Home Explore Help
Register Sign In
angela
/
gitenc
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
gitenc
/
gitenc

gitenc 4.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. #!/bin/bash
    2. 

  2. 

  3. # /home/your_username/.gitenc
    4. 

  4. GITENC_CONF="$HOME/.gitenc"
    5. 

  5. 

  6. function toencrypt() {
    7. 

  7. 

  8.   if [[ $1 != *.gpg ]] &&
    9. 

  9.      ([[ $1 == *connection* ]] ||
    10. 

  10.      [[ $1 == *.conf ]] ||
    11. 

  11.      [[ $1 == *.cnf ]] ||
    12. 

  12.      [[ $1 =~ .*sql* ]] ||
    13. 

  13.      [[ $1 == *.db ]] ||
    14. 

  14.      [[ $1 == *.bin ]] ||
    15. 

  15.      [[ $1 =~ .*config* ]]) &&
    16. 

  16.      [ "$(find "$1" -mmin -1440 -exec echo "true" \;)" == 'true' ];
    17. 

  17. 

  18.   then
    19. 

  19. 

  20.     # sensitive data filename match; encrypt (if modified within the past 24hrs)
    21. 

  21.     lockdown "$1"
    22. 

  22. 

  23.     # add the encrypted file to git
    24. 

  24.     git add "$1".gpg
    25. 

  25. 

  26.     # remove the original from git tracking
    27. 

  27.     git reset -- "$1"
    28. 

  28. 

  29.     # append the original to .gitignore (if its not already there)
    30. 

  30.     if [ "$(grep "$1" .gitignore)" == "" ];
    31. 

  31.     then
    32. 

  32.       echo "$1" >> .gitignore
    33. 

  33.       git add .gitignore
    34. 

  34.     fi
    35. 

  35. 

  36.   else
    37. 

  37. 

  38.     # normal file, git away
    39. 

  39.     git add "$1"
    40. 

  40. 

  41.   fi
    42. 

  42. 

  43. }
    44. 

  44. 

  45. function lockdown() {
    46. 

  46. 

  47.   # if a previously encrypted file exists, remove it
    48. 

  48.   rm -f "$1".gpg
    49. 

  49. 

  50.   # determine whether or not this system uses gpg or gpg2 package
    51. 

  51.   if [ -f /usr/bin/gpg ] || [ -f /bin/gpg ];
    52. 

  52.   then
    53. 

  53. 

  54.     GPG_LOC='gpg'
    55. 

  55. 

  56.   elif [ -f /usr/bin/gpg2 ] || [ -f /bin/gpg2 ];
    57. 

  57.   then
    58. 

  58. 

  59.     GPG_LOC='gpg2'
    60. 

  60. 

  61.   fi
    62. 

  62. 

  63.   # to alter the cipher used, append your selection below
    64. 

  64.   "$GPG_LOC" --batch -c --passphrase-file "$GITENC_CONF" "$1"
    65. 

  65. 

  66. }
    67. 

  67. 

  68. 

  69. # a gitenc add argument is passed, validate to see if encryption is needed
    70. 

  70. if [ "$1" == "add" ];
    71. 

  71. then
    72. 

  72. 

  73.   # preserve original git add functionalities and stage everything by default
    74. 

  74.   shift
    75. 

  75.   git add "$@"
    76. 

  76. 

  77.     for filename in $(git diff --cached --name-only);
    78. 

  78.     do
    79. 

  79. 

  80.       # only encrypt files modified within the last 24 hours
    81. 

  81.       toencrypt "$filename"
    82. 

  82. 

  83.     done
    84. 

  84. 

  85. ### setup ###
    86. 

  86. elif [ "$1" == 'setup' ];
    87. 

  87. then
    88. 

  88. 

  89.   function pw_validate() {
    90. 

  90. 

  91.     echo "Enter your preferred password to use for the GPG encryption:"
    92. 

  92.     read -rs PW_PREF
    93. 

  93. 

  94.     if [ "$PW_PREF" == "" ];
    95. 

  95.     then
    96. 

  96. 

  97.       echo "Password must not be blank, try again:"
    98. 

  98. 

  99.     fi
    100. 

  100. 

  101.     echo "Please re-enter the password, to confirm:"
    102. 

  102.     read -rs PW_CONFIRM
    103. 

  103. 

  104.     if [ "$PW_PREF" != "$PW_CONFIRM" ];
    105. 

  105.     then
    106. 

  106. 

  107.       echo "Passwords do not match.  Try again."
    108. 

  108.       pw_validate
    109. 

  109. 

  110.     fi
    111. 

  111. 

  112.   }
    113. 

  113. 

  114.   function createconfig() {
    115. 

  115. 

  116.     echo "$1" > "$GITENC_CONF"
    117. 

  117.     echo -e "GPG password saved to $HOME/.gitenc!\nYou can now auto-encrypt your config by running:\n\tgitenc add filename\n\t\tor\n\tgitenc add .\n\n"
    118. 

  118.     echo -e "To use Gitenc without requiring an absolute path on every command, create a symlink:\n\tsudo ln -s $HOME/gitenc/gitenc /bin/gitenc"
    119. 

  119.     exit 0
    120. 

  120. 

  121.   }
    122. 

  122. 

  123. 

  124.   pw_validate
    125. 

  125. 

  126. 

  127.   # if the directory for config doesn't already exist, create it
    128. 

  128.   if [ "$PW_PREF" != "" ] && [ ! -f "$GITENC_CONF" ];
    129. 

  129.   then
    130. 

  130. 

  131.     touch "$GITENC_CONF"
    132. 

  132. 

  133.     # if a .gitingore doesn't exist, it'll need to be added
    134. 

  134.     if [ ! -f .gitignore ];
    135. 

  135.     then
    136. 

  136. 

  137.       touch .gitignore
    138. 

  138. 

  139.     fi
    140. 

  140. 

  141.   else
    142. 

  142. 

  143.     echo "Unknown error occured, please submit a bug report: https://notabug.org/angela/gitenc"
    144. 

  144.     exit 1
    145. 

  145. 

  146.   fi
    147. 

  147. 

  148.     # assuming.. if we made it this far, there was a successful config creation
    149. 

  149.     createconfig "$PW_PREF"
    150. 

  150. 

  151. elif [ "$1" == "-h" ] ||  [ "$1" == "--help" ] || [ "$1" == "help" ];
    152. 

  152. then
    153. 

  153. 

  154.   echo -e "\n\t\tGITENC USAGE\n\n"
    155. 

  155.   echo -e "gitenc add filename\nParses the individual added filename for common sensitive filenames (ie. widget.conf or connection.py)\n"
    156. 

  156.   echo -e "gitenc add . or -A or --all\nParses group filenames for common sensitive filenames (ie. widget.conf or connection.py)\n"
    157. 

  157.   echo -e "\nExample Cron Usage:\n00 02 * * * cd /home/user/public_html && gitenc add . && git commit -m "Adding new changes" && git push && cd"
    158. 

  158.   echo -e "\nDecrypt an Encrypted File to the CLI:\ngpg --decrypt filename.gpg"
    159. 

  159.   echo -e "\nDecrypt an Encrypted File and Make a Physical Copy:\ngpg --output filename.conf --decrypt filename.gpg\n \
    160. 

  160.   Note: Some systems run gpg as gpg2 - so if running gpg via the command-line interface, try gpg2"
    161. 

  161. 

  162.   echo -e "\n\t\tUNINSTALL\n\n \
    163. 

  163.   - Remove/delete $HOME/gitenc directory\n \
    164. 

  164.   - Remove/delete $GITENC_CONF file\n \
    165. 

  165.   - If a symlink was set, remove /bin/gitenc\n"
    166. 

  166. 

  167.   echo -e "\n\t\tABOUT\n\n"
    168. 

  168.   echo -e "Developed by Angela D\n \
    169. 

  169.   - https://github.com/angela-d\n \
    170. 

  170.   - https://notabug.org/angela\n
    171. 

  171.   Code improvements and additional suggestions by alfunx"
    172. 

  172. else
    173. 

  173. 

  174.   # gitenc is not a replacement for git
    175. 

  175.   echo -e "Command not recognized; you only need to run gitenc in place of 'git add'.. it serves no other purpose.\nRun 'git yourcommand', instead."
    176. 

  176. 

  177. fi
    178. 

  178.