pax_global_header00006660000000000000000000000064132071777250014525gustar00rootroot0000000000000052 comment=492c8d8b79566e71ccff6a7ee924dc9afc5a57a5 git-secret-0.2.3/000077500000000000000000000000001320717772500135755ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/000077500000000000000000000000001320717772500161055ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/alpine/000077500000000000000000000000001320717772500173555ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/alpine/latest/000077500000000000000000000000001320717772500206515ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/alpine/latest/Dockerfile000066400000000000000000000027041320717772500226460ustar00rootroot00000000000000FROM alpine:latest RUN apk add --no-cache --update \ bash \ build-base \ coreutils \ curl \ findutils \ gcc \ libffi-dev \ musl-dev \ net-tools \ openrc \ openssh \ openssh-server \ openssh-sftp-server \ openssl-dev \ py-boto \ py2-pip \ python2-dev \ rsyslog \ sudo \ xz \ && pip install --upgrade pip \ && if ! getent passwd <%= @username %>; then \ adduser -h /home/<%= @username %> -s /bin/bash -D <%= @username %>; \ passwd -d <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?PasswordAuthentication\s+.*/PasswordAuthentication no/' /etc/ssh/sshd_config \ && sed -ri 's/^#?ChallengeResponseAuthentication\s+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && rc-update add sshd EXPOSE 22 git-secret-0.2.3/.Dockerfiles/centos/000077500000000000000000000000001320717772500174005ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/centos/latest/000077500000000000000000000000001320717772500206745ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/centos/latest/Dockerfile000066400000000000000000000053241320717772500226720ustar00rootroot00000000000000FROM centos:latest ENV container="docker" RUN yum clean all \ && yum makecache \ && yum install -y epel-release \ && yum makecache \ && yum install -y \ curl \ findutils \ gcc \ glibc-langpack-en.x86_64 \ libffi-devel \ net-tools \ openssh-server \ openssl-devel \ python2-devel \ python2-pip \ redhat-lsb \ redhat-rpm-config \ sudo \ systemd \ && pip install --upgrade pip \ && yum clean all \ && if ! getent passwd <%= @username %>; then \ useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \ && /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \ && /usr/bin/rm -f /etc/systemd/system/*.wants/* \ && /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/plymouth* \ && /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && systemctl set-default multi-user.target \ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \ && echo $'[Unit]\ \nDescription=Finish boot up\ \nAfter=sshd.service\ \n\ \n[Service]\ \nType=oneshot\ \nRemainAfterExit=yes\ \nExecStartPre=/bin/sleep 3s\ \nExecStart=/bin/rm -f /run/nologin\ \n\ \n[Install]\ \nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service EXPOSE 22 VOLUME [ "/sys/fs/cgroup" ] git-secret-0.2.3/.Dockerfiles/debian/000077500000000000000000000000001320717772500173275ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/debian/latest/000077500000000000000000000000001320717772500206235ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/debian/latest/Dockerfile000066400000000000000000000052541320717772500226230ustar00rootroot00000000000000FROM debian:stable ENV DEBIAN_FRONTEND="noninteractive" container="docker" RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y \ apt-utils \ curl \ locales \ lsb-release \ net-tools \ openssh-server \ python-pip \ python2.7 \ sudo \ systemd \ && pip install --upgrade pip \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && if ! getent passwd <%= @username %>; then \ useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen \ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \ && /bin/rm -f /etc/systemd/system/*.wants/* \ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \ && /bin/rm -f /lib/systemd/system/plymouth* \ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && systemctl set-default multi-user.target \ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \ && echo $'[Unit]\ \nDescription=Finish boot up\ \nAfter=ssh.service\ \n\ \n[Service]\ \nType=oneshot\ \nRemainAfterExit=yes\ \nExecStartPre=/bin/sleep 3s\ \nExecStart=/bin/rm -f /run/nologin\ \n\ \n[Install]\ \nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service EXPOSE 22 VOLUME [ "/sys/fs/cgroup" ] git-secret-0.2.3/.Dockerfiles/fedora/000077500000000000000000000000001320717772500173455ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/fedora/latest/000077500000000000000000000000001320717772500206415ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/fedora/latest/Dockerfile000066400000000000000000000052361320717772500226410ustar00rootroot00000000000000FROM fedora:latest ENV container="docker" RUN dnf clean all \ && dnf makecache \ && dnf install -y \ curl \ findutils \ gcc \ glibc-langpack-en.x86_64 \ libffi-devel \ net-tools \ openssh-server \ openssl-devel \ python2-devel \ python2-pip \ redhat-lsb \ redhat-rpm-config \ sudo \ systemd \ && pip install --upgrade pip \ && dnf clean all \ && if ! getent passwd <%= @username %>; then \ useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \ && /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \ && /usr/bin/rm -f /etc/systemd/system/*.wants/* \ && /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/* \ && /usr/bin/rm -f /lib/systemd/system/plymouth* \ && /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && systemctl set-default multi-user.target \ && ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \ && echo $'[Unit]\ \nDescription=Finish boot up\ \nAfter=sshd.service\ \n\ \n[Service]\ \nType=oneshot\ \nRemainAfterExit=yes\ \nExecStartPre=/bin/sleep 3s\ \nExecStart=/bin/rm -f /run/nologin\ \n\ \n[Install]\ \nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service EXPOSE 22 VOLUME [ "/sys/fs/cgroup" ] git-secret-0.2.3/.Dockerfiles/ubuntu/000077500000000000000000000000001320717772500174275ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/ubuntu/latest/000077500000000000000000000000001320717772500207235ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/ubuntu/latest/Dockerfile000066400000000000000000000052551320717772500227240ustar00rootroot00000000000000FROM ubuntu:latest ENV DEBIAN_FRONTEND="noninteractive" container="docker" RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y \ apt-utils \ curl \ locales \ lsb-release \ net-tools \ openssh-server \ python-pip \ python2.7 \ sudo \ systemd \ && pip install --upgrade pip \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && if ! getent passwd <%= @username %>; then \ useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \ && /bin/rm -f /etc/systemd/system/*.wants/* \ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \ && /bin/rm -f /lib/systemd/system/plymouth* \ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && systemctl set-default multi-user.target \ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \ && echo $'[Unit]\ \nDescription=Finish boot up\ \nAfter=ssh.service\ \n\ \n[Service]\ \nType=oneshot\ \nRemainAfterExit=yes\ \nExecStartPre=/bin/sleep 3s\ \nExecStart=/bin/rm -f /run/nologin\ \n\ \n[Install]\ \nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service EXPOSE 22 VOLUME [ "/sys/fs/cgroup" ] git-secret-0.2.3/.Dockerfiles/ubuntu/rolling/000077500000000000000000000000001320717772500210755ustar00rootroot00000000000000git-secret-0.2.3/.Dockerfiles/ubuntu/rolling/Dockerfile000066400000000000000000000052701320717772500230730ustar00rootroot00000000000000FROM ubuntu:rolling ENV DEBIAN_FRONTEND="noninteractive" container="docker" RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y \ apt-utils \ curl \ rsync \ locales \ lsb-release \ net-tools \ openssh-server \ python-pip \ python2.7 \ sudo \ systemd \ && pip install --upgrade pip \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && if ! getent passwd <%= @username %>; then \ useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \ fi \ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ && echo "Defaults !requiretty" >> /etc/sudoers \ && mkdir -p /home/<%= @username %>/.ssh \ && chown -R <%= @username %> /home/<%= @username %>/.ssh \ && chmod 0700 /home/<%= @username %>/.ssh \ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \ && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \ && cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \ && /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \ && /bin/rm -f /etc/systemd/system/*.wants/* \ && /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && /bin/rm -f /lib/systemd/system/basic.target.wants/* \ && /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \ && /bin/rm -f /lib/systemd/system/plymouth* \ && /bin/rm -f /lib/systemd/system/systemd-update-utmp* \ && sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \ && echo "UseDNS=no" >> /etc/ssh/sshd_config \ && systemctl set-default multi-user.target \ && ln -s /lib/systemd/system/ssh.service /etc/systemd/system/multi-user.target.wants/ssh.service \ && ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \ && echo $'[Unit]\ \nDescription=Finish boot up\ \nAfter=ssh.service\ \n\ \n[Service]\ \nType=oneshot\ \nRemainAfterExit=yes\ \nExecStartPre=/bin/sleep 3s\ \nExecStart=/bin/rm -f /run/nologin\ \n\ \n[Install]\ \nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \ && ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service EXPOSE 22 VOLUME [ "/sys/fs/cgroup" ] git-secret-0.2.3/.ci/000077500000000000000000000000001320717772500142465ustar00rootroot00000000000000git-secret-0.2.3/.ci/after_deploy.sh000066400000000000000000000007151320717772500172620ustar00rootroot00000000000000#!/usr/bin/env bash set -e # This file is required, because for some reason # travis deploys do not trigger metadata calculation. # See: https://github.com/sobolevn/git-secret/issues/89 # This file is only called after successful deploy. # We need to execute custom call to the Bintray API: curl -X POST \ --user "sobolevn:$BINTRAY_API_KEY" \ -H "X-GPG-PASSPHRASE: $BINTRAY_GPG_PASS" \ "https://api.bintray.com/calc_metadata/sobolevn/$GITSECRET_DIST" git-secret-0.2.3/.ci/ansible-setup.sh000077500000000000000000000015041320717772500173600ustar00rootroot00000000000000#!/bin/sh ## Script is sepcifically for use on travis-ci set -e ## This is an example setup script that you would encapsulate the installation # What version of avm setup to use echo "Setting up Ansible Version Manager" AVM_VERSION="v1.0.0" ## Install Ansible 2.3.1 using pip and label it 'v2.3' export ANSIBLE_VERSIONS_0="2.3.1.0" export INSTALL_TYPE_0="pip" export ANSIBLE_LABEL_0="v2.3" ## Install Ansible 2.4.1 using pip and label it 'v2.4' export ANSIBLE_VERSIONS_1="2.4.1.0" export INSTALL_TYPE_1="pip" export ANSIBLE_LABEL_1="v2.4" # Whats the default version export ANSIBLE_DEFAULT_VERSION="v2.4" ## Create a temp dir to download avm avm_dir="$(mktemp -d 2> /dev/null || mktemp -d -t 'mytmpdir')" git clone https://github.com/ahelal/avm.git "${avm_dir}" > /dev/null 2>&1 ## Run the setup /bin/sh ${avm_dir}/setup.sh exit 0 git-secret-0.2.3/.ci/before_deploy.sh000066400000000000000000000005411320717772500174200ustar00rootroot00000000000000#!/usr/bin/env bash set -e if [[ "$GITSECRET_DIST" == "rpm" ]]; then # To deploy `rpm`-packages this utility is needed: sudo apt-get install -y rpm; fi if [[ ! -z "$GITSECRET_DIST" ]] && [[ -z "$KITCHEN_REGEXP" ]]; then # When making a non-container build, this step will generate # proper manifest files: make "deploy-$GITSECRET_DIST"; fi git-secret-0.2.3/.ci/before_script.sh000066400000000000000000000014711320717772500174330ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Linux helper functions: function update_linux() { sudo apt-get update -qq sudo apt-get install -qq python-apt python-pycurl git python-pip ruby ruby-dev build-essential autoconf rpm gem install bundler } function install_ansible { bash .ci/ansible-setup.sh bundle install ~/.avm/v2.3/venv/bin/pip install netaddr ansible-lint ~/.avm/v2.4/venv/bin/pip install netaddr ansible-lint } # Mac: if [[ "$GITSECRET_DIST" == "brew" ]]; then gnupg_installed="$(brew list | grep -c "gnupg")" [[ "$gnupg_installed" -ge 1 ]] || brew install gnupg if [[ -f "/usr/local/bin/gpg1" ]]; then ln -s /usr/local/bin/gpg1 /usr/local/bin/gpg fi brew install gawk fi # Linux: if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ -n "$KITCHEN_REGEXP" ]]; then update_linux install_ansible fi git-secret-0.2.3/.ci/integration/000077500000000000000000000000001320717772500165715ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg-git/000077500000000000000000000000001320717772500204725ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg-git/default.yml000066400000000000000000000072161320717772500226470ustar00rootroot00000000000000--- # host to test against - hosts: test-kitchen remote_user: root tasks: - include_tasks: tasks/dependencies.yml - name: Install build tools package: name: "{{ item }}" with_items: "{{ build_tools }}" - name: Check whether deb-src repos are enabled command: grep -c -e "^deb-src.*" /etc/apt/sources.list register: deb_src_check ignore_errors: yes when: - ansible_os_family == "Debian" - name: Set deb-src check results set_fact: deb_src_check_result: "{{ deb_src_check.stdout | default(0) | int }}" - name: Enable Ubuntu main & restricted source repo replace: path: '/etc/apt/sources.list' regexp: '^(#\s)(.*main\srestricted)$' replace: '\2 # enabled' when: - ansible_distribution == "Ubuntu" - deb_src_check_result >= 1 - name: Enable Debian source repos replace: path: '/etc/apt/sources.list' regexp: '^(deb)(.*)$' replace: '\1\2\ndeb-src\2' when: - ansible_distribution == "Debian" - deb_src_check_result >= 1 - name: Install gnupg build dependencies for Debian based distros apt: name: gnupg2 state: build-dep update_cache: yes when: - ansible_os_family == "Debian" - name: Install gnupg build dependencies for RedHat based distros command: bash -lc "yum --assumeyes install yum-utils && yum-builddep --assumeyes gnupg2" when: - ansible_os_family == "RedHat" - name: Get GnuPG github api content uri: url: https://api.github.com/repos/gpg/gnupg/tags method: GET return_content: yes body_format: json register: gnupg_tags - name: Set url for latest gnupg release source set_fact: gnupg_tarball_url: >- {{ gnupg_tags.json | selectattr('name','match','gnupg-2.*') | map(attribute='tarball_url') | first }} - name: Download latest release of gnupg source get_url: url: "{{ gnupg_tarball_url }}" dest: /tmp/gnupg.tar.gz force: yes retries: 5 delay: 10 - name: Extract gnupg source tarball unarchive: src: /tmp/gnupg.tar.gz dest: /usr/local/src/ - name: Find gnupg src directory find: paths: /usr/local/src patterns: "gpg-gnupg*" file_type: directory recurse: no register: found_gpg_src - name: Set gnupg src directory set_fact: gpg_src_path: "{{ found_gpg_src.files | map(attribute='path') | first }}" - name: Run gnupg autogen command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh " changed_when: False - name: Disable development msg for gnupg lineinfile: path: "{{ gpg_src_path }}/configure" regexp: '^development_version=.*' line: 'development_version=no' - name: Set gnupg build config set_fact: gpg_build_config: >- --sysconfdir=/etc --prefix=/usr --enable-symcryptrun --docdir=/usr/share/doc/gnupg-2.2.0 --disable-rpath --enable-maintainer-mode changed_when: False - name: Configure gnupg build command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}" changed_when: False - name: Compile gnupg src command: bash -lc "cd {{ gpg_src_path }} && make" changed_when: False - name: Install compiled gnupg command: bash -lc "cd {{ gpg_src_path }} && make install" changed_when: False - include_tasks: tasks/prep-tests.yml - include_tasks: tasks/run-tests.yml git-secret-0.2.3/.ci/integration/gnupg-git/serverspec/000077500000000000000000000000001320717772500226535ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg-git/serverspec/default_spec.rb000066400000000000000000000025571320717772500256470ustar00rootroot00000000000000require_relative './spec_helper' describe 'git-secret::test' do describe package('git-secret') do it { should be_installed } end if host_inventory['platform'] == 'fedora' describe command('find /tmp/git-secret/build -name "*.rpm"') do its(:stdout) { should match /git-secret.*rpm/ } end elsif host_inventory['platform'] == 'alpine' describe command('find /tmp/git-secret/build -name "*.apk"') do its(:stdout) { should match /git-secret.*apk/ } end else describe command('find /tmp/git-secret/build -name "*.deb"') do its(:stdout) { should match /git-secret.*deb/ } end end describe file('/.git-secret_test-passed') do it { should exist } end describe file('/.git-secret_lint-passed') do it { should exist } end if host_inventory['platform'] == 'fedora' describe command('rpm --query --info git-secret') do its(:exit_status) { should eq 0 } end elsif host_inventory['platform'] == 'alpine' describe command('apk info git-secret') do its(:exit_status) { should eq 0 } end else describe command('dpkg-query --status git-secret') do its(:exit_status) { should eq 0 } end end describe command('man -w "git-secret"') do its(:exit_status) { should eq 0 } end describe command('man -w "git-secret-init"') do its(:exit_status) { should eq 0 } end end git-secret-0.2.3/.ci/integration/gnupg-git/serverspec/spec_helper.rb000066400000000000000000000003741320717772500254750ustar00rootroot00000000000000require 'serverspec' # :backend can be either :exec or :ssh # since we are running local we use :exec set :backend, :exec RSpec.configure do |c| c.before :all do c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin' end end git-secret-0.2.3/.ci/integration/gnupg1/000077500000000000000000000000001320717772500177725ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg1/default.yml000066400000000000000000000015431320717772500221440ustar00rootroot00000000000000--- # host to test against - hosts: test-kitchen remote_user: root tasks: - include_tasks: tasks/dependencies.yml - name: Install gnupg package: name: "{{ item.name }}" state: present when: - ansible_distribution == item.distribution with_items: - name: gnupg distribution: Alpine - name: gnupg distribution: Fedora - name: gnupg1 distribution: Debian - name: gnupg1 distribution: Alpine - name: Check for gpg1 binary stat: path: /usr/bin/gpg1 register: gpg1 - name: Make gpg1 default binary file: src: /usr/bin/gpg1 dest: /usr/bin/gpg state: link force: yes when: gpg1.stat.exists - include_tasks: tasks/prep-tests.yml - include_tasks: tasks/run-tests.yml git-secret-0.2.3/.ci/integration/gnupg1/serverspec/000077500000000000000000000000001320717772500221535ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg1/serverspec/default_spec.rb000066400000000000000000000027041320717772500251410ustar00rootroot00000000000000require_relative './spec_helper' describe 'git-secret::test' do describe package('git-secret') do it { should be_installed } end if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat' describe command('find /tmp/git-secret/build -name "*.rpm"') do its(:stdout) { should match /git-secret.*rpm/ } end elsif host_inventory['platform'] == 'alpine' describe command('find /tmp/git-secret/build -name "*.apk"') do its(:stdout) { should match /git-secret.*apk/ } end else describe command('find /tmp/git-secret/build -name "*.deb"') do its(:stdout) { should match(/git-secret.*deb/) } end end describe file('/.git-secret_test-passed') do it { should exist } end describe file('/.git-secret_lint-passed') do it { should exist } end if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat' describe command('rpm --query --info git-secret') do its(:exit_status) { should eq 0 } end elsif host_inventory['platform'] == 'alpine' describe command('apk info git-secret') do its(:exit_status) { should eq 0 } end else describe command('dpkg-query --status git-secret') do its(:exit_status) { should eq 0 } end end describe command('man -w "git-secret"') do its(:exit_status) { should eq 0 } end describe command('man -w "git-secret-init"') do its(:exit_status) { should eq 0 } end end git-secret-0.2.3/.ci/integration/gnupg1/serverspec/spec_helper.rb000066400000000000000000000003741320717772500247750ustar00rootroot00000000000000require 'serverspec' # :backend can be either :exec or :ssh # since we are running local we use :exec set :backend, :exec RSpec.configure do |c| c.before :all do c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin' end end git-secret-0.2.3/.ci/integration/gnupg2/000077500000000000000000000000001320717772500177735ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg2/default.yml000066400000000000000000000017051320717772500221450ustar00rootroot00000000000000--- # host to test against - hosts: test-kitchen remote_user: root tasks: - include_tasks: tasks/dependencies.yml - name: Install gnupg package: name: "{{ item.name }}" state: present when: - ansible_distribution == item.distribution with_items: - name: gnupg distribution: Alpine - name: gnupg2 distribution: Fedora - name: gnupg2 distribution: Ubuntu - name: gnupg distribution: Debian - name: gnupg distribution: Alpine - name: Check for gpg2 binary stat: path: /usr/bin/gpg2 register: gpg2 - name: Make gpg2 default binary file: src: /usr/bin/gpg2 dest: /usr/bin/gpg state: link force: yes when: - gpg2.stat.exists - gpg2.stat.islnk == False - include_tasks: tasks/prep-tests.yml - include_tasks: tasks/run-tests.yml git-secret-0.2.3/.ci/integration/gnupg2/serverspec/000077500000000000000000000000001320717772500221545ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/gnupg2/serverspec/default_spec.rb000066400000000000000000000027071320717772500251450ustar00rootroot00000000000000require_relative './spec_helper' describe 'git-secret::test' do describe package('git-secret') do it { should be_installed } end if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat' describe command('find /tmp/git-secret/build -name "*.rpm"') do its(:stdout) { should match(/git-secret.*rpm/) } end elsif host_inventory['platform'] == 'alpine' describe command('find /tmp/git-secret/build -name "*.apk"') do its(:stdout) { should match /git-secret.*apk/ } end else describe command('find /tmp/git-secret/build -name "*.deb"') do its(:stdout) { should match(/git-secret.*deb/) } end end describe file('/.git-secret_test-passed') do it { should exist } end describe file('/.git-secret_lint-passed') do it { should exist } end if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat' describe command('rpm --query --info git-secret') do its(:exit_status) { should eq 0 } end elsif host_inventory['platform'] == 'alpine' describe command('apk info git-secret') do its(:exit_status) { should eq 0 } end else describe command('dpkg-query --status git-secret') do its(:exit_status) { should eq 0 } end end describe command('man -w "git-secret"') do its(:exit_status) { should eq 0 } end describe command('man -w "git-secret-init"') do its(:exit_status) { should eq 0 } end end git-secret-0.2.3/.ci/integration/gnupg2/serverspec/spec_helper.rb000066400000000000000000000003741320717772500247760ustar00rootroot00000000000000require 'serverspec' # :backend can be either :exec or :ssh # since we are running local we use :exec set :backend, :exec RSpec.configure do |c| c.before :all do c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin' end end git-secret-0.2.3/.ci/integration/tasks/000077500000000000000000000000001320717772500177165ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/tasks/dependencies.yml000066400000000000000000000016601320717772500230720ustar00rootroot00000000000000--- - name: Load a variable file based on the OS type, or a default if not found. include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution }}.yml" - "{{ ansible_os_family }}.yml" - "default.yml" - name: Install Dependencies package: name: "{{ item }}" state: present with_items: "{{ test_dependencies }}" - name: Get bats git: repo: 'https://github.com/sstephenson/bats.git' dest: /opt/bats - name: Install bats file: src: /opt/bats/libexec/bats dest: /usr/bin/bats state: link - name: Get ShellCheck get_url: url: https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz dest: /tmp/shellcheck.tar.xz - name: Install ShellCheck command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1 args: warn: no creates: /usr/bin/shellcheck - name: Install fpm gem: name: fpm state: present user_install: no git-secret-0.2.3/.ci/integration/tasks/prep-tests.yml000066400000000000000000000014141320717772500225470ustar00rootroot00000000000000--- - name: Get OS package type set_fact: os_pkg_type: "{{ item.os_pkg_type }}" when: - item.os_family == ansible_os_family with_items: - os_family: RedHat os_pkg_type: "rpm" - os_family: Debian os_pkg_type: "deb" - os_family: Suse os_pkg_type: "rpm" - os_family: Alpine os_pkg_type: "apk" changed_when: false tags: - skip_ansible_lint - name: Get gpg version command: gpg --version register: gpg_version changed_when: False - name: Print gpg version debug: msg: "Running test againts {{ gpg_version.stdout_lines | first | string }}." changed_when: False - name: Copy git-secret src synchronize: src: /opt/workspace/ dest: /tmp/git-secret archive: false owner: no recursive: yes git-secret-0.2.3/.ci/integration/tasks/run-tests.yml000066400000000000000000000033261320717772500224110ustar00rootroot00000000000000--- - name: Run ci-test command: bash -lc "cd /tmp/git-secret && make test" changed_when: False ignore_errors: yes register: test_results environment: PATH: /usr/local/bin:{{ ansible_env.PATH }} - name: Print ci-test results debug: var: test_results.stdout_lines - name: Create file when ci-test passes file: path: /.git-secret_test-passed state: touch when: - test_results.rc == 0 - name: Run lint command: bash -lc "cd /tmp/git-secret && make lint" ignore_errors: yes register: lint_results changed_when: False - name: Print lint results debug: var: lint_results.stdout_lines - name: Create file when lint passes file: path: /.git-secret_lint-passed state: touch when: - lint_results.rc == 0 - name: Create git-secret {{ os_pkg_type }} package command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}" changed_when: False ignore_errors: yes register: test_results environment: PATH: /usr/local/bin:{{ ansible_env.PATH }} - name: Find git-secret {{ os_pkg_type }} file find: paths: /tmp/git-secret/build patterns: "*.{{ os_pkg_type }}" recurse: yes register: pkg_location - name: Set git-secret {{ os_pkg_type }} location set_fact: pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}" when: - pkg_location is defined - name: Install git-secret {{ os_pkg_type }} package command: bash -lc "{{ item.command }} {{ pkg_path }}" when: - item.os_family == ansible_os_family with_items: - command: "rpm --nodeps --install --force" os_family: "RedHat" - command: "dpkg --force-all --install" os_family: "Debian" - command: "apk add --allow-untrusted" os_family: "Alpine" git-secret-0.2.3/.ci/integration/vars/000077500000000000000000000000001320717772500175445ustar00rootroot00000000000000git-secret-0.2.3/.ci/integration/vars/Alpine.yml000066400000000000000000000002131320717772500214730ustar00rootroot00000000000000--- test_dependencies: - gawk - git - make - man - procps - rsync - ruby - ruby-dev - tar build_tools: - make - tar git-secret-0.2.3/.ci/integration/vars/CentOS.yml000066400000000000000000000003471320717772500214260ustar00rootroot00000000000000--- test_dependencies: - gawk - git - make - man - redhat-rpm-config - rpm-build - rsync - ruby-devel - rubygems - rubygems-devel build_tools: - ImageMagick - autoconf - automake - texinfo - transfig git-secret-0.2.3/.ci/integration/vars/Debian.yml000066400000000000000000000002701320717772500214500ustar00rootroot00000000000000--- test_dependencies: - gawk - git - make - man - ruby-dev - rubygems build_tools: - autoconf - automake - build-essential - imagemagick - texinfo - transfig git-secret-0.2.3/.ci/integration/vars/Fedora.yml000066400000000000000000000003471320717772500214730ustar00rootroot00000000000000--- test_dependencies: - gawk - git - make - man - redhat-rpm-config - rpm-build - rsync - ruby-devel - rubygems - rubygems-devel build_tools: - ImageMagick - autoconf - automake - texinfo - transfig git-secret-0.2.3/.ci/integration/vars/Ubuntu.yml000066400000000000000000000002701320717772500215500ustar00rootroot00000000000000--- test_dependencies: - gawk - git - make - man - ruby-dev - rubygems build_tools: - autoconf - automake - build-essential - imagemagick - texinfo - transfig git-secret-0.2.3/.ci/integration/vars/default.yml000066400000000000000000000002701320717772500217120ustar00rootroot00000000000000--- test_dependencies: - gawk - make - git - ruby-dev - rubygems - man build_tools: - autoconf - automake - build-essential - imagemagick - texinfo - transfig git-secret-0.2.3/.ci/script.sh000066400000000000000000000010471320717772500161100ustar00rootroot00000000000000#!/usr/bin/env bash set -e function run_kitchen_tests { ansible --version ruby --version python --version pip --version bundler --version bundle show bundle exec kitchen test --test-base-path="$PWD/.ci/integration" $KITCHEN_REGEXP } # Local builds: if [[ "$GITSECRET_DIST" == "brew" ]]; then # Only running `make test` on standard (non-docker) build, # since it is called inside the docker container anyway. make test fi # Linux: if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ -n "$KITCHEN_REGEXP" ]]; then run_kitchen_tests fi git-secret-0.2.3/.editorconfig000066400000000000000000000005741320717772500162600ustar00rootroot00000000000000# Check http://editorconfig.org for more information # This is the main config file for this project: root = true [*] charset = utf-8 indent_style = space trim_trailing_whitespace = true end_of_line = lf insert_final_newline = true [*.json] indent_size = 2 [*.py] indent_size = 4 [*.sh] indent_size = 2 [*.bats] indent_size = 2 [Makefile] indent_style = tab indent_size = 4 git-secret-0.2.3/.gitattributes000066400000000000000000000000141320717772500164630ustar00rootroot00000000000000* text=auto git-secret-0.2.3/.github/000077500000000000000000000000001320717772500151355ustar00rootroot00000000000000git-secret-0.2.3/.github/ISSUE_TEMPLATE.md000066400000000000000000000016731320717772500176510ustar00rootroot00000000000000 What are the steps to reproduce this issue? ------------------------------------------- 1. … 2. … 3. … What happens? ------------- … What were you expecting to happen? ---------------------------------- … Any logs, error output, etc? ---------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) Any other comments? ------------------- … What versions of software are you using? ---------------------------------------- **Operating system:** (`uname -a`) … **`git-secret` path:** (`which git-secret`) … **`git-secret` version:** (`git secret --version`) … **`git` version:** (`git --version`) … **Shell type and version:** (`$SHELL --version`) … **`gpg` version:** (`gpg --version`) … **`git` version:** (`git --version`) … git-secret-0.2.3/.github/PULL_REQUEST_TEMPLATE.md000066400000000000000000000015231320717772500207370ustar00rootroot00000000000000 What does this implement/fix? Explain your changes. --------------------------------------------------- … Does this close any currently open issues? ------------------------------------------ … Any relevant logs, error output, etc? ------------------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) Any other comments? ------------------- … git-secret-0.2.3/.gitignore000066400000000000000000000042211320717772500155640ustar00rootroot00000000000000#### joe made this: http://goel.io/joe #####=== Windows ===##### # Windows image file caches Thumbs.db ehthumbs.db # Folder config file Desktop.ini # Recycle Bin used on file shares $RECYCLE.BIN/ # Windows Installer files *.cab *.msi *.msm *.msp # Windows shortcuts *.lnk #####=== Linux ===##### *~ # KDE directory preferences .directory # Linux trash folder which might appear on any partition or disk .Trash-* #####=== OSX ===##### .DS_Store .AppleDouble .LSOverride # Icon must end with two \r Icon # Thumbnails ._* # Files that might appear on external disk .Spotlight-V100 .Trashes # Directories potentially created on remote AFP share .AppleDB .AppleDesktop Network Trash Folder Temporary Items .apdisk #####=== JetBrains ===##### # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm *.iml ## Directory-based project format: .idea/ # if you remove the above rule, at least ignore the following: # User-specific stuff: # .idea/workspace.xml # .idea/tasks.xml # .idea/dictionaries # Sensitive or high-churn files: # .idea/dataSources.ids # .idea/dataSources.xml # .idea/sqlDataSources.xml # .idea/dynamic.xml # .idea/uiDesigner.xml # Gradle: # .idea/gradle.xml # .idea/libraries # Mongo Explorer plugin: # .idea/mongoSettings.xml ## File-based project format: *.ipr *.iws ## Plugin-specific files: # IntelliJ out/ # mpeltonen/sbt-idea plugin .idea_modules/ # JIRA plugin atlassian-ide-plugin.xml # Crashlytics plugin (for Android Studio and IntelliJ) com_crashlytics_export_strings.xml crashlytics.properties crashlytics-build.properties #####=== SublimeText ===##### # cache files for sublime text *.tmlanguage.cache *.tmPreferences.cache *.stTheme.cache # workspace files are user-specific *.sublime-workspace # project files should be checked into the repository, unless a significant # proportion of contributors will probably not be using SublimeText # *.sublime-project # sftp configuration file sftp-config.json #####=== Jekyll ===##### _site/ .sass-cache/ #####=== Custom ===##### # Logic files: .gitsecret/ git-secret # Temporary packages: vendor/ temp/ # Packaging: build/ *.deb *.fpm # Kithcne files Gemfile.lock .kitchen/ git-secret-0.2.3/.kitchen.yml000066400000000000000000000073621320717772500160330ustar00rootroot00000000000000--- driver: name: docker use_sudo: false provisioner: # name of the host hosts: test-kitchen # use an ansible playbook to provision our server name: ansible_playbook ansible_verbose: false require_ansible_repo: false require_ansible_omnibus: true ansible_version: 2.4.1 require_chef_for_busser: false sudo_command: sudo -E -H idempotency_test: false sudo: true ansible_extra_flags: "-e '{ kitchen_testrun: True }'" additional_copy_path: - ".ci/integration/vars" - ".ci/integration/tasks" transport: max_ssh_sessions: 3 platforms: - name: debian-latest driver_config: run_command: /lib/systemd/systemd dockerfile: .Dockerfiles/debian/latest/Dockerfile platform: debian cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock - name: fedora-latest driver_config: run_command: /lib/systemd/systemd dockerfile: .Dockerfiles/fedora/latest/Dockerfile platform: fedora cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock - name: centos-latest driver_config: run_command: /lib/systemd/systemd dockerfile: .Dockerfiles/centos/latest/Dockerfile platform: centos cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock - name: ubuntu-latest driver_config: run_command: /lib/systemd/systemd dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile platform: ubuntu cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock - name: ubuntu-rolling driver_config: run_command: /lib/systemd/systemd dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile platform: ubuntu cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock - name: alpine-latest driver_config: run_command: /sbin/init dockerfile: .Dockerfiles/alpine/latest/Dockerfile platform: alpine volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container run_options: tmpfs: - /run - /run/lock verifier: name: serverspec sudo_path: true suites: # suites found at /test/integration/$test-name # in container @/tmp/kitchen - name: gnupg1 verifier: patterns: - roles/git-secret/.ci/integration/gnupg1/serverspec/*_spec.rb excludes: - centos-latest - name: gnupg2 verifier: patterns: - roles/git-secret/.ci/integration/gnupg2/serverspec/*_spec.rb excludes: - ubuntu-latest - name: gnupg-git verifier: patterns: - roles/git-secret/.ci/integration/gnupg-git/serverspec/*_spec.rb bundler_path: '/usr/local/bin' rspec_path: '/usr/local/bin' excludes: - ubuntu-latest - centos-latest - alpine-latest git-secret-0.2.3/.travis.yml000066400000000000000000000054141320717772500157120ustar00rootroot00000000000000matrix: fast_finish: true include: - os: linux env: KITCHEN_REGEXP="gnupg1-alpine-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg1-debian-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg1-fedora-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg1-ubuntu-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg1-ubuntu-rolling" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg2-alpine-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg2-debian-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg2-fedora-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg2-centos-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg2-ubuntu-rolling" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg-git-debian-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg-git-fedora-latest" services: docker sudo: required language: ruby rvm: 2.4 - os: linux env: KITCHEN_REGEXP="gnupg-git-ubuntu-rolling" services: docker sudo: required language: ruby rvm: 2.4 # - os: osx # env: GITSECRET_DIST="brew" # sudo: false # language: generic before_script: - chmod +x ".ci/before_script.sh" && ".ci/before_script.sh" script: - chmod +x ".ci/script.sh" && ".ci/script.sh" before_deploy: - chmod +x ".ci/before_deploy.sh" && ".ci/before_deploy.sh" deploy: - provider: bintray on: branch: master condition: "$GITSECRET_DIST == deb" file: "build/deb_descriptor.json" user: "sobolevn" key: "$BINTRAY_API_KEY" passphrase: "$BINTRAY_GPG_PASS" - provider: bintray on: branch: master condition: "$GITSECRET_DIST == rpm" file: "build/rpm_descriptor.json" user: "sobolevn" key: "$BINTRAY_API_KEY" passphrase: "$BINTRAY_GPG_PASS" after_deploy: - chmod +x ".ci/after_deploy.sh" && ".ci/after_deploy.sh" notifications: email: on_success: never on_failure: change git-secret-0.2.3/CHANGELOG.md000066400000000000000000000063531320717772500154150ustar00rootroot00000000000000# Changelog ## Version 0.2.3 - Added `-m` option to `hide` command, files will only be hidden when modifications are detected (#92) - Changed how path mappings file works: colon delimited FSDB (#92) - Fixed `gnupg` >= 2.1 CI tests (#6) - Now users can run local CI tests using test-kitchen (#6) - Migrated travis ci tests to test-kitchen for Linux platforms. - `git secret init` now adds `random_seed` to `.gitignore` (#93) - Added more `gpg` version to test matrix (#99) - Dropped `git check-ignore`, using `git add --dry-run` instead to check for ignored files (#105,#38) - Added CentOS to test matrix (#38,#91) - All tested Linux platforms now use latest release of `shellchek` - Added Alpine to test matrix, and apk is now built. (#75) ## Version 0.2.2 - Change how the `usage` command works (#48) - Now `git-secret` works from any place inside `git-tree` (#56) - Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62) - Added new command `changes` to see the diff between the secret files (#64) - Fixed bug when `_user_required` was not working after reimporting keys (#74) - Now it is possible to provide multiple emails to the `killperson` command (#73) - Now it is possible to provide multiple emails to the `tell` command (#72) - Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71) - Now installation section is removed from main `man` file (#70) - Now "See also" section in the `man`s are clickable (#69) - Added "Manual" section to the manuals (#61) - Added `centos` container for `ci` testing (#38) - Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52) - Refactored `hide` and `clean` commands to be shorter - `shellcheck` is now supported with `make lint` ## Version 0.2.1 - Now everything is tested inside the `docker`-containers and `OSX` images on `travis`. - Added autodeploy to `bintray` in `.travis.yml`. - Added `.ci/` folder for continuous integration, refactored `utils/` folder. - Added `CONTRIBUTING.md` and `LICENSE.md`. - New brand logo in the `README.md`. - Everything is `shellcheck`ed (except `tests/`). ## Version 0.2.0 - Added `changes` command to see the difference between current version of the hidden files and the commited one - Added `-f` option to the `reveal` command to remove prompts - Changed the way files were decrypted, now it is a separate function - Some bugs are fixed - New installation instructions ## Version 0.1.2 - Added `-i` option to the `git-secret-add` command, which auto adds unignored files to the `.gitignore` - Documentation improved with `Configuration` section - Added extra tests: for custom filenames and new features - `Makefile` improvements with `.PHONY` and `install` target - `.github` templates added ## Version 0.1.1 - Added `--dry-run` option to the `git secret` command, which prevents any actions. - Now `install_full_fixture()` returns a fingerprint - Now `uninstall_full_fixture()` receives two args - Fixed bug, when tests were failing with `gpg2` - New travis strategy: testing both `gpg` and `gpg2` - Removed animation from docs, now using `asciinema.org` ## Version 0.1.0 - Initial release git-secret-0.2.3/CONTRIBUTING.md000066400000000000000000000107511320717772500160320ustar00rootroot00000000000000# Contributing Your contributions are always welcome! ## Process ### Environment Before starting make sure you have: - git - bash - bundler - docker - gawk - gnupg (or gnupg2) - ruby - sha256sum - [shellcheck](https://github.com/koalaman/shellcheck) - test-kitchen Only required if dealing with manuals, `gh-pages` or releases: - ruby, ruby-dev ### Getting started 1. Create your own or pick an opened issue from the [tracker][tracker]. Take a look at the [`help-wanted` tag][help-wanted] 2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git` 3. Make sure that everything works on the current platform by running `make test` 4. [Run local CI tests](#running-local-ci-tests) to verify functionality on supported platforms `bundle exec kitchen verify --test-base-path="$PWD/.ci/integration"`. ### Development Process 1. Firstly, you will need to setup development hooks with `make install-hooks` 2. Make changes to the files that need to be changed 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command 4. Run [`shellcheck`][shellcheck] against all your changes with `make lint` 5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work 6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail 7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways ### Branches We have three long-live branches: `master`, `develop` and `gh-pages` for static site. It basically looks like that: > `your-branch` -> `develop` -> `master` - `master` branch is protected. So only fully tested code goes there. It is also used to create a new `git` tag and a `github` release - `develop` is where the development is done and the branch you should send your pull-requests to ### Continuous integration Local CI is done with the help [`test-kitchen`](http://kitchen.ci/). `test-kitchen` handles multiple test-suites on various platforms. `bundle exec kitchen list` will output the list of test suites to be run aginst supported platforms. Cloud CI is done with the help of `travis`. `travis` handles multiple environments: - `Docker`-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checks - `OSX` jobs, which handle basic unit-tests on `OSX` - Native `travis` jobs, which handle basic unit-tests and stylechecks ### Running local ci-tests 1. Install requied gems with `bundle install`. 2. Run ci-tests with `bundle exec kitchen verify --test-base-path="$PWD/.ci/integration"` ### Release process The release process is defined in the `git`-hooks and `.travis.yml`. When creating a commit inside the `master` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events. Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook. Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the [git-secret site][git-secret-site]. And the new `git` tag will be automatically created if the version is changed: ```bash if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" fi ``` #### Travis releases When creating a commit inside `master` branch, `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`][bintray]. If you wish to override a previous release (*be careful*) you will need to add `"override": 1` into `matrixParams`, see `deb-deploy.sh` and `rpm-deploy.sh` #### Manual releases Releases to `brew` are made manually. #### Dockerhub releases [`Dockerhub`][Dockerhub] contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`. [tracker]: https://github.com/sobolevn/git-secret/issues [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 [shellcheck]: https://github.com/koalaman/shellcheck [git-secret-site]: http://git-secret.io [bintray]: https://bintray.com/sobolevn [Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/ git-secret-0.2.3/Gemfile000066400000000000000000000002201320717772500150620ustar00rootroot00000000000000source 'https://rubygems.org' gem 'test-kitchen' gem 'serverspec' gem 'kitchen-ansible' gem 'kitchen-docker' gem 'kitchen-verifier-serverspec' git-secret-0.2.3/LICENSE.md000066400000000000000000000020571320717772500152050ustar00rootroot00000000000000MIT License Copyright (c) 2016 Nikita Sobolev Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. git-secret-0.2.3/Makefile000066400000000000000000000074221320717772500152420ustar00rootroot00000000000000SHELL:=/usr/bin/env bash PREFIX?="/usr" # # Building: # git-secret: src/version.sh src/_utils/* src/commands/* src/main.sh @cat $^ > "$@"; \ chmod +x git-secret; sync .PHONY: all all: build .PHONY: clean clean: @rm -f git-secret .PHONY: build build: git-secret .PHONY: install install: @chmod +x "./utils/install.sh"; sync; \ "./utils/install.sh" "${PREFIX}" .PHONY: uninstall uninstall: @chmod +x "./utils/uninstall.sh"; sync; \ "./utils/uninstall.sh" "${PREFIX}" # # Testing: # .PHONY: install-test install-test: @if [ ! -d "vendor/bats" ]; then \ git clone https://github.com/sstephenson/bats.git vendor/bats; fi .PHONY: test test: install-test clean build @chmod +x "./utils/tests.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \ "./utils/tests.sh" # # Manuals: # .PHONY: install-ronn install-ronn: @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi .PHONY: clean-man clean-man: @find "man/" -type f ! -name "*.ronn" -delete .PHONY: build-man build-man: install-ronn clean-man @ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn .PHONY: build-gh-pages build-gh-pages: @chmod +x "./utils/gh-branch.sh"; sync; \ "./utils/gh-branch.sh" # # Development: # .PHONY: install-hooks install-hooks: @ln -fs "${PWD}/utils/hooks/pre-commit.sh" "${PWD}/.git/hooks/pre-commit"; \ chmod +x "${PWD}/.git/hooks/pre-commit"; sync; \ ln -fs "${PWD}/utils/hooks/post-commit.sh" "${PWD}/.git/hooks/post-commit"; \ chmod +x "${PWD}/.git/hooks/post-commit"; sync .PHONY: develop develop: clean build install-hooks .PHONY: lint lint: @find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} # # Packaging: # .PHONY: install-fpm install-fpm: @if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi # .apk: .PHONY: build-apk build-apk: clean build install-fpm @chmod +x "./utils/build-utils.sh"; sync; \ chmod +x "./utils/apk/apk-build.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/apk/apk-build.sh" .PHONY: test-apk-ci test-apk-ci: install-test build-apk @chmod +x "./utils/apk/apk-ci.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ "./utils/apk/apk-ci.sh" .PHONY: deploy-apk deploy-apk: build-apk @chmod +x "./utils/apk/apk-deploy.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/apk/apk-deploy.sh" # .deb: .PHONY: build-deb build-deb: clean build install-fpm @chmod +x "./utils/build-utils.sh"; sync; \ chmod +x "./utils/deb/deb-build.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/deb/deb-build.sh" .PHONY: test-deb-ci test-deb-ci: install-test build-deb @chmod +x "./utils/deb/deb-ci.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ "./utils/deb/deb-ci.sh" .PHONY: deploy-deb deploy-deb: build-deb @chmod +x "./utils/deb/deb-deploy.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/deb/deb-deploy.sh" # .rpm: .PHONY: build-rpm build-rpm: clean build install-fpm @chmod +x "./utils/build-utils.sh"; sync; \ chmod +x "./utils/rpm/rpm-build.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/rpm/rpm-build.sh" .PHONY: test-rpm-ci test-rpm-ci: install-test build-rpm @chmod +x "./utils/rpm/rpm-ci.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ "./utils/rpm/rpm-ci.sh" .PHONY: deploy-rpm deploy-rpm: build-rpm @chmod +x "./utils/rpm/rpm-deploy.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ "./utils/rpm/rpm-deploy.sh" # make: .PHONY: test-make-ci test-make-ci: clean install-test @chmod +x "./utils/make/make-ci.sh"; sync; \ export SECRET_PROJECT_ROOT="${PWD}"; \ export PATH="${PWD}/vendor/bats/bin:${PATH}"; \ "./utils/make/make-ci.sh" git-secret-0.2.3/README.md000066400000000000000000000056541320717772500150660ustar00rootroot00000000000000# git-secret [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) [![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/) ## What is `git-secret`? `git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore. ## Preview [![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1) ## Installation `git-secret` supports `brew`, just type: `brew install git-secret` It also supports `apt` and `yum`. You can also use `make` if you want to. See the [installation section](http://git-secret.io/installation) for the details. ### Requirements `git-secret` relies on several external packages: - `bash` since `3.2.57` (it is hard to tell the correct `patch` release) - `gawk` since `4.0.2` - `git` since `1.8.3.1` - `gpg` since `gnupg 1.4` to `gnupg 2.X` - `sha256sum` since `8.21` ## Contributing Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues) and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that. ### Security In order to encrypt (git-secret hide -m) files only when modified, the path mappings file tracks sha256sum checksums of the files added (git-secret add) to git-secret's path mappings filesystem database. Although, the chances of encountering a sha collision are low, it is recommend that you pad files with random data for greater security. Or avoid using the `-m` option altogether. If your secret file holds more data than just a single password these precautions should not be necessary, but could be followed for greater security. If you found any security related issues, please do not enclose it in public. Send an email to `security@wemake.services` ## Changelog `git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md). ## License MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo. git-secret-0.2.3/git-secret.plugin.zsh000066400000000000000000000015531320717772500176720ustar00rootroot00000000000000#!/usr/bin/env zsh # Copyright 2016 Sobolev Nikita # # Licensed under the MIT License # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Deprecation warning: (>&2 echo "warning: this installation method is deprecated since version 0.2.3") (>&2 echo "warning: it will be completely removed by the version 0.3.0") (>&2 echo "warning: use binary installation instead") # Create binary: PLUGIN_DIR="$(dirname "$0")" if [ ! -f "$PLUGIN_DIR/git-secret" ]; then cd "$PLUGIN_DIR" && make build && cd .. fi # Add our plugin's bin diretory to user's path export PATH="${PATH}:${PLUGIN_DIR}" git-secret-0.2.3/man/000077500000000000000000000000001320717772500143505ustar00rootroot00000000000000git-secret-0.2.3/man/man1/000077500000000000000000000000001320717772500152045ustar00rootroot00000000000000git-secret-0.2.3/man/man1/git-secret-add.1000066400000000000000000000023771320717772500200730ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-ADD" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. . .SH "SYNOPSIS" . .nf git secret add [\-i] \.\.\. . .fi . .SH "DESCRIPTION" \fBgit\-secret\-add\fR adds a filepath(es) into the \fB\.gitsecret/paths/mapping\.cfg\fR\. When adding files, ensure that they are ignored by \fBgit\fR, since they must be secure and not be commited into the remote repository unencrypted\. . .P If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\. . .P It is not recommened to add filenames directly into the \fB\.gitsecret/paths/mapping\.cfg\fR, use the command\. . .SH "OPTIONS" . .nf \-i \- auto adds given files to the `\.gitignore` if they are unignored at the moment\. \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-add\fR to see this note\. . .SH "SEE ALSO" git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-add.1.ronn000066400000000000000000000020121320717772500210300ustar00rootroot00000000000000git-secret-add - starts to track added files. ============================================= ## SYNOPSIS git secret add [-i] ... ## DESCRIPTION `git-secret-add` adds a filepath(es) into the `.gitsecret/paths/mapping.cfg`. When adding files, ensure that they are ignored by `git`, since they must be secure and not be commited into the remote repository unencrypted. If there's no users in the `git-secret`'s keyring, when adding a file, an exception will be raised. It is not recommened to add filenames directly into the `.gitsecret/paths/mapping.cfg`, use the command. ## OPTIONS -i - auto adds given files to the `.gitignore` if they are unignored at the moment. -h - shows this help. ## MANUAL Run `man git-secret-add` to see this note. ## SEE ALSO [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man1/git-secret-changes.1000066400000000000000000000023761320717772500207520ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-CHANGES" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. . .SH "SYNOPSIS" . .nf git secret changes [\-h] [\-d dir] [\-p password] [pathspec]\.\.\. . .fi . .SH "DESCRIPTION" \fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. You can provide any number of files to this command as arguments, so it will show changes for these files only\. If no arguments are provided \- information about all files will be shown\. . .SH "OPTIONS" . .nf \-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. \-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. \-h \- shows help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-changes\fR to see this note\. . .SH "SEE ALSO" git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-changes.1.ronn000066400000000000000000000020451320717772500217160ustar00rootroot00000000000000git-secret-changes - view diff of the hidden files. =================================================== ## SYNOPSIS git secret changes [-h] [-d dir] [-p password] [pathspec]... ## DESCRIPTION `git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown. ## OPTIONS -d - specifies `--homedir` option for the `gpg`, basically use this option if your store your keys in a custom location. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. -h - shows help. ## MANUAL Run `man git-secret-changes` to see this note. ## SEE ALSO [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man1/git-secret-clean.1000066400000000000000000000016131320717772500204150ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-CLEAN" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. . .SH "SYNOPSIS" . .nf git secret clean [\-v] . .fi . .SH "DESCRIPTION" \fBgit\-secret\-clean\fR deletes all the encrypted files\. This command can produce a verbose output, printing which files are deleted\. . .SH "OPTIONS" . .nf \-v \- shows which files are deleted\. \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-clean\fR to see this note\. . .SH "SEE ALSO" git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR git-secret-0.2.3/man/man1/git-secret-clean.1.ronn000066400000000000000000000012741320717772500213730ustar00rootroot00000000000000git-secret-clean - removes all the hidden files. ================================================ ## SYNOPSIS git secret clean [-v] ## DESCRIPTION `git-secret-clean` deletes all the encrypted files. This command can produce a verbose output, printing which files are deleted. ## OPTIONS -v - shows which files are deleted. -h - shows this help. ## MANUAL Run `man git-secret-clean` to see this note. ## SEE ALSO [git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) git-secret-0.2.3/man/man1/git-secret-hide.1000066400000000000000000000023271320717772500202470ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-HIDE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. . .SH "SYNOPSIS" . .nf git secret hide [\-c] [\-v] . .fi . .SH "DESCRIPTION" \fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone from the \fBgit\-secret\fR\'s keyring can decrypt these files using their secret key\. . .P It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\. . .SH "OPTIONS" . .nf \-v \- verbose, shows extra information\. \-c \- deletes encrypted files before creating new ones\. \-d \- deletes unencrypted files after encryption\. \-m \- encrypt files only when modified\. \-h \- shows help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-hide\fR to see this note\. . .SH "SEE ALSO" git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-hide.1.ronn000066400000000000000000000020101320717772500212070ustar00rootroot00000000000000git-secret-hide - encrypts all added files with the inner keyring. ================================================================== ## SYNOPSIS git secret hide [-c] [-v] ## DESCRIPTION `git-secret-hide` create an encrypted version for each file added by `git-secret-add` command. Now anyone from the `git-secret`'s keyring can decrypt these files using their secret key. It is possible to modify the names of the encrypted files by setting `SECRETS_EXTENSION` variable. ## OPTIONS -v - verbose, shows extra information. -c - deletes encrypted files before creating new ones. -d - deletes unencrypted files after encryption. -m - encrypt files only when modified. -h - shows help. ## MANUAL Run `man git-secret-hide` to see this note. ## SEE ALSO [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man1/git-secret-init.1000066400000000000000000000013741320717772500203020ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-INIT" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. . .SH "SYNOPSIS" . .nf git secret init . .fi . .SH "DESCRIPTION" \fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be run, until the git\-secret repository is inited other commands are unavailable\. . .SH "OPTIONS" . .nf \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-init\fR to see this note\. . .SH "SEE ALSO" git\-secret\-usage(1) \fIhttp://git\-secret\.io/git\-secret\-usage\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR git-secret-0.2.3/man/man1/git-secret-init.1.ronn000066400000000000000000000010701320717772500212460ustar00rootroot00000000000000git-secret-init - initializes git-secret repository. ==================================================== ## SYNOPSIS git secret init ## DESCRIPTION `git-secret-init` should be run inside a `git` repo. `git-secret-init` is the first command to be run, until the git-secret repository is inited other commands are unavailable. ## OPTIONS -h - shows this help. ## MANUAL Run `man git-secret-init` to see this note. ## SEE ALSO [git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell) git-secret-0.2.3/man/man1/git-secret-killperson.1000066400000000000000000000017321320717772500215170ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-KILLPERSON" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. . .SH "SYNOPSIS" . .nf git secret killperson \.\.\. . .fi . .SH "DESCRIPTION" This command removes selected email addresses from the keyring\. \fBgit\-secret\-killperson\fR makes it impossible for given users to decrypt the hidden files in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring to renew the encryption\. . .SH "OPTIONS" . .nf \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-killperson\fR to see this note\. . .SH "SEE ALSO" git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR git-secret-0.2.3/man/man1/git-secret-killperson.1.ronn000066400000000000000000000014471320717772500224750ustar00rootroot00000000000000git-secret-killperson - deletes key identified by an email from the inner keyring. ================================================================================== ## SYNOPSIS git secret killperson ... ## DESCRIPTION This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption. ## OPTIONS -h - shows this help. ## MANUAL Run `man git-secret-killperson` to see this note. ## SEE ALSO [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean) git-secret-0.2.3/man/man1/git-secret-list.1000066400000000000000000000016001320717772500203020ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-LIST" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. . .SH "SYNOPSIS" . .nf git secret list . .fi . .SH "DESCRIPTION" \fBgit\-secret\-list\fR prints all the currently added tracked files from the \fB\.gitsecret/paths/mapping\.cfg\fR\. . .SH "OPTIONS" . .nf \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-list\fR to see this note\. . .SH "SEE ALSO" git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-list.1.ronn000066400000000000000000000012411320717772500212560ustar00rootroot00000000000000git-secret-list - prints all the added files. ============================================= ## SYNOPSIS git secret list ## DESCRIPTION `git-secret-list` prints all the currently added tracked files from the `.gitsecret/paths/mapping.cfg`. ## OPTIONS -h - shows this help. ## MANUAL Run `man git-secret-list` to see this note. ## SEE ALSO [git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man1/git-secret-remove.1000066400000000000000000000016511320717772500206320ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-REMOVE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. . .SH "SYNOPSIS" . .nf git secret remove [\-c] \.\.\. . .fi . .SH "DESCRIPTION" \fBgit\-secret\-remove\fR deletes files from \fB\.gitsecret/paths/mapping\.cfg\fR, so they won\'t be encrypted or decrypted in the future\. There\'s also an option to delete existing encrypted versions of the files provided\. . .SH "OPTIONS" . .nf \-c \- deletes existing real encrypted files\. \-h \- shows help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-remove\fR to see this note\. . .SH "SEE ALSO" git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR git-secret-0.2.3/man/man1/git-secret-remove.1.ronn000066400000000000000000000013241320717772500216020ustar00rootroot00000000000000git-secret-remove - removes files from index. ============================================= ## SYNOPSIS git secret remove [-c] ... ## DESCRIPTION `git-secret-remove` deletes files from `.gitsecret/paths/mapping.cfg`, so they won't be encrypted or decrypted in the future. There's also an option to delete existing encrypted versions of the files provided. ## OPTIONS -c - deletes existing real encrypted files. -h - shows help. ## MANUAL Run `man git-secret-remove` to see this note. ## SEE ALSO [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) git-secret-0.2.3/man/man1/git-secret-reveal.1000066400000000000000000000023421320717772500206110ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-REVEAL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. . .SH "SYNOPSIS" . .nf git secret reveal [\-f] [\-d dir] [\-p password] . .fi . .SH "DESCRIPTION" \fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key with one of the public\-keys, which were used in the encryption\. . .SH "OPTIONS" . .nf \-f \- forces to overwrite exisiting files without prompt\. \-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. \-p \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\. \-h \- shows help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-reveal\fR to see this note\. . .SH "SEE ALSO" git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR git-secret-0.2.3/man/man1/git-secret-reveal.1.ronn000066400000000000000000000017741320717772500215740ustar00rootroot00000000000000git-secret-reveal - decrypts all added files. ============================================= ## SYNOPSIS git secret reveal [-f] [-d dir] [-p password] ## DESCRIPTION `git-secret-reveal` - decrypts all the files in the `.gitsecret/paths/mapping.cfg` by running a `gpg --decrypt` command. It is important to have paired secret-key with one of the public-keys, which were used in the encryption. ## OPTIONS -f - forces to overwrite exisiting files without prompt. -d - specifies `--homedir` option for the `gpg`, basically use this option if your store your keys in a custom location. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. -h - shows help. ## MANUAL Run `man git-secret-reveal` to see this note. ## SEE ALSO [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide) git-secret-0.2.3/man/man1/git-secret-tell.1000066400000000000000000000032071320717772500202740ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-TELL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-tell\fR \- adds a person, who can access private data\. . .SH "SYNOPSIS" . .nf git secret tell [\-m] [\-d dir] [emails]\.\.\. . .fi . .SH "DESCRIPTION" \fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. . .P \fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. . .SH "OPTIONS" . .nf \-m \- takes your current `git config user\.email` as an identifier for the key\. \-d \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\. \-h \- shows help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-tell\fR to see this note\. . .SH "SEE ALSO" git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR git-secret-0.2.3/man/man1/git-secret-tell.1.ronn000066400000000000000000000026231320717772500212500ustar00rootroot00000000000000git-secret-tell - adds a person, who can access private data. =============================================================== ## SYNOPSIS git secret tell [-m] [-d dir] [emails]... ## DESCRIPTION `git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. **Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported. ## OPTIONS -m - takes your current `git config user.email` as an identifier for the key. -d - specifies `--homedir` option for the `gpg`, basically use this option if your store your keys in a custom location. -h - shows help. ## MANUAL Run `man git-secret-tell` to see this note. ## SEE ALSO [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) git-secret-0.2.3/man/man1/git-secret-usage.1000066400000000000000000000014141320717772500204360ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-USAGE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-usage\fR \- prints all the available commands\. . .SH "SYNOPSIS" . .nf git secret usage . .fi . .SH "DESCRIPTION" \fBgit\-secret\-usage\fR is used to print all the available commands\. . .SH "OPTIONS" . .nf \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-usage\fR to see this note\. . .SH "SEE ALSO" git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-usage.1.ronn000066400000000000000000000011031320717772500214040ustar00rootroot00000000000000git-secret-usage - prints all the available commands. ===================================================== ## SYNOPSIS git secret usage ## DESCRIPTION `git-secret-usage` is used to print all the available commands. ## OPTIONS -h - shows this help. ## MANUAL Run `man git-secret-usage` to see this note. ## SEE ALSO [git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man1/git-secret-whoknows.1000066400000000000000000000015551320717772500212170ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. . .SH "SYNOPSIS" . .nf git secret whoknows . .fi . .SH "DESCRIPTION" \fBgit\-secret\-whokowns\fR prints list of email addresses which are used as labels for currently public keys added to the local keyring\. . .SH "OPTIONS" . .nf \-h \- shows this help\. . .fi . .SH "MANUAL" Run \fBman git\-secret\-whoknows\fR to see this note\. . .SH "SEE ALSO" git\-secret\-list(1) \fIhttp://git\-secret\.io/git\-secret\-list\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR git-secret-0.2.3/man/man1/git-secret-whoknows.1.ronn000066400000000000000000000012611320717772500221640ustar00rootroot00000000000000git-secret-whoknows - prints email-labels for each key in the keyring. ====================================================================== ## SYNOPSIS git secret whoknows ## DESCRIPTION `git-secret-whokowns` prints list of email addresses which are used as labels for currently public keys added to the local keyring. ## OPTIONS -h - shows this help. ## MANUAL Run `man git-secret-whoknows` to see this note. ## SEE ALSO [git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) git-secret-0.2.3/man/man7/000077500000000000000000000000001320717772500152125ustar00rootroot00000000000000git-secret-0.2.3/man/man7/git-secret.7000066400000000000000000000060371320717772500173560ustar00rootroot00000000000000.\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . .TH "GIT\-SECRET" "7" "March 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\fR . .SH "Usage" These steps cover the basic process of using \fBgit\-secret\fR: . .IP "1." 4 Before starting, make sure you have created \fBgpg\fR RSA key\-pair: public and secret key identified by your email address\. . .IP "2." 4 Initialize \fBgit\-secret\fR repository by running \fBgit secret init\fR command\. \fB\.gitsecret/\fR folder will be created, \fBnote\fR that \fB\.gitsecret/\fR folder should \fBnot\fR be ignored \fIhttps://github\.com/sobolevn/git\-secret/issues/39\fR\. . .IP "3." 4 Add first user to the system by running \fBgit secret tell your@gpg\.email\fR\. . .IP "4." 4 Now it\'s time to add files you wish to encrypt inside the \fBgit\-secret\fR repository\. It can be done by running \fBgit secret add \fR command\. Make sure these files are ignored, otherwise \fBgit\-secret\fR won\'t allow you to add them, as these files will be stored unencrypted\. . .IP "5." 4 When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your changes\. \fBBut\fR\. It\'s recommended to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\. . .IP "6." 4 Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for your password\. And you\'re done! . .IP "" 0 . .SS "I want to add someone to the repository" . .IP "1." 4 Get his \fBgpg\fR public\-key\. \fBYou won\'t need their secret key\.\fR . .IP "2." 4 Import this key inside your \fBgpg\fR by running \fBgpg \-\-import KEY_NAME\fR . .IP "3." 4 Now add this person to the \fBgit\-secret\fR by running \fBgit secret tell persons@email\.id\fR . .IP "4." 4 Reencypt the files, now they will be able to decrypt them with their secret key\. . .IP "" 0 . .P Note, that it is possible to add yourself to the system without decrypting existing files\. It will be possible to decrypt them after reencrypting them with the new keyring\. So, if you don\'t want unexpected keys added, make sure to configure some server\-side security policy with the \fBpre\-receive\fR hook\. . .SH "Configuration" You can configure several things to suit your workflow better\. To do so, just set the required variable to the value you need\. This can be done in your shell environment file or with the each \fBgit\-secret\fR command\. . .P These settings are available to be changed: . .IP "\(bu" 4 \fB$SECRETS_GPG_COMMAND\fR \- sets the \fBgpg\fR alternatives, defaults to \fBgpg\fR\. It can be changed to \fBgpg\fR, \fBgpg2\fR, \fBpgp\fR, \fB/usr/local/gpg\fR or any other value\. After doing so rerun tests to be sure, that it won\'t break anything\. Tested to be working with: \fBgpg\fR, \fBgpg2\fR\. . .IP "\(bu" 4 \fB$SECRETS_EXTENSION\fR \- sets the secret files extension, defaults to \fB\.secret\fR\. It can be changed to any valid file extension\. . .IP "" 0 git-secret-0.2.3/man/man7/git-secret.7.ronn000066400000000000000000000060121320717772500203220ustar00rootroot00000000000000## Usage These steps cover the basic process of using `git-secret`: 0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address. 1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created, **note** that `.gitsecret/` folder [should **not** be ignored](https://github.com/sobolevn/git-secret/issues/39). 2. Add first user to the system by running `git secret tell your@gpg.email`. 3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add ` command. Make sure these files are ignored, otherwise `git-secret` won't allow you to add them, as these files will be stored unencrypted. 4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your changes. **But**. It's recommended to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes. 5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done! ### I want to add someone to the repository 1. Get his `gpg` public-key. **You won't need their secret key.** 2. Import this key inside your `gpg` by running `gpg --import KEY_NAME` 3. Now add this person to the `git-secret` by running `git secret tell persons@email.id` 4. Reencypt the files, now they will be able to decrypt them with their secret key. Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook. ## Configuration You can configure several things to suit your workflow better. To do so, just set the required variable to the value you need. This can be done in your shell environment file or with the each `git-secret` command. These settings are available to be changed: * `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun the tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. ## Internals ### `.gitsecret` folder This folder contains every piece of information about the project. It stores: * public keys for the project * path mappings. Or in other words: what files are tracked to be hidden and revealed This folder should not be ignored. In case it is application would not work raising an error: `'.gitsecret/' is ignored. abort.'`. However, it is possible to ignore [individual files](https://github.com/sobolevn/git-secret/issues/93) inside it: `random_seed` would be the most popular example. git-secret-0.2.3/src/000077500000000000000000000000001320717772500143645ustar00rootroot00000000000000git-secret-0.2.3/src/_utils/000077500000000000000000000000001320717772500156635ustar00rootroot00000000000000git-secret-0.2.3/src/_utils/_git_secret_tools.sh000066400000000000000000000273411320717772500217350ustar00rootroot00000000000000#!/usr/bin/env bash # Folders: _SECRETS_DIR=".gitsecret" _SECRETS_DIR_KEYS="${_SECRETS_DIR}/keys" _SECRETS_DIR_PATHS="${_SECRETS_DIR}/paths" # Files: _SECRETS_DIR_KEYS_MAPPING="${_SECRETS_DIR_KEYS}/mapping.cfg" _SECRETS_DIR_KEYS_TRUSTDB="${_SECRETS_DIR_KEYS}/trustdb.gpg" _SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg" : "${SECRETS_EXTENSION:=".secret"}" # Commands: : "${SECRETS_GPG_COMMAND:="gpg"}" : "${SECRETS_CHECKSUM_COMMAND:="sha256sum"}" # AWK scripts: # shellcheck disable=2016 AWK_FSDB_HAS_RECORD=' BEGIN { FS=":"; OFS=":"; cnt=0; } { if ( key == $1 ) { cnt++ } } END { if ( cnt > 0 ) print "0"; else print "1"; } ' # shellcheck disable=2016 AWK_FSDB_RM_RECORD=' BEGIN { FS=":"; OFS=":"; } { if ( key != $1 ) { print $1,$2; } } ' # shellcheck disable=2016 AWK_FSDB_CLEAR_HASHES=' BEGIN { FS=":"; OFS=":"; } { print $1,""; } ' # shellcheck disable=2016 AWK_GPG_VER_CHECK=' /^gpg/{ version=$3 n=split(version,array,".") if( n >= 2) { if(array[1] >= 2) { if(array[2] >= 1) { print 1 } else { print 0 } } else { print 0 } } else if(array[1] >= 2) { print 1 } else { print 0 } } ' # This is 1 for gpg vesion 2.1 or greater, otherwise 0 GPG_VER_21="$(gpg --version | gawk "$AWK_GPG_VER_CHECK")" # Bash: function _function_exists { local function_name="$1" # required declare -f -F "$function_name" > /dev/null 2>&1 echo $? } # OS based: function _os_based { # Pass function name as first parameter. # It will be invoked as os-based function with the postfix. case "$(uname -s)" in Darwin) "$1_osx" "${@:2}" ;; Linux) "$1_linux" "${@:2}" ;; # TODO: add MS Windows support. # CYGWIN*|MINGW32*|MSYS*) # $1_ms ${@:2} # ;; *) _abort 'unsupported OS.' ;; esac } # File System: function _set_config { # This function creates a line in the config, or alters it. local key="$1" # required local value="$2" # required local filename="$3" # required # The exit status is 0 (true) if the name was found, 1 (false) if not: local contains contains=$(grep -Fq "$key" "$filename"; echo "$?") # Append or alter? if [[ "$contains" -eq 0 ]]; then _os_based __replace_in_file "$@" elif [[ "$contains" -eq 1 ]]; then echo "${key} = ${value}" >> "$filename" fi } function _file_has_line { # First parameter is the key, second is the filename. local key="$1" # required local filename="$2" # required local contains contains=$(grep -qw "$key" "$filename"; echo $?) # 0 on contains, 1 for error. echo "$contains" } function _delete_line { local escaped_path # shellcheck disable=2001 escaped_path=$(echo "$1" | sed -e 's/[\/&]/\\&/g') # required local line="$2" # required sed -i.bak "/$escaped_path/d" "$line" } function _temporary_file { # This function creates temporary file # which will be removed on system exit. filename=$(_os_based __temp_file) # is not `local` on purpose. trap 'echo "cleaning up..."; rm -f "$filename";' EXIT } function _unique_filename { # First parameter is base-path, second is filename, # third is optional extension. local n=0 local base_path="$1" local result="$2" while true; do if [[ ! -f "$base_path/$result" ]]; then break fi n=$(( n + 1 )) result="${2}-${n}" # calling to the original "$2" done echo "$result" } # Helper function function _gawk_inplace { local parms="$*" local dest_file dest_file="$(echo "$parms" | gawk -v RS="'" -v FS="'" 'END{ gsub(/^\s+/,""); print $1 }')" _temporary_file bash -c "gawk ${parms}" > "$filename" mv "$filename" "$dest_file" } # File System Database (fsdb): function _get_record_filename { # Returns 1st field from passed record local record="$1" local filename filename=$(echo "$record" | awk -F: '{print $1}') echo "$filename" } function _get_record_hash { # Returns 2nd field from passed record local record="$1" local hash hash=$(echo "$record" | awk -F: '{print $2}') echo "$hash" } function _fsdb_has_record { # First parameter is the key # Second is the fsdb local key="$1" # required local fsdb="$2" # required # 0 on contains, 1 for error. gawk -v key="$key" "$AWK_FSDB_HAS_RECORD" "$fsdb" } function _fsdb_rm_record { # First parameter is the key (filename) # Second is the path to fsdb local key="$1" # required local fsdb="$2" # required _gawk_inplace -v key="$key" "'$AWK_FSDB_RM_RECORD'" "$fsdb" } function _fsdb_clear_hashes { # First parameter is the path to fsdb local fsdb="$1" # required _gawk_inplace "'$AWK_FSDB_CLEAR_HASHES'" "$fsdb" } # Manuals: function _show_manual_for { local function_name="$1" # required man "git-secret-${function_name}" exit 0 } # Invalid options function _invalid_option_for { local function_name="$1" # required man "git-secret-${function_name}" exit 1 } # VCS: function _check_ignore { local filename="$1" # required local result result="$(git add -n "$filename" > /dev/null 2>&1; echo $?)" # when ignored if [[ "$result" -ne 0 ]]; then result=0 else result=1 fi # returns 1 when not ignored, and 0 when ignored echo "$result" } function _git_normalize_filename { local filename="$1" # required local result result=$(git ls-files --full-name -o "$filename") echo "$result" } function _maybe_create_gitignore { # This function creates '.gitignore' if it was missing. local full_path full_path=$(_append_root_path '.gitignore') if [[ ! -f "$full_path" ]]; then touch "$full_path" fi } function _add_ignored_file { # This function adds a line with the filename into the '.gitgnore' file. # It also creates '.gitignore' if it's not there local filename="$1" # required _maybe_create_gitignore local full_path full_path=$(_append_root_path '.gitignore') echo "$filename" >> "$full_path" } function _is_inside_git_tree { # Checks if we are working inside the `git` tree. local result result=$(git rev-parse --is-inside-work-tree > /dev/null 2>&1; echo $?) echo "$result" } function _get_git_root_path { # We need this function to get the location of the `.git` folder, # since `.gitsecret` must be on the same level. local result result=$(git rev-parse --show-toplevel) echo "$result" } # Relative paths: function _append_root_path { # This function adds root path to any other path. local path="$1" # required local root_path root_path=$(_get_git_root_path) echo "$root_path/$path" } function _get_secrets_dir { _append_root_path "${_SECRETS_DIR}" } function _get_secrets_dir_keys { _append_root_path "${_SECRETS_DIR_KEYS}" } function _get_secrets_dir_path { _append_root_path "${_SECRETS_DIR_PATHS}" } function _get_secrets_dir_keys_mapping { _append_root_path "${_SECRETS_DIR_KEYS_MAPPING}" } function _get_secrets_dir_keys_trustdb { _append_root_path "${_SECRETS_DIR_KEYS_TRUSTDB}" } function _get_secrets_dir_paths_mapping { _append_root_path "${_SECRETS_DIR_PATHS_MAPPING}" } # Logic: function _get_gpg_local { # This function is required to return proper `gpg` command. # This function was created due to this bug: # https://github.com/sobolevn/git-secret/issues/85 local homedir homedir=$(_get_secrets_dir_keys) local gpg_local="$SECRETS_GPG_COMMAND --homedir=$homedir --no-permission-warning" echo "$gpg_local" } function _abort { local message="$1" # required >&2 echo "$message abort." exit 1 } function _find_and_clean { # required: local pattern="$1" # can be any string pattern # optional: local verbose=${2:-""} # can be empty or should be equal to "v" local root root=$(_get_git_root_path) # shellcheck disable=2086 find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose } function _find_and_clean_formated { # required: local pattern="$1" # can be any string pattern # optional: local verbose=${2:-""} # can be empty or should be equal to "v" local message=${3:-"cleaning:"} # can be any string if [[ ! -z "$verbose" ]]; then echo && echo "$message" fi _find_and_clean "$pattern" "$verbose" if [[ ! -z "$verbose" ]]; then echo fi } function _list_all_added_files { local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) if [[ ! -s "$path_mappings" ]]; then _abort "$path_mappings is missing." fi while read -r line; do _get_record_filename "$line" done < "$path_mappings" } function _secrets_dir_exists { # This function checks if "$_SECRETS_DIR" exists and. local full_path full_path=$(_get_secrets_dir) if [[ ! -d "$full_path" ]]; then _abort "$full_path does not exist." fi } function _secrets_dir_is_not_ignored { # This function checks that "$_SECRETS_DIR" is not ignored. local git_secret_dir git_secret_dir=$(_get_secrets_dir) # Create git_secret_dir required for check local cleanup=0 if [[ ! -d "$git_secret_dir" ]]; then mkdir "$git_secret_dir" cleanup=1 fi local ignores ignores=$(_check_ignore "$git_secret_dir") if [[ "$cleanup" == 1 ]]; then rmdir "$git_secret_dir" fi if [[ ! $ignores -eq 1 ]]; then _abort "'$git_secret_dir' is ignored." fi } function _user_required { # This function does a bunch of validations: # 1. It calls `_secrets_dir_exists` to verify that "$_SECRETS_DIR" exists. # 2. It ensures that "$_SECRETS_DIR_KEYS_TRUSTDB" exists. # 3. It ensures that there are added public keys. _secrets_dir_exists local trustdb trustdb=$(_get_secrets_dir_keys_trustdb) local error_message="no users found. run 'git secret tell'." if [[ ! -f "$trustdb" ]]; then _abort "$error_message" fi local gpg_local gpg_local=$(_get_gpg_local) local keys_exist keys_exist=$($gpg_local -n --list-keys) if [[ -z "$keys_exist" ]]; then _abort "$error_message" fi } function _get_raw_filename { echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##' } function _get_encrypted_filename { local filename filename="$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" echo "${filename}${SECRETS_EXTENSION}" | sed -e 's#^\./##' } function _parse_keyring_users { # First argument must be a `sed` pattern local sed_pattern="$1" local result local gpg_local gpg_local=$(_get_gpg_local) result=$($gpg_local --list-public-keys --with-colon | sed -n "$sed_pattern") echo "$result" } function _get_users_in_keyring { # This function is required to show the users in the keyring. # `whoknows` command uses it internally. # It basically just parses the `gpg` public keys _parse_keyring_users 's/.*<\(.*\)>.*/\1/p' } function _get_recepients { # This function is required to create an encrypted file for different users. # These users are called 'recepients' in the `gpg` terms. # It basically just parses the `gpg` public keys _parse_keyring_users 's/.*<\(.*\)>.*/-r\1/p' } function _decrypt { # required: local filename="$1" # optional: local write_to_file=${2:-1} # can be 0 or 1 local force=${3:-0} # can be 0 or 1 local homedir=${4:-""} local passphrase=${5:-""} local encrypted_filename encrypted_filename=$(_get_encrypted_filename "$filename") local base="$SECRETS_GPG_COMMAND --use-agent --decrypt --no-permission-warning" if [[ "$write_to_file" -eq 1 ]]; then base="$base -o $filename" fi if [[ "$force" -eq 1 ]]; then base="$base --yes" fi if [[ ! -z "$homedir" ]]; then base="$base --homedir=$homedir" fi if [[ "$GPG_VER_21" -eq 1 ]]; then base="$base --pinentry-mode loopback" fi if [[ ! -z "$passphrase" ]]; then echo "$passphrase" | $base --quiet --batch --yes --no-tty --passphrase-fd 0 \ "$encrypted_filename" else $base --quiet "$encrypted_filename" fi } git-secret-0.2.3/src/_utils/_git_secret_tools_linux.sh000066400000000000000000000003361320717772500231470ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=1117 function __replace_in_file_linux { sed -i.bak "s/^\($1\s*=\s*\).*\$/\1$2/" "$3" } function __temp_file_linux { local filename filename=$(mktemp) echo "$filename" } git-secret-0.2.3/src/_utils/_git_secret_tools_osx.sh000066400000000000000000000004271320717772500226220ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=1117 function __replace_in_file_osx { sed -i.bak "s/^\($1[[:space:]]*=[[:space:]]*\).*\$/\1$2/" "$3" } function __temp_file_osx { : "${TMPDIR:=/tmp}" local filename filename=$(mktemp -t _gitsecrets_XXX ) echo "$filename"; } git-secret-0.2.3/src/commands/000077500000000000000000000000001320717772500161655ustar00rootroot00000000000000git-secret-0.2.3/src/commands/git_secret_add.sh000066400000000000000000000042421320717772500214630ustar00rootroot00000000000000#!/usr/bin/env bash function add { local auto_ignore=0 OPTIND=1 while getopts "ih" opt; do case "$opt" in i) auto_ignore=1;; h) _show_manual_for "add";; *) _invalid_option_for "add";; esac done shift $((OPTIND-1)) [ "$1" = "--" ] && shift _user_required # Checking if all files are correct (ignored and inside the repo): local not_ignored=() local items=( "$@" ) # Checking if all files in options are ignored: for item in "${items[@]}"; do local path # absolute path local normalized_path # relative to the .git dir normalized_path=$(_git_normalize_filename "$item") path=$(_append_root_path "$normalized_path") # Checking that file is valid: if [[ ! -f "$path" ]]; then _abort "$item is not a file." fi # Checking that it is ignored: local ignored ignored=$(_check_ignore "$path") if [[ "$ignored" -ne 0 ]]; then # Collect unignored files: not_ignored+=("$normalized_path") fi done # Are there any uningnored files? if [[ ! "${#not_ignored[@]}" -eq 0 ]]; then # And show them all at once. local message message="these files are not ignored: $* ;" if [[ "$auto_ignore" -eq 0 ]]; then # This file is not ignored. user don't want it to be added automatically. # Raise the exception, since all files, which will be hidden, must be ignored. _abort "$message" else # In this case these files should be added to the `.gitignore` automatically: # see https://github.com/sobolevn/git-secret/issues/18 for more. echo "$message" echo "auto adding them to .gitignore" for item in "${not_ignored[@]}"; do _add_ignored_file "$item" done fi fi # Adding files to path mappings: local fsdb fsdb=$(_get_secrets_dir_paths_mapping) for item in "${items[@]}"; do local path local key path=$(_git_normalize_filename "$item") key="$path" # Adding files into system, skipping duplicates. local already_in already_in=$(_fsdb_has_record "$key" "$fsdb") if [[ "$already_in" -eq 1 ]]; then echo "$key" >> "$fsdb" fi done echo "${#@} item(s) added." } git-secret-0.2.3/src/commands/git_secret_changes.sh000066400000000000000000000024611320717772500223440ustar00rootroot00000000000000#!/usr/bin/env bash function changes { local passphrase="" OPTIND=1 while getopts 'hd:p:' opt; do case "$opt" in h) _show_manual_for 'changes';; p) passphrase=$OPTARG;; d) homedir=$OPTARG;; *) _invalid_option_for 'changes';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift _user_required local filenames="$*" if [[ -z "$filenames" ]]; then # Checking if no filenames are passed, show diff for all files. filenames=$(_list_all_added_files) fi IFS=' ' for filename in $filenames; do local decrypted local diff_result local path # absolute path local normalized_path # relative to the .git dir normalized_path=$(_git_normalize_filename "$filename") if [[ ! -z "$normalized_path" ]]; then path=$(_append_root_path "$normalized_path") else # Path was already normalized path=$(_append_root_path "$filename") fi # Now we have all the data required: decrypted=$(_decrypt "$path" "0" "0" "$homedir" "$passphrase") # Let's diff the result: diff_result=$(diff -u <(echo "$decrypted") "$path") || true # There was a bug in the previous version, since `diff` returns # exit code `1` when the files are different. echo "changes in ${path}:" echo "${diff_result}" done } git-secret-0.2.3/src/commands/git_secret_clean.sh000066400000000000000000000006341320717772500220160ustar00rootroot00000000000000#!/usr/bin/env bash function clean { local verbose='' OPTIND=1 while getopts 'vh' opt; do case "$opt" in v) verbose="v";; h) _show_manual_for 'clean';; *) _invalid_option_for 'clean';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift _user_required # User should see properly formated output: _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" } git-secret-0.2.3/src/commands/git_secret_hide.sh000066400000000000000000000070171320717772500216470ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=2016 AWK_FSDB_UPDATE_HASH=' BEGIN { FS=":"; OFS=":"; } { if ( key == $1 ) { print key,hash; } else { print $1,$2; } } ' function _optional_clean { local clean="$1" local verbose=${2:-""} if [[ $clean -eq 1 ]]; then _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" fi } function _optional_delete { local delete="$1" local verbose=${2:-""} if [[ $delete -eq 1 ]]; then local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) # We use custom formating here: if [[ ! -z "$verbose" ]]; then echo && echo 'removing unencrypted files:' fi while read -r line; do # So the formating would not be repeated several times here: local filename filename=$(_get_record_filename "$line") _find_and_clean "*$filename" "$verbose" done < "$path_mappings" if [[ ! -z "$verbose" ]]; then echo fi fi } function _get_checksum_local { local checksum="$SECRETS_CHECKSUM_COMMAND" echo "$checksum" } function _get_file_hash { local input_path="$1" # Required local checksum_local local file_hash checksum_local="$(_get_checksum_local)" file_hash=$($checksum_local "$input_path" | gawk '{print $1}') echo "$file_hash" } function _optional_fsdb_update_hash { local key="$1" local hash="$2" local fsdb # path_mappings fsdb=$(_get_secrets_dir_paths_mapping) _gawk_inplace -v key="$key" -v hash="$hash" "'$AWK_FSDB_UPDATE_HASH'" "$fsdb" } function hide { local clean=0 local delete=0 local fsdb_update_hash=0 # add checksum hashes to fsdb local verbose='' OPTIND=1 while getopts 'cdmvh' opt; do case "$opt" in c) clean=1;; d) delete=1;; m) fsdb_update_hash=1;; v) verbose='v';; h) _show_manual_for 'hide';; *) _invalid_option_for 'hide';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift # We need user to continue: _user_required # If -c option was provided, it would clean the hidden files # before creating new ones. _optional_clean "$clean" "$verbose" # Encrypting files: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local counter=0 while read -r record; do local filename local fsdb_file_hash local encrypted_filename filename=$(_get_record_filename "$record") fsdb_file_hash=$(_get_record_hash "$record") encrypted_filename=$(_get_encrypted_filename "$filename") local recipients recipients=$(_get_recepients) local gpg_local gpg_local=$(_get_gpg_local) local input_path local output_path input_path=$(_append_root_path "$filename") output_path=$(_append_root_path "$encrypted_filename") file_hash=$(_get_file_hash "$input_path") # encrypt file only if required if [[ "$fsdb_file_hash" != "$file_hash" ]]; then # shellcheck disable=2086 $gpg_local --use-agent --yes --trust-model=always --encrypt \ $recipients -o "$output_path" "$input_path" > /dev/null 2>&1 # If -m option was provided, it will update unencrypted file hash local key="$filename" local hash="$file_hash" # Update file hash if required in fsdb [[ "$fsdb_update_hash" -gt 0 ]] && \ _optional_fsdb_update_hash "$key" "$hash" fi counter=$((counter+1)) done < "$path_mappings" # If -d option was provided, it would delete the source files # after we have already hidden them. _optional_delete "$delete" "$verbose" echo "done. all $counter files are hidden." } git-secret-0.2.3/src/commands/git_secret_init.sh000066400000000000000000000030061320717772500216730ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=2016 AWK_ADD_TO_GITIGNORE=' BEGIN { cnt=0 } function check_print_line(line){ if (line == pattern) { cnt++ } print line } # main function { check_print_line($0) # check and print first line while (getline == 1) { # check and print all other check_print_line($0) } } END { if ( cnt == 0) { # if file did not contain pattern add print pattern } } ' function gitignore_add_pattern { local pattern local gitignore_file_path pattern="$1" gitignore_file_path=$(_append_root_path '.gitignore') _maybe_create_gitignore _gawk_inplace -v pattern="$pattern" "'$AWK_ADD_TO_GITIGNORE'" "$gitignore_file_path" } function init { OPTIND=1 while getopts 'h' opt; do case "$opt" in h) _show_manual_for 'init';; *) _invalid_option_for 'init';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift # Check if '.gitsecret/' already exists: local git_secret_dir git_secret_dir=$(_get_secrets_dir) if [[ -d "$git_secret_dir" ]]; then _abort 'already inited.' fi # Check if it is ignored: _secrets_dir_is_not_ignored # Create internal files: mkdir "$git_secret_dir" "$(_get_secrets_dir_keys)" "$(_get_secrets_dir_path)" touch "$(_get_secrets_dir_keys_mapping)" "$(_get_secrets_dir_paths_mapping)" echo "'$git_secret_dir/' created." local random_seed_file random_seed_file=".gitsecret/keys/random_seed" gitignore_add_pattern "$random_seed_file" # TODO: git attributes to view diffs } git-secret-0.2.3/src/commands/git_secret_killperson.sh000066400000000000000000000013251320717772500231140ustar00rootroot00000000000000#!/usr/bin/env bash function killperson { OPTIND=1 while getopts 'h' opt; do case "$opt" in h) _show_manual_for 'killperson';; *) _invalid_option_for 'killperson';; esac done shift $((OPTIND-1)) [ "$1" = "--" ] && shift _user_required # Command logic: local emails=( "$@" ) if [[ ${#emails[@]} -eq 0 ]]; then _abort "at least one email is required." fi # Getting the local `gpg` command: local gpg_local gpg_local=$(_get_gpg_local) for email in "${emails[@]}"; do $gpg_local --batch --yes --delete-key "$email" done echo 'removed keys.' echo "now [$*] do not have an access to the repository." echo 'make sure to hide the existing secrets again.' } git-secret-0.2.3/src/commands/git_secret_list.sh000066400000000000000000000004551320717772500217100ustar00rootroot00000000000000#!/usr/bin/env bash function list { OPTIND=1 while getopts 'h' opt; do case "$opt" in h) _show_manual_for 'list';; *) _invalid_option_for 'list';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift _user_required # Command logic: _list_all_added_files } git-secret-0.2.3/src/commands/git_secret_remove.sh000066400000000000000000000024721320717772500222330ustar00rootroot00000000000000#!/usr/bin/env bash function remove { local clean=0 OPTIND=1 while getopts 'ch' opt; do case "$opt" in c) clean=1;; h) _show_manual_for 'remove';; *) _invalid_option_for 'remove';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift # Validate if user exists: _user_required # Command logic: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) for item in "$@"; do local path # absolute path local normalized_path # relative to .git folder normalized_path=$(_git_normalize_filename "$item") path=$(_append_root_path "$normalized_path") echo "$item -> $normalized_path -> $path" # Checking if file exists: if [[ ! -f "$path" ]]; then _abort "$item is not a file." fi # Deleting it from path mappings: # Remove record from fsdb with matching key local key key="$normalized_path" fsdb="$path_mappings" _fsdb_rm_record "$key" "$fsdb" rm -f "${path_mappings}.bak" # not all systems create '.bak' # Optional clean: if [[ "$clean" -eq 1 ]]; then local encrypted_filename encrypted_filename=$(_get_encrypted_filename "$path") rm "$encrypted_filename" # fail on error fi done echo 'removed from index.' echo "ensure that files: [$*] are now not ignored." } git-secret-0.2.3/src/commands/git_secret_reveal.sh000066400000000000000000000016101320717772500222050ustar00rootroot00000000000000#!/usr/bin/env bash function reveal { local homedir='' local passphrase='' local force=0 OPTIND=1 while getopts 'hfd:p:' opt; do case "$opt" in h) _show_manual_for 'reveal';; f) force=1;; p) passphrase=$OPTARG;; d) homedir=$OPTARG;; *) _invalid_option_for 'reveal';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift _user_required # Command logic: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local counter=0 while read -r line; do local filename local path filename=$(_get_record_filename "$line") path=$(_append_root_path "$filename") # The parameters are: filename, write-to-file, force, homedir, passphrase _decrypt "$path" "1" "$force" "$homedir" "$passphrase" counter=$((counter+1)) done < "$path_mappings" echo "done. all $counter files are revealed." } git-secret-0.2.3/src/commands/git_secret_tell.sh000066400000000000000000000045351320717772500217000ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=2016 AWK_GPG_KEY_CNT=' BEGIN { cnt=0; OFS=":"; FS=":"; } flag=0; $1 == "pub" { cnt++ } END { print cnt } ' function get_gpg_key_count { local gpg_local gpg_local=$(_get_gpg_local) $gpg_local --list-public-keys --with-colon | gawk "$AWK_GPG_KEY_CNT" } function tell { local emails local self_email=0 local homedir # A POSIX variable # Reset in case getopts has been used previously in the shell. OPTIND=1 while getopts "hmd:" opt; do case "$opt" in h) _show_manual_for "tell";; m) self_email=1;; d) homedir=$OPTARG;; *) _invalid_option_for 'tell';; esac done shift $((OPTIND-1)) [ "$1" = "--" ] && shift # Validates that application is inited: _secrets_dir_exists # Command logic: emails=( "$@" ) local git_email if [[ "$self_email" -eq 1 ]]; then git_email=$(git config user.email) if [[ -z "$git_email" ]]; then _abort "'git config user.email' is not set." fi emails+=("$git_email") fi if [[ "${#emails[@]}" -eq 0 ]]; then # If after possible addition of git_email, emails are still empty, # we should raise an exception. _abort "you must provide at least one email address." fi local start_key_cnt start_key_cnt=$(get_gpg_key_count) for email in "${emails[@]}"; do # This file will be removed automatically: _temporary_file # note, that `_temporary_file` will export `filename` var. # shellcheck disable=2154 local keyfile="$filename" if [[ -z "$homedir" ]]; then $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" else # It means that homedir is set as an extra argument via `-d`: $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ --export -a "$email" > "$keyfile" fi if [[ ! -s "$keyfile" ]]; then _abort 'gpg key is empty. check your key name: "gpg --list-keys".' fi # Importing public key to the local keychain: local gpg_local gpg_local=$(_get_gpg_local) $gpg_local --import "$keyfile" > /dev/null 2>&1 done echo "done. ${emails[*]} added as someone who know(s) the secret." # force re-encrypting of files if required local fsdb local end_key_cnt fsdb=$(_get_secrets_dir_paths_mapping) end_key_cnt=$(get_gpg_key_count) [[ $start_key_cnt -ne $end_key_cnt ]] && _fsdb_clear_hashes "$fsdb" } git-secret-0.2.3/src/commands/git_secret_usage.sh000066400000000000000000000011321320717772500220320ustar00rootroot00000000000000#!/usr/bin/env bash function usage { OPTIND=1 while getopts "h?" opt; do case "$opt" in h) _show_manual_for "usage";; *) _invalid_option_for "usage";; esac done shift $((OPTIND-1)) [ "$1" = "--" ] && shift # There was a bug with some shells, which were adding extra commands # to the old dynamic-loading version of this code. # thanks to @antmak it is now fixed, see: # https://github.com/sobolevn/git-secret/issues/47 local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows" echo "usage: git secret [$commands]" } git-secret-0.2.3/src/commands/git_secret_whoknows.sh000066400000000000000000000006211320717772500226070ustar00rootroot00000000000000#!/usr/bin/env bash function whoknows { OPTIND=1 while getopts "h?" opt; do case "$opt" in h) _show_manual_for "whoknows";; *) _invalid_option_for "whoknows";; esac done shift $((OPTIND-1)) [ "$1" = "--" ] && shift # Validating, that we have a user: _user_required local keys # Getting the users from gpg: keys=$(_get_users_in_keyring) echo "$keys" } git-secret-0.2.3/src/main.sh000077500000000000000000000031151320717772500156470ustar00rootroot00000000000000#!/usr/bin/env bash set -e function _check_setup { # Checking git and secret-plugin setup: local is_tree is_tree=$(_is_inside_git_tree) if [[ "$is_tree" -ne 0 ]]; then _abort "repository is broken. try running 'git init' or 'git clone'." fi # Checking if the '.gitsecret' is not ignored: _secrets_dir_is_not_ignored # Checking gpg setup: local keys_dir keys_dir=$(_get_secrets_dir_keys) local secring="$keys_dir/secring.gpg" if [[ -f $secring ]] && [[ -s $secring ]]; then # secring.gpg exists and is not empty, # someone has imported a private key. _abort 'it seems that someone has imported a secret key.' fi } function _incorrect_usage { echo "$1" usage exit "$2" } function _show_version { echo "$GITSECRET_VERSION" exit 0 } function _init_script { if [[ $# == 0 ]]; then _incorrect_usage 'no input parameters provided.' 126 fi # Parse plugin-level options: local dry_run=0 while [[ $# -gt 0 ]]; do local opt="$1" case "$opt" in # Options for quick-exit strategy: --dry-run) dry_run=1 shift;; --version) _show_version;; *) break;; # do nothing esac done if [[ "$dry_run" == 0 ]]; then # Checking for proper set-up: _check_setup # Routing the input command: local function_exists function_exists=$(_function_exists "$1") if [[ "$function_exists" == 0 ]] && [[ ! $1 == _* ]]; then $1 "${@:2}" else # TODO: elif [[ $(_plugin_exists $1) == 0 ]]; then _incorrect_usage "command $1 not found." 126 fi fi } _init_script "$@" git-secret-0.2.3/src/version.sh000066400000000000000000000001111320717772500163760ustar00rootroot00000000000000#!/usr/bin/env bash # shellcheck disable=2034 GITSECRET_VERSION='0.2.2' git-secret-0.2.3/tests/000077500000000000000000000000001320717772500147375ustar00rootroot00000000000000git-secret-0.2.3/tests/_test_base.bash000066400000000000000000000115201320717772500177050ustar00rootroot00000000000000#!/usr/bin/env bash # This file is following a name convention defined in: # https://github.com/sstephenson/bats # shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/version.sh" # shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" # Constants: FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" TEST_GPG_HOMEDIR="$BATS_TMPDIR" AWK_GPG_GET_FP=' BEGIN { OFS=":"; FS=":"; } { if ( $1 == "fpr" ) { print $10 exit } } ' # GPG-based stuff: : "${SECRETS_GPG_COMMAND:="gpg"}" # This command is used with absolute homedir set and disabled warnings: GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning --batch" # Personal data: TEST_DEFAULT_USER="user1" TEST_SECOND_USER="user2" # shellcheck disable=2034 TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034 function test_user_password { # It was set on key creation: echo "${1}pass" } function test_user_email { # It was set on key creation: echo "${1}@gitsecret.io" } # GPG: function stop_gpg_agent { local username=$(id -u -n) ps -wx -U "$username" | gawk \ '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill -9 "$1) } }' \ > /dev/null 2>&1 } function get_gpgtest_prefix { if [[ $GPG_VER_21 -eq 1 ]]; then echo "echo \"$(test_user_password $1)\" | " else echo "" fi } function get_gpg_fingerprint_by_email { local email="$1" local fingerprint fingerprint=$($GPGTEST --with-fingerprint \ --with-colon \ --list-secret-key $email | gawk "$AWK_GPG_GET_FP") echo "$fingerprint" } function install_fixture_key { local public_key="$BATS_TMPDIR/public-${1}.key" \cp "$FIXTURES_DIR/gpg/${1}/public.key" "$public_key" $GPGTEST --import "$public_key" > /dev/null 2>&1 rm -f "$public_key" } function install_fixture_full_key { local private_key="$BATS_TMPDIR/private-${1}.key" local gpgtest_prefix="$(get_gpgtest_prefix $1)" local gpgtest_import="$gpgtest_prefix $GPGTEST" local email local fp local fingerprint email=$(test_user_email "$1") \cp "$FIXTURES_DIR/gpg/${1}/private.key" "$private_key" bash -c "$gpgtest_import --allow-secret-key-import \ --import \"$private_key\"" > /dev/null 2>&1 # since 0.1.2 fingerprint is returned: fingerprint=$(get_gpg_fingerprint_by_email $email) install_fixture_key "$1" rm -f "$private_key" # return fingerprint to delete it later: echo "$fingerprint" } function uninstall_fixture_key { local email email=$(test_user_email "$1") $GPGTEST --yes --delete-key "$email" > /dev/null 2>&1 } function uninstall_fixture_full_key { local email email=$(test_user_email "$1") local fingerprint="$2" if [[ -z "$fingerprint" ]]; then # see issue_12, fingerprint on `gpg2` has different format: fingerprint=$(get_gpg_fingerprint_by_email "$email") fi $GPGTEST --yes \ --delete-secret-keys "$fingerprint" > /dev/null 2>&1 uninstall_fixture_key "$1" } # Git: function git_set_config_email { git config --local user.email "$1" } function git_commit { git_set_config_email "$1" local user_name local commit_gpgsign user_name=$(git config user.name) commit_gpgsign=$(git config commit.gpgsign) git config --local user.name "$TEST_DEFAULT_USER" git config --local commit.gpgsign false git add --all git commit -m "$2" git config --local user.name "$user_name" git config --local commit.gpgsign "$commit_gpgsign" } function remove_git_repository { rm -rf ".git" } # Git Secret: function set_state_initial { cd "$BATS_TMPDIR" || exit 1 rm -rf "${BATS_TMPDIR:?}/*" } function set_state_git { git init > /dev/null 2>&1 } function set_state_secret_init { git secret init > /dev/null 2>&1 } function set_state_secret_tell { local email email=$(test_user_email "$1") git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1 } function set_state_secret_add { local filename="$1" local content="$2" echo "$content" > "$filename" echo "$filename" >> ".gitignore" git secret add "$filename" > /dev/null 2>&1 } function set_state_secret_hide { git secret hide > /dev/null 2>&1 } function unset_current_state { # states order: # initial, git, secret_init, secret_tell, secret_add, secret_hide # unsets `secret_hide` # removes .secret files: git secret clean > /dev/null 2>&1 # unsets `secret_add`, `secret_tell` and `secret_init` by removing $_SECRETS_DIR local secrets_dir secrets_dir=$(_get_secrets_dir) rm -rf "$secrets_dir" rm -rf ".gitignore" # unsets `git` state remove_git_repository # stop gpg-agent stop_gpg_agent # removes gpg homedir: find "$TEST_GPG_HOMEDIR" \ -regex ".*\/random_seed\|.*\.gpg\|.*\.kbx.?\|.*private-keys.*\|.*test_sub_dir\|.*S.gpg-agent\|.*file_to_hide.*" \ -exec rm -rf {} + # return to the base dir: cd "$SECRET_PROJECT_ROOT" || exit 1 } git-secret-0.2.3/tests/fixtures/000077500000000000000000000000001320717772500166105ustar00rootroot00000000000000git-secret-0.2.3/tests/fixtures/gpg/000077500000000000000000000000001320717772500173655ustar00rootroot00000000000000git-secret-0.2.3/tests/fixtures/gpg/attacker1/000077500000000000000000000000001320717772500212445ustar00rootroot00000000000000git-secret-0.2.3/tests/fixtures/gpg/attacker1/private.key000066400000000000000000000067611320717772500234420ustar00rootroot00000000000000-----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1 lQO+BFaigVQBCADC5dJ0xweZ+6L0owo2wpKSbQFGQoRJxYVcc1dWe3zNZ5yBrJDV N79rYV5AmHnIGDAJrHHV9rYM4+C8obKka7P3ROm0RMsYKDhpQXWFjsOrl1rjWL86 6D4X7Q5uuJWluPp1+hbzpBmNCX3Y5sr1fmCazvR5iIAvY3EkYbqDt2+BtGTqlevY ivWiOoPKRY9Dc44rKQh8GmaVJzcO3D21IF70i3GnOtjUSK8DWXdD4BrtYTE/9Ua4 bmT2pOPmGMcI38pQHZQXqMPTzloakZk9qIbBoB3FS/UFxQr3R3V+tXPm1Eca/75G +U4VCRLUFWsDU5d+oTCFCa0qNjGnLFOE85C7ABEBAAH+AwMCW7i8uGNVEnRgGKI3 2g1TXbUxgqg8ayjCkE2m99KmtbzxAAGJfuETnpxMo9U5JDOk68UC4jgArfWFOad5 Q3waxbCmKOTuSKqiA1FjXVoL5CtSzziygJ2XSLFh+fOsyeXWSdsmHjIQsXmwSnEm 9TJxNHNA5AL53lX+ike78cP8fNNlZSFWzfqGSe2nHgLICqMAk8hDUO6s/zFrHmbb 6Bu7azLTe4r9oEHcD8XsGlxhUUntK8WFPnrZlAdo++E8Ax4VQA/KXaU7STNutMQu tvuIOB+E6RRH/lKesIwt2Hrbin/AQKzyyedUJOVqW/UCsXBN9dnpbdR5pSn3eXxy LLb3S7whUVUE3HSrVqTRoyupyX10lAecpHPJMB6qq054x1xStPAkcsuVGrewznjD Zywicif6QzbBc6ZN1tS7fOxxJ9vn5qT9et0xnIJqFc++eofJHJ/Wl9eBtg5XTis7 69ERbU6GjqVJhAmPPQNoEVUhS1hJimQxAF/oqhEO8yTEJhmGZIzYTrQ1GcLh/AiH qkZ5LVwraTrXOJJaRzBL+bzfJa91MJVIpfS9wDTpW/CFvFp9Og/dYmTDfE1zLgSv tPSD6RcFxiOTkAeLRN7X5RdFqHjWdhgu2hyd87jpfGt3u0BK1iWW6CptSeNrSFXy lEsU3VuBFMRIjdUAXDefN8/99LdSgO7FkLyJsTeTxGOgrdp9fJF3ZEnk5wYRj6Im /3NyEq5gdeow02LPIgBGqsXi5iHSAaSJEZnpguCsJqeDnzsGmiLBfy2/MS03+XzU FW4OxbNxprDJdheHYqJ6k2z7xchkPedk0s9JpDVe/5ShMyrJI0THP2psPm+EVlKK 7lDpNf4hRj2by8HYLa/X21AgS8WLTWd+osyO5HQxqhMlDqtpKkOJ4q6ylb3QgDNU GrQiYXR0YWNrZXIxIDxhdHRhY2tlcjFAZ2l0c2VjcmV0LmlvPokBOAQTAQIAIgUC VqKBVAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQiAEDMVPMIKV1RwgA sQAQmjtDpyKS/+zzFgVuOqu5QffqylFMXw8zrchiBLTeTCEKoixNj5cccpAG9xDU ZcMwMw/lSAz1MXSfQ6GGvl4ErlZrlx9SSacqPwDNoKWMci9PDb3JpaXZtQQCrDmw nZpSE6bKvhAoTIaA6Tn8g4uOo3vTyDuX1DznrcUFrMCW7vw5ztttA1hvg5iHrs4d ia/FaRX0SOf9y/0u9kQW2pkWlVL2pRgQaYwHl7FQRGnrwibxyEpTQ8x+d8uU87DN aaiUZ5GcsZT2U6cmhuz/k0IFGL408huF5h50KVFTYQNQc3Le3v9wrh88Obn4ciX/ 2YizefDo5WGt5/mvlUfp750DvQRWooFUAQgAv54OkX9n0+L/59UUWWtqz+siBF3o 3wMU0AKoATIZbilxoOPHzvv8iWpSlShTNsY4HqsZf7tIqfJLq91EigV0uQs0v6zw zFC31t8lQaQy0g0uv04xnMIvYw4xRhUa7dBphokeuuSCU7uJzq6za3Ia1hoNZEfd lEG/1LdGMzMLURxUlWWwpzRJdPEpEd6/InavNiffiGaiJXfTUQfpicz0k7eyXgK5 Pat07UaIW80gol+fghu4BhEHAWAfAV6ocd/YfUn7Hax55l0/npC3Y72JMhhSW11H gOE1iz33INGF9pfNL+VQwQj9gUQCOcczquD4NQ7RgQAdZQ2K9k4caOzbxQARAQAB /gMDAlu4vLhjVRJ0YNV0uVpXwCia2Vq2WMzxN0UyvAeF9QwkV8LAJt3O/VwzdJDg jWALHfUHysylbmE3nwAL6gOznL+XQ/Sf1v0dzDZZi8S64t4DNGnk7wRuui2/ZRVd 3jM2tiW/Y7ijWIpEaRwH8jtrV6+zoUt76YgBcgun+nhUzcGbdvh11Ygu5VHYxNU3 J7p4E80gClGsciNO9B+hgR8kg+wGc+C0LBey1mh5A0AWqO0NwFlF8YlpleC09Pld I3+NJ4miZUMS6ue5Me1QvBcAvaY3Vuh2U0RPICI2Athx0xpILktnuANqjxg4BiZI Lelaxxl12ycdO5Im1IUXiLBgMOBRFvRQ/6iEb/oTGRN8aY5W93LQ7nSyKdn6B6V5 HzDfuwrDJP6Q+sMi3SCEFgaNpNTRPu11gvMAj1V+4zwgsflZHVgkKSwvg2pRXAPp rNfJo6d0bfImF9w2J/2d/gYSOoWsC92VG0KY8hVWkHOBUVZFyRl4zv8UNoCtBPkM Wq00X0J3ZNAjnPE8hl2OK4q+4r0Q3CecVgK0tlTMqVfgNVgG0X6LV7xmbViY4HuA kvfmLkTFwL3NzpGVtm4S2DjMUQQygjS2GOfOM4TrNd9Jn5WMCP/7HX5K/3VjL4ai mpAoz0A2UeA116KaniW8PnZCm9A+ZFVALjsikgi1gBEuJC2+mgUfhbPtni41qcio mhN9si+BE7HhiFk8I/+xg7bAmNcw6hk/zESfKKxqqV4iiauQBy9zEtA7Gg8chcK+ 08eaunF2abkF8xbYPOF8p71sHo2UeJ1gK1lGMzTt1p7NSZm0F9VmPcy8WWjzna1z oRy44TyWcW90abV5gCerAhSDAlrdwZfcRG6NXT/wG0TjoCMgiIhR1X1gjpozV6NB 3fB9sc/NDhhibsqA0i0JiYkBHwQYAQIACQUCVqKBVAIbDAAKCRCIAQMxU8wgpQqe CACBDi7KrqQzdzeipLadUsaTptvFBlwavpCLRtNbJI8v5i4kr8cLmyqGAwCS8Yem 3SCI/K4ujln8an6XrhsOE/uwfyQz5iUcP7BN9sIEp/ITOIXu0q0kzxThmpJqHzvf bvkPemFEiwYwGZn87cFXmd7FMEoFIt/s/bCnPCuBkxvUMj/D65Sb5x1X+FzWjK2m OVJGpTHAixns+DDHOfXEkghQTfj1pX/LBV9nXKlSZtpDO/p/kx+xITxXA/a4EDtD 2JpZBYmSTcbyVamQEMTzMIfEUhMbSrhKRYcm6g5Jbu5oy0ci/5qIhsR45pA7JSc0 0Vjcr8GgU7JyYnSqF2Ua8YA6 =Ygfi -----END PGP PRIVATE KEY BLOCK----- git-secret-0.2.3/tests/fixtures/gpg/attacker1/public.key000066400000000000000000000032461320717772500232410ustar00rootroot00000000000000-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFaigVQBCADC5dJ0xweZ+6L0owo2wpKSbQFGQoRJxYVcc1dWe3zNZ5yBrJDV N79rYV5AmHnIGDAJrHHV9rYM4+C8obKka7P3ROm0RMsYKDhpQXWFjsOrl1rjWL86 6D4X7Q5uuJWluPp1+hbzpBmNCX3Y5sr1fmCazvR5iIAvY3EkYbqDt2+BtGTqlevY ivWiOoPKRY9Dc44rKQh8GmaVJzcO3D21IF70i3GnOtjUSK8DWXdD4BrtYTE/9Ua4 bmT2pOPmGMcI38pQHZQXqMPTzloakZk9qIbBoB3FS/UFxQr3R3V+tXPm1Eca/75G +U4VCRLUFWsDU5d+oTCFCa0qNjGnLFOE85C7ABEBAAG0ImF0dGFja2VyMSA8YXR0 YWNrZXIxQGdpdHNlY3JldC5pbz6JATgEEwECACIFAlaigVQCGwMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEIgBAzFTzCCldUcIALEAEJo7Q6cikv/s8xYFbjqr uUH36spRTF8PM63IYgS03kwhCqIsTY+XHHKQBvcQ1GXDMDMP5UgM9TF0n0Ohhr5e BK5Wa5cfUkmnKj8AzaCljHIvTw29yaWl2bUEAqw5sJ2aUhOmyr4QKEyGgOk5/IOL jqN708g7l9Q8563FBazAlu78Oc7bbQNYb4OYh67OHYmvxWkV9Ejn/cv9LvZEFtqZ FpVS9qUYEGmMB5exUERp68Im8chKU0PMfnfLlPOwzWmolGeRnLGU9lOnJobs/5NC BRi+NPIbheYedClRU2EDUHNy3t7/cK4fPDm5+HIl/9mIs3nw6OVhref5r5VH6e+5 AQ0EVqKBVAEIAL+eDpF/Z9Pi/+fVFFlras/rIgRd6N8DFNACqAEyGW4pcaDjx877 /IlqUpUoUzbGOB6rGX+7SKnyS6vdRIoFdLkLNL+s8MxQt9bfJUGkMtINLr9OMZzC L2MOMUYVGu3QaYaJHrrkglO7ic6us2tyGtYaDWRH3ZRBv9S3RjMzC1EcVJVlsKc0 SXTxKRHevyJ2rzYn34hmoiV301EH6YnM9JO3sl4CuT2rdO1GiFvNIKJfn4IbuAYR BwFgHwFeqHHf2H1J+x2seeZdP56Qt2O9iTIYUltdR4DhNYs99yDRhfaXzS/lUMEI /YFEAjnHM6rg+DUO0YEAHWUNivZOHGjs28UAEQEAAYkBHwQYAQIACQUCVqKBVAIb DAAKCRCIAQMxU8wgpQqeCACBDi7KrqQzdzeipLadUsaTptvFBlwavpCLRtNbJI8v 5i4kr8cLmyqGAwCS8Yem3SCI/K4ujln8an6XrhsOE/uwfyQz5iUcP7BN9sIEp/IT OIXu0q0kzxThmpJqHzvfbvkPemFEiwYwGZn87cFXmd7FMEoFIt/s/bCnPCuBkxvU Mj/D65Sb5x1X+FzWjK2mOVJGpTHAixns+DDHOfXEkghQTfj1pX/LBV9nXKlSZtpD O/p/kx+xITxXA/a4EDtD2JpZBYmSTcbyVamQEMTzMIfEUhMbSrhKRYcm6g5Jbu5o y0ci/5qIhsR45pA7JSc00Vjcr8GgU7JyYnSqF2Ua8YA6 =CU3L -----END PGP PUBLIC KEY BLOCK----- git-secret-0.2.3/tests/fixtures/gpg/user1/000077500000000000000000000000001320717772500204245ustar00rootroot00000000000000git-secret-0.2.3/tests/fixtures/gpg/user1/private.key000066400000000000000000000067511320717772500226210ustar00rootroot00000000000000-----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1 lQO+BFaigO0BCACwtBp5eg1d68f9WhmYew/4eU5zjaJsNj1DHsHokxsUt9QpIdVq DuPxlW8pTOUrhqQZd0ozaaDMswwFpzkblelQJzt/juqy/lkK2StlQfK2YRk7zehV HA6YOtTFyYbyheCeSFNJ4bfy3nn1lSDTtSmDpQBz19hVBP9JapI8K96nTSuK0NAb FEZ7ZdFLdXbtEkXHtTL+eqrys8UI7Ou+iZZ+dBlwTl9Jszg/b6IjYCYFT/LKuLX3 ss9fI/ypuwjB+1zys9WNDiNrrb8e26GDeOjfTH0vPuV9nU2gqLVzlssTLiWkrjSW g3OhO3jBBa59oEf60eBreL0FZ74LqRsPT8NVABEBAAH+AwMCDb97GbFDRhZgU4Gp 0YHMOv/Fy3ENidzrv+jbviH170EKpIgizpIpzen4SwTT+dbks+MM9vPvvaDbJPBo qTkPYOm9ON6jBRTzAF0ITiioSjhXhpYHJ4eLCUPt+qSTtFLPQChSAOmmUKQD2zUP cLG0gjKUiapu0klbcyF8mpKIuUuQUFG0fdlEWNoKzxKF0nlQ9Fn2CTCLaJK/a8tp FdoO0naGBYsCUMFHIs+ntaCoQZcUl52JfcLVq0HteISCqybX13lrJIlVGRLB4YYj CcIsymAc2/sbKpPHRcQQHcaiPL6z20P9yo8DyLwSB1j/RnqMJU4XBY7wS7sOeJMy d5QhTbq3i4kgpqh59q0uJamVKJNLEb/qVZDycdgj3EIU1C7HEukaiefPnvqDFWwx o88VOZoeqKCvf2QQgM1a4AgwpkZ20jvDK3ydeGWA9d+BsqgfKUOfjbhxc2J5W3Fk J/tpjQQErEPRbRZNi9aEYNNBNZeZ1NVsu32kO3FJfj2bgAsTduHK6PAoHT3M2gXW EzshsMqeFabWgMLfgXA65oOmcBkCQpcRXJHEwghLS6qGkNgB9R+tWBdnfpLgCELa k+aYUf28szbzMyxfBfCUoMFT052oNQmeerHg4BgTQNaWMuFG9qsI5DzxFmmXLhBs uMZ15oOgJHaT19zW9xMV6REnnHLFrwQ6pm0bO+kDrHBiOLGG7YcjoVb1aqMRaFSu Po8pFNLKuLSJ35wWrGms4N9MQH1jOSWMsmOnYvJofakpA2JAXIkitNjQuo2UbA8N bx+klajhlBJDdyO6Z6o2dndr+XHg5tKfK+6XSuK50Xr9CdV7R6hpZG2Ek+OUNewD M+1DuXC/9EVOs8H1bdBd2WuGOwAgUhNND/YGqcYBqCxplvVIYeMzhgR4O3ZUNodG wLQadXNlcjEgPHVzZXIxQGdpdHNlY3JldC5pbz6JATgEEwECACIFAlaigO0CGwMG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENKAWkGC6Z/0fskH/RIZyEdxw80P qyNRVg79wrhut63y7ovseavqN6wpECgkK4urqVNBErzA1LqEQONGLUjcgStCdSGA YJlw5ZJ67K7oRidzODnZovLndT4D1WYkf4v4jnl95CblJUkPSMHKny+uw0Mrgl3Q Kri5BxBggMHu330cgthpyUC0P+yqi1YRHde+2P107IdkpLYgJ1qJz3loAgm6AmG0 kwiK6wIZzbIwvnEtZDVxvofrM1o5lAXgH+puxyC7lZaU8gnJqXGM5rYJAEPC3E6M m45f3JkEjnbd5ruJ07SQJ0DGklKGKL5zTG0lX30Mb28EXX0OAK1MODIHvd3LcSqb VJ6lMXUJehKdA74EVqKA7QEIANqD9vGoR651Kdn0z0FOVkSgZQG43KtXsoj0ifC/ eC58JqPhRCTFcSLb55AIGLsAHcu+yRwkSwBrCisTIHqO15dSbYbbj+1LfYX0lOBN tGEXZA4NZ02hGOmsC2ND4+1qQ5afBIjDlMd5ceQY3MipdWHn0mi5CF04iaLDmMPE iy6C7NKofuSs+4+kyzg49RdnjP/Oe4cIsiEe4B6CvMPrnOoOXyMck6DmZz/Hj8+p keGh+vaT3/sbTyCrOEPmaC+HmLf2jCycr6wxVkOjwEY1V1ZhVVi+27uN2FskmEJm qeQhsDhwKhqLWmez9kWAz9TbqAVB5E5yatJMmxc6pcIkbpEAEQEAAf4DAwINv3sZ sUNGFmAjXQZ3NwRZ0DnvYj9t1cHfdaWtD/hKj2rlsRdgbcuANeZ5gcrZL6iXEvns SMuSNGx3moQBDZytbRPGVP3s5LWaZqsCj/BiCePWepVYaJTYNxXZ40bGTEy7VDL5 rnRw9KwJzG3NNg5siKHBDbQNZZhdN1Q1PLHyxK5JnDspXtvTuYmHy0mVveY2WviE cnaGq07PtchE0tYIyRQgrJ3szJoh17Z/aLGR77zWLGzqF4UVQIBRLuCxrUeUTEUU 3CHbveY0AKa5SQIu0fKyYBkeyWuWgX1JdPGFiFlPaiwId3ba+0DlXNwlHKJgWCGP GtGcNVo/AyUdTwQncNsXiwxJ3RG2AsqASRINQLsbUqKUE20WHBFbyRnHQcJby2si hjruM6mXLI4jqyMxtER9JXv1B/MTfLH8uxEOVYma3Wmp41vkICqH0LygHQ1tTKUf bMh0A517s53YFvkrbd110p7bfQcqpeAfZ2vUNKW/G7pUt+4sFeTPJ8A6XrBEt3rk H7kMjU7wI3PSm3UzEnMzxNFga40qwzclPOa1ka9KvJpH60E7pSLwf9AaYOJfuKST n/6uk/q+UONZZgcbtrPCaRptd86lInxHu9R8s7T7/ZK3/oPmU7M5leg7NmuAWshG eb+XGBO/QugLVdMz9Dc/3YELzPe+CqjRUiVpBoNfAGurZ0ou7o1KgeOQovcuh1wt cpHM55XeuxRvM5Xz5FgKinU0pw9t7uuASOF1Y3d7PncBkfkpvxjbPqyspVHEbloA JvDB7Eim8KcSIS+/DVPMdohfRdcLQLeUU7FSQ10HxERSgD4HQ70jQLYyHEsOqZv2 04U/cwpD1EfdzITb8LQNPIPyPsgehbaMNonYiTXFW2uUBgPriAtqPSG7wF/FJbN0 TT9N9PWFVoNciQEfBBgBAgAJBQJWooDtAhsMAAoJENKAWkGC6Z/0DY0H/A14kv3S l0CBUkAn6XtfsEvdBKyeOZjPNlK1HzgNwPCkbpOR4g9mTqA4tr/XzpJk/A2VE5y0 /DIaRnxivy9trnjQG7eNdymm08My+GRCPWOkceIlSV7IBZh2iMvYpFVXELOcjH6x ldc+RQiJ0irRXs28XbXYc7T4JYZr7xgDQIb6yyaAAdd6//k1oHGQf2uTsNWZzs43 OBAN2ze3DdYWXMtsskHVvnnFJSAR+03rg92VMSAfh6GKq0aFF12qTUAAWVEkoAFH gRBQRqVFT9RgKOgk7VRlytO1sv5bP5ZlvE5IvN9HCTHLOYCr/sTgOb3oYYQ/zZAm Bh9SiS8oRa1I+f4= =PunG -----END PGP PRIVATE KEY BLOCK----- git-secret-0.2.3/tests/fixtures/gpg/user1/public.key000066400000000000000000000032361320717772500224200ustar00rootroot00000000000000-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFaigO0BCACwtBp5eg1d68f9WhmYew/4eU5zjaJsNj1DHsHokxsUt9QpIdVq DuPxlW8pTOUrhqQZd0ozaaDMswwFpzkblelQJzt/juqy/lkK2StlQfK2YRk7zehV HA6YOtTFyYbyheCeSFNJ4bfy3nn1lSDTtSmDpQBz19hVBP9JapI8K96nTSuK0NAb FEZ7ZdFLdXbtEkXHtTL+eqrys8UI7Ou+iZZ+dBlwTl9Jszg/b6IjYCYFT/LKuLX3 ss9fI/ypuwjB+1zys9WNDiNrrb8e26GDeOjfTH0vPuV9nU2gqLVzlssTLiWkrjSW g3OhO3jBBa59oEf60eBreL0FZ74LqRsPT8NVABEBAAG0GnVzZXIxIDx1c2VyMUBn aXRzZWNyZXQuaW8+iQE4BBMBAgAiBQJWooDtAhsDBgsJCAcDAgYVCAIJCgsEFgID AQIeAQIXgAAKCRDSgFpBgumf9H7JB/0SGchHccPND6sjUVYO/cK4bret8u6L7Hmr 6jesKRAoJCuLq6lTQRK8wNS6hEDjRi1I3IErQnUhgGCZcOWSeuyu6EYnczg52aLy 53U+A9VmJH+L+I55feQm5SVJD0jByp8vrsNDK4Jd0Cq4uQcQYIDB7t99HILYaclA tD/sqotWER3Xvtj9dOyHZKS2ICdaic95aAIJugJhtJMIiusCGc2yML5xLWQ1cb6H 6zNaOZQF4B/qbscgu5WWlPIJyalxjOa2CQBDwtxOjJuOX9yZBI523ea7idO0kCdA xpJShii+c0xtJV99DG9vBF19DgCtTDgyB73dy3Eqm1SepTF1CXoSuQENBFaigO0B CADag/bxqEeudSnZ9M9BTlZEoGUBuNyrV7KI9Inwv3gufCaj4UQkxXEi2+eQCBi7 AB3LvskcJEsAaworEyB6jteXUm2G24/tS32F9JTgTbRhF2QODWdNoRjprAtjQ+Pt akOWnwSIw5THeXHkGNzIqXVh59JouQhdOImiw5jDxIsuguzSqH7krPuPpMs4OPUX Z4z/znuHCLIhHuAegrzD65zqDl8jHJOg5mc/x4/PqZHhofr2k9/7G08gqzhD5mgv h5i39owsnK+sMVZDo8BGNVdWYVVYvtu7jdhbJJhCZqnkIbA4cCoai1pns/ZFgM/U 26gFQeROcmrSTJsXOqXCJG6RABEBAAGJAR8EGAECAAkFAlaigO0CGwwACgkQ0oBa QYLpn/QNjQf8DXiS/dKXQIFSQCfpe1+wS90ErJ45mM82UrUfOA3A8KRuk5HiD2ZO oDi2v9fOkmT8DZUTnLT8MhpGfGK/L22ueNAbt413KabTwzL4ZEI9Y6Rx4iVJXsgF mHaIy9ikVVcQs5yMfrGV1z5FCInSKtFezbxdtdhztPglhmvvGANAhvrLJoAB13r/ +TWgcZB/a5Ow1ZnOzjc4EA3bN7cN1hZcy2yyQdW+ecUlIBH7TeuD3ZUxIB+HoYqr RoUXXapNQABZUSSgAUeBEFBGpUVP1GAo6CTtVGXK07Wy/ls/lmW8Tki830cJMcs5 gKv+xOA5vehhhD/NkCYGH1KJLyhFrUj5/g== =0Q64 -----END PGP PUBLIC KEY BLOCK----- git-secret-0.2.3/tests/fixtures/gpg/user2/000077500000000000000000000000001320717772500204255ustar00rootroot00000000000000git-secret-0.2.3/tests/fixtures/gpg/user2/private.key000066400000000000000000000067511320717772500226220ustar00rootroot00000000000000-----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1 lQO9BFaigRUBCACgb+7xhV1nJZim3noxozslfrWXPYEVQt7Is8QjATaKg6ULqImi tpgnlUNCaEAd3PMufVSqd416KyytwUOBVaFIEej/SJcJ2UU4nFvJsvo4bNmInOc3 cNSqJ5VcI7D++wdHSecr2YayWtsh85jt6xI2oGBN334Yl6sHnNGC/vmE0pWovpib rwAW7bWSOYOQxpzANm9O+9oJ6WsTGVVWkZ/SAaRo+VYDA5rwCI6STt+rEcKalr5C sbtqELDDDrYYviU4kZx6WYdiDcF5ATSiuGZrQTjEdBFc+GmFxbW+aumeC+Y1jYOp aYUhbDKffnrxvFjm5+3PBbrPmJ5rFWr1f00bABEBAAH+AwMC33BVxMhK6IpgUYTN 9Se4Ys+bykytIN9jRVRzshJ/qYWU1L2wWwEc99P+4Yfi85x++KF8iD2jlym+/KKp 27La2ke3Bx7IvWK3YMwyUalxw/ri8C08g8XHlOZeUJW894dYaTRq2vYMBUW0F10J uGF1HGWqUYO4NlOMbs9W+RmUXWlItjlpdCTJdRKRPYzokrKh232NH188mYUscx62 trLq28nNZZ9WOFhsAiMji0qpUilPg8Pt/XupwiDscPYbVEXfTDRjkDbVbz+/Gpfx Hbt7aWT/2rFTp0lV2EVVp+e9je0qQaGSAED8cy3mw4lVJcTUcTWfSHauEJBN3FOI BV7bltO4UwIToSDvUV7zZR7u9CcnpuVWXcMWppHPc6383dJ+siTG5+zHLOG99eWA nwsnw1w/4j64uywJKPteMkSNGO+aFCawzMMi3LPwokVtmr8gklvb2v9wmWRVf1j6 TKeWPhzBC2kkrymuttMZyeOkyZhAPR3097v9S8CyTKbjBi4hEREt2CI2Q1GpSYLJ c/6RMCKh7Y+4ODw/encswL71eY4c3HqELz+GS0nzaumdIH57t/pBj1dbl63Z6gjz EJaOtS5I/otayLjcXQtIlV8xQwXcsgzFUYejVeb5n5IXWxxYn0Qh6uBB0GxffBQD lI6R58Rygmd1JOwe6WL1eFc319qfxoaDlhxxkOctUeyRB3fU/K4/KAjlVUGCfdCe VTJqwNMyKUNhbPoSWamMHFoJRk5O7bSlvfct6LcUcjRmK+z5SowUYC5ZeyfoeEES r8wX/UCFCP+syWFAICU96U9jmQeE310YF32TgI9BZiwkB9WXoiDdwcCdlBHqEOW8 7OISrpawan9hu1dV88P1LM13TcwJEt1yhzHHqDf6ZOopOt+LciBUlZ4wLLlsc+H/ tBp1c2VyMiA8dXNlcjJAZ2l0c2VjcmV0LmlvPokBOAQTAQIAIgUCVqKBFQIbAwYL CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6qDk62szbIs/ewgAi4L2kIJEtqC0 ZUFGV9GJmvj/guEyY5buUKVXUMpNd8NhZ9uRLBFmG68mtjIlN8twNucXUTO2lLWY hMJpUhjobdRPzw887rNqswSIpWavPZreMKgXJ72/2md9m7cr9FmEZ9fZx80tBwdL 2+cYa1Iixuo2vk2Un0LD42qCbh0nRxSDf3g6yDtSHYZ4i6I89XwA5TSG1/C0uIcr RKGDBkhd05sqCJ9t/m6oAxk3A8nZM+i2uS0+dmOVwAmDv6/A64+Aff5hYsx87UeA dU76ni3rw0pZXTn90wv/aY0deicDlmSUattSNg/G6KoE6RERL47ityU07D4yUvTB GL5gVveBX50DvgRWooEVAQgAtDzDXdJSOwmDj/JhAk0wD+RBjxIzO/V/FXCotHaq iSSRvZ0Jn6CMrGa0EKksGXjqY6+jhC/HLb9hXjR+ciU/E64IVNJdtGp77rjVUygr sY0f0ZUSQufTC9lcVAP8wNx59Bk0nluO0zeH0lMRU/cLdyGCs7C3odO5xVvFl5IJ 6jH/95y6BdRGSDNTnzeQXT+fUHxLZbPG6AbLIXDOAK2OAHnUY62uGLF8l69x1Hym LVqD9TYTU9VpYq9Il8e18O6fqE1MEp4zHkyTf6IvCgZrOFL+XApwHYy1NskKi9WN DdQCvpDqvNSPZSqrajTdeJ4NzuVip+ccDT/tZVTA8A+0aQARAQAB/gMDAt9wVcTI SuiKYDgqOvDcasfFXeOTZdQn9tXs5VFeauKvovg1B6yVSE9SM/dg0vnIpIQ+b2nV Wm7IZXYsI6CpYWzQeAbp25Jg2lqCgmcbh9vpF5d+y/Unu1Mn8gbCRAjrwx9QLwzE KWUL7mt2vjesZM883iwC6PKYZnEtTuxXF5STnhjZLr5yjrAX7dEQy4m03FfXoGj0 tNo+sR+EE2zTSgrVD3VhUFmPTiND8wWUssjQHEMgjYJOc8C05HE2ftqI6GSF8pUP dZag3da0OwZVI8ww2Qcu8Dkkgblv3AulLv/oaiSrS7oJvDZC+aQw+3X91FFlwn+A Aiwa9bL6iAJb7KjgLIV4HDXLAC8FqiM5pPFu+fvPKsqP2x/iDvkJlAD8ZqXKHFQF 9F/jKUXgQ7+7vmQy6SJ3RCB7pMS5tCo6kE184C5htppYuKztRVlkePmK8ioT0sJE 1wpW6AGwaJsnXk1tza0C9yrl9TArO3R+JpImHj4AbOZ//WweOODHJFJQP6TcRZC9 FOkEIBbPGq4cHKXwYSUlD5hGFCPhTI+EYPxGxKJcw73hYDAWRVtVTb2vdC20FiRM uSXBaMa6zisawidYo7+HLSICn1n9swP8YhBLWdQkxIW9dwA37AXbDfbJDxkWSJl8 sGW+P5cTlhh+hA2sD28daBtFrbYOBVsIHQg6ozYk5RLR1Vddif8XN/tWEl2mvhKs 5QYW31M496B/tD63JQt1N6ilMLodBho1R6++2hIthF+10gjKjUmC10cGbrRx8cgl wlRrHiVzLNL+co0WMAnEnCC9fA4gruN/mVCSkbMDkvv1VywXl5ogzRq3OjPXDXft 4UgYKfNC5tTmWx+uFc9KcPFN7CS/hFovjRIV+grmWbJkG4HvGrK9AG/a84ufQ/si ZjprbtOy6amJAR8EGAECAAkFAlaigRUCGwwACgkQ6qDk62szbIvUZQf/adIYw+fH M1zlGJH+C/lEFoGi0AXOTqBH13T+haoykwrxnBOdaTGY196bj+uiSbtFqQWcuMNr OWNNH6NAl30Ujya/ltLv7FJ3DOuUyIU/3Bhp1t1+jEppMJRYk2pkRmmTg2lrOgSv PiqNgmK/FBx3t+JCtmQxtrTBBnJcmx5/8YGdOCEsiGJ2jl+5Im4XgT0OhQX320o8 2XrK7/Pp+ttmc7ExT6pc53sSYRUfEyObpCYVIz1nWK1FujfW+ojFFUvhHPwSL3ny dkJORg8lcQm/zXjbgCeMZ/l3ynkvSA+X9/Q7aQWGrpU0LRLGAeA9PZZDYx9JTQUY FfGupHnbRtqsqQ== =7tcw -----END PGP PRIVATE KEY BLOCK----- git-secret-0.2.3/tests/fixtures/gpg/user2/public.key000066400000000000000000000032361320717772500224210ustar00rootroot00000000000000-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFaigRUBCACgb+7xhV1nJZim3noxozslfrWXPYEVQt7Is8QjATaKg6ULqImi tpgnlUNCaEAd3PMufVSqd416KyytwUOBVaFIEej/SJcJ2UU4nFvJsvo4bNmInOc3 cNSqJ5VcI7D++wdHSecr2YayWtsh85jt6xI2oGBN334Yl6sHnNGC/vmE0pWovpib rwAW7bWSOYOQxpzANm9O+9oJ6WsTGVVWkZ/SAaRo+VYDA5rwCI6STt+rEcKalr5C sbtqELDDDrYYviU4kZx6WYdiDcF5ATSiuGZrQTjEdBFc+GmFxbW+aumeC+Y1jYOp aYUhbDKffnrxvFjm5+3PBbrPmJ5rFWr1f00bABEBAAG0GnVzZXIyIDx1c2VyMkBn aXRzZWNyZXQuaW8+iQE4BBMBAgAiBQJWooEVAhsDBgsJCAcDAgYVCAIJCgsEFgID AQIeAQIXgAAKCRDqoOTrazNsiz97CACLgvaQgkS2oLRlQUZX0Yma+P+C4TJjlu5Q pVdQyk13w2Fn25EsEWYbrya2MiU3y3A25xdRM7aUtZiEwmlSGOht1E/PDzzus2qz BIilZq89mt4wqBcnvb/aZ32btyv0WYRn19nHzS0HB0vb5xhrUiLG6ja+TZSfQsPj aoJuHSdHFIN/eDrIO1IdhniLojz1fADlNIbX8LS4hytEoYMGSF3TmyoIn23+bqgD GTcDydkz6La5LT52Y5XACYO/r8Drj4B9/mFizHztR4B1TvqeLevDSlldOf3TC/9p jR16JwOWZJRq21I2D8boqgTpEREvjuK3JTTsPjJS9MEYvmBW94FfuQENBFaigRUB CAC0PMNd0lI7CYOP8mECTTAP5EGPEjM79X8VcKi0dqqJJJG9nQmfoIysZrQQqSwZ eOpjr6OEL8ctv2FeNH5yJT8TrghU0l20anvuuNVTKCuxjR/RlRJC59ML2VxUA/zA 3Hn0GTSeW47TN4fSUxFT9wt3IYKzsLeh07nFW8WXkgnqMf/3nLoF1EZIM1OfN5Bd P59QfEtls8boBsshcM4ArY4AedRjra4YsXyXr3HUfKYtWoP1NhNT1Wlir0iXx7Xw 7p+oTUwSnjMeTJN/oi8KBms4Uv5cCnAdjLU2yQqL1Y0N1AK+kOq81I9lKqtqNN14 ng3O5WKn5xwNP+1lVMDwD7RpABEBAAGJAR8EGAECAAkFAlaigRUCGwwACgkQ6qDk 62szbIvUZQf/adIYw+fHM1zlGJH+C/lEFoGi0AXOTqBH13T+haoykwrxnBOdaTGY 196bj+uiSbtFqQWcuMNrOWNNH6NAl30Ujya/ltLv7FJ3DOuUyIU/3Bhp1t1+jEpp MJRYk2pkRmmTg2lrOgSvPiqNgmK/FBx3t+JCtmQxtrTBBnJcmx5/8YGdOCEsiGJ2 jl+5Im4XgT0OhQX320o82XrK7/Pp+ttmc7ExT6pc53sSYRUfEyObpCYVIz1nWK1F ujfW+ojFFUvhHPwSL3nydkJORg8lcQm/zXjbgCeMZ/l3ynkvSA+X9/Q7aQWGrpU0 LRLGAeA9PZZDYx9JTQUYFfGupHnbRtqsqQ== =HLsH -----END PGP PUBLIC KEY BLOCK----- git-secret-0.2.3/tests/test_add.bats000066400000000000000000000102171320717772500174020ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" } function teardown { uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state } @test "run 'add' normally" { # Preparations: local filename="local_file" echo "content" > "$filename" echo "$filename" > ".gitignore" run git secret add "$filename" [ "$status" -eq 0 ] # Ensuring that path mappings was set correctly: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local files_list=$(cat "$path_mappings") [ "$files_list" = "$filename" ] # Cleaning up: rm "$filename" ".gitignore" } @test "run 'add' for unignored file" { local test_file='test_file' touch "$test_file" echo "content" > "$test_file" run git secret add "$test_file" [ "$status" -eq 1 ] rm "$test_file" } @test "run 'add' for unignored file with '-i'" { local test_file='test_file.auto_ignore' touch "$test_file" echo "content" > "$test_file" run git secret add -i "$test_file" [ "$status" -eq 0 ] run _file_has_line "$test_file" ".gitignore" [ "$status" -eq 0 ] rm "$test_file" } @test "run 'add' for unignored file with '-i' in subfolder" { # This test covers this issue: # https://github.com/sobolevn/git-secret/issues/85 task 1 if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then skip "this test is skiped while 'git commmit'" fi # Preparations: local test_dir='test_dir' local nested_dir="$test_dir/adding" local current_dir=$(pwd) mkdir -p "$nested_dir" cd "$nested_dir" local test_file='test_file.auto_ignore' touch "$test_file" echo "content" > "$test_file" # Test commands: run git secret add -i "$test_file" [ "$status" -eq 0 ] run _file_has_line "$test_file" "../.gitignore" [ "$status" -eq 0 ] # .gitignore was not created: [[ ! -f ".gitignore" ]] # Cleaning up: cd "$current_dir" rm -r "$test_dir" } @test "run 'add' for relative path" { if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then skip "this test is skiped while 'git commmit'" fi # Prepations: local root='test_dir' local node="$root/node" local sibling="$root/sibling" local test_file="$node/test_file" local current_dir=$(pwd) mkdir -p "$node" mkdir -p "$sibling" echo "content" > "$test_file" echo "$test_file" > ".gitignore" cd "$sibling" # Testing: run git secret add "../node/test_file" [ "$status" -eq 0 ] [[ "$output" == *"1 item(s) added."* ]] # Testing mappings content: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local files_list=$(cat "$path_mappings") [ "$files_list" = "$test_file" ] # Cleaning up: cd "$current_dir" rm -r "$root" } @test "run 'add' for file in subfolder" { # Preparations: local test_file='test_file' local test_dir='test_dir' mkdir -p "$test_dir" touch "$test_dir/$test_file" echo "content" > "$test_dir/$test_file" echo "$test_dir/$test_file" > ".gitignore" # Testing: run git secret add "$test_dir/$test_file" [ "$status" -eq 0 ] [[ "$output" == *"1 item(s) added."* ]] # Cleaning up: rm -r "$test_dir" } @test "run 'add' twice for one file" { # Preparations: local filename="local_file" echo "content" > "$filename" echo "$filename" > ".gitignore" # Testing: run git secret add "$filename" run git secret add "$filename" [ "$status" -eq 0 ] [ "$output" = "1 item(s) added." ] # Ensuring that path mappings was set correctly: local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local files_list=$(cat "$path_mappings") [ "$files_list" = "$filename" ] # Cleaning up: rm "$filename" ".gitignore" } @test "run 'add' for multiple files" { # Preparations: local filename1="local_file1" echo "content1" > "$filename1" echo "$filename1" > ".gitignore" local filename2="local_file2" echo "content2" > "$filename2" echo "$filename2" >> ".gitignore" # Testing: run git secret add "$filename1" "$filename2" [ "$status" -eq 0 ] [ "$output" = "2 item(s) added." ] # Cleaning up: rm "$filename1" "$filename2" ".gitignore" } git-secret-0.2.3/tests/test_changes.bats000066400000000000000000000064771320717772500202770ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FILE_TO_HIDE="file_to_hide" SECOND_FILE_TO_HIDE="second_file_to_hide" FILE_CONTENTS="hidden content юникод" FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" set_state_secret_add "$SECOND_FILE_TO_HIDE" "$FILE_CONTENTS" set_state_secret_hide } function teardown { rm "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" unset_current_state } @test "run 'changes' with one file changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") local new_content="new content" echo "$new_content" >> "$FILE_TO_HIDE" run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -eq 0 ] # Testing that output has both filename and changes: local fullpath=$(_append_root_path "$FILE_TO_HIDE") [[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"+$new_content"* ]] } @test "run 'changes' with one file changed (with deletions)" { local password=$(test_user_password "$TEST_DEFAULT_USER") local new_content="replace" echo "$new_content" > "$FILE_TO_HIDE" run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE" [ "$status" -eq 0 ] # Testing that output has both filename and changes: local fullpath=$(_append_root_path "$FILE_TO_HIDE") [[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"-$FILE_CONTENTS"* ]] [[ "$output" == *"+$new_content"* ]] } @test "run 'changes' without changes" { local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] } @test "run 'changes' with multiple files changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") local new_content="new content" local second_new_content="something different" echo "$new_content" >> "$FILE_TO_HIDE" echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] # Testing that output has both filename and changes: local fullpath=$(_append_root_path "$FILE_TO_HIDE") [[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"+$new_content"* ]] local second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE") [[ "$output" == *"changes in $second_path"* ]] [[ "$output" == *"+$second_new_content"* ]] } @test "run 'changes' with multiple selected files changed" { local password=$(test_user_password "$TEST_DEFAULT_USER") local new_content="new content" local second_new_content="something different" echo "$new_content" >> "$FILE_TO_HIDE" echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \ "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" [ "$status" -eq 0 ] # Testing that output has both filename and changes: local fullpath=$(_append_root_path "$FILE_TO_HIDE") [[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"+$new_content"* ]] local second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE") [[ "$output" == *"changes in $second_path"* ]] [[ "$output" == *"+$second_new_content"* ]] } git-secret-0.2.3/tests/test_clean.bats000066400000000000000000000026261320717772500177410ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FIRST_FILE="file_to_hide1" SECOND_FILE="file_to_hide2" FOLDER="somedir" FILE_IN_FOLDER="${FOLDER}/file_to_hide3" function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FIRST_FILE" "somecontent" set_state_secret_add "$SECOND_FILE" "somecontent2" set_state_secret_hide } function teardown { # This also needs to be cleaned: rm "$FIRST_FILE" "$SECOND_FILE" rm -r "$FOLDER" uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state } function _secret_files_exists { local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \ -print0 2>/dev/null | grep -q .; echo "$?") echo "$result" } @test "run 'clean' normally" { run git secret clean [ "$status" -eq 0 ] # There must be no .secret files: local exists=$(_secret_files_exists) [ "$exists" -ne 0 ] } @test "run 'clean' with '-v'" { run git secret clean -v [ "$status" -eq 0 ] # There must be no .secret files: local exists=$(_secret_files_exists) [ "$exists" -ne 0 ] local first_filename=$(_get_encrypted_filename "$FIRST_FILE") local second_filename=$(_get_encrypted_filename "$SECOND_FILE") # Output must be verbose: [[ "$output" == *"cleaning"* ]] [[ "$output" == *"$first_filename"* ]] [[ "$output" == *"$second_filename"* ]] } git-secret-0.2.3/tests/test_hide.bats000066400000000000000000000100421320717772500175570ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FILE_TO_HIDE="file_to_hide" FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" } function teardown { rm "$FILE_TO_HIDE" uninstall_fixture_key $TEST_DEFAULT_USER unset_current_state } @test "run 'hide' normally" { run git secret hide # Command must execute normally: [ "$status" -eq 0 ] [ "$output" = "done. all 1 files are hidden." ] # New files should be crated: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } @test "run 'hide' with multiple files" { # Preparations: local second_file="second_file.txt" local second_content="some content" set_state_secret_add "$second_file" "$second_content" # Now it should hide 2 files: run git secret hide [ "$status" -eq 0 ] [ "$output" = "done. all 2 files are hidden." ] # Cleaning up: rm "$second_file" } @test "run 'hide' with '-m'" { run git secret hide -m # Command must execute normally: [ "$status" -eq 0 ] # git secret hide -m, use temp file so cleaning should take place [[ "${#lines[@]}" -eq 2 ]] [ "${lines[0]}" = "done. all 1 files are hidden." ] [ "${lines[1]}" = "cleaning up..." ] # New files should be crated: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } @test "run 'hide' with '-m' twice" { local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) run git secret hide -m # Command must execute normally: [ "$status" -eq 0 ] # git secret hide -m, uses a temp file so cleaning should take place [[ "${#lines[@]}" -eq 2 ]] [ "${lines[0]}" = "done. all 1 files are hidden." ] [ "${lines[1]}" = "cleaning up..." ] # back path mappings cp "${path_mappings}" "${path_mappings}.bak" # run hide again run git secret hide -m # compare [ "$status" -eq 0 ] [[ "${#lines[@]}" -eq 1 ]] [ "$output" = "done. all 1 files are hidden." ] # no changes should occur to path_mappings files cmp -s "${path_mappings}" "${path_mappings}.bak" # New files should be crated: local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") [ -f "$encrypted_file" ] } @test "run 'hide' with '-c' and '-v'" { # Preparations: local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE") set_state_secret_hide # so it would be data to clean run git secret hide -v -c [ "$status" -eq 0 ] # File should be still there (it is not deletion): [ -f "$FILE_TO_HIDE" ] # Output should be verbose: [[ "$output" == *"cleaning"* ]] [[ "$output" == *"$encrypted_filename"* ]] } @test "run 'hide' with '-d'" { run git secret hide -d [ "$status" -eq 0 ] ls && pwd # File must be removed: [ ! -f "$FILE_TO_HIDE" ] } @test "run 'hide' with '-d' and '-v'" { run git secret hide -v -d [ "$status" -eq 0 ] ls && pwd # File must be removed: [ ! -f "$FILE_TO_HIDE" ] # It should be verbose: [[ "$output" == *"removing unencrypted files"* ]] [[ "$output" == *"$FILE_TO_HIDE"* ]] } @test "run 'hide' with '-d' and '-v' and files in subdirectories" { # Preparations: local root_dir='test_sub_dir' mkdir -p "$root_dir" local second_file="$root_dir/second_file.txt" local second_content="some content" set_state_secret_add "$second_file" "$second_content" # Verify that the second file is there: [ -f "$second_file" ] # Now it should hide 2 files: run git secret hide -v -d [ "$status" -eq 0 ] # File must be removed: [ ! -f "$FILE_TO_HIDE" ] [ ! -f "$second_file" ] # It should be verbose: [[ "$output" == *"removing unencrypted files"* ]] [[ "$output" == *"$FILE_TO_HIDE"* ]] [[ "$output" == *"$second_file"* ]] } @test "run 'hide' with multiple users" { install_fixture_key "$TEST_SECOND_USER" set_state_secret_tell "$TEST_SECOND_USER" run git secret hide [ "$status" -eq 0 ] [ "$output" = "done. all 1 files are hidden." ] } git-secret-0.2.3/tests/test_init.bats000066400000000000000000000024001320717772500176100ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { set_state_initial set_state_git } function teardown { unset_current_state } @test "run 'init' without '.git'" { remove_git_repository run git secret init [ "$status" -eq 1 ] } @test "run 'init' normally" { run git secret init [ "$status" -eq 0 ] [[ -d "${_SECRETS_DIR}" ]] } @test "run 'init' in subfolder" { # This test covers this issue: # https://github.com/sobolevn/git-secret/issues/83 if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then skip "this test is skiped while 'git commmit'" fi # Preparations local test_dir='test_dir' local nested_dir="$test_dir/nested/dirs" local current_dir=$(pwd) mkdir -p "$nested_dir" cd "$nested_dir" # Test: run git secret init [ "$status" -eq 0 ] # It should not be created in the current folder: [[ ! -d "${_SECRETS_DIR}" ]] # It should be created here: local secrets_dir secrets_dir=$(_get_secrets_dir) [[ -d "$secrets_dir" ]] # Cleaning up: cd "$current_dir" rm -r "$test_dir" } @test "run 'init' with '.gitsecret' already inited" { local secrets_dir secrets_dir=$(_get_secrets_dir) mkdir "$secrets_dir" run git secret init [ "$output" = "already inited. abort." ] [ "$status" -eq 1 ] } git-secret-0.2.3/tests/test_killperson.bats000066400000000000000000000030111320717772500210260ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" } function teardown { uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state } @test "run 'killperson' without arguments" { run git secret killperson [ "$status" -eq 1 ] } @test "run 'killperson' with key name" { run git secret killperson "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] # Testing output: [[ "$output" == *"$TEST_DEFAULT_USER"* ]] # Then whoknows must return an error with status code 1: run git secret whoknows [ "$status" -eq 1 ] } @test "run 'killperson' with email" { local email=$(test_user_email "$TEST_DEFAULT_USER") run git secret killperson "$email" [ "$status" -eq 0 ] # Testing output: [[ "$output" == *"$email"* ]] # Then whoknows must return an error with status code 1: run git secret whoknows [ "$status" -eq 1 ] } @test "run 'killperson' with multiple arguments" { # Adding second user: install_fixture_key "$TEST_SECOND_USER" set_state_secret_tell "$TEST_SECOND_USER" local default_email=$(test_user_email "$TEST_DEFAULT_USER") local second_email=$(test_user_email "$TEST_SECOND_USER") run git secret killperson "$default_email" "$second_email" [ "$status" -eq 0 ] # Testing output: [[ "$output" == *"$default_email"* ]] [[ "$output" == *"$second_email"* ]] # Nothing to show: run git secret whoknows [ "$status" -eq 1 ] } git-secret-0.2.3/tests/test_list.bats000066400000000000000000000021021320717772500176170ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FILE_TO_HIDE="file_to_hide" FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" } function teardown { rm "$FILE_TO_HIDE" uninstall_fixture_key $TEST_DEFAULT_USER unset_current_state } @test "run 'list' normally" { run git secret list [ "$status" -eq 0 ] [ "$output" = "$FILE_TO_HIDE" ] } @test "run 'list' with multiple files" { # Preparations: local second_file="second_file.txt" set_state_secret_add "$second_file" "$FILE_CONTENTS" run git secret list [ "$status" -eq 0 ] # Now it should list two files: [[ "$output" == *"$FILE_TO_HIDE"* ]] [[ "$output" == *"$second_file"* ]] # Cleaning up: rm "$second_file" } @test "run 'list' on empty repo" { git secret remove "$FILE_TO_HIDE" # Running `list` on empty mapping should result an error: run git secret list [ "$status" -eq 1 ] } git-secret-0.2.3/tests/test_main.bats000066400000000000000000000012651320717772500176010ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { set_state_initial set_state_git } function teardown { unset_current_state } @test "run 'git secret' without command" { run git secret [ "$status" -eq 126 ] } @test "run 'git secret' with bad command" { run git secret notacommand [ "$status" -eq 126 ] } @test "run 'git secret --version'" { run git secret --version [ "$output" == "$GITSECRET_VERSION" ] } @test "run 'git secret --dry-run'" { # We will break things apart, so normally it won't run: rm -r "./.git" # This must fail: run git secret usage [ "$status" -eq 1 ] # Dry run won't fail: run git secret --dry-run [ "$status" -eq 0 ] } git-secret-0.2.3/tests/test_remove.bats000066400000000000000000000061571320717772500201570ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FIRST_FILE="file_to_hide1" SECOND_FILE="file_to_hide2" function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FIRST_FILE" "somecontent" set_state_secret_add "$SECOND_FILE" "somecontent2" set_state_secret_hide } function teardown { rm "$FIRST_FILE" "$SECOND_FILE" uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state } function _has_line { local line="$1" local path_mappings path_mappings=$(_get_secrets_dir_paths_mapping) local result=$(grep -q "$line" "$path_mappings"; echo $?) echo "$result" } @test "run 'remove' normally" { run git secret remove "$SECOND_FILE" [ "$status" -eq 0 ] # Test output: [[ "$output" == *"removed from index."* ]] [[ "$output" == *"ensure that files: [$SECOND_FILE] are now not ignored."* ]] # Mapping should not contain the second file: local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] # But the first file must not change: local other_files=$(_has_line "$FIRST_FILE") [ "$other_files" -eq 0 ] # Both files should be present: local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) [ -f "$first_enctypted_file" ] [ -f "$second_enctypted_file" ] } @test "run 'remove' with multiple arguments" { run git secret remove "$FIRST_FILE" "$SECOND_FILE" [ "$status" -eq 0 ] local first_line=$(_has_line "$FIRST_FILE") [ "$first_line" -eq 1 ] local second_line=$(_has_line "$SECOND_FILE") [ "$second_line" -eq 1 ] # Both files should be present: local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) [ -f "$first_enctypted_file" ] [ -f "$second_enctypted_file" ] } @test "run 'remove' with slashes in filename" { # There was a bug with `sed` an slashes: # see https://github.com/sobolevn/git-secret/issues/23 # Prepartions: local folder="somedir" local file_in_folder="$folder/file_to_hide3" mkdir -p "$folder" set_state_secret_add "$file_in_folder" "somecontent3" set_state_secret_hide # runing hide again to hide new data # Now it should remove filename with slashes from the mapping: run git secret remove "$file_in_folder" [ "$status" -eq 0 ] local mapping_contains=$(_has_line "$file_in_folder") [ "$mapping_contains" -eq 1 ] local enctypted_file=$(_get_encrypted_filename $file_in_folder) [ -f "$enctypted_file" ] # Cleaning up: rm -r "$folder" } @test "run 'remove' with '-c'" { set_state_secret_hide run git secret remove -c "$SECOND_FILE" [ "$status" -eq 0 ] local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) echo "$output" echo "$first_enctypted_file and $second_enctypted_file" [ -f "$first_enctypted_file" ] [ ! -f "$second_enctypted_file" ] } git-secret-0.2.3/tests/test_reveal.bats000066400000000000000000000056361320717772500201410ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FILE_TO_HIDE="file_to_hide" FILE_CONTENTS="hidden content юникод" FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" set_state_secret_hide } function teardown { rm "$FILE_TO_HIDE" uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" unset_current_state } @test "run 'reveal' with password argument" { cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" rm -f "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" rm "${FILE_TO_HIDE}2" } @test "run 'reveal' with '-f'" { rm "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret reveal -f -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] } @test "run 'reveal' with wrong password" { rm "$FILE_TO_HIDE" run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "WRONG" [ "$status" -eq 2 ] [ ! -f "$FILE_TO_HIDE" ] } @test "run 'reveal' for attacker" { # Preparations rm "$FILE_TO_HIDE" local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER") local password=$(test_user_password "$TEST_ATTACKER_USER") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" # This should fail, nothing should be created: [ "$status" -eq 2 ] [ ! -f "$FILE_TO_HIDE" ] # Cleaning up: uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint" } @test "run 'reveal' for multiple users (with key deletion)" { # Preparations: local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") local password=$(test_user_password "$TEST_SECOND_USER") set_state_secret_tell "$TEST_SECOND_USER" set_state_secret_hide # We are removing a secret key of the first user to be sure # that it is not used in decryption: uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" # Testing: run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] # Cleaning up: uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" } @test "run 'reveal' for multiple users (normally)" { # Preparations: local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") # bug in gpg v2.0.22, need to use default password local password=$(test_user_password "$TEST_DEFAULT_USER") set_state_secret_tell "$TEST_SECOND_USER" set_state_secret_hide # Testing: run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] # Cleaning up: uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" } git-secret-0.2.3/tests/test_reveal_filename.bats000066400000000000000000000020361320717772500217700ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base FILE_TO_HIDE="file_to_hide" FILE_CONTENTS="hidden content юникод" FINGERPRINT="" OLD_SECRETS_EXTENSION="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" OLD_SECRETS_EXTENSION="$SECRETS_EXTENSION" export SECRETS_EXTENSION=".new_secret" set_state_secret_hide } function teardown { rm "$FILE_TO_HIDE" uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" unset_current_state export SECRETS_EXTENSION="$OLD_SECRETS_EXTENSION" } @test "run 'reveal' with different file extension" { cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" rm "$FILE_TO_HIDE" local password=$(test_user_password "$TEST_DEFAULT_USER") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" rm "${FILE_TO_HIDE}2" } git-secret-0.2.3/tests/test_tell.bats000066400000000000000000000064271320717772500176220ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" set_state_initial set_state_git set_state_secret_init } function teardown { uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state } @test "fail on no users" { run _user_required [ "$status" -eq 1 ] } @test "constantly fail on no users" { # We had a serious bug with _user_required, # see this link for the details: # https://github.com/sobolevn/git-secret/issues/74 # Preparations: git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" git secret killperson "$TEST_DEFAULT_USER" # It was showing something like `tru::1:1289775241:0:2:1:6` # after the preparations done and the error was not generated. run _user_required [ "$status" -eq 1 ] } @test "run 'tell' with secret-key imported" { local secrets_dir_keys secrets_dir_keys=$(_get_secrets_dir_keys) local private_key="$secrets_dir_keys/secring.gpg" echo "private key" > "$private_key" [ -s "$private_key" ] run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @test "run 'tell' without '.gitsecret'" { local secrets_dir secrets_dir=$(_get_secrets_dir) rm -r "$secrets_dir" run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @test "run 'tell' without arguments" { run git secret tell [ "$status" -eq 1 ] } @test "run 'tell' normally" { run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] # Testing that now user is found: run _user_required [ "$status" -eq 0 ] # Testing that now user is in the list of people who knows the secret: run git secret whoknows [[ "$output" == *"$TEST_DEFAULT_USER"* ]] } @test "run 'tell' with '-m'" { email=$(test_user_email $TEST_DEFAULT_USER) git_set_config_email "$email" run git secret tell -d "$TEST_GPG_HOMEDIR" -m [ "$status" -eq 0 ] } @test "run 'tell' with '-m' (empty email)" { # Prepartions: git_set_config_email "" # now it should not allow to add yourself run git secret tell -d "$TEST_GPG_HOMEDIR" -m [ "$status" -eq 1 ] } @test "run 'tell' with multiple emails" { # Preparations: install_fixture_key "$TEST_SECOND_USER" # Testing the command iteself: run git secret tell -d "$TEST_GPG_HOMEDIR" \ "$TEST_DEFAULT_USER" "$TEST_SECOND_USER" [ "$status" -eq 0 ] # Testing that these users are presented in the # list of people who knows secret: run git secret whoknows [[ "$output" == *"$TEST_DEFAULT_USER"* ]] [[ "$output" == *"$TEST_SECOND_USER"* ]] # Cleaning up: uninstall_fixture_key "$TEST_SECOND_USER" } @test "run 'tell' in subfolder" { if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then skip "this test is skiped while 'git commmit'" fi # Preparations local root_dir='test_dir' local test_dir="$root_dir/telling" local current_dir=$(pwd) mkdir -p "$test_dir" cd "$test_dir" # Test: run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] # Testing that now user is found: run _user_required [ "$status" -eq 0 ] # Testing that now user is in the list of people who knows the secret: run git secret whoknows [[ "$output" == *"$TEST_DEFAULT_USER"* ]] # Cleaning up: cd "$current_dir" rm -r "$root_dir" } git-secret-0.2.3/tests/test_usage.bats000066400000000000000000000007121320717772500177550ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { set_state_initial set_state_git } function teardown { unset_current_state } @test "run 'usage'" { run git secret usage [ "$status" -eq 0 ] } @test "run 'usage' without '.git/'" { remove_git_repository run git secret usage [ "$status" -eq 1 ] } @test "run 'usage' with ignored '.gitsecret/'" { echo ".gitsecret" >> ".gitignore" run git secret usage [ "$status" -eq 1 ] } git-secret-0.2.3/tests/test_whoknows.bats000066400000000000000000000030361320717772500205320ustar00rootroot00000000000000#!/usr/bin/env bats load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" install_fixture_key "$TEST_SECOND_USER" set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_tell "$TEST_SECOND_USER" } function teardown { uninstall_fixture_key "$TEST_DEFAULT_USER" uninstall_fixture_key "$TEST_SECOND_USER" unset_current_state } @test "run 'whoknows' normally" { run git secret whoknows [ "$status" -eq 0 ] # Now test the output, both users should be present: [[ "$output" == *"$TEST_DEFAULT_USER"* ]] [[ "$output" == *"$TEST_SECOND_USER"* ]] } @test "run 'whoknows' in subfolder" { if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then skip "this test is skiped while 'git commmit'" fi # Preparations: local current_dir=$(pwd) local root_dir='test_dir' local test_dir="$root_dir/subfolders/case" mkdir -p "$test_dir" cd "$test_dir" # Test: run git secret whoknows [ "$status" -eq 0 ] # Now test the output, both users should be present: [[ "$output" == *"$TEST_DEFAULT_USER"* ]] [[ "$output" == *"$TEST_SECOND_USER"* ]] # Cleaning up: cd "$current_dir" rm -r "$root_dir" } @test "run 'whoknows' without any users" { # Preparations, removing users: local email1=$(test_user_email "$TEST_DEFAULT_USER") local email2=$(test_user_email "$TEST_SECOND_USER") git secret killperson "$email1" "$email2" # Now whoknows should raise an error: there are no users. run git secret whoknows [ "$status" -eq 1 ] } git-secret-0.2.3/utils/000077500000000000000000000000001320717772500147355ustar00rootroot00000000000000git-secret-0.2.3/utils/apk/000077500000000000000000000000001320717772500155105ustar00rootroot00000000000000git-secret-0.2.3/utils/apk/apk-build.sh000066400000000000000000000004211320717772500177110ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" preinstall_files "-c" # Building .deb package: cd "$SCRIPT_DEST_DIR" && build_package "apk" # Cleaning up: clean_up_files && cd "${SECRET_PROJECT_ROOT}" git-secret-0.2.3/utils/apk/apk-ci.sh000066400000000000000000000015601320717772500172120ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Note that this file is created for test purposes: # 1. It runs inside the Docker container # 2. It does not use `sudo` or anything # 3. If you would like to install `.apk` package on your system, see `Installation` # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .apk file: APK_FILE_LOCATION=$(locate_apk) # Integration tests function integration_tests { # Installing the package: apk add "$APK_FILE_LOCATION" # Configuring the dependencies: apk add --update-cache # Testing the installation: apk info | grep "git-secret" which "git-secret" # Test the manuals: man --where "git-secret" # .7 man --where "git-secret-init" # .1 } integration_tests # Unit tests: # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" git-secret-0.2.3/utils/apk/apk-deploy.sh000066400000000000000000000015741320717772500201200ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) RELEASE_DATE=$(date +%Y-%m-%d) # add `\"override\": 1 \` into the `matrixParams`, if needed: echo "{ \ \"package\": { \ \"name\": \"git-secret\", \ \"repo\": \"apk\", \ \"subject\": \"sobolevn\" \ }, \ \"version\": { \"name\": \"${SCRIPT_VERSION}\", \ \"desc\": \"Version ${SCRIPT_VERSION}\", \ \"released\": \"${RELEASE_DATE}\", \ \"vcs_tag\": \"v${SCRIPT_VERSION}\", \ \"gpgSign\": true \ }, \ \"files\": [{ \ \"includePattern\": \"build/buildroot/(.*\\\\\\.apk)\", \ \"uploadPattern\": \"/git-secret_${SCRIPT_VERSION}_all.apk\" \ }], \ \"publish\": true \ }" > "${SECRET_PROJECT_ROOT}/build/apk_descriptor.json" git-secret-0.2.3/utils/build-utils.sh000066400000000000000000000042511320717772500175300ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Initializing and settings: READ_PEM=0644 EXEC_PEM=0755 SCRIPT_NAME="git-secret" SCRIPT_DESCRIPTION="A bash-tool to store your private data inside a git repository." SCRIPT_VERSION=$(bash "${PWD}"/git-secret --version) # This might be overridden someday: : "${SCRIPT_EPOCH:=0}" : "${SCRIPT_ITERATION:=1}" # This may be overridden: if [[ -z "$SCRIPT_BUILD_DIR" ]]; then SCRIPT_BUILD_DIR="${PWD}/build" fi SCRIPT_DEST_DIR="${SCRIPT_BUILD_DIR}/buildroot" function locate_apk { find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.apk" | head -1 } function locate_deb { find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.deb" | head -1 } function locate_rpm { find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.rpm" | head -1 } function preinstall_files { # Only requires `-T` or `-c` depending on the OS local dir_switch="$1" # Preparing the files: rm -rf "$SCRIPT_BUILD_DIR" mkdir -p "$SCRIPT_DEST_DIR" # Coping the files inside the build folder: install -D "${dir_switch}" -b -m "$EXEC_PEM" "${dir_switch}" "git-secret" "${SCRIPT_DEST_DIR}/usr/bin/git-secret" install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" install -m "$EXEC_PEM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.ronn ]]; then continue fi install -D "${dir_switch}" -b -m "$READ_PEM" "${dir_switch}" "$file" "${SCRIPT_DEST_DIR}/usr/share/$file" done install -D "${dir_switch}" -b -m "$READ_PEM" "${dir_switch}" "man/man7/git-secret.7" \ "${SCRIPT_DEST_DIR}/usr/share/man/man7/git-secret.7" } function build_package { # Only requires `rpm`, `apk` or `deb` as first argument: local build_type="$1" # See https://github.com/jordansissel/fpm for docs: fpm \ -s dir \ -t "$build_type" \ -a all \ -n "$SCRIPT_NAME" \ --version "$SCRIPT_VERSION" \ --description "$SCRIPT_DESCRIPTION" \ --url "https://sobolevn.github.io/git-secret/" \ --maintainer "Nikita Sobolev (mail@sobolevn.me)" \ --license "MIT" \ -C "$SCRIPT_DEST_DIR" \ -d "git" \ -d "gnupg" \ --deb-no-default-config-files \ . } function clean_up_files { rm -rf "${SCRIPT_DEST_DIR:?}/usr" } git-secret-0.2.3/utils/deb/000077500000000000000000000000001320717772500154675ustar00rootroot00000000000000git-secret-0.2.3/utils/deb/deb-build.sh000077500000000000000000000004211320717772500176520ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" preinstall_files "-T" # Building .deb package: cd "$SCRIPT_DEST_DIR" && build_package "deb" # Cleaning up: clean_up_files && cd "${SECRET_PROJECT_ROOT}" git-secret-0.2.3/utils/deb/deb-ci.sh000066400000000000000000000015741320717772500171550ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Note that this file is created for test purposes: # 1. It runs inside the Docker container # 2. It does not use `sudo` or anything # 3. If you would like to install `.deb` package on your system, see `Installation` # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .deb file: DEB_FILE_LOCATION=$(locate_deb) # Integration tests function integration_tests { # Installing the package: dpkg -i "$DEB_FILE_LOCATION" # Configuring the dependencies: apt-get -f -y install # Testing the installation: dpkg --get-selections | grep "git-secret" which "git-secret" # Test the manuals: man --where "git-secret" # .7 man --where "git-secret-init" # .1 } integration_tests # Unit tests: # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" git-secret-0.2.3/utils/deb/deb-deploy.sh000077500000000000000000000020301320717772500200450ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) RELEASE_DATE=$(date +%Y-%m-%d) # add `\"override\": 1 \` into the `matrixParams`, if needed: echo "{ \ \"package\": { \ \"name\": \"git-secret\", \ \"repo\": \"deb\", \ \"subject\": \"sobolevn\" \ }, \ \"version\": { \"name\": \"${SCRIPT_VERSION}\", \ \"desc\": \"Version ${SCRIPT_VERSION}\", \ \"released\": \"${RELEASE_DATE}\", \ \"vcs_tag\": \"v${SCRIPT_VERSION}\", \ \"gpgSign\": true \ }, \ \"files\": [{ \ \"includePattern\": \"build/buildroot/(.*\\\\\\.deb)\", \ \"uploadPattern\": \"/git-secret_${SCRIPT_VERSION}_all.deb\", \ \"matrixParams\": { \ \"deb_distribution\": \"git-secret\", \ \"deb_component\": \"main\", \ \"deb_architecture\": \"all\" \ } \ }], \ \"publish\": true \ }" > "${SECRET_PROJECT_ROOT}/build/deb_descriptor.json" git-secret-0.2.3/utils/gh-branch.sh000077500000000000000000000004251320717772500171260ustar00rootroot00000000000000#!/usr/bin/env bash set -e function update_gh_branch { local branch_name branch_name=$(git branch | grep '\*' | sed 's/* //') git checkout 'gh-pages' make git add '_posts' git commit -m 'documentation update' git checkout "$branch_name" } update_gh_branch git-secret-0.2.3/utils/hooks/000077500000000000000000000000001320717772500160605ustar00rootroot00000000000000git-secret-0.2.3/utils/hooks/post-commit.sh000077500000000000000000000010251320717772500206700ustar00rootroot00000000000000#!/usr/bin/env bash set -e BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') if [[ "$BRANCH_NAME" == 'master' ]]; then # Build new web documentation: make build-gh-pages # Compare script version and the latest tag: NEWEST_TAG=$(git describe --abbrev=0 --tags) SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then # Create new release: git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION" echo "Created new tag 'v${SCRIPT_VERSION}'" fi fi git-secret-0.2.3/utils/hooks/pre-commit.sh000077500000000000000000000010601320717772500204700ustar00rootroot00000000000000#!/usr/bin/env bash set -e BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //') if [[ "$BRANCH_NAME" != '(no branch)' ]]; then unset GIT_WORK_TREE # Set marker, that we running tests from `git commit`, # so some tests will be skiped. It is done, because `git rev-parse` # is not working when running from pre-commit hook. export BATS_RUNNING_FROM_GIT=1 # Run tests: make test if [[ "$BRANCH_NAME" == "master" ]]; then # Build new manuals: make build-man # Add new files: git add man/man1/* git add man/man7/* fi fi git-secret-0.2.3/utils/install.sh000077500000000000000000000020521320717772500167410ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Credit goes to: # https://github.com/sstephenson/bats/blob/master/install.sh function resolve_link { $(type -p greadlink readlink | head -1) "$1" } function abs_dirname { local cwd local path="$1" cwd="$(pwd)" while [ -n "$path" ]; do cd "${path%/*}" local name="${path##*/}" path="$(resolve_link "$name" || true)" done pwd cd "$cwd" } PREFIX="$1" if [ -z "$PREFIX" ]; then echo "usage: $0 " >&2 exit 1 fi SCRIPT_ROOT="$(dirname "$(abs_dirname "$0")")" mkdir -p "$PREFIX"/bin "$PREFIX"/share/man/man1 "$PREFIX"/share/man/man7 cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret # There was an issue with this line: # cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 # see https://github.com/sobolevn/git-secret/issues/35 for reference. find "$SCRIPT_ROOT"/man/man1 -name '*.1' -print0 | xargs -0 -I {} cp \ -a {} "$PREFIX"/share/man/man1 cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 echo "Installed git-secret to ${PREFIX}/bin/git-secret" git-secret-0.2.3/utils/make/000077500000000000000000000000001320717772500156525ustar00rootroot00000000000000git-secret-0.2.3/utils/make/make-ci.sh000066400000000000000000000012161320717772500175140ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Note that this file is created for test purposes: # 1. It runs inside the Docker container # 2. It does not use `sudo` or anything # 3. If you would like to install a package with `make` on your system, # see `Installation` # Integration tests function integration_tests { # Building the package: make build # Installing the package: make install # Testing the installation: which "git-secret" # Test the manuals: man --where "git-secret" # .7 man --where "git-secret-init" # .1 } integration_tests # Unit tests: # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" git-secret-0.2.3/utils/rpm/000077500000000000000000000000001320717772500155335ustar00rootroot00000000000000git-secret-0.2.3/utils/rpm/rpm-build.sh000066400000000000000000000005121320717772500177600ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Copying all the required files to the build directory: preinstall_files "-T" # Building .rpm package: cd "$SCRIPT_DEST_DIR" && build_package "rpm" # Cleaning up: clean_up_files && cd "${SECRET_PROJECT_ROOT}" git-secret-0.2.3/utils/rpm/rpm-ci.sh000066400000000000000000000016011320717772500172540ustar00rootroot00000000000000#!/usr/bin/env bash set -e # Note that this file is created for test purposes: # 1. It runs inside the Docker container # 2. It does not use `sudo` or anything # 3. If you would like to install `.rpm` package on your system, see `Installation` # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # This folder should contain just one .rpm file: RPM_FILE_LOCATION=$(locate_rpm) # Integration tests function integration_tests { # Note that `dnf` must be installed. # CentOS 6 does not support `dnf`. # Installing the package: dnf install -y "$RPM_FILE_LOCATION" # Testing the installation: dnf info "git-secret" which "git-secret" # Test the manuals: man --where "git-secret" # .7 man --where "git-secret-init" # .1 } integration_tests # Unit tests: # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/tests.sh" git-secret-0.2.3/utils/rpm/rpm-deploy.sh000066400000000000000000000015771320717772500201710ustar00rootroot00000000000000#!/usr/bin/env bash set -e # shellcheck disable=SC1090,SC1091 source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh" # Variables, which will be used in `bintray.json`: SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version) RELEASE_DATE=$(date +%Y-%m-%d) # add `\"override\": 1 \` into the `matrixParams`, if needed: echo "{ \ \"package\": { \ \"name\": \"git-secret\", \ \"repo\": \"rpm\", \ \"subject\": \"sobolevn\" \ }, \ \"version\": { \"name\": \"${SCRIPT_VERSION}\", \ \"desc\": \"Version ${SCRIPT_VERSION}\", \ \"released\": \"${RELEASE_DATE}\", \ \"vcs_tag\": \"v${SCRIPT_VERSION}\", \ \"gpgSign\": true \ }, \ \"files\": [{ \ \"includePattern\": \"build/buildroot/(.*\\\\\\.rpm)\", \ \"uploadPattern\": \"/git-secret-${SCRIPT_VERSION}-1.noarch.rpm\" }], \ \"publish\": true \ }" > "${SECRET_PROJECT_ROOT}/build/rpm_descriptor.json" git-secret-0.2.3/utils/tests.sh000077500000000000000000000003361320717772500164400ustar00rootroot00000000000000#!/usr/bin/env bash # `SECRET_PROJECT_ROOT` must be set before running the script. set -e # Running all the bats-tests: cd "${SECRET_PROJECT_ROOT}"; rm -rf temp; mkdir temp; cd temp; bats "${SECRET_PROJECT_ROOT}/tests" git-secret-0.2.3/utils/uninstall.sh000066400000000000000000000004411320717772500173010ustar00rootroot00000000000000#!/usr/bin/env bash set -e PREFIX="$1" if [ -z "$PREFIX" ]; then echo "usage: $0 " >&2 exit 1 fi # Binary: rm -f "$PREFIX"/bin/git-secret # Manuals: find "$PREFIX"/share/man/man1 -type f -name "git-secret-*.1" -exec rm -f {} \; rm -f "$PREFIX"/share/man/man7/git-secret.7