gitcrypt/git_crypt_deploy at master · ofan/gitcrypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/bin/bash

# Copyright 2013, Ryan Feng
# This file is released under BSD 3-Clause license, please read LICENSE file for more details.

# Settings and switches
PASS=''
SALT=''
PATTERN_FILE=''

ATTRIBUTE_FILE=''
ATTRIBUTES="* filter=encrypted diff=encrypted
[merge]
    renormalize=true"

CLEAN_SCRIPT="_GIT_FILENAME='%f' _git_crypt_filter clean"
SMUDGE_SCRIPT="_GIT_FILENAME='%f' _git_crypt_filter smudge"
DIFF_SCRIPT="_GIT_FILENAME='%f' _git_crypt_filter diff"

GLOBAL_CONFIG_PARAMETER=''
# ===============================================================================

checkAlreadySetup(){
        if [ -n "`grep -s 'filter\s*=\s*\"\?encrypted\"\?' $@`" ];then
            return 0
        else
            return 1
        fi
}

checkGitRepo(){
    if [ ! -e './.git' ];then
        echo "Not in a git repo or not in the root of the working directory" > /dev/stderr
        exit 1
    else
        checkAlreadySetup .gitattributes .git/info/attributes && {
            echo "You've already setup git encryption for this repo"
            exit 0
        }
    fi
}

askPatternFile(){
    DEFAULT_PATTERN_FILE='./.gitcrypt'
    read -p "Specify a pattern file name, it's the file contains all file path patterns need to be encrypted[default: $DEFAULT_PATTERN_FILE]: " PATTERN_FILE
    PATTERN_FILE=${PATTERN_FILE:-$DEFAULT_PATTERN_FILE}
    touch $PATTERN_FILE
    echo "# All files are encrypted
*" > $PATTERN_FILE
    git config encrypt.patternFile "$PATTERN_FILE"
}

askGlobal(){
    read -p "Do you want to make the git encryption settings(like password and salt) global? Be aware that password and salt will be in plaintext and stored in ~/.gitconfig, they are stored in './.git/config'. if you make them global and all local repos will share the same password and salt. If you are not sure please answer no, this will ONLY affect the current local repo.[yN]" USE_GLOBAL_CONFIG
    case $USE_GLOBAL_CONFIG in
        [Yy]*)
            GLOBAL_CONFIG_PARAMETER='--global'
            ;;
        *)
            ;;
    esac
}

genSalt(){
    echo "Generating salt..."
    SALT=`xxd -l 8 -p /dev/urandom`
    git config $GLOBAL_CONFIG_PARAMETER encrypt.salt "$SALT"
}

askPass(){
    if [ -n "`git config --get encrypt.pass`" ];then
        return
    fi
    read -p "You don't have a password yet, do you want to generate it now? Answer no to manually input one[Yn]: "
    case $REPLY in
        [Nn]*)
            read -p "Enter the password for encrypting your files: " PASS
            ;;
            *)
            echo 'Generating password...'
            PASS=`xxd -l 30 -p /dev/urandom`
            ;;
    esac

    git config $GLOBAL_CONFIG_PARAMETER encrypt.pass "$PASS"
}

askAtteibuteFile(){
    OPT=(".gitattributes" ".git/info/attributes")
    echo "Where do you want to put your attribute settings?"
    select ATTRIBUTE_FILE in ${OPT[@]};
    do
        break
    done
    # Write attributes
    TMP=/tmp/$$.tmp
    echo "$ATTRIBUTES" > $TMP
    if [ -r "$ATTRIBUTE_FILE" ]; then
        cat $TMP $ATTRIBUTE_FILE > $ATTRIBUTE_FILE.t
        mv $ATTRIBUTE_FILE{.t,}
    else
        cp $TMP $ATTRIBUTE_FILE
    fi
    rm $TMP
}

setFilters(){
    echo "Writing filter configs..."
    git config $GLOBAL_CONFIG_PARAMETER filter.encrypted.smudge "$SMUDGE_SCRIPT"
    git config $GLOBAL_CONFIG_PARAMETER filter.encrypted.clean  "$CLEAN_SCRIPT"
    git config $GLOBAL_CONFIG_PARAMETER diff.encrypted.textconv "$DIFF_SCRIPT"
}

STEP=1
TOTALSTEP=4
nextStep(){
    echo -n "Step $STEP of $TOTALSTEP: "
    STEP=$(($STEP+1))
}

cleanFilters(){
    echo "Clean all encryption settings..."
    rm -f `git config --get encrypt.patternFile`
    git config --remove-section encrypt &>/dev/null
    git config --remove-section filter.encrypted &>/dev/null
    git config --remove-section diff.encrypted.textconv &>/dev/null
}

main(){
    if [ "$1" = "clean" ];then
        cleanFilters
        exit 0
    fi
    checkGitRepo
    nextStep
    askGlobal
    genSalt
    nextStep
    askPass
    nextStep
    askPatternFile
    nextStep
    askAtteibuteFile
    setFilters
}

# Main procedure
main $@