blob: f762f29ebf4bf872c8671cd25679ca381e593c49 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
#!/usr/bin/env bash
#
# Encrypt files to multiple recipients.
#
# Load functions
LIB="`dirname $0`/../functions"
source "$LIB" write $* || exit 1
# Usage
function keyringer_usage_encrypt {
echo "Usage: keyringer <keyring> $BASENAME <secret> [file]"
}
# Alias for keyringer_usage_encrypt
function keyringer_usage_encrypt_batch {
keyringer_usage_encrypt $*
}
# Encrypt a file into the datastore
function keyringer_encrypt {
local file="$1"
shift
if [ -z "$1" ]; then
return 1
fi
if [ "$*" != "-" ]; then
echo "Encrypting $*..."
fi
mkdir -p "$KEYDIR/`dirname "$file"`"
$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$file" "$*"
printf "\n"
}
# Usage
if [ -z "$2" ]; then
keyringer_action_usage
exit 1
fi
# Aditional parameters
if [ ! -z "$3" ]; then
# Set secret name and original file
BASEPATH="$2"
shift 2
UNENCRYPTED_FILE="$*"
if [ ! -d "$UNENCRYPTED_FILE" ] && echo "$UNENCRYPTED_FILE" | grep -q -e '\.'; then
# Get original file EXTENSION
FILENAME="$(basename "$UNENCRYPTED_FILE")"
EXTENSION="${FILENAME##*.}"
# Append file extension in the secret name
#
# Useful when opening files and the application needs the
# extension to guess the file type.
if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
echo "Appending '$EXTENSION' into secret name..."
FILE="$BASEPATH.$EXTENSION"
else
FILE="$BASEPATH"
fi
else
FILE="$BASEPATH"
fi
keyringer_get_new_file $FILE
if [ ! -e "$UNENCRYPTED_FILE" ]; then
echo "Error: cannot encrypt $UNENCRYPTED_FILE: path not found."
exit 1
fi
else
UNENCRYPTED_FILE="-"
shift
keyringer_get_new_file $*
fi
# Set recipients file
keyringer_set_recipients "$FILE"
# Verbosity
if [ "$BASENAME" == "encrypt" ]; then
# Only display directions if we're running encrypt, not encrypt-batch
if [ "$UNENCRYPTED_FILE" == "-" ]; then
echo "Type your message and finish your input with EOF (Ctrl-D)."
fi
fi
# Encrypt
if [ "$UNENCRYPTED_FILE" != "-" ] && [ -d "$UNENCRYPTED_FILE" ]; then
# Time to go recursive
BASEPATH="`echo $FILE | sed -e 's/.asc$//'`"
FILEPATH="`dirname "$UNENCRYPTED_FILE"`"
if [ "$FILEPATH" == "." ]; then
FILEPATH="$(cd `dirname "$UNENCRYPTED_FILE"` &> /dev/null & pwd)"
fi
find $UNENCRYPTED_FILE | while read file; do
if [ ! -d "$file" ]; then
dir="`dirname "$file" | sed -e "s|^$UNENCRYPTED_FILE|$BASEPATH|" -e "s|^$FILEPATH|$BASEPATH|"`"
keyringer_get_new_file `basename "$file"`
keyringer_encrypt "$dir/$FILE" $file
fi
done
FILE="$OLD_FILE"
else
keyringer_encrypt $FILE $UNENCRYPTED_FILE
fi
# Check exit status
err="$?"
if [ "$err" != "0" ]; then
exit "$err"
fi
# Wipe information
if [ "$UNENCRYPTED_FILE" != "-" ]; then
echo "Done. PLEASE WIPE the non-encrypted $UNENCRYPTED_FILE."
fi
# Stage
if [ -d "$BASEDIR/.git" ]; then
keyringer_exec git "$BASEDIR" add "keys/$FILE"
fi
# Optional commit depending on the value of this setting
if [ "$COMMIT_AFTER_ENCRYPT" == "yes" ]; then
FILE="`echo $FILE | sed -e 's|/./||'`"
echo Changes for keys/$FILE | keyringer_exec git "$BASEDIR" commit -F -
fi
# Optional push depending on the value of this setting
if [ "$PUSH_AFTER_ENCRYPT" == "yes" ]; then
keyringer_exec git "$BASEDIR" push
fi
# Done
exit "$?"
|