git-cipher 0.2 → 0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3d52bb65c34660958a91e70fef43d596610bede9
-  data.tar.gz: 7d83c6b13437a4fa8c1d166b76fda86abdf9a990
+  metadata.gz: fafc4d52d9e64f31c6224872f4357038dbde9902
+  data.tar.gz: 95f89526e90879fd8cb111a5489f6d458a3d9609
 SHA512:
-  metadata.gz: 53dec9da0d8e7bed2874793c25bde8e9fad254059bdccee796dec7b131a7191a6a863ced6873e797007167236de4a5f25dfc562b33e01a7506d98da32d7872cb
-  data.tar.gz: e1c65440edaeb32687e7b124f6c497bd8e9413f4ef7c7f92a23d55d13ab29691a820eed6918ca819f6273e4308fb8c1a4d9cabd5939b4661da25ee785766e2f2
+  metadata.gz: 433b3749ae3175d9c4927a83bdd321fbe72b5cc0cc8d462d77ba0bb37a2b9cfdc8ce0652f37e64309c0b6f78a000e4a92217e39b93332eba68d153d7c8dec9f4
+  data.tar.gz: 2c8157fab0532f359d2acaf2ebed1eae6e9719467ec6c5e37e5f2b8344c7ff479c263d28146db0daae67df6093eb3f83bf7f50b5764647f9dd633b4939323254

data/bin/git-cipher

@@ -9,9 +9,9 @@ require 'tempfile'
 class Cipher
   EXTENSION = 'encrypted'
   DEFAULT_GPG_USER  = 'greg@hurrell.net'
-  DEFAULT_GPG_PRESET_COMMAND = '/usr/local/opt/gpg-agent/libexec/gpg-preset-passphrase'
+  EXECUTABLE_EXTENSIONS = %w[.js .sh]
   VALID_OPTIONS = %w[force help]
-  VALID_SUBCOMMANDS = %w[decrypt encrypt help log preset forget]
+  VALID_SUBCOMMANDS = %w[decrypt encrypt help log ls]
 
   def run
     send @subcommand
@@ -63,15 +63,13 @@ private
   def decrypt
     if @files.empty?
       puts 'No explicit paths supplied: decrypting all matching files'
-      Dir["**/.*.#{EXTENSION}"].each { |file| decrypt!(file) }
+      matching.each { |file| decrypt!(file) }
     else
       @files.each { |file| decrypt!(file) }
     end
   end
 
   def decrypt!(file)
-    require_agent
-
     pathname = Pathname.new(file)
     basename = pathname.basename.to_s
     unless basename.start_with?('.')
@@ -102,11 +100,11 @@ private
       if $?.success?
         puts green(' done]')
 
-        File.chmod(0600, outfile)
+        File.chmod(mode(outfile), outfile)
 
-        # mark plain-text as older than ciphertext, this will prevent a
+        # Mark plain-text as older than ciphertext, this will prevent a
         # bin/encrypt run from needlessly changing the contents of the ciphertext
-        # (as the encryption is non-deterministic)
+        # (as the encryption is non-deterministic).
         time = File.mtime(file) - 1
         File.utime(time, time, outfile)
       else
@@ -127,7 +125,7 @@ private
   def encrypt
     if @files.empty?
       puts 'No explicit paths supplied: encrypting all matching files'
-      Dir["**/.*.#{EXTENSION}"].each do |file|
+      matching.each do |file|
         file = Pathname.new(file)
         encrypt!(
           file.dirname +
@@ -171,7 +169,7 @@ private
       end
     end
 
-    File.chmod(0600, file)
+    File.chmod(mode(file), file)
     check_ignored(file)
   end
 
@@ -183,11 +181,6 @@ private
     %x{#{string.gsub("\n", ' ')}}
   end
 
-  def forget
-    `#{escape command_path(gpg_preset_command)} --forget #{keygrip}`
-    die 'gpg-preset-passphrase failed' unless $?.success?
-  end
-
   def get_config(key)
     value = `#{escape command_path('git')} config cipher.#{key}`.chomp
     return if value.empty?
@@ -217,10 +210,6 @@ private
     })
   end
 
-  def gpg_preset_command
-    ENV['GPG_PRESET_COMMAND'] || get_config('presetcommand') || DEFAULT_GPG_PRESET_COMMAND
-  end
-
   def gpg_user
     ENV['GPG_USER'] || get_config('gpguser') || DEFAULT_GPG_USER
   end
@@ -229,17 +218,6 @@ private
     colorize(string, 32)
   end
 
-  def keygrip
-    # get the subkey fingerprint and convert it into a 40-char hex code
-    @keygrip ||= execute(%{
-      #{escape command_path('gpg')} --fingerprint #{escape gpg_user} |
-      grep fingerprint |
-      tail -1 |
-      cut -d= -f2 |
-      sed -e 's/ //g'
-    })
-  end
-
   def kill_line
     # 2K deletes the line, 0G moves to column 0
     # see: http://en.wikipedia.org/wiki/ANSI_escape_code
@@ -250,19 +228,18 @@ private
     if @files.empty?
       # TODO: would be nice to interleave these instead of doing them serially.
       puts 'No explicit paths supplied: logging all matching files'
-      Dir["**/.*.#{EXTENSION}"].each { |file| log!(file) }
+      matching.each { |file| log!(file) }
     else
       @files.each { |file| log!(file) }
     end
   end
 
   def log!(file)
-    require_agent
-
     commits = execute(%{
       #{escape command_path('git')} log
       --pretty=format:%H -- #{escape file}
     }).split
+    suffix = "-#{File.basename(file)}"
 
     commits.each do |commit|
       files = []
@@ -270,13 +247,14 @@ private
         # Get plaintext "post" image.
         files.push(post = temp_write(show(file, commit)))
         files.push(
-          post_plaintext = temp_write(gpg_decrypt(post.path, '-'))
+          post_plaintext = temp_write(gpg_decrypt(post.path, '-'), suffix)
         )
 
         # Get plaintext "pre" image.
         files.push(pre = temp_write(show(file, "#{commit}~")))
         files.push(pre_plaintext = temp_write(
-          pre.size.zero? ? '' : gpg_decrypt(pre.path, '-')
+          pre.size.zero? ? '' : gpg_decrypt(pre.path, '-'),
+          suffix
         ))
 
         # Print commit message.
@@ -304,6 +282,24 @@ private
     end
   end
 
+  def ls
+    matching.each { |file| puts file }
+  end
+
+  def matching
+    Dir.glob("**/*.#{EXTENSION}", File::FNM_DOTMATCH)
+  end
+
+  # Determine the appropriate mode for the given decrypted plaintext
+  # `file` based on its file extension.
+  def mode(file)
+    if EXECUTABLE_EXTENSIONS.include?(Pathname.new(file).extname)
+      0700
+    else
+      0600
+    end
+  end
+
   def normalize_option(option)
     normal = option.dup
 
@@ -318,17 +314,6 @@ private
     found
   end
 
-  def preset
-    passphrase = get_passphrase
-    command = "#{escape command_path(gpg_preset_command)} --preset #{keygrip}"
-    IO.popen(command, 'w+') do |io|
-      io.puts passphrase
-      io.close_write
-      puts io.read # usually silent
-    end
-    die 'gpg-preset-passphrase failed' unless $?.success?
-  end
-
   def process_args
     options, files = ARGV.partition { |arg| arg.start_with?('-') }
     subcommand = files.shift
@@ -351,17 +336,6 @@ private
     colorize(string, 31)
   end
 
-  def require_agent
-    unless ENV['GPG_AGENT_INFO']
-      die <<-MSG
-        GPG_AGENT_INFO not present in the environment.
-        Try running this before retrying `#{command_name} #{@subcommand}`:
-          eval $(gpg-agent --daemon)
-          #{command_name} preset
-      MSG
-    end
-  end
-
   def show(file, commit)
     # Redirect stderr to /dev/null because the file might not have existed prior
     # to this commit.
@@ -377,9 +351,8 @@ private
     doc.gsub(/^[ \t]{#{indent}}/, '')
   end
 
-  def temp_write(contents)
-    file = Tempfile.new('git-cipher-')
-    file.chmod(0600)
+  def temp_write(contents, suffix = '')
+    file = Tempfile.new(['git-cipher-', suffix])
     file.write(contents)
     file.flush
     file
@@ -430,14 +403,6 @@ private
                 #{command_name} encrypt -f
                 #{command_name} encrypt --force # (alternative syntax)
       USAGE
-    when 'forget'
-      puts strip_heredoc(<<-USAGE)
-        #{command_name} forget
-
-          Forget passphrase previously stored using `#{command_name} preset`:
-
-              #{command_name} forget
-      USAGE
     when 'log'
       puts strip_heredoc(<<-USAGE)
         #{command_name} log FILE
@@ -447,13 +412,12 @@ private
 
               #{command_name} log foo
       USAGE
-    when 'preset'
+    when 'ls'
       puts strip_heredoc(<<-USAGE)
-        #{command_name} preset
-
-          Store a passphrase in a running `gpg-agent` agent:
+        #{command_name} ls
 
-              #{command_name} preset
+          Lists the encrypted files in the current directory and
+          its subdirectories.
       USAGE
     else
       puts strip_heredoc(<<-USAGE)
@@ -461,9 +425,8 @@ private
 
             #{command_name} decrypt
             #{command_name} encrypt
-            #{command_name} forget
             #{command_name} log
-            #{command_name} preset
+            #{command_name} ls
       USAGE
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: git-cipher
 version: !ruby/object:Gem::Version
-  version: '0.2'
+  version: '0.3'
 platform: ruby
 authors:
 - Greg Hurrell
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-08 00:00:00.000000000 Z
+date: 2017-04-24 00:00:00.000000000 Z
 dependencies: []
 description: "\n    Provides a convenient workflow for working with encrypted files
   in a public\n    Git repo. Delegates the underlying work of encryption/decryption
@@ -43,7 +43,7 @@ requirements:
 - Git
 - GnuPG
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.0.14.1
 signing_key: 
 specification_version: 4
 summary: Manages encrypted content in a Git repo