Permalink
Browse files

Merge branch 'master' of https://github.com/jaytaylor/git-encrypt int…

…o develop
  • Loading branch information...
2 parents af884a0 + f57dd8d commit 75f96c6475ab4dddf24fc9467e851dfd10691ac8 @shadowhand committed Apr 10, 2012
Showing with 155 additions and 1 deletion.
  1. +30 −1 README.md
  2. +125 −0 git-encrypt-init.sh
View
@@ -7,6 +7,9 @@ by people much smarter than me, gitcrypt would not exist.
> There is [some controversy][4] over using this technique, so do your research
and understand the implications of using this tool before you go crazy with it.
+## Requirements
+Openssl must be installed and the binary must be available in your $PATH.
+
## Installation
Clone git-encrypt somewhere on your local machine:
@@ -20,7 +23,7 @@ The `gitcrypt` command must be executable:
And it must be accessible in your `$PATH`:
- $ sudo ln -s gitcrypt /usr/bin/gitcrypt
+ $ sudo ln -s gitcrypt /usr/local/bin/gitcrypt
## Configuration
@@ -114,6 +117,32 @@ Once configuration is complete, reset and checkout all the files:
All the files in the are now decrypted and ready to be edited.
+# Alternate method: git-encrypt-init.sh
+
+Contributed by [Jay Taylor](https://jaytaylor.com "jaytaylor.com")
+
+
+The git-encrypt-init.sh shell script automatically performs all prepartion,
+setup and configuration for a local repository clone, prompting the user for
+any required information (salt and password phrases.) This method of also
+ensures that the git-encrypt scripts are automatically installed to
+`~/.gitencrypt/`. One drawback to this approach is that it only supports having
+1 password.
+
+One reason to use this alternate approach is because it makes decrypting cloned
+repositories as simple as executing one script.
+
+## Usage
+
+Once you've cloned git-encrypt using the alternate script is straightforward:
+
+ $ cd /path/to/your/repository
+ $ sh /path/to/git-encrypt/git-encrypt-init.sh
+
+Then you can add the files you would like to have encrypted to the
+.gitattributes file contained in the root of your repository.
+
+
# Conclusion
Enjoy your secure git repository! If you think gitcrypt is totally awesome,
View
@@ -0,0 +1,125 @@
+#!/usr/bin/env bash
+
+##
+# @author Jay Taylor [@jtaylor]
+#
+# @date 2012-04-09
+#
+# @description Initializes openssl encryption filter into the .git/config file
+# of a cloned git repository.
+#
+
+
+localGitConfigFile='.git/config'
+
+
+################################################################################
+
+# Ensure that we are running in the root of a git repository.
+if ! [ -r "$localGitConfigFile" ]; then
+ echo 'fatal: this script can only be run in the root of a git repository' 1>&2
+ echo 'check your current directory (by running `pwd`), correct any issues you find, and then try again' 1>&2
+ exit 1
+fi
+
+
+# Define filter scripts and other static executable/reference file contents.
+# NB: The semi-colons at the end of each line for the first 3 entries here are
+# due to the use of `eval` below.
+clean_filter_openssl='#!/usr/bin/env bash;
+;
+SALT_FIXED={{SALT}};
+#A1F1F8129C4FEBAB3513C174 # 24 or less hex characters;
+PASS_FIXED={{PASSWORD}};
+;
+openssl enc -base64 -aes-256-ecb -S $SALT_FIXED -k $PASS_FIXED'
+
+smudge_filter_openssl='#!/usr/bin/env bash;
+;
+# No salt is needed for decryption.;
+PASS_FIXED={{PASSWORD}};
+;
+# If decryption fails, use `cat` instead.;
+# Error messages are redirected to /dev/null.;
+openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED 2> /dev/null || cat'
+
+diff_filter_openssl='#!/usr/bin/env bash;
+;
+# No salt is needed for decryption.;
+PASS_FIXED={{PASSWORD}};
+;
+# Error messages are redirected to /dev/null.;
+openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED -in "$1" 2> /dev/null || cat "$1"'
+
+gitattributes='*.md filter=openssl diff=openssl
+sensitive.txt filter=openssl diff=openssl
+[merge]
+ renormalize = true'
+
+gitconfig='[filter "openssl"]
+ smudge = ~/.gitencrypt/smudge_filter_openssl
+ clean = ~/.gitencrypt/clean_filter_openssl
+[diff "openssl"]
+ textconv = ~/.gitencrypt/diff_filter_openssl'
+
+
+# Initialize .gitencrypt directory in the users $HOME if not already there.
+
+if ! [ -d "$HOME/.gitencrypt" ]; then
+ echo 'info: initializing ~/.gitencrypt'
+
+ # Prompt user for salt and password.
+ while [ -z "$salt" ]; do
+ echo 'Enter the salt phrase (16 hexadecimal characters):'
+ read salt
+ done
+
+ while [ -z "$password" ]; do
+ echo 'Enter the encryption pass-phrase:'
+ read password
+ done
+
+ mkdir "$HOME/.gitencrypt"
+
+ for filter in clean_filter_openssl smudge_filter_openssl diff_filter_openssl; do
+ echo "info: generating filter script '$filter'"
+ filterScriptPath="$HOME/.gitencrypt/$filter"
+
+ # This ugliness is due to `eval` not handling newlines very nicely.
+ # @see http://stackoverflow.com/a/3524860/293064 for more eval details.
+ echo -e $(eval "echo \$$filter") | tr ';' '\n' | sed "s/{{SALT}}/$salt/g
+ s/{{PASSWORD}}/$password/g
+ s/^ *\(.*\) *$/\1/g" > "$filterScriptPath"
+
+ chmod a+x "$filterScriptPath"
+ done
+fi
+
+
+# Initialize .gitattributes file if it doesn't exist.
+
+if ! [ -e '.gitattributes' ]; then
+ echo "info: initializing file '.gitattributes'"
+ echo -n $gitattributes > .gitattributes
+fi
+
+
+# Initialize the .git/conf file for this repository clone if not already.
+
+checkForPreExistingConf=$(grep '^\[\(filter\|diff\) "openssl"]$' "$localGitConfigFile")
+
+if [ -n "$checkForPreExistingConf" ]; then
+ echo 'info: openssl filter/diff already configured for this clone'
+else
+ cat <<EOF >> "$localGitConfigFile"
+$gitconfig
+EOF
+ echo 'info: openssl filter/diff successfuly applied to this clone'
+fi
+
+
+# Reset the HEAD to re-check out all of the files [with the encryption filters.]
+
+echo 'info: re-checking out all of the files to ensure that the encryption filters are applied'
+git reset --hard HEAD
+

0 comments on commit 75f96c6

Please sign in to comment.