This commit is contained in:
sobolevn 2017-02-26 18:50:57 +03:00
commit d6f01b8ee6
No known key found for this signature in database
GPG Key ID: FF672D568AE3C73E
66 changed files with 772 additions and 307 deletions

View File

@ -15,7 +15,7 @@ if [[ ! -z "$DOCKER_DIST" ]]; then
fi fi
# Local builds: # Local builds:
if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "brew" ]]; then if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "none" ]]; then
# Only running `make test` on standard (non-docker) build, # Only running `make test` on standard (non-docker) build,
# since it is called inside the docker container anyway. # since it is called inside the docker container anyway.
make test make test
@ -24,7 +24,5 @@ fi
if [[ ! -z "$(command -v shellcheck)" ]]; then if [[ ! -z "$(command -v shellcheck)" ]]; then
# This means, that `shellcheck` does exist, so run it: # This means, that `shellcheck` does exist, so run it:
echo 'running lint' echo 'running lint'
find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} make lint
# TODO: add tests to lint
# see: https://github.com/koalaman/shellcheck/issues/709
fi fi

View File

@ -7,12 +7,12 @@ MAINTAINER Nikita Sobolev (mail@sobolevn.me)
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y man make git apt-transport-https && \ apt-get install -y man make git apt-transport-https && \
apt-get install -y ruby ruby-dev ruby-build && \ apt-get install -y ruby ruby-dev ruby-build && \
apt-get autoremove && apt-get autoclean apt-get autoremove && apt-get autoclean && \
mkdir /code
# This will increase the container size, but speed up the build, # This will increase the container size, but speed up the build,
# since this part will change, while the dependencies won't: # since this part will change, while the dependencies won't:
RUN mkdir /code
WORKDIR /code WORKDIR /code
# Removing `origin` for good: # Removing `origin` for good:

View File

@ -0,0 +1,26 @@
FROM centos:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
ENV HOME /root
RUN yum update -y && \
yum install -y epel-release && \
yum install -y dnf && \
dnf update -y && \
rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \
dnf install -y gnupg man make gcc git tar > /dev/null && \
dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \
dnf -y group install 'Development tools' && \
dnf install -y ruby ruby-devel rubygems && \
dnf -y autoremove && \
mkdir /code
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

View File

@ -18,7 +18,6 @@ Any logs, error output, etc?
---------------------------- ----------------------------
(If its long, please paste to https://ghostbin.com/ and insert the link here.) (If its long, please paste to https://ghostbin.com/ and insert the link here.)
Any other comments? Any other comments?
------------------- -------------------

View File

@ -15,7 +15,6 @@ Does this close any currently open issues?
------------------------------------------ ------------------------------------------
Any relevant logs, error output, etc? Any relevant logs, error output, etc?
------------------------------------- -------------------------------------
(If its long, please paste to https://ghostbin.com/ and insert the link here.) (If its long, please paste to https://ghostbin.com/ and insert the link here.)
@ -23,11 +22,3 @@ Any relevant logs, error output, etc?
Any other comments? Any other comments?
------------------- -------------------
Where has this been tested?
---------------------------
**Operating system:** …
**`git-secret` version:** …
**Shell type and version:** …

1
.gitignore vendored
View File

@ -133,4 +133,3 @@ temp/
build/ build/
*.deb *.deb
*.fpm *.fpm
test.txt

View File

@ -39,10 +39,6 @@ matrix:
- debian-sid - debian-sid
packages: packages:
- shellcheck - shellcheck
- os: osx
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"
sudo: false
language: generic
- os: osx - os: osx
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
sudo: false sudo: false

View File

@ -1,5 +1,24 @@
# Changelog # Changelog
## Version 0.2.2
- Change how the `usage` command works (#48)
- Now `git-secret` works from any place inside `git-tree` (#56)
- Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62)
- Added new command `changes` to see the diff between the secret files (#64)
- Fixed bug when `_user_required` was not working after reimporting keys (#74)
- Now it is possible to provide multiple emails to the `killperson` command (#73)
- Now it is possible to provide multiple emails to the `tell` command (#72)
- Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71)
- Now installation section is removed from main `man` file (#70)
- Now "See also" section in the `man`s are clickable (#69)
- Added "Manual" section to the manuals (#61)
- Added `centos` container for `ci` testing (#38)
- Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52)
- Refactored `hide` and `clean` commands to be shorter
- `shellcheck` is now supported with `make lint`
## Version 0.2.1 ## Version 0.2.1
- Now everything is tested inside the `docker`-containers and `OSX` images on `travis`. - Now everything is tested inside the `docker`-containers and `OSX` images on `travis`.

View File

@ -28,10 +28,10 @@ Only required if dealing with manuals, `gh-pages` or releases:
1. Firstly, you will need to setup development hooks with `make install-hooks` 1. Firstly, you will need to setup development hooks with `make install-hooks`
2. Make changes to the files that need to be changed 2. Make changes to the files that need to be changed
3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command
4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` 4. Run [`shellcheck`][shellcheck] against all your changes with `make lint`
5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work 5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work
6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail 6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail
7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request 7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways
### Branches ### Branches
@ -88,6 +88,6 @@ Releases to `brew` are made manually.
[tracker]: https://github.com/sobolevn/git-secret/issues [tracker]: https://github.com/sobolevn/git-secret/issues
[help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
[shellcheck]: https://github.com/koalaman/shellcheck [shellcheck]: https://github.com/koalaman/shellcheck
[git-secret-site]: https://sobolevn.github.io/git-secret/ [git-secret-site]: http://git-secret.io
[bintray]: https://bintray.com/sobolevn [bintray]: https://bintray.com/sobolevn
[Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/ [Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/

View File

@ -53,9 +53,13 @@ test: install-test clean build
install-ronn: install-ronn:
@if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi
.PHONY: clean-man
clean-man:
@find "man/" -type f ! -name "*.ronn" -delete
.PHONY: build-man .PHONY: build-man
build-man: install-ronn build-man: install-ronn clean-man
@ronn --roff man/*/*.ronn @ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn
.PHONY: build-gh-pages .PHONY: build-gh-pages
build-gh-pages: build-gh-pages:
@ -76,6 +80,10 @@ install-hooks:
.PHONY: develop .PHONY: develop
develop: clean build install-hooks develop: clean build install-hooks
.PHONY: lint
lint:
@find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
# #
# Packaging: # Packaging:
# #

View File

@ -2,11 +2,11 @@
[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/)
[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) [![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)
## What is `git-secret`? ## What is `git-secret`?
`git-secret` is a bash tool to store your private data inside a git repo. Hows that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he wont be able to decrypt secrets anymore. `git-secret` is a bash tool to store your private data inside a git repo. Hows that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they wont be able to decrypt secrets anymore.
## Preview ## Preview
@ -14,11 +14,11 @@
## Usage ## Usage
See the [git-secret site](https://sobolevn.github.io/git-secret/). See the [git-secret site](http://git-secret.io/).
## Installation ## Installation
See the [installation section](https://sobolevn.github.io/git-secret/#installation). See the [installation section](http://git-secret.io/#installation).
## Contributing ## Contributing
@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details.
## Thanks ## Thanks
Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for the awesome logo. Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.

View File

@ -2,11 +2,7 @@
# Copyright 2016 Sobolev Nikita <mail@sobolevn.me> # Copyright 2016 Sobolev Nikita <mail@sobolevn.me>
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the MIT License
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, # distributed under the License is distributed on an "AS IS" BASIS,

Binary file not shown.

View File

@ -20,6 +20,11 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-add` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -3,11 +3,11 @@ git-secret-changes - view diff of the hidden files.
## SYNOPSIS ## SYNOPSIS
git secret changes [-h] [-d dir] [-p password] <pathspec>... git secret changes [-h] [-d dir] [-p password] [pathspec]...
## DESCRIPTION ## DESCRIPTION
`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. `git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown.
## OPTIONS ## OPTIONS
@ -17,6 +17,11 @@ git-secret-changes - view diff of the hidden files.
-h - shows help. -h - shows help.
## MANUAL
Run `man git-secret-changes` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-add(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -16,6 +16,11 @@ git-secret-clean - removes all the hidden files.
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-clean` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

Binary file not shown.

View File

@ -16,9 +16,15 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX
-v - verbose, shows extra information. -v - verbose, shows extra information.
-c - deletes encrypted files before creating new ones. -c - deletes encrypted files before creating new ones.
-d - deletes unencrypted files after encryption.
-h - shows help. -h - shows help.
## MANUAL
Run `man git-secret-hide` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1) [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -15,6 +15,11 @@ git-secret-init - initializes git-secret repository.
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-init` to see this note.
## SEE ALSO ## SEE ALSO
git-init(1), git-secret-tell(1) [git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell)

Binary file not shown.

View File

@ -3,11 +3,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
## SYNOPSIS ## SYNOPSIS
git secret killperson [email] git secret killperson <emails>...
## DESCRIPTION ## DESCRIPTION
`git-secret-killperson` makes it impossible for given user to decrypt the hidden file in the future. It is required to run `git-secret-hide` once again with the updated keyring. This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption.
## OPTIONS ## OPTIONS
@ -15,6 +15,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-killperson` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean)

Binary file not shown.

View File

@ -15,6 +15,11 @@ git-secret-list - prints all the added files.
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-list` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -3,7 +3,7 @@ git-secret-remove - removes files from index.
## SYNOPSIS ## SYNOPSIS
git secret remove [-c] <pathspec..> git secret remove [-c] <pathspec>...
## DESCRIPTION ## DESCRIPTION
@ -16,6 +16,11 @@ git-secret-remove - removes files from index.
-h - shows help. -h - shows help.
## MANUAL
Run `man git-secret-remove` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-add(1), git-secret-reveal(1), git-secret-hide(1) [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

Binary file not shown.

View File

@ -18,6 +18,11 @@ git-secret-reveal - decrypts all added files.
-h - shows help. -h - shows help.
## MANUAL
Run `man git-secret-reveal` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1) [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide)

Binary file not shown.

View File

@ -3,11 +3,11 @@ git-secret-tell - adds a person, who can access private data.
## SYNOPSIS ## SYNOPSIS
git secret tell [-m] [-d dir] [email] git secret tell [-m] [-d dir] [emails]...
## DESCRIPTION ## DESCRIPTION
`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. `git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
**Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported. **Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported.
@ -19,6 +19,11 @@ git-secret-tell - adds a person, who can access private data.
-h - shows help. -h - shows help.
## MANUAL
Run `man git-secret-tell` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson)

Binary file not shown.

View File

@ -15,6 +15,11 @@ git-secret-usage - prints all the available commands.
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-usage` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -15,6 +15,11 @@ git-secret-whoknows - prints email-labels for each key in the keyring.
-h - shows this help. -h - shows this help.
## MANUAL
Run `man git-secret-whoknows` to see this note.
## SEE ALSO ## SEE ALSO
git-secret-list(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) [git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Binary file not shown.

View File

@ -1,80 +1,3 @@
## Content
1. [Intro](#intro)
2. [Installation](#installation)
3. [Usage](#usage)
4. [Configuration](#configuration)
## Intro
There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit.
2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
### How does `git-secret` solve these problems?
1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit.
2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files.
### What is `git-secret`?
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
## Installation
### Dependencies
`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with:
git version 2.7.0
gpg (GnuPG) 1.4.20
### Supported platforms
`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3
You can add your platform to this list, if all the tests pass for you.
`Cygwin` support is planned.
### Installation process
There are several ways to install `git-secret`:
**** Homebrew ****
1. Run `brew install git-secret`. That will do. Also, there are two options:
* `--without-gpg` to build without `gpg` support
* `--HEAD` to install `HEAD` version
2. Note, that we have migrated from `tap` to the official `brew` repo
**** `deb` package ****
You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret).
0. Pre-requirements: make sure you have installed `apt-transport-https`
1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list`
2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -`
3. Run `sudo apt-get update && sudo apt-get install git-secret`
**** `rpm` package ****
You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret).
1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/`
2. Run `sudo yum install git-secret`
**** Manual ****
1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret`
2. Run `cd git-secret && make build`
3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH`
**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) ****
1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc`
2. Run `source ~/.zshrc` or reopen the terminal
## Usage ## Usage
These steps cover the basic process of using `git-secret`: These steps cover the basic process of using `git-secret`:
@ -100,6 +23,3 @@ These settings are available to be changed:
* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. * `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
* `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
[1]: https://git-scm.com/
[2]: https://www.gnupg.org/

View File

@ -21,15 +21,15 @@ SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning" GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
# Inner bash : # Inner bash:
function _function_exists { function _function_exists {
declare -f -F "$1" > /dev/null declare -f -F "$1" > /dev/null 2>&1
echo $? echo $?
} }
# OS based : # OS based:
function _os_based { function _os_based {
# Pass function name as first parameter. # Pass function name as first parameter.
@ -57,7 +57,7 @@ function _os_based {
} }
# File System : # File System:
function _set_config { function _set_config {
# First parameter is the KEY, second is VALUE, third is filename. # First parameter is the KEY, second is VALUE, third is filename.
@ -125,10 +125,10 @@ function _show_manual_for {
} }
# VCS : # VCS:
function _check_ignore { function _check_ignore {
git check-ignore -q "$1"; git check-ignore --no-index -q "$1";
echo $? echo $?
} }
@ -142,17 +142,68 @@ function _add_ignored_file {
} }
# Logic : function _is_inside_git_tree {
git rev-parse --is-inside-work-tree >/dev/null 2>&1
echo $?
}
function _get_git_root_path {
# We need this function to get the location of the `.git` folder,
# since `.gitsecret` must be on the same level.
local result
result=$(git rev-parse --show-toplevel)
echo "$result"
}
# Logic:
function _abort { function _abort {
>&2 echo "$1 abort." >&2 echo "$1 abort."
exit 1 exit 1
} }
function _find_and_clean {
# required:
local pattern="$1" # can be any string pattern
# optional:
local verbose=${2:-""} # can be empty or should be equal to "v"
# shellcheck disable=2086
find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose
}
function _find_and_clean_formated {
# required:
local pattern="$1" # can be any string pattern
# optional:
local verbose=${2:-""} # can be empty or should be equal to "v"
local message=${3:-"cleaning:"} # can be any string
if [[ ! -z "$verbose" ]]; then
echo && echo "$message"
fi
_find_and_clean "$pattern" "$verbose"
if [[ ! -z "$verbose" ]]; then
echo
fi
}
function _secrets_dir_exists { function _secrets_dir_exists {
if [[ ! -d "$SECRETS_DIR" ]]; then local root_path
_abort "$SECRETS_DIR does not exist." root_path=$(_get_git_root_path)
local full_path="$root_path/$SECRETS_DIR"
if [[ ! -d "$full_path" ]]; then
_abort "$full_path does not exist."
fi fi
} }
@ -166,7 +217,7 @@ function _user_required {
fi fi
local keys_exist local keys_exist
keys_exist=$($GPGLOCAL -n --list-keys --with-colon) keys_exist=$($GPGLOCAL -n --list-keys)
if [[ -z "$keys_exist" ]]; then if [[ -z "$keys_exist" ]]; then
_abort "$error_message" _abort "$error_message"
fi fi
@ -228,8 +279,8 @@ function _decrypt {
if [[ ! -z "$passphrase" ]]; then if [[ ! -z "$passphrase" ]]; then
echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \ echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \
"$encrypted_filename" "$encrypted_filename" > /dev/null 2>&1
else else
$base "$encrypted_filename" $base "$encrypted_filename" > /dev/null 2>&1
fi fi
} }

View File

@ -8,7 +8,8 @@ function add {
while getopts "ih" opt; do while getopts "ih" opt; do
case "$opt" in case "$opt" in
i) auto_add=1;; i) auto_add=1;;
h) _show_manaul_for "add";;
h) _show_manual_for "add";;
esac esac
done done

View File

@ -18,14 +18,17 @@ function changes {
shift $((OPTIND-1)) shift $((OPTIND-1))
[ "$1" = '--' ] && shift [ "$1" = '--' ] && shift
local filenames="$1" _user_required
if [[ -z "$filenames" ]]; then
local filenames="$*"
if [[ -z $filenames ]]; then
# Checking if no filenames are passed, show diff for all files. # Checking if no filenames are passed, show diff for all files.
filenames=$(git secret list) filenames=$(git secret list)
fi fi
IFS=' IFS='
' '
for filename in $filenames; do for filename in $filenames; do
local decrypted local decrypted
local content local content

View File

@ -17,14 +17,8 @@ function clean {
shift $((OPTIND-1)) shift $((OPTIND-1))
[ "$1" = '--' ] && shift [ "$1" = '--' ] && shift
if [[ ! -z "$verbose" ]]; then _user_required
echo && echo 'cleaing:'
fi
find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose
if [[ ! -z "$verbose" ]]; then
echo
fi
# User should see properly formated output:
_find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
} }

View File

@ -2,33 +2,66 @@
function _optional_clean { function _optional_clean {
OPTIND=1 local clean="$1"
local clean=0 local verbose=${2:-""}
local opt_string=''
while getopts 'cvh' opt; do if [[ $clean -eq 1 ]]; then
_find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose"
fi
}
function _optional_delete {
local delete="$1"
local verbose=${2:-""}
if [[ $delete -eq 1 ]]; then
# We use custom formating here:
if [[ ! -z "$verbose" ]]; then
echo && echo 'removing unencrypted files:'
fi
while read -r line; do
# So the formating would not be repeated several times here:
_find_and_clean "*$line" "$verbose"
done < "$SECRETS_DIR_PATHS_MAPPING"
if [[ ! -z "$verbose" ]]; then
echo
fi
fi
}
function hide {
local clean=0
local delete=0
local verbose=''
OPTIND=1
while getopts 'cdvh' opt; do
case "$opt" in case "$opt" in
c) clean=1;; c) clean=1;;
h) _show_manual_for 'hide';; d) delete=1;;
v) opt_string='-v';; v) verbose='v';;
h) _show_manual_for 'hide';;
esac esac
done done
shift $((OPTIND-1)) shift $((OPTIND-1))
[ "$1" = '--' ] && shift [ "$1" = '--' ] && shift
# We need user to continue:
_user_required _user_required
if [[ $clean -eq 1 ]]; then # If -c option was provided, it would clean the hidden files
clean "$opt_string" # before creating new ones.
fi _optional_clean "$clean" "$verbose"
}
function hide {
_optional_clean "$@"
local counter=0 local counter=0
while read -r line; do while read -r line; do
@ -45,5 +78,9 @@ function hide {
counter=$((counter+1)) counter=$((counter+1))
done < "$SECRETS_DIR_PATHS_MAPPING" done < "$SECRETS_DIR_PATHS_MAPPING"
# If -d option was provided, it would delete the source files
# after we have already hidden them.
_optional_delete "$delete" "$verbose"
echo "done. all $counter files are hidden." echo "done. all $counter files are hidden."
} }

View File

@ -15,9 +15,13 @@ function killperson {
_user_required _user_required
if [[ ${#@} -eq 0 ]]; then local emails=( "$@" )
_abort "email is required."
if [[ ${#emails[@]} -eq 0 ]]; then
_abort "at least one email is required."
fi fi
$GPGLOCAL --batch --yes --delete-key "$1" for email in "${emails[@]}"; do
$GPGLOCAL --batch --yes --delete-key "$email"
done
} }

View File

@ -2,20 +2,19 @@
function tell { function tell {
local email local emails
local self_email=0
local homedir local homedir
# A POSIX variable # A POSIX variable
# Reset in case getopts has been used previously in the shell. # Reset in case getopts has been used previously in the shell.
OPTIND=1 OPTIND=1
while getopts "h?md:" opt; do while getopts "hmd:" opt; do
case "$opt" in case "$opt" in
h) _show_manual_for "tell";; h) _show_manual_for "tell";;
m) # Set email of the git current user: m) self_email=1;;
email=$(git config user.email) || _abort "'git config user.email' is not set."
;;
d) homedir=$OPTARG;; d) homedir=$OPTARG;;
esac esac
@ -24,15 +23,29 @@ function tell {
shift $((OPTIND-1)) shift $((OPTIND-1))
[ "$1" = "--" ] && shift [ "$1" = "--" ] && shift
# Moved to enable viewing a manual without validation: # Validates that application is inited:
_secrets_dir_exists _secrets_dir_exists
# Custom argument-parsing: emails=( "$@" )
if [[ -z $email ]]; then local git_email
# Email was not set via `-m` and is in $1:
test ! -z "$1" && email="$1"; shift || _abort "first argument must be an email address." if [[ "$self_email" -eq 1 ]]; then
git_email=$(git config user.email)
if [[ -z "$git_email" ]]; then
_abort "'git config user.email' is not set."
fi fi
emails+=("$git_email")
fi
if [[ "${#emails[@]}" -eq 0 ]]; then
# If after possible addition of git_email, emails are still empty,
# we should raise an exception.
_abort "you must provide at least one email address."
fi
for email in "${emails[@]}"; do
# This file will be removed automatically: # This file will be removed automatically:
_temporary_file # note, that `_temporary_file` will export `filename` var. _temporary_file # note, that `_temporary_file` will export `filename` var.
# shellcheck disable=2154 # shellcheck disable=2154
@ -52,6 +65,7 @@ function tell {
# Importing public key to the local keychain: # Importing public key to the local keychain:
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1 $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
done
echo "done. $email added as a person who knows the secret." echo "done. ${emails[*]} added as someone who know(s) the secret."
} }

View File

@ -1,19 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
function _show_help_usage {
cat <<-EOF
usage: git secret usage
prints all the available commands.
options:
-h shows this help.
EOF
exit 0
}
function usage { function usage {
OPTIND=1 OPTIND=1
@ -26,14 +13,11 @@ function usage {
shift $((OPTIND-1)) shift $((OPTIND-1))
[ "$1" = "--" ] && shift [ "$1" = "--" ] && shift
local commands="" # There was a bug with some shells, which were adding extra commands
local separator="|" # to the old dynamic-loading version of this code.
# thanks to @antmak it is now fixed, see:
# https://github.com/sobolevn/git-secret/issues/47
local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows"
for com in $(compgen -A function); do echo "usage: git secret [$commands]"
if [[ ! $com == _* ]]; then
commands+="$com$separator"
fi
done
echo "usage: git secret [${commands%?}]"
} }

View File

@ -18,7 +18,7 @@ function whoknows {
local keys local keys
# Just to the point: # Getting the users from gpg:
keys=$(_get_users_in_keyring) keys=$(_get_users_in_keyring)
echo "$keys" echo "$keys"
} }

View File

@ -4,7 +4,9 @@ set -e
function _check_setup { function _check_setup {
# Checking git and secret-plugin setup: # Checking git and secret-plugin setup:
if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then local is_tree
is_tree=$(_is_inside_git_tree)
if [[ ! $is_tree -eq 0 ]]; then
_abort "repository is broken. try running 'git init' or 'git clone'." _abort "repository is broken. try running 'git init' or 'git clone'."
fi fi

View File

@ -1,3 +1,3 @@
#!/usr/bin/env bash #!/usr/bin/env bash
GITSECRET_VERSION='0.2.1' # shellcheck disable=2034 GITSECRET_VERSION='0.2.2' # shellcheck disable=2034

View File

@ -3,34 +3,35 @@
# This file is following a name convention defined in: # This file is following a name convention defined in:
# https://github.com/sstephenson/bats # https://github.com/sstephenson/bats
# shellcheck disable=1090
source "$SECRET_PROJECT_ROOT/src/version.sh" source "$SECRET_PROJECT_ROOT/src/version.sh"
# shellcheck disable=1090
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
# Constants: # Constants:
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
# Folders: TEST_GPG_HOMEDIR="$BATS_TMPDIR"
TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR"
TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING"
TEST_GPG_HOMEDIR="$PWD"
# GPG-based stuff: # GPG-based stuff:
: ${SECRETS_GPG_COMMAND:="gpg"} : "${SECRETS_GPG_COMMAND:="gpg"}"
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning" GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
# Personal data: # Personal data:
TEST_DEFAULT_USER="user1" TEST_DEFAULT_USER="user1"
TEST_SECOND_USER="user2" # shellcheck disable=2034
TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034
function test_user_password { function test_user_password {
# It was set on key creation:
echo "${1}pass" echo "${1}pass"
} }
function test_user_email { function test_user_email {
# It was set on key creation:
echo "${1}@gitsecret.io" echo "${1}@gitsecret.io"
} }
@ -39,17 +40,21 @@ function test_user_email {
function get_gpg_fingerprint_by_email { function get_gpg_fingerprint_by_email {
local email="$1" local email="$1"
local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ local fingerprint
sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \
sed -e '/<'"$email"'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \
sed -e '/fpr/!d' | \ sed -e '/fpr/!d' | \
sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p') sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p')
echo $fingerprint echo "$fingerprint"
} }
function install_fixture_key { function install_fixture_key {
local public_key="$BATS_TMPDIR/public-${1}.key" local public_key="$BATS_TMPDIR/public-${1}.key"
local email=$(test_user_email "$1") local email
email=$(test_user_email "$1")
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
--no-permission-warning --output "$public_key" \ --no-permission-warning --output "$public_key" \
@ -61,18 +66,23 @@ function install_fixture_key {
function install_fixture_full_key { function install_fixture_full_key {
local private_key="$BATS_TMPDIR/private-${1}.key" local private_key="$BATS_TMPDIR/private-${1}.key"
local email=$(test_user_email "$1") local email
local fp
local fingerprint
email=$(test_user_email "$1")
$SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \
--no-permission-warning --output "$private_key" --armor \ --no-permission-warning --output "$private_key" --armor \
--yes --export-secret-key "$email" > /dev/null 2>&1 --yes --export-secret-key "$email" > /dev/null 2>&1
$GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1 $GPGTEST --allow-secret-key-import \
--import "$private_key" > /dev/null 2>&1
local fp=$($GPGTEST --with-fingerprint "$private_key") fp=$($GPGTEST --with-fingerprint "$private_key")
# since 0.1.2 fingerprint is returned: # since 0.1.2 fingerprint is returned:
local fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g') fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g')
install_fixture_key "$1" install_fixture_key "$1"
@ -82,21 +92,25 @@ function install_fixture_full_key {
function uninstall_fixture_key { function uninstall_fixture_key {
local email=$(test_user_email "$1") local email
email=$(test_user_email "$1")
$GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1 $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1
} }
function uninstall_fixture_full_key { function uninstall_fixture_full_key {
local email=$(test_user_email "$1") local email
email=$(test_user_email "$1")
local fingerprint="$2" local fingerprint="$2"
if [[ -z "$fingerprint" ]]; then if [[ -z "$fingerprint" ]]; then
# see issue_12, fingerprint on `gpg2` has different format: # see issue_12, fingerprint on `gpg2` has different format:
fingerprint=$(_get_gpg_fingerprint_by_email "$email") fingerprint=$(get_gpg_fingerprint_by_email "$email")
fi fi
$GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1 $GPGTEST --batch --yes \
--delete-secret-keys "$fingerprint" > /dev/null 2>&1
uninstall_fixture_key "$1" uninstall_fixture_key "$1"
} }
@ -112,8 +126,12 @@ function git_set_config_email {
function git_commit { function git_commit {
git_set_config_email "$1" git_set_config_email "$1"
local user_name=$(git config user.name) local user_name
local commit_gpgsign=$(git config commit.gpgsign) local commit_gpgsign
user_name=$(git config user.name)
commit_gpgsign=$(git config commit.gpgsign)
git config --local user.name "$TEST_DEFAULT_USER" git config --local user.name "$TEST_DEFAULT_USER"
git config --local commit.gpgsign false git config --local commit.gpgsign false
@ -133,6 +151,11 @@ function remove_git_repository {
# Git Secret: # Git Secret:
function set_state_initial {
cd "$BATS_TMPDIR" || exit 1
}
function set_state_git { function set_state_git {
git init > /dev/null 2>&1 git init > /dev/null 2>&1
} }
@ -144,7 +167,9 @@ function set_state_secret_init {
function set_state_secret_tell { function set_state_secret_tell {
local email=$(test_user_email $1) local email
email=$(test_user_email "$1")
git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1 git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1
} }
@ -166,7 +191,7 @@ function set_state_secret_hide {
function unset_current_state { function unset_current_state {
# states order: # states order:
# git, secret_init, secret_tell, secret_add, secret_hide # initial, git, secret_init, secret_tell, secret_add, secret_hide
# unsets `secret_hide` # unsets `secret_hide`
# removes .secret files: # removes .secret files:
@ -181,4 +206,7 @@ function unset_current_state {
# removes gpg homedir: # removes gpg homedir:
rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed" rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed"
# return to the base dir:
cd "$SECRET_PROJECT_ROOT" || exit 1
} }

View File

@ -5,6 +5,8 @@ load _test_base
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -23,13 +25,13 @@ function teardown {
echo "content" > "$TEST_FILE" echo "content" > "$TEST_FILE"
run git secret add "$TEST_FILE" run git secret add "$TEST_FILE"
rm -f "$TEST_FILE"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
rm -f "$TEST_FILE"
} }
@test "run 'add' for unignored file with '-i' option" { @test "run 'add' for unignored file with '-i'" {
local TEST_FILE='test_file.auto_ignore' local TEST_FILE='test_file.auto_ignore'
touch "$TEST_FILE" touch "$TEST_FILE"
echo "content" > "$TEST_FILE" echo "content" > "$TEST_FILE"
@ -50,15 +52,32 @@ function teardown {
echo "$filename" > ".gitignore" echo "$filename" > ".gitignore"
run git secret add "$filename" run git secret add "$filename"
rm -f "$filename" ".gitignore"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
rm -f "$filename" ".gitignore"
local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING") local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING")
[ "$files_list" = "$filename" ] [ "$files_list" = "$filename" ]
} }
@test "run 'add' for file in subdirectory" {
local TEST_FILE='test_file'
local TEST_DIR='test_dir'
mkdir -p "$TEST_DIR"
touch "$TEST_DIR/$TEST_FILE"
echo "content" > "$TEST_DIR/$TEST_FILE"
echo "$TEST_DIR/$TEST_FILE" > ".gitignore"
run git secret add "$TEST_DIR/$TEST_FILE"
[ "$status" -eq 0 ]
[[ "$output" == *"1 items added."* ]]
rm -rf "$TEST_DIR"
}
@test "run 'add' twice for one file" { @test "run 'add' twice for one file" {
local filename="local_file" local filename="local_file"
echo "content" > "$filename" echo "content" > "$filename"
@ -66,11 +85,11 @@ function teardown {
run git secret add "$filename" run git secret add "$filename"
run git secret add "$filename" run git secret add "$filename"
rm -f "$filename" ".gitignore"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
[ "$output" = "1 items added." ] [ "$output" = "1 items added." ]
rm -f "$filename" ".gitignore"
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"` local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
[ "$files_list" = "$filename" ] [ "$files_list" = "$filename" ]
} }
@ -86,8 +105,8 @@ function teardown {
echo "$filename2" >> ".gitignore" echo "$filename2" >> ".gitignore"
run git secret add "$filename1" "$filename2" run git secret add "$filename1" "$filename2"
rm -f "$filename1" "$filename2" ".gitignore"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
[ "$output" = "2 items added." ] [ "$output" = "2 items added." ]
rm -f "$filename1" "$filename2" ".gitignore"
} }

View File

@ -12,6 +12,7 @@ FINGERPRINT=""
function setup { function setup {
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -66,3 +67,23 @@ function teardown {
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file_to_hide"* ]] [[ "$output" == *"$second_file_to_hide"* ]]
} }
@test "run 'changes' with multiple selected files changed" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
local new_content="new content"
local second_new_content="something different"
echo "$new_content" >> "$FILE_TO_HIDE"
echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE"
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \
"$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE"
[ "$status" -eq 0 ]
# Testing that output has both filename and changes:
[[ "$output" == *"changes in $FILE_TO_HIDE"* ]]
[[ "$output" == *"$new_content"* ]]
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file_to_hide"* ]]
}

View File

@ -1,3 +1,67 @@
#!/usr/bin/env bats #!/usr/bin/env bats
# TODO: create tests for this command. load _test_base
FIRST_FILE="file_to_hide1"
SECOND_FILE="file_to_hide2"
FOLDER="somedir"
FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
function setup {
install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git
set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER"
set_state_secret_add "$FIRST_FILE" "somecontent"
set_state_secret_add "$SECOND_FILE" "somecontent2"
set_state_secret_hide
}
function teardown {
uninstall_fixture_key "$TEST_DEFAULT_USER"
unset_current_state
# This also needs to be cleaned:
rm -f "$FIRST_FILE" "$SECOND_FILE"
rm -rf "$FOLDER"
}
function _secret_files_exists {
local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \
-print0 2>/dev/null | grep -q .; echo "$?")
echo "$result"
}
@test "run 'clean' normally" {
run git secret clean
[ "$status" -eq 0 ]
# There must be no .secret files:
local exists=$(_secret_files_exists)
[ "$exists" -ne 0 ]
}
@test "run 'clean' with '-v'" {
run git secret clean -v
[ "$status" -eq 0 ]
# There must be no .secret files:
local exists=$(_secret_files_exists)
[ "$exists" -ne 0 ]
local first_filename=$(_get_encrypted_filename "$FIRST_FILE")
local second_filename=$(_get_encrypted_filename "$SECOND_FILE")
# Output must be verbose:
[[ "$output" == *"cleaning"* ]]
[[ "$output" == *"$first_filename"* ]]
[[ "$output" == *"$second_filename"* ]]
}

View File

@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -26,22 +27,72 @@ function teardown {
@test "run 'hide' normally" { @test "run 'hide' normally" {
run git secret hide run git secret hide
# Command must execute normally:
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
[ "$output" = "done. all 1 files are hidden." ] [ "$output" = "done. all 1 files are hidden." ]
# New files should be crated:
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
[ -f "$encrypted_file" ]
} }
@test "run 'hide' with params" { @test "run 'hide' with multiple files" {
# Preparations:
local second_file="second_file.txt"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# Now it should hide 2 files:
run git secret hide
[ "$status" -eq 0 ]
[ "$output" = "done. all 2 files are hidden." ]
}
@test "run 'hide' with '-c' and '-v'" {
# Preparations:
local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE")
set_state_secret_hide # so it would be data to clean
run git secret hide -v -c run git secret hide -v -c
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
# File should be still there (it is not deletion):
[ -f "$FILE_TO_HIDE" ]
# Output should be verbose:
[[ "$output" == *"cleaning"* ]]
[[ "$output" == *"$encrypted_filename"* ]]
} }
@test "run 'hide' for multiple users" { @test "run 'hide' with '-d'" {
local new_user="user2" run git secret hide -d
[ "$status" -eq 0 ]
install_fixture_key "$new_user" # File must be removed:
set_state_secret_tell "$new_user" [ ! -f "$FILE_TO_HIDE" ]
}
@test "run 'hide' with '-d' and '-v'" {
run git secret hide -v -d
[ "$status" -eq 0 ]
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
# It should be verbose:
[[ "$output" == *"removing unencrypted files"* ]]
[[ "$output" == *"$FILE_TO_HIDE"* ]]
}
@test "run 'hide' with multiple users" {
install_fixture_key "$TEST_SECOND_USER"
set_state_secret_tell "$TEST_SECOND_USER"
run git secret hide run git secret hide
[ "$status" -eq 0 ] [ "$status" -eq 0 ]

View File

@ -4,6 +4,7 @@ load _test_base
function setup { function setup {
set_state_initial
set_state_git set_state_git
} }
@ -13,12 +14,11 @@ function teardown {
} }
@test "run 'init' without .git" { @test "run 'init' without '.git'" {
remove_git_repository remove_git_repository
run git secret init run git secret init
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
[ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ]
} }

View File

@ -5,6 +5,8 @@ load _test_base
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -26,4 +28,22 @@ function teardown {
@test "run 'killperson' normally" { @test "run 'killperson' normally" {
run git secret killperson "$TEST_DEFAULT_USER" run git secret killperson "$TEST_DEFAULT_USER"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
# Then whoknows must return an error with status code 1:
run git secret whoknows
[ "$status" -eq 1 ]
}
@test "run 'killperson' with multiple arguments" {
# Adding second user:
install_fixture_key "$TEST_SECOND_USER"
set_state_secret_tell "$TEST_SECOND_USER"
run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
[ "$status" -eq 0 ]
# Nothing to show:
run git secret whoknows
[ "$status" -eq 1 ]
} }

View File

@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод"
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -31,9 +32,27 @@ function teardown {
} }
@test "run 'list' with multiple files" {
# Preparations:
local second_file="second_file.txt"
set_state_secret_add "$second_file" "$FILE_CONTENTS"
run git secret list
[ "$status" -eq 0 ]
# Now it should list two files:
[[ "$output" == *"$FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file"* ]]
# Cleaning up:
rm -f "$second_file"
}
@test "run 'list' on empty repo" { @test "run 'list' on empty repo" {
git secret remove "$FILE_TO_HIDE" git secret remove "$FILE_TO_HIDE"
# Running `list` on empty mapping should result an error:
run git secret list run git secret list
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }

View File

@ -4,6 +4,7 @@ load _test_base
function setup { function setup {
set_state_initial
set_state_git set_state_git
} }
@ -29,3 +30,17 @@ function teardown {
run git secret --version run git secret --version
[ "$output" == "$GITSECRET_VERSION" ] [ "$output" == "$GITSECRET_VERSION" ]
} }
@test "run 'git secret --dry-run'" {
# We will break things apart, so normally it won't run:
rm -rf ".git"
# This must fail:
run git secret usage
[ "$status" -eq 1 ]
# Dry run won't fail:
run git secret --dry-run
[ "$status" -eq 0 ]
}

View File

@ -5,42 +5,71 @@ load _test_base
FIRST_FILE="file_to_hide1" FIRST_FILE="file_to_hide1"
SECOND_FILE="file_to_hide2" SECOND_FILE="file_to_hide2"
# There was a bug with `sed` an slashes:
# see https://github.com/sobolevn/git-secret/issues/23
FOLDER="somedir" FOLDER="somedir"
FILE_IN_FOLDER="${FOLDER}/file_to_hide3" FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
function setup { function setup {
install_fixture_full_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
set_state_secret_add "$FIRST_FILE" "somecontent" set_state_secret_add "$FIRST_FILE" "somecontent"
set_state_secret_add "$SECOND_FILE" "somecontent2" set_state_secret_add "$SECOND_FILE" "somecontent2"
set_state_secret_hide
} }
function teardown { function teardown {
uninstall_fixture_full_key "$TEST_DEFAULT_USER" uninstall_fixture_key "$TEST_DEFAULT_USER"
unset_current_state unset_current_state
rm -f "$FIRST_FILE" "$SECOND_FILE"
# This needs to be cleaned # This also needs to be cleaned:
rm -f "$FIRST_FILE" "$SECOND_FILE"
rm -rf "$FOLDER" rm -rf "$FOLDER"
} }
@test "run 'remove' normally" { function _has_line {
git secret hide local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
echo "$result"
}
@test "run 'remove' normally" {
run git secret remove "$SECOND_FILE" run git secret remove "$SECOND_FILE"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) # Mapping should not contain the second file:
local mapping_contains=$(_has_line "$SECOND_FILE")
[ "$mapping_contains" -eq 1 ] [ "$mapping_contains" -eq 1 ]
# But the first file must not change:
local other_files=$(_has_line "$FIRST_FILE")
[ "$other_files" -eq 0 ]
# Both files should be present:
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
[ -f "$first_enctypted_file" ]
[ -f "$second_enctypted_file" ]
}
@test "run 'remove' with multiple arguments" {
run git secret remove "$FIRST_FILE" "$SECOND_FILE"
[ "$status" -eq 0 ]
local first_line=$(_has_line "$FIRST_FILE")
[ "$first_line" -eq 1 ]
local second_line=$(_has_line "$SECOND_FILE")
[ "$second_line" -eq 1 ]
# Both files should be present:
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
@ -50,14 +79,19 @@ function teardown {
@test "run 'remove' with slashes in filename" { @test "run 'remove' with slashes in filename" {
# There was a bug with `sed` an slashes:
# see https://github.com/sobolevn/git-secret/issues/23
# Prepartions:
mkdir -p "$FOLDER" mkdir -p "$FOLDER"
set_state_secret_add "$FILE_IN_FOLDER" "somecontent3" set_state_secret_add "$FILE_IN_FOLDER" "somecontent3"
git secret hide set_state_secret_hide # runing hide again to hide new data
# Now it should remove filename with slashes from the mapping:
run git secret remove "$FILE_IN_FOLDER" run git secret remove "$FILE_IN_FOLDER"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
local mapping_contains=$(grep "$FILE_IN_FOLDER" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) local mapping_contains=$(_has_line "$FILE_IN_FOLDER")
[ "$mapping_contains" -eq 1 ] [ "$mapping_contains" -eq 1 ]
local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER) local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER)
@ -65,14 +99,14 @@ function teardown {
} }
@test "run 'remove -c'" { @test "run 'remove' with '-c'" {
git secret hide git secret hide
run git secret remove -c "$SECOND_FILE" run git secret remove -c "$SECOND_FILE"
echo "$output" echo "$output"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) local mapping_contains=$(_has_line "$SECOND_FILE")
[ "$mapping_contains" -eq 1 ] [ "$mapping_contains" -eq 1 ]
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)

View File

@ -11,6 +11,7 @@ FINGERPRINT=""
function setup { function setup {
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
@ -22,6 +23,7 @@ function setup {
function teardown { function teardown {
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
unset_current_state unset_current_state
rm -f "$FILE_TO_HIDE" rm -f "$FILE_TO_HIDE"
} }
@ -63,32 +65,58 @@ function teardown {
@test "run 'reveal' for attacker" { @test "run 'reveal' for attacker" {
# Preparations
rm -f "$FILE_TO_HIDE" rm -f "$FILE_TO_HIDE"
local attacker="attacker1" local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER")
local atacker_fingerprint=$(install_fixture_full_key "$attacker") local password=$(test_user_password "$TEST_ATTACKER_USER")
local password=$(test_user_password "$attacker")
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
# This should fail, nothing should be created:
[ "$status" -eq 2 ] [ "$status" -eq 2 ]
[ ! -f "$FILE_TO_HIDE" ] [ ! -f "$FILE_TO_HIDE" ]
uninstall_fixture_full_key "$attacker" "$atacker_fingerprint" # Cleaning up:
uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint"
} }
@test "run 'reveal' for multiple users" { @test "run 'reveal' for multiple users (with key deletion)" {
local new_user="user2" # Preparations:
install_fixture_full_key "$new_user" local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
set_state_secret_tell "$new_user" local password=$(test_user_password "$TEST_SECOND_USER")
set_state_secret_tell "$TEST_SECOND_USER"
set_state_secret_hide set_state_secret_hide
# We are removing a secret key of the first user to be sure
# that it is not used in decryption:
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
local password=$(test_user_password "$new_user") # Testing:
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
[ -f "$FILE_TO_HIDE" ] [ -f "$FILE_TO_HIDE" ]
# Cleaning up:
uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
}
@test "run 'reveal' for multiple users (normally)" {
# Preparations:
local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER")
local password=$(test_user_password "$TEST_SECOND_USER")
set_state_secret_tell "$TEST_SECOND_USER"
set_state_secret_hide
# Testing:
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
[ "$status" -eq 0 ]
[ -f "$FILE_TO_HIDE" ]
# Cleaning up:
uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint"
} }

View File

@ -12,6 +12,7 @@ OLD_SECRETS_EXTENSION=""
function setup { function setup {
FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER")
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"

View File

@ -5,6 +5,8 @@ load _test_base
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
} }
@ -16,12 +18,23 @@ function teardown {
} }
function git_secret_tell_test { @test "fail on no users" {
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" run _user_required
[ "$status" -eq 1 ]
} }
@test "fail on no users" { @test "constantly fail on no users" {
# We had a serious bug with _user_required,
# see this link for the details:
# https://github.com/sobolevn/git-secret/issues/74
# Preparations:
git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
git secret killperson "$TEST_DEFAULT_USER"
# It was showing something like `tru::1:1289775241:0:2:1:6`
# after the preparations done and the error was not generated.
run _user_required run _user_required
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }
@ -32,7 +45,7 @@ function git_secret_tell_test {
echo "private key" > "$private_key" echo "private key" > "$private_key"
[ -s "$private_key" ] [ -s "$private_key" ]
run git_secret_tell_test run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }
@ -40,7 +53,7 @@ function git_secret_tell_test {
@test "run 'tell' without '.gitsecret'" { @test "run 'tell' without '.gitsecret'" {
rm -rf "$SECRETS_DIR" rm -rf "$SECRETS_DIR"
run git_secret_tell_test run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }
@ -52,15 +65,20 @@ function git_secret_tell_test {
@test "run 'tell' normally" { @test "run 'tell' normally" {
run git_secret_tell_test run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
# Testing that now user is found:
run _user_required run _user_required
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
# Testing that now user is in the list of people who knows the secret:
run git secret whoknows
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
} }
@test "run 'tell -m'" { @test "run 'tell' with '-m'" {
email=$(test_user_email $TEST_DEFAULT_USER) email=$(test_user_email $TEST_DEFAULT_USER)
git_set_config_email "$email" git_set_config_email "$email"
@ -69,8 +87,32 @@ function git_secret_tell_test {
} }
@test "run 'tell -m' with empty email" { @test "run 'tell' with '-m' (empty email)" {
git_set_config_email "" # Prepartions:
git_set_config_email "" # now it should not allow to add yourself
run git secret tell -d "$TEST_GPG_HOMEDIR" -m run git secret tell -d "$TEST_GPG_HOMEDIR" -m
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }
@test "run 'tell' with multiple emails" {
# Preparations:
install_fixture_key "$TEST_SECOND_USER"
# Testing the command iteself:
run git secret tell -d "$TEST_GPG_HOMEDIR" \
"$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
[ "$status" -eq 0 ]
# Testing that these users are presented in the
# list of people who knows secret:
run git secret whoknows
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
[[ "$output" == *"$TEST_SECOND_USER"* ]]
# Cleaning up:
uninstall_fixture_key "$TEST_SECOND_USER"
}

View File

@ -4,6 +4,7 @@ load _test_base
function setup { function setup {
set_state_initial
set_state_git set_state_git
} }

View File

@ -5,24 +5,40 @@ load _test_base
function setup { function setup {
install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_DEFAULT_USER"
install_fixture_key "user2" install_fixture_key "$TEST_SECOND_USER"
set_state_initial
set_state_git set_state_git
set_state_secret_init set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_DEFAULT_USER"
set_state_secret_tell "user2" set_state_secret_tell "$TEST_SECOND_USER"
} }
function teardown { function teardown {
uninstall_fixture_key $TEST_DEFAULT_USER uninstall_fixture_key "$TEST_DEFAULT_USER"
uninstall_fixture_key "$TEST_SECOND_USER"
unset_current_state unset_current_state
rm -f "$FILE_TO_HIDE"
} }
@test "run 'whoknows' normally" { @test "run 'whoknows' normally" {
run git secret whoknows run git secret whoknows
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
# Now test the output, both users should be present:
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
[[ "$output" == *"$TEST_SECOND_USER"* ]]
}
@test "run 'whoknows' without any users" {
# Preparations, removing users:
local email1=$(test_user_email "$TEST_DEFAULT_USER")
local email2=$(test_user_email "$TEST_SECOND_USER")
git secret killperson "$email1" "$email2"
# Now whoknows should raise an error: there are no users.
run git secret whoknows
[ "$status" -eq 1 ]
} }

View File

@ -16,6 +16,9 @@ RPM_FILE_LOCATION=$(locate_rpm)
# Integration tests # Integration tests
function integration_tests { function integration_tests {
# Note that `dnf` must be installed.
# CentOS 6 does not support `dnf`.
# Installing the package: # Installing the package:
dnf install -y "$RPM_FILE_LOCATION" dnf install -y "$RPM_FILE_LOCATION"