123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 |
- #!/bin/bash
- # /home/your_username/.gitenc
- GITENC_CONF="$HOME/.gitenc"
- function toencrypt() {
- if [[ $1 != *.gpg ]] &&
- ([[ $1 == *connection* ]] ||
- [[ $1 == *.conf ]] ||
- [[ $1 == *.cnf ]] ||
- [[ $1 =~ .*sql* ]] ||
- [[ $1 == *.db ]] ||
- [[ $1 == *.bin ]] ||
- [[ $1 =~ .*config* ]]) &&
- [ "$(find "$1" -mmin -1440 -exec echo "true" \;)" == 'true' ];
- then
- # sensitive data filename match; encrypt (if modified within the past 24hrs)
- lockdown "$1"
- # add the encrypted file to git
- git add "$1".gpg
- # remove the original from git tracking
- git reset -- "$1"
- # append the original to .gitignore (if its not already there)
- if [ "$(grep "$1" .gitignore)" == "" ];
- then
- echo "$1" >> .gitignore
- git add .gitignore
- fi
- else
- # normal file, git away
- git add "$1"
- fi
- }
- function lockdown() {
- # if a previously encrypted file exists, remove it
- rm -f "$1".gpg
- # determine whether or not this system uses gpg or gpg2 package
- if [ -f /usr/bin/gpg ] || [ -f /bin/gpg ];
- then
- GPG_LOC='gpg'
- elif [ -f /usr/bin/gpg2 ] || [ -f /bin/gpg2 ];
- then
- GPG_LOC='gpg2'
- fi
- # to alter the cipher used, append your selection below
- "$GPG_LOC" --batch -c --passphrase-file "$GITENC_CONF" "$1"
- }
- # a gitenc add argument is passed, validate to see if encryption is needed
- if [ "$1" == "add" ];
- then
- # preserve original git add functionalities and stage everything by default
- shift
- git add "$@"
- for filename in $(git diff --cached --name-only);
- do
- # only encrypt files modified within the last 24 hours
- toencrypt "$filename"
- done
- ### setup ###
- elif [ "$1" == 'setup' ];
- then
- function pw_validate() {
- echo "Enter your preferred password to use for the GPG encryption:"
- read -rs PW_PREF
- if [ "$PW_PREF" == "" ];
- then
- echo "Password must not be blank, try again:"
- fi
- echo "Please re-enter the password, to confirm:"
- read -rs PW_CONFIRM
- if [ "$PW_PREF" != "$PW_CONFIRM" ];
- then
- echo "Passwords do not match. Try again."
- pw_validate
- fi
- }
- function createconfig() {
- echo "$1" > "$GITENC_CONF"
- echo -e "GPG password saved to $HOME/.gitenc!\nYou can now auto-encrypt your config by running:\n\tgitenc add filename\n\t\tor\n\tgitenc add .\n\n"
- echo -e "To use Gitenc without requiring an absolute path on every command, create a symlink:\n\tsudo ln -s $HOME/gitenc/gitenc /bin/gitenc"
- exit 0
- }
- pw_validate
- # if the directory for config doesn't already exist, create it
- if [ "$PW_PREF" != "" ] && [ ! -f "$GITENC_CONF" ];
- then
- touch "$GITENC_CONF"
- # if a .gitingore doesn't exist, it'll need to be added
- if [ ! -f .gitignore ];
- then
- touch .gitignore
- fi
- else
- echo "Unknown error occured, please submit a bug report: https://notabug.org/angela/gitenc"
- exit 1
- fi
- # assuming.. if we made it this far, there was a successful config creation
- createconfig "$PW_PREF"
- elif [ "$1" == "-h" ] || [ "$1" == "--help" ] || [ "$1" == "help" ];
- then
- echo -e "\n\t\tGITENC USAGE\n\n"
- echo -e "gitenc add filename\nParses the individual added filename for common sensitive filenames (ie. widget.conf or connection.py)\n"
- echo -e "gitenc add . or -A or --all\nParses group filenames for common sensitive filenames (ie. widget.conf or connection.py)\n"
- echo -e "\nExample Cron Usage:\n00 02 * * * cd /home/user/public_html && gitenc add . && git commit -m "Adding new changes" && git push && cd"
- echo -e "\nDecrypt an Encrypted File to the CLI:\ngpg --decrypt filename.gpg"
- echo -e "\nDecrypt an Encrypted File and Make a Physical Copy:\ngpg --output filename.conf --decrypt filename.gpg\n \
- Note: Some systems run gpg as gpg2 - so if running gpg via the command-line interface, try gpg2"
- echo -e "\n\t\tUNINSTALL\n\n \
- - Remove/delete $HOME/gitenc directory\n \
- - Remove/delete $GITENC_CONF file\n \
- - If a symlink was set, remove /bin/gitenc\n"
- echo -e "\n\t\tABOUT\n\n"
- echo -e "Developed by Angela D\n \
- - https://github.com/angela-d\n \
- - https://notabug.org/angela\n
- Code improvements and additional suggestions by alfunx"
- else
- # gitenc is not a replacement for git
- echo -e "Command not recognized; you only need to run gitenc in place of 'git add'.. it serves no other purpose.\nRun 'git yourcommand', instead."
- fi
|