1=$(test_user_email "$TEST_DEFAULT_USER")
|
||||||
|
local email2=$(test_user_email "$TEST_SECOND_USER")
|
||||||
|
git secret killperson "$email1" "$email2"
|
||||||
|
|
||||||
|
# Now whoknows should raise an error: there are no users.
|
||||||
|
run git secret whoknows
|
||||||
|
[ "$status" -eq 1 ]
|
||||||
}
|
}
|
||||||
|
@ -16,6 +16,9 @@ RPM_FILE_LOCATION=$(locate_rpm)
|
|||||||
|
|
||||||
# Integration tests
|
# Integration tests
|
||||||
function integration_tests {
|
function integration_tests {
|
||||||
|
# Note that `dnf` must be installed.
|
||||||
|
# CentOS 6 does not support `dnf`.
|
||||||
|
|
||||||
# Installing the package:
|
# Installing the package:
|
||||||
dnf install -y "$RPM_FILE_LOCATION"
|
dnf install -y "$RPM_FILE_LOCATION"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user