Merge branch 'master' of https://github.com/jaytaylor/git-encrypt int…

…o develop
hunslater · Apr 10, 2012 · 75f96c6 · 75f96c6
2 parents af884a0 + f57dd8d
commit 75f96c6
Show file tree

Hide file tree

Showing 2 changed files with 155 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -7,6 +7,9 @@ by people much smarter than me, gitcrypt would not exist.
 > There is [some controversy][4] over using this technique, so do your research
 and understand the implications of using this tool before you go crazy with it.
 
+## Requirements
+Openssl must be installed and the binary must be available in your $PATH.
+
 ## Installation
 
 Clone git-encrypt somewhere on your local machine:
@@ -20,7 +23,7 @@ The `gitcrypt` command must be executable:
 
 And it must be accessible in your `$PATH`:
 
-    $ sudo ln -s gitcrypt /usr/bin/gitcrypt
+    $ sudo ln -s gitcrypt /usr/local/bin/gitcrypt
 
 ## Configuration
 
@@ -114,6 +117,32 @@ Once configuration is complete, reset and checkout all the files:
 
 All the files in the are now decrypted and ready to be edited.
 
+# Alternate method: git-encrypt-init.sh
+
+Contributed by [Jay Taylor](https://jaytaylor.com "jaytaylor.com")
+
+
+The git-encrypt-init.sh shell script automatically performs all prepartion,
+setup and configuration for a local repository clone, prompting the user for
+any required information (salt and password phrases.)  This method of also
+ensures that the git-encrypt scripts are automatically installed to
+`~/.gitencrypt/`. One drawback to this approach is that it only supports having
+1 password.
+
+One reason to use this alternate approach is because it makes decrypting cloned
+repositories as simple as executing one script.
+
+## Usage
+
+Once you've cloned git-encrypt using the alternate script is straightforward:
+
+    $ cd /path/to/your/repository
+    $ sh /path/to/git-encrypt/git-encrypt-init.sh
+
+Then you can add the files you would like to have encrypted to the
+.gitattributes file contained in the root of your repository.
+
+
 # Conclusion
 
 Enjoy your secure git repository! If you think gitcrypt is totally awesome,

diff --git a/git-encrypt-init.sh b/git-encrypt-init.sh
@@ -0,0 +1,125 @@
+#!/usr/bin/env bash
+
+##
+# @author Jay Taylor [@jtaylor]
+#
+# @date 2012-04-09
+#
+# @description Initializes openssl encryption filter into the .git/config file
+# of a cloned git repository.
+#
+
+
+localGitConfigFile='.git/config'
+
+
+################################################################################
+
+# Ensure that we are running in the root of a git repository.
+if ! [ -r "$localGitConfigFile" ]; then
+    echo 'fatal: this script can only be run in the root of a git repository' 1>&2
+    echo 'check your current directory (by running `pwd`), correct any issues you find, and then try again' 1>&2
+    exit 1
+fi
+
+
+# Define filter scripts and other static executable/reference file contents.
+# NB: The semi-colons at the end of each line for the first 3 entries here are
+# due to the use of `eval` below.
+clean_filter_openssl='#!/usr/bin/env bash;
+;
+SALT_FIXED={{SALT}};
+#A1F1F8129C4FEBAB3513C174 # 24 or less hex characters;
+PASS_FIXED={{PASSWORD}};
+;
+openssl enc -base64 -aes-256-ecb -S $SALT_FIXED -k $PASS_FIXED'
+
+smudge_filter_openssl='#!/usr/bin/env bash;
+;
+# No salt is needed for decryption.;
+PASS_FIXED={{PASSWORD}};
+;
+# If decryption fails, use `cat` instead.;
+# Error messages are redirected to /dev/null.;
+openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED 2> /dev/null || cat'
+
+diff_filter_openssl='#!/usr/bin/env bash;
+;
+# No salt is needed for decryption.;
+PASS_FIXED={{PASSWORD}};
+;
+# Error messages are redirected to /dev/null.;
+openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED -in "$1" 2> /dev/null || cat "$1"'
+
+gitattributes='*.md filter=openssl diff=openssl
+sensitive.txt filter=openssl diff=openssl
+[merge]
+	renormalize = true'
+
+gitconfig='[filter "openssl"]
+    smudge = ~/.gitencrypt/smudge_filter_openssl
+    clean = ~/.gitencrypt/clean_filter_openssl
+[diff "openssl"]
+    textconv = ~/.gitencrypt/diff_filter_openssl'
+
+
+# Initialize .gitencrypt directory in the users $HOME if not already there.
+
+if ! [ -d "$HOME/.gitencrypt" ]; then
+    echo 'info: initializing ~/.gitencrypt'
+
+    # Prompt user for salt and password.
+    while [ -z "$salt" ]; do
+        echo 'Enter the salt phrase (16 hexadecimal characters):'
+        read salt
+    done
+
+    while [ -z "$password" ]; do
+        echo 'Enter the encryption pass-phrase:'
+        read password
+    done
+
+    mkdir "$HOME/.gitencrypt"
+
+    for filter in clean_filter_openssl smudge_filter_openssl diff_filter_openssl; do
+        echo "info: generating filter script '$filter'"
+        filterScriptPath="$HOME/.gitencrypt/$filter"
+
+        # This ugliness is due to `eval` not handling newlines very nicely.
+        # @see http://stackoverflow.com/a/3524860/293064 for more eval details.
+        echo -e $(eval "echo \$$filter") | tr ';' '\n' | sed "s/{{SALT}}/$salt/g
+            s/{{PASSWORD}}/$password/g
+            s/^ *\(.*\) *$/\1/g" > "$filterScriptPath"
+
+        chmod a+x "$filterScriptPath"
+    done
+fi
+
+
+# Initialize .gitattributes file if it doesn't exist.
+
+if ! [ -e '.gitattributes' ]; then
+    echo "info: initializing file '.gitattributes'"
+    echo -n $gitattributes > .gitattributes
+fi
+
+
+# Initialize the .git/conf file for this repository clone if not already.
+
+checkForPreExistingConf=$(grep '^\[\(filter\|diff\) "openssl"]$' "$localGitConfigFile")
+
+if [ -n "$checkForPreExistingConf" ]; then
+    echo 'info: openssl filter/diff already configured for this clone'
+else
+    cat <<EOF >> "$localGitConfigFile"
+$gitconfig
+EOF
+    echo 'info: openssl filter/diff successfuly applied to this clone'
+fi
+
+
+# Reset the HEAD to re-check out all of the files [with the encryption filters.]
+
+echo 'info: re-checking out all of the files to ensure that the encryption filters are applied'
+git reset --hard HEAD
+