RubyGems - git-cipher - Versions diffs - 0.2 → 1.1 - Mend

git-cipher 0.2 → 1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3d52bb65c34660958a91e70fef43d596610bede9
-  data.tar.gz: 7d83c6b13437a4fa8c1d166b76fda86abdf9a990
+SHA256:
+  metadata.gz: 7d5b65afd443605f7782cec24d66093e353ac155e6b4a1e90aac40da2b8cbfbd
+  data.tar.gz: ab7448447f5ccd3b6467190315e9597e082ae01880ffcdb4cd0e3542b37b0b3e
 SHA512:
-  metadata.gz: 53dec9da0d8e7bed2874793c25bde8e9fad254059bdccee796dec7b131a7191a6a863ced6873e797007167236de4a5f25dfc562b33e01a7506d98da32d7872cb
-  data.tar.gz: e1c65440edaeb32687e7b124f6c497bd8e9413f4ef7c7f92a23d55d13ab29691a820eed6918ca819f6273e4308fb8c1a4d9cabd5939b4661da25ee785766e2f2
+  metadata.gz: 2dce18072bcee778726a04b35d2103552ba51c860b669428a7ce4c5f9c9c65e49866b6092f1d416b9b88b417a5d1c696be78d8f880b07e87ba71f2d75f0c6e8b
+  data.tar.gz: 91c20158875f8f66ebeb81924a8518f1df9265a1324dd8e9f8bf45ecb6d1787320194229c6e839525cbfc40b4fe622bc46a4e54403cbbb20d5264a8e2fb284fc

data/bin/git-cipher CHANGED Viewed

@@ -8,10 +8,15 @@ require 'tempfile'
 class Cipher
   EXTENSION = 'encrypted'
-  DEFAULT_GPG_USER  = 'greg@hurrell.net'
-  DEFAULT_GPG_PRESET_COMMAND = '/usr/local/opt/gpg-agent/libexec/gpg-preset-passphrase'
+  DEFAULT_GPG_USERS  = 'greg@hurrell.net,wincent@github.com'
+  EXECUTABLE_EXTENSIONS = %w[.js .sh]
+  STATUS = {
+    'MISSING' => 0b001,
+    'MODIFIED' => 0b010,
+    'STALE' => 0b100,
+  }
   VALID_OPTIONS = %w[force help]
-  VALID_SUBCOMMANDS = %w[decrypt encrypt help log preset forget]
+  VALID_SUBCOMMANDS = %w[decrypt encrypt help log ls status]
   def run
     send @subcommand
@@ -34,8 +39,7 @@ private
   end
   def check_ignored(path)
-    `#{escape command_path('git')} check-ignore -q #{escape path}`
-    puts "[warning: #{path} is not ignored]" unless $?.exitstatus.zero?
+    puts "[warning: #{path} is not ignored]" unless is_ignored?(path)
   end
   def colorize(string, color)
@@ -55,7 +59,7 @@ private
   end
   def command_path(command)
-    path = `command -v #{escape command}`.chomp
+    path = `sh -c command\\ -v\\ #{escape command}`.chomp
     die "required dependency #{command} not found" if path.empty?
     path
   end
@@ -63,15 +67,13 @@ private
   def decrypt
     if @files.empty?
       puts 'No explicit paths supplied: decrypting all matching files'
-      Dir["**/.*.#{EXTENSION}"].each { |file| decrypt!(file) }
+      matching.each { |file| decrypt!(file) }
     else
       @files.each { |file| decrypt!(file) }
     end
   end
   def decrypt!(file)
-    require_agent
     pathname = Pathname.new(file)
     basename = pathname.basename.to_s
     unless basename.start_with?('.')
@@ -102,11 +104,11 @@ private
       if $?.success?
         puts green(' done]')
-        File.chmod(0600, outfile)
+        File.chmod(mode(outfile), outfile)
-        # mark plain-text as older than ciphertext, this will prevent a
+        # Mark plain-text as older than ciphertext, this will prevent a
         # bin/encrypt run from needlessly changing the contents of the ciphertext
-        # (as the encryption is non-deterministic)
+        # (as the encryption is non-deterministic).
         time = File.mtime(file) - 1
         File.utime(time, time, outfile)
       else
@@ -127,7 +129,7 @@ private
   def encrypt
     if @files.empty?
       puts 'No explicit paths supplied: encrypting all matching files'
-      Dir["**/.*.#{EXTENSION}"].each do |file|
+      matching.each do |file|
         file = Pathname.new(file)
         encrypt!(
           file.dirname +
@@ -150,17 +152,21 @@ private
     if FileUtils.uptodate?(outfile, [file]) && !@force
       puts blue('[up to date]')
     else
+      recipients = gpg_users.
+        split(/\s*,\s*/).
+        map { |u| "--recipient #{escape u}"}.
+        join(' ')
       print green('[encrypting ...')
       execute(%{
         #{escape command_path('gpg')}
-          -a
-          -q
+          --armor
+          --quiet
           --batch
           --no-tty
           --yes
-          -r #{escape gpg_user}
-          -o #{escape outfile}
-          -e #{escape file}
+          #{recipients}
+          --output #{escape outfile}
+          --encrypt #{escape file}
       })
       if $?.success?
         puts green(' done]')
@@ -171,7 +177,7 @@ private
       end
     end
-    File.chmod(0600, file)
+    File.chmod(mode(file), file)
     check_ignored(file)
   end
@@ -183,27 +189,12 @@ private
     %x{#{string.gsub("\n", ' ')}}
   end
-  def forget
-    `#{escape command_path(gpg_preset_command)} --forget #{keygrip}`
-    die 'gpg-preset-passphrase failed' unless $?.success?
-  end
   def get_config(key)
     value = `#{escape command_path('git')} config cipher.#{key}`.chomp
     return if value.empty?
     value
   end
-  def get_passphrase
-    stty = escape(command_path('stty'))
-    print 'Passphrase [will not be echoed]: '
-    `#{stty} -echo` # quick hack, cheaper than depending on highline gem
-    STDIN.gets.chomp
-  ensure
-    `#{stty} echo`
-    puts
-  end
   def gpg_decrypt(file, outfile)
     execute(%{
       #{escape command_path('gpg')}
@@ -217,27 +208,17 @@ private
     })
   end
-  def gpg_preset_command
-    ENV['GPG_PRESET_COMMAND'] || get_config('presetcommand') || DEFAULT_GPG_PRESET_COMMAND
-  end
-  def gpg_user
-    ENV['GPG_USER'] || get_config('gpguser') || DEFAULT_GPG_USER
+  def gpg_users
+    ENV['GPG_USER'] || get_config('gpguser') || DEFAULT_GPG_USERS
   end
   def green(string)
     colorize(string, 32)
   end
-  def keygrip
-    # get the subkey fingerprint and convert it into a 40-char hex code
-    @keygrip ||= execute(%{
-      #{escape command_path('gpg')} --fingerprint #{escape gpg_user} |
-      grep fingerprint |
-      tail -1 |
-      cut -d= -f2 |
-      sed -e 's/ //g'
-    })
+  def is_ignored?(path)
+    `#{escape command_path('git')} check-ignore -q #{escape path}`
+    return $?.exitstatus.zero?
   end
   def kill_line
@@ -248,37 +229,36 @@ private
   def log
     if @files.empty?
-      # TODO: would be nice to interleave these instead of doing them serially.
       puts 'No explicit paths supplied: logging all matching files'
-      Dir["**/.*.#{EXTENSION}"].each { |file| log!(file) }
+      log!(nil)
     else
-      @files.each { |file| log!(file) }
+      log!(@files)
     end
   end
-  def log!(file)
-    require_agent
-    commits = execute(%{
-      #{escape command_path('git')} log
-      --pretty=format:%H -- #{escape file}
-    }).split
+  def log!(files)
+    if files.nil?
+      commits = execute(%{
+        #{escape command_path('git')} log
+        --pretty=format:%H
+        --topo-order
+        -- **/.*.#{EXTENSION}
+      }).split
+    else
+      # Would use `--follow` here, but that only works with a single file and, more
+      # importantly, all encrypted files look like random noise, so `--follow`
+      # won't do anything useful; log will stop at first rename.
+      commits = execute(%{
+        #{escape command_path('git')} log
+        --pretty=format:%H
+        --topo-order
+        -- #{files.map { |f| escape(f) }.join(' ')}
+      }).split
+    end
     commits.each do |commit|
-      files = []
+      tempfiles = []
       begin
-        # Get plaintext "post" image.
-        files.push(post = temp_write(show(file, commit)))
-        files.push(
-          post_plaintext = temp_write(gpg_decrypt(post.path, '-'))
-        )
-        # Get plaintext "pre" image.
-        files.push(pre = temp_write(show(file, "#{commit}~")))
-        files.push(pre_plaintext = temp_write(
-          pre.size.zero? ? '' : gpg_decrypt(pre.path, '-')
-        ))
         # Print commit message.
         puts execute(%{
           #{escape command_path('git')} --no-pager log
@@ -286,17 +266,37 @@ private
         })
         puts
-        # Print pre-to-post diff.
-        puts execute(%{
-          #{escape command_path('git')} --no-pager diff
-          --color=always
-          #{escape pre_plaintext.path}
-          #{escape post_plaintext.path}
-        })
+        # See which files changed in this commit.
+        changed = wc(commit, files).split("\0")
+        changed.each do |file|
+          suffix = "-#{File.basename(file)}"
+          # Get plaintext "post" image.
+          tempfiles.push(post = temp_write(show(file, commit)))
+          tempfiles.push(post_plaintext = temp_write(
+            post.size.zero? ? '' : gpg_decrypt(post.path, '-'),
+            suffix
+          ))
+          # Get plaintext "pre" image.
+          tempfiles.push(pre = temp_write(show(file, "#{commit}~")))
+          tempfiles.push(pre_plaintext = temp_write(
+            pre.size.zero? ? '' : gpg_decrypt(pre.path, '-'),
+            suffix
+          ))
+          # Print pre-to-post diff.
+          puts execute(%{
+            #{escape command_path('git')} --no-pager diff
+            --color=always
+            #{escape pre_plaintext.path}
+            #{escape post_plaintext.path}
+          })
+        end
         puts
       ensure
-        files.each do |tempfile|
+        tempfiles.each do |tempfile|
           tempfile.close
           tempfile.unlink
         end
@@ -304,6 +304,57 @@ private
     end
   end
+  def ls
+    matching.each { |file| puts file }
+  end
+  def status
+    exitstatus = 0
+    matching.each do |file|
+      pathname = Pathname.new(file)
+      basename = pathname.basename.to_s
+      outfile = pathname.dirname + basename.gsub(
+        /\A\.|\.#{EXTENSION}\z/, ''
+      )
+      if outfile.exist?
+        if FileUtils.uptodate?(outfile, [file])
+          # Plain-text is newer than ciphertext.
+          description = yellow('[MODIFIED]')
+          exitstatus |= STATUS['MODIFIED']
+        else
+          if (File.mtime(file) - File.mtime(outfile)) > 5
+            # Plain-text is signficantly older than ciphertext.
+            description = yellow('[STALE]')
+            exitstatus |= STATUS['STALE']
+          else
+            description = green('[OK]')
+          end
+        end
+      else
+        description = red('[MISSING]')
+        exitstatus |= STATUS['MISSING']
+      end
+      puts "#{file}: #{description}"
+    end
+    exit exitstatus
+  end
+  def matching
+    Dir.glob("**/*.#{EXTENSION}", File::FNM_DOTMATCH).reject do |candidate|
+      is_ignored?(candidate)
+    end
+  end
+  # Determine the appropriate mode for the given decrypted plaintext
+  # `file` based on its file extension.
+  def mode(file)
+    if EXECUTABLE_EXTENSIONS.include?(Pathname.new(file).extname)
+      0700
+    else
+      0600
+    end
+  end
   def normalize_option(option)
     normal = option.dup
@@ -318,17 +369,6 @@ private
     found
   end
-  def preset
-    passphrase = get_passphrase
-    command = "#{escape command_path(gpg_preset_command)} --preset #{keygrip}"
-    IO.popen(command, 'w+') do |io|
-      io.puts passphrase
-      io.close_write
-      puts io.read # usually silent
-    end
-    die 'gpg-preset-passphrase failed' unless $?.success?
-  end
   def process_args
     options, files = ARGV.partition { |arg| arg.start_with?('-') }
     subcommand = files.shift
@@ -351,17 +391,6 @@ private
     colorize(string, 31)
   end
-  def require_agent
-    unless ENV['GPG_AGENT_INFO']
-      die <<-MSG
-        GPG_AGENT_INFO not present in the environment.
-        Try running this before retrying `#{command_name} #{@subcommand}`:
-          eval $(gpg-agent --daemon)
-          #{command_name} preset
-      MSG
-    end
-  end
   def show(file, commit)
     # Redirect stderr to /dev/null because the file might not have existed prior
     # to this commit.
@@ -377,9 +406,8 @@ private
     doc.gsub(/^[ \t]{#{indent}}/, '')
   end
-  def temp_write(contents)
-    file = Tempfile.new('git-cipher-')
-    file.chmod(0600)
+  def temp_write(contents, suffix = '')
+    file = Tempfile.new(['git-cipher-', suffix])
     file.write(contents)
     file.flush
     file
@@ -430,14 +458,6 @@ private
                 #{command_name} encrypt -f
                 #{command_name} encrypt --force # (alternative syntax)
       USAGE
-    when 'forget'
-      puts strip_heredoc(<<-USAGE)
-        #{command_name} forget
-          Forget passphrase previously stored using `#{command_name} preset`:
-              #{command_name} forget
-      USAGE
     when 'log'
       puts strip_heredoc(<<-USAGE)
         #{command_name} log FILE
@@ -447,13 +467,24 @@ private
               #{command_name} log foo
       USAGE
-    when 'preset'
+    when 'ls'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} ls
+          Lists the encrypted files in the current directory and
+          its subdirectories.
+      USAGE
+    when 'status'
       puts strip_heredoc(<<-USAGE)
-        #{command_name} preset
+        #{command_name} status
-          Store a passphrase in a running `gpg-agent` agent:
+          Shows the status of encrypted files in the current directory and
+          its subdirectories.
-              #{command_name} preset
+          Exits with status #{STATUS['MISSING']} if any decrypted file is missing (eg. "MISSING").
+          Exits with status #{STATUS['MODIFIED']} if any decrypted file has modifications (eg. "MODIFIED").
+          Exits with status #{STATUS['STALE']} if any encrypted file has modifications (eg. "STALE").
+          When multiple conditions apply, they are OR-ed together to produce a status code.
       USAGE
     else
       puts strip_heredoc(<<-USAGE)
@@ -461,14 +492,33 @@ private
             #{command_name} decrypt
             #{command_name} encrypt
-            #{command_name} forget
             #{command_name} log
-            #{command_name} preset
+            #{command_name} ls
+            #{command_name} status
       USAGE
     end
     exit
   end
+  # Show which files (out of `files`) changed in `commit`.
+  def wc(commit, files)
+    if files.nil?
+      execute(%{
+        #{escape command_path('git')} show --name-only --pretty=format: -z #{commit} --
+        **/.*.#{EXTENSION}
+      })
+    else
+      execute(%{
+        #{escape command_path('git')} show --name-only --pretty=format: -z #{commit} --
+        #{files.map { |f| escape(f) }.join(' ')}
+      })
+    end
+  end
+  def yellow(string)
+    colorize(string, 33)
+  end
 end
 Cipher.new.run

data/bin/git-cipher1 ADDED Viewed

@@ -0,0 +1,524 @@
+#!/usr/bin/env ruby
+# git-cipher -- encrypt/decrypt files
+require 'fileutils'
+require 'pathname'
+require 'shellwords'
+require 'tempfile'
+class Cipher
+  EXTENSION = 'encrypted'
+  DEFAULT_GPG_USERS  = 'greg@hurrell.net,wincent@github.com'
+  EXECUTABLE_EXTENSIONS = %w[.js .sh]
+  STATUS = {
+    'MISSING' => 0b001,
+    'MODIFIED' => 0b010,
+    'STALE' => 0b100,
+  }
+  VALID_OPTIONS = %w[force help]
+  VALID_SUBCOMMANDS = %w[decrypt encrypt help log ls status]
+  def run
+    send @subcommand
+  end
+private
+  def initialize
+    @subcommand, @options, @files = process_args
+    if @options.include?('help') || @subcommand == 'help'
+      usage(@subcommand)
+    end
+    @force = @options.include?('force')
+  end
+  def blue(string)
+    colorize(string, 34)
+  end
+  def check_ignored(path)
+    puts "[warning: #{path} is not ignored]" unless is_ignored?(path)
+  end
+  def colorize(string, color)
+    "\e[#{color}m#{string}\e[0m"
+  end
+  def command_name
+    @command_name ||= begin
+      if `ps -p #{Process.ppid.to_i}` =~ /\bgit cipher\b/
+        'git cipher'
+      else
+        File.basename(__FILE__)
+      end
+    rescue
+      File.basename(__FILE__)
+    end
+  end
+  def command_path(command)
+    path = `sh -c command\\ -v\\ #{escape command}`.chomp
+    die "required dependency #{command} not found" if path.empty?
+    path
+  end
+  def decrypt
+    if @files.empty?
+      puts 'No explicit paths supplied: decrypting all matching files'
+      matching.each { |file| decrypt!(file) }
+    else
+      @files.each { |file| decrypt!(file) }
+    end
+  end
+  def decrypt!(file)
+    pathname = Pathname.new(file)
+    basename = pathname.basename.to_s
+    unless basename.start_with?('.')
+      die "#{file} does not begin with a period"
+    end
+    unless basename.end_with?(".#{EXTENSION}")
+      die "#{file} does not have an .#{EXTENSION} extension"
+    end
+    unless pathname.exist?
+      die "#{file} does not exist"
+    end
+    outfile = pathname.dirname + basename.gsub(
+      /\A\.|\.#{EXTENSION}\z/, ''
+    )
+    print "#{file} -> #{outfile} "
+    if FileUtils.uptodate?(outfile, [file]) && !@force
+      # decrypted is newer than encrypted; it might have local changes which we
+      # could blow away, so warn
+      puts red('[warning: plain-text newer than ciphertext; skipping]')
+    else
+      print green('[decrypting ...')
+      gpg_decrypt(file, outfile)
+      if $?.success?
+        puts green(' done]')
+        File.chmod(mode(outfile), outfile)
+        # Mark plain-text as older than ciphertext, this will prevent a
+        # bin/encrypt run from needlessly changing the contents of the ciphertext
+        # (as the encryption is non-deterministic).
+        time = File.mtime(file) - 1
+        File.utime(time, time, outfile)
+      else
+        print kill_line
+        puts red('[decrypting ... failed; bailing]')
+        exit $?.exitstatus
+      end
+      check_ignored(outfile)
+    end
+  end
+  def die(msg)
+    STDERR.puts red('error:'), strip_heredoc(msg)
+    exit 1
+  end
+  def encrypt
+    if @files.empty?
+      puts 'No explicit paths supplied: encrypting all matching files'
+      matching.each do |file|
+        file = Pathname.new(file)
+        encrypt!(
+          file.dirname +
+          file.basename.to_s.gsub(/\A\.|\.#{EXTENSION}\z/, '')
+        )
+      end
+    else
+      @files.each { |file| encrypt!(Pathname.new(file)) }
+    end
+  end
+  def encrypt!(file)
+    unless file.exist?
+      die "#{file} does not exist"
+    end
+    outfile = file.dirname + ".#{file.basename}.#{EXTENSION}"
+    print "#{file} -> #{outfile} "
+    if FileUtils.uptodate?(outfile, [file]) && !@force
+      puts blue('[up to date]')
+    else
+      recipients = gpg_users.
+        split(/\s*,\s*/).
+        map { |u| "--recipient #{escape u}"}.
+        join(' ')
+      print green('[encrypting ...')
+      execute(%{
+        #{escape command_path('gpg')}
+          --armor
+          --quiet
+          --batch
+          --no-tty
+          --yes
+          #{recipients}
+          --output #{escape outfile}
+          --encrypt #{escape file}
+      })
+      if $?.success?
+        puts green(' done]')
+      else
+        print kill_line
+        puts red('[encrypting ... failed; bailing]')
+        exit $?.exitstatus
+      end
+    end
+    File.chmod(mode(file), file)
+    check_ignored(file)
+  end
+  def escape(string)
+    Shellwords.escape(string)
+  end
+  def execute(string)
+    %x{#{string.gsub("\n", ' ')}}
+  end
+  def get_config(key)
+    value = `#{escape command_path('git')} config cipher.#{key}`.chomp
+    return if value.empty?
+    value
+  end
+  def gpg_decrypt(file, outfile)
+    execute(%{
+      #{escape command_path('gpg')}
+        -q
+        --yes
+        --batch
+        --no-tty
+        --use-agent
+        -o #{escape outfile}
+        -d #{escape file}
+    })
+  end
+  def gpg_users
+    ENV['GPG_USER'] || get_config('gpguser') || DEFAULT_GPG_USERS
+  end
+  def green(string)
+    colorize(string, 32)
+  end
+  def is_ignored?(path)
+    `#{escape command_path('git')} check-ignore -q #{escape path}`
+    return $?.exitstatus.zero?
+  end
+  def kill_line
+    # 2K deletes the line, 0G moves to column 0
+    # see: http://en.wikipedia.org/wiki/ANSI_escape_code
+    "\e[2K\e[0G"
+  end
+  def log
+    if @files.empty?
+      puts 'No explicit paths supplied: logging all matching files'
+      log!(nil)
+    else
+      log!(@files)
+    end
+  end
+  def log!(files)
+    if files.nil?
+      commits = execute(%{
+        #{escape command_path('git')} log
+        --pretty=format:%H
+        --topo-order
+        -- **/.*.#{EXTENSION}
+      }).split
+    else
+      # Would use `--follow` here, but that only works with a single file and, more
+      # importantly, all encrypted files look like random noise, so `--follow`
+      # won't do anything useful; log will stop at first rename.
+      commits = execute(%{
+        #{escape command_path('git')} log
+        --pretty=format:%H
+        --topo-order
+        -- #{files.map { |f| escape(f) }.join(' ')}
+      }).split
+    end
+    commits.each do |commit|
+      tempfiles = []
+      begin
+        # Print commit message.
+        puts execute(%{
+          #{escape command_path('git')} --no-pager log
+          --color=always -1 #{commit}
+        })
+        puts
+        # See which files changed in this commit.
+        changed = wc(commit, files).split("\0")
+        changed.each do |file|
+          suffix = "-#{File.basename(file)}"
+          # Get plaintext "post" image.
+          tempfiles.push(post = temp_write(show(file, commit)))
+          tempfiles.push(post_plaintext = temp_write(
+            post.size.zero? ? '' : gpg_decrypt(post.path, '-'),
+            suffix
+          ))
+          # Get plaintext "pre" image.
+          tempfiles.push(pre = temp_write(show(file, "#{commit}~")))
+          tempfiles.push(pre_plaintext = temp_write(
+            pre.size.zero? ? '' : gpg_decrypt(pre.path, '-'),
+            suffix
+          ))
+          # Print pre-to-post diff.
+          puts execute(%{
+            #{escape command_path('git')} --no-pager diff
+            --color=always
+            #{escape pre_plaintext.path}
+            #{escape post_plaintext.path}
+          })
+        end
+        puts
+      ensure
+        tempfiles.each do |tempfile|
+          tempfile.close
+          tempfile.unlink
+        end
+      end
+    end
+  end
+  def ls
+    matching.each { |file| puts file }
+  end
+  def status
+    exitstatus = 0
+    matching.each do |file|
+      pathname = Pathname.new(file)
+      basename = pathname.basename.to_s
+      outfile = pathname.dirname + basename.gsub(
+        /\A\.|\.#{EXTENSION}\z/, ''
+      )
+      if outfile.exist?
+        if FileUtils.uptodate?(outfile, [file])
+          # Plain-text is newer than ciphertext.
+          description = yellow('[MODIFIED]')
+          exitstatus |= STATUS['MODIFIED']
+        else
+          if (File.mtime(file) - File.mtime(outfile)) > 5
+            # Plain-text is signficantly older than ciphertext.
+            description = yellow('[STALE]')
+            exitstatus |= STATUS['STALE']
+          else
+            description = green('[OK]')
+          end
+        end
+      else
+        description = red('[MISSING]')
+        exitstatus |= STATUS['MISSING']
+      end
+      puts "#{file}: #{description}"
+    end
+    exit exitstatus
+  end
+  def matching
+    Dir.glob("**/*.#{EXTENSION}", File::FNM_DOTMATCH).reject do |candidate|
+      is_ignored?(candidate)
+    end
+  end
+  # Determine the appropriate mode for the given decrypted plaintext
+  # `file` based on its file extension.
+  def mode(file)
+    if EXECUTABLE_EXTENSIONS.include?(Pathname.new(file).extname)
+      0700
+    else
+      0600
+    end
+  end
+  def normalize_option(option)
+    normal = option.dup
+    if normal.sub!(/\A--/, '') # long option
+      found = VALID_OPTIONS.find { |o| o == normal }
+    elsif normal.sub!(/\A-/, '') # short option
+      found = VALID_OPTIONS.find { |o| o[0] == normal }
+    end
+    die "unrecognized option: #{option}" if found.nil?
+    found
+  end
+  def process_args
+    options, files = ARGV.partition { |arg| arg.start_with?('-') }
+    subcommand = files.shift
+    options.map! { |option| normalize_option(option) }
+    unless VALID_SUBCOMMANDS.include?(subcommand)
+      if subcommand.nil?
+        message = 'no subcommand'
+      else
+        message = 'unrecognized subcommand'
+      end
+      die [message, "expected one of #{VALID_SUBCOMMANDS.inspect}"].join(': ')
+    end
+    [subcommand, options, files]
+  end
+  def red(string)
+    colorize(string, 31)
+  end
+  def show(file, commit)
+    # Redirect stderr to /dev/null because the file might not have existed prior
+    # to this commit.
+    execute(%{
+      #{escape command_path('git')} show
+      #{commit}:#{escape file} 2> /dev/null
+    })
+  end
+  def strip_heredoc(doc)
+    # based on method of same name from Rails
+    indent = doc.scan(/^[ \t]*(?=\S)/).map(&:size).min || 0
+    doc.gsub(/^[ \t]{#{indent}}/, '')
+  end
+  def temp_write(contents, suffix = '')
+    file = Tempfile.new(['git-cipher-', suffix])
+    file.write(contents)
+    file.flush
+    file
+  end
+  # Print usage information and exit.
+  def usage(subcommand)
+    case subcommand
+    when 'decrypt'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} decrypt [-f|--force] [FILES...]
+        Decrypts files that have been encrypted for storage in version control
+            Decrypt two files, but only if the corresponding plain-text files
+            are missing or older:
+                #{command_name} decrypt .foo.encrypted .bar.encrypted
+            Decrypt all decryptable files:
+                #{command_name} decrypt
+            (Re-)decrypt all decryptable files, even those whose corresponding
+            plain-text files are newer:
+                #{command_name} decrypt -f
+                #{command_name} decrypt --force # (alternative syntax)
+      USAGE
+    when 'encrypt'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} encrypt [-f|--force] [FILES...]
+        Encrypts files for storage in version control
+            Encrypt two files, but only if the corresponding ciphertext files
+            are missing or older:
+                #{command_name} encrypt foo bar
+            Encrypt all encryptable files:
+                #{command_name} encrypt
+            (Re-)encrypt all encryptable files, even those whose corresponding
+            ciphertext files are newer:
+                #{command_name} encrypt -f
+                #{command_name} encrypt --force # (alternative syntax)
+      USAGE
+    when 'log'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} log FILE
+          Shows the log message and decrypted diff for FILE
+          (analogous to `git log -p -- FILE`).
+              #{command_name} log foo
+      USAGE
+    when 'ls'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} ls
+          Lists the encrypted files in the current directory and
+          its subdirectories.
+      USAGE
+    when 'status'
+      puts strip_heredoc(<<-USAGE)
+        #{command_name} status
+          Shows the status of encrypted files in the current directory and
+          its subdirectories.
+          Exits with status #{STATUS['MISSING']} if any decrypted file is missing (eg. "MISSING").
+          Exits with status #{STATUS['MODIFIED']} if any decrypted file has modifications (eg. "MODIFIED").
+          Exits with status #{STATUS['STALE']} if any encrypted file has modifications (eg. "STALE").
+          When multiple conditions apply, they are OR-ed together to produce a status code.
+      USAGE
+    else
+      puts strip_heredoc(<<-USAGE)
+        Available commands (invoke any with -h or --help for more info):
+            #{command_name} decrypt
+            #{command_name} encrypt
+            #{command_name} log
+            #{command_name} ls
+            #{command_name} status
+      USAGE
+    end
+    exit
+  end
+  # Show which files (out of `files`) changed in `commit`.
+  def wc(commit, files)
+    if files.nil?
+      execute(%{
+        #{escape command_path('git')} show --name-only --pretty=format: -z #{commit} --
+        **/.*.#{EXTENSION}
+      })
+    else
+      execute(%{
+        #{escape command_path('git')} show --name-only --pretty=format: -z #{commit} --
+        #{files.map { |f| escape(f) }.join(' ')}
+      })
+    end
+  end
+  def yellow(string)
+    colorize(string, 33)
+  end
+end
+Cipher.new.run

data/bin/git-cipher2 ADDED Viewed

@@ -0,0 +1,196 @@
+#!/usr/bin/env ruby
+# TODO: in readme, note threat model and how this is "rolling your own crypto"
+# even though you might not think that "using openssl" is "rolling your own
+# crypto"; therefore this is for protecting LOW VALUE secrets (eg. hostnames in
+# an ssh config file, not cryptocurrency secret keys)
+#
+# TODO: think about how dotfiles work. in absence of key, plaintext file is
+# absent, so we know not to install it... with clean/smudge filters, file is
+# always present, so we need another way of deciding whether or not to install
+# (may need a header line or stash the whole thing in JSON)
+# given that we're going to do encrypt-then-mac, maybe the trailer can be the
+# signal? ie. we'll have something like:
+#
+# U2FsdGVkX1/wDfrOAAAAAJyY66rhru4B0gIY0axns4oLgCEN2Og73UvGzFfCzs8a
+# H/NRK/4MhpbXNhvoVg/Is5UgrZqtMKs96UoAOtYtzTJweByMhFjaTpyK9Dtz7ctc
+# ...
+# UqEPjxtbf4LeUHofwbIXvVzMNqdWrjvpV1wUkaOcHdeDUwUMzcPmct7ZpjEPcSDW
+# nPfzqyYDoxyT9waSKbYlBQ==
+# HMAC-SHA256(/etc/passwd)= 0c967cc4b8b040dc7c4185f03247bfbeaa7403f626f8fd9c88cec0d3de86ce95
+#
+# TODO: links
+# https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files/31552829
+# https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pbkdf2-sha256/3993
+# https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
+# > Encrypt-and-MAC: The ciphertext is generated by encrypting the plaintext and then appending a MAC of the plaintext. This is approximately how SSH works.
+# > MAC-then-encrypt: The ciphertext is generated by appending a MAC to the plaintext and then encrypting everything. This is approximately how SSL works.
+# > Encrypt-then-MAC: The ciphertext is generated by encrypting the plaintext and then appending a MAC of the encrypted plaintext. This is approximately how IPSEC works.
+# https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac
+#
+# TODO: prior art
+# https://github.com/AGWA/git-crypt
+# https://github.com/StackExchange/blackbox#how-is-the-encryption-done
+# https://github.com/elasticdog/transcrypt
+# https://github.com/sobolevn/git-secret
+# (by no means an exhaustive list... there are so many of them...)
+class Cipher
+  VALID_SUBCOMMANDS = %w[
+    add
+    help
+    init
+    list
+    log
+    ls
+    register
+    remove
+    rm
+    status
+    unregister
+  ]
+  def run
+  end
+private
+  def initialize
+    @subcommand, @options, @files = process_args
+  end
+  def colorize(string, color)
+    "\e[#{color}m#{string}\e[0m"
+  end
+  def die(message)
+    STDERR.puts red('error:'), dedent(message)
+    exit 1
+  end
+  # TODO need to do encrypt-then-mac https://stackoverflow.com/a/22958889/2103996
+  def encrypt
+    ENV['ENC_PASS'] = 'encryption pass'
+    # note -S must be hex digits
+    # can do cipher instead of enc -e cipher
+    # eg. `openssl aes-256-cbc` instead of `openssl enc -e -aes-256-cbc`
+    # -pass stdin could also work
+    # openssl enc -e cipher -md sha1 -pass env:ENC_PASS -S $salt -in $infile | xxd -p
+    # openssl enc -e cipher -md sha1 -pass env:ENC_PASS -S $salt -in $infile | openssl base64
+    # openssl enc -e cipher -base64 -md sha1 -pass env:ENC_PASS -S $salt -in $infile
+    #
+    # only concern here is that iv won't be random as it comes from pass?
+    # -P will print out the deets here; this shows that when you call with same
+    # salt and pass, you get same key and same iv
+    # when you alter the pass, you get a different key and iv
+    # when you alter the salt, you get a different key and iv
+    #
+    # $ openssl enc -e -aes-256-cbc -base64 -md sha1 -pass pass:secret -S f00dface -in /etc/passwd -P
+    # salt=F00DFACE00000000
+    # key=2CB12DA63001EA3474724000D66FE00ACE073DE41364108ADFE84095280693B9
+    # iv =A18D6BA58FD1916C40E2AB674F575360
+    # $ openssl enc -e -aes-256-cbc -base64 -md sha1 -pass pass:secret -S f00dface -in /etc/passwd -P
+    # salt=F00DFACE00000000
+    # key=2CB12DA63001EA3474724000D66FE00ACE073DE41364108ADFE84095280693B9
+    # iv =A18D6BA58FD1916C40E2AB674F575360
+    # $ openssl enc -e -aes-256-cbc -base64 -md sha1 -pass pass:secret2 -S f00dface -in /etc/passwd -P
+    # salt=F00DFACE00000000
+    # key=AED814B111F3732FBEA095B1E66F2958D3D92E4C00A3ABBCB7FD260515C44E92
+    # iv =D9D9F867C730925ED0C8CA8252CAF5C2
+    # $ openssl enc -e -aes-256-cbc -base64 -md sha1 -pass pass:secret2 -S f00dfacef -in /etc/passwd -P
+    # salt=F00DFACEF0000000
+    # key=04227E47F87C2E8876714976EA5A69B58CB36CD5404D4F60271411EDD2BD076D
+    # iv =A7F83B902B5CA76A8B04AF5652C3B799
+    #
+    # using stronger (slower) key derivation with -pbkdf2 -iter 20000
+    # openssl enc -e -aes-256-cbc -base64 -pbkdf2 -iter 20000 -pass pass:secret -S f00dface -in /etc/passwd -P
+    # (doesn't work on macOS version of openssl; testing on linux two times in a row we get)
+    # `openssl version` on linux prints: OpenSSL 1.1.1q  5 Jul 2022
+    # `openssl version` on macOS prints: LibreSSL 2.8.3
+    # install openssl on macOS is probably not a good idea: https://stackoverflow.com/questions/22795471/utilizing-pbkdf2-with-openssl-library
+    #
+    # hex string is too short, padding with zero bytes to length
+    # salt=F00DFACE00000000
+    # key=D661D07A0672957F64646190C7BF8E6FAEA13C97830E7C036B6C978CD6C89FC7
+    # iv =82BD1988A8E0F4D3E48C40AB366D4174
+    #
+    # hex string is too short, padding with zero bytes to length
+    # salt=F00DFACE00000000
+    # key=D661D07A0672957F64646190C7BF8E6FAEA13C97830E7C036B6C978CD6C89FC7
+    # iv =82BD1988A8E0F4D3E48C40AB366D4174
+    #
+    # (ie. is consistent across runs at least)
+    #
+    # is using sha1 for key derivation a problem? https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pbkdf2-sha256/3993
+    # probably not, because we're not using a user-supplied password; we're using an extremely high entropy long password
+    #
+    # $ openssl enc -e -aes-256-cbc -base64 -md sha1 -pass pass:extremely_long_secret_that_will_actually_be_total_gibberish_we_can_even_pipe_in_binary_crap_to_std_in -S f00dface -in /etc/passwd -P
+    # salt=F00DFACE00000000
+    # key=191531DB1684CFE9D15FBCC1F9D6E7A384E4EC08CDA22B596D6AF83F32113720
+    # iv =738D9C01A176CF97B90F48466188C5FA
+    #
+    # note we can use -md sha256 and that works on macOS and Linux
+    # cf node: https://stackoverflow.com/questions/12219499/whats-wrong-with-nodejs-crypto-decipher
+    # that says i can avoid the salt being prepended... interesting... -nosalt
+    # it is not documented in the linux openssl manpage (see `man enc` instead), but it works in both places and
+    # produces the same results, byte for byte
+    # macOS manpage says:
+    # > This option should never be used since it makes it possible to perform
+    # > efficient dictionary attacks on the password and to attack stream cipher
+    # > encrypted data.
+    # linux:
+    # > Don't use a salt in the key derivation routines. This option SHOULD NOT
+    # > be used except for test purposes or compatibility with ancient versions of
+    # > OpenSSL.
+  end
+  # need something random (salt) as input into cbc mode to make it secure
+  # we can't literally use something like this, because git-cipher **does not use passwords**
+  # we need to use GPG to read password, _then_ blah...
+  #
+  # note that salt string must be hex, 16 digits long (if shorter, it gets
+  # padded, if longer, we get an error); equivalent to 64 bits
+  #
+  # note that salt is derived from filename + password (from GPG) + file contents
+  # which means two files can have same contents and will get different salt
+  # and any time file changes, it gets a new salt
+  def salt
+    # $key = "$filename:$password"
+    # echo hello | openssl dgst -hmac $key -sha256
+    # prints: 8e384ff349a3d90f2c7837b0d76de8f81c6e85b390ed38905f521ae77cb9a29a
+    # or:          openssl dgst -hmac $key -sha256 $infile
+    # prints: HMAC-SHA256($infile)= 0c967cc4b8b040dc7c4185f03247bfbeaa7403f626f8fd9c88cec0d3de86ce95
+  end
+  def process_args
+    options, files = ARGV.partition { |arg| arg.start_with?('-') }
+    subcommand = files.shift
+    unless VALID_SUBCOMMANDS.include?(subcommand)
+      if subcommand.nil?
+        message = 'no subcommand'
+      else
+        message = "unrecognized subcommand #{subcommand.inspect}"
+      end
+      die [message, "expected one of #{VALID_SUBCOMMANDS.inspect}"].join(': ')
+    end
+    [subcommand, options, files]
+  end
+  def red(string)
+    colorize(string, 31)
+  end
+  # Based on the strip_heredoc method in Rails.
+  #
+  # See: https://apidock.com/rails/String/strip_heredoc
+  def dedent(doc)
+    indent = doc.scan(/^[ \t]*(?=\S)/).map(&:size).min || 0
+    doc.gsub(/^[ \t]{#{indent}}/, '')
+  end
+end
+Cipher.new.run

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: git-cipher
 version: !ruby/object:Gem::Version
-  version: '0.2'
+  version: '1.1'
 platform: ruby
 authors:
 - Greg Hurrell
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-02-08 00:00:00.000000000 Z
+date: 2022-08-02 00:00:00.000000000 Z
 dependencies: []
 description: "\n    Provides a convenient workflow for working with encrypted files
   in a public\n    Git repo. Delegates the underlying work of encryption/decryption
@@ -21,30 +21,31 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bin/git-cipher
+- bin/git-cipher1
+- bin/git-cipher2
 homepage: https://github.com/wincent/git-cipher
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
 - Git
 - GnuPG
-rubyforge_project:
-rubygems_version: 2.0.14
-signing_key:
+rubygems_version: 3.3.15
+signing_key:
 specification_version: 4
 summary: Manages encrypted content in a Git repo
 test_files: []