Add option to list encrypted files
This commit is contained in:
Tim Byrne
parent
5a44ef25ca
commit
d1fe16407d
3 changed files with 62 additions and 47 deletions
16
yadm
16
yadm
|
|
@ -65,6 +65,9 @@ function main() {
|
|||
-f) #; used by init() and clone()
|
||||
FORCE="YES"
|
||||
;;
|
||||
-l) #; used by decrypt()
|
||||
DO_LIST="YES"
|
||||
;;
|
||||
-w) #; used by init() and clone()
|
||||
if [[ ! "$2" =~ ^/ ]] ; then
|
||||
error_out "You must specify a fully qualified work tree"
|
||||
|
|
@ -194,10 +197,16 @@ function decrypt() {
|
|||
|
||||
YADM_WORK=$(git config core.worktree)
|
||||
|
||||
if [ "$DO_LIST" == "YES" ] ; then
|
||||
tar_option="t"
|
||||
else
|
||||
tar_option="x"
|
||||
fi
|
||||
|
||||
#; decrypt the archive
|
||||
(gpg -d "$YADM_ARCHIVE" || echo 1) | tar xv -C "$YADM_WORK"
|
||||
(gpg -d "$YADM_ARCHIVE" || echo 1) | tar v$tar_option -C "$YADM_WORK"
|
||||
if [ $? = 0 ] ; then
|
||||
echo "All files decrypted."
|
||||
[ ! "$DO_LIST" == "YES" ] && echo "All files decrypted."
|
||||
else
|
||||
error_out "Unable to extract encrypted files."
|
||||
fi
|
||||
|
|
@ -265,13 +274,14 @@ Commands:
|
|||
yadm list [-a] - List tracked files
|
||||
yadm alt - Create links for alternates
|
||||
yadm encrypt - Encrypt files
|
||||
yadm decrypt - Decrypt files
|
||||
yadm decrypt [-l] - Decrypt files
|
||||
yadm perms - Fix perms for private files
|
||||
|
||||
Files:
|
||||
\$HOME/.yadm/config - yadm's configuration file
|
||||
\$HOME/.yadm/repo.git - yadm's Git repository
|
||||
\$HOME/.yadm/encrypt - List of globs used for encrypt/decrypt
|
||||
\$HOME/.yadm/files.gpg - Encrypted data stored here
|
||||
|
||||
Use "man yadm" for complete documentation.
|
||||
EOF
|
||||
|
|
|
|||
4
yadm.1
4
yadm.1
|
|
@ -36,6 +36,7 @@ list
|
|||
.BR yadm " encrypt
|
||||
|
||||
.BR yadm " decrypt
|
||||
.RB [ -l ]
|
||||
|
||||
.BR yadm " alt
|
||||
|
||||
|
|
@ -136,6 +137,9 @@ Decrypt all files stored in
|
|||
Files decrypted will be relative to the configured
|
||||
.IR work-tree " (usually
|
||||
.IR $HOME ).
|
||||
Using the
|
||||
.B -l
|
||||
option will list the files stored without extracting them.
|
||||
.TP
|
||||
.B encrypt
|
||||
Encrypt all files matching the patterns found in
|
||||
|
|
|
|||
89
yadm.md
89
yadm.md
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
yadm encrypt
|
||||
|
||||
yadm decrypt
|
||||
yadm decrypt [-l]
|
||||
|
||||
yadm alt
|
||||
|
||||
|
|
@ -78,18 +78,19 @@
|
|||
decrypt
|
||||
Decrypt all files stored in $HOME/.yadm/files.gpg. Files
|
||||
decrypted will be relative to the configured work-tree (usually
|
||||
$HOME).
|
||||
$HOME). Using the -l option will list the files stored without
|
||||
extracting them.
|
||||
|
||||
encrypt
|
||||
Encrypt all files matching the patterns found in
|
||||
$HOME/.yadm/encrypt. See the ENCRYPTION section for more
|
||||
Encrypt all files matching the patterns found in
|
||||
$HOME/.yadm/encrypt. See the ENCRYPTION section for more
|
||||
details.
|
||||
|
||||
gitconfig
|
||||
Pass options to the git config command. Since yadm already uses
|
||||
the config command to manage its own configurations, this com-
|
||||
Pass options to the git config command. Since yadm already uses
|
||||
the config command to manage its own configurations, this com-
|
||||
mand is provided as a way to change configurations of the repos-
|
||||
itory managed by yadm. One particularly useful case may be to
|
||||
itory managed by yadm. One particularly useful case may be to
|
||||
configure the repository so untracked files are hidden from sta-
|
||||
tus commands:
|
||||
|
||||
|
|
@ -97,29 +98,29 @@
|
|||
|
||||
help Print a summary of yadm commands.
|
||||
|
||||
init Initialize a new, empty repository for tracking dotfiles. The
|
||||
init Initialize a new, empty repository for tracking dotfiles. The
|
||||
repository is stored in $HOME/.yadm/repo.git. By default, $HOME
|
||||
will be used as the work-tree, but this can be overridden with
|
||||
the -w option. yadm can be forced to overwrite an existing
|
||||
will be used as the work-tree, but this can be overridden with
|
||||
the -w option. yadm can be forced to overwrite an existing
|
||||
repository by providing the -f option.
|
||||
|
||||
list Print a list of files managed by yadm. The -a option will cause
|
||||
all managed files to be listed. Otherwise, the list will only
|
||||
all managed files to be listed. Otherwise, the list will only
|
||||
include files from the current directory or below.
|
||||
|
||||
perms Update permissions as described in the PERMISSIONS section. It
|
||||
is usually unnecessary to run this command, as yadm automati-
|
||||
perms Update permissions as described in the PERMISSIONS section. It
|
||||
is usually unnecessary to run this command, as yadm automati-
|
||||
cally processes permissions by default. This automatic behavior
|
||||
can be disabled by setting the configuration yadm.auto-perms to
|
||||
can be disabled by setting the configuration yadm.auto-perms to
|
||||
"false".
|
||||
|
||||
version
|
||||
Print the version of yadm.
|
||||
|
||||
## CONFIGURATION
|
||||
yadm uses a configuration file named $HOME/.yadm/config. This file
|
||||
uses the same format as git-config(1). Also, you can control the con-
|
||||
tents of the configuration file via the yadm config command (which
|
||||
yadm uses a configuration file named $HOME/.yadm/config. This file
|
||||
uses the same format as git-config(1). Also, you can control the con-
|
||||
tents of the configuration file via the yadm config command (which
|
||||
works exactly like git-config). For example, to disable alternates you
|
||||
can run the command:
|
||||
|
||||
|
|
@ -128,14 +129,14 @@
|
|||
The following is the full list of supported configurations:
|
||||
|
||||
yadm.auto-alt
|
||||
Disable the automatic linking described in the section ALTER-
|
||||
Disable the automatic linking described in the section ALTER-
|
||||
NATES. If disabled, you may still run yadm alt manually to cre-
|
||||
ate the alternate links. This feature is enabled by default.
|
||||
|
||||
yadm.auto-perms
|
||||
Disable the automatic permission changes described in the sec-
|
||||
tion PERMISSIONS. If disabled, you may still run yadm perms
|
||||
manually to update permissions. This feature is enabled by
|
||||
Disable the automatic permission changes described in the sec-
|
||||
tion PERMISSIONS. If disabled, you may still run yadm perms
|
||||
manually to update permissions. This feature is enabled by
|
||||
default.
|
||||
|
||||
yadm.ssh-perms
|
||||
|
|
@ -145,16 +146,16 @@
|
|||
## ALTERNATES
|
||||
When managing a set of files across different systems, it can be useful
|
||||
to have an automated way of choosing an alternate version of a file for
|
||||
a different operation system or simply for a different host. yadm
|
||||
a different operation system or simply for a different host. yadm
|
||||
implements a feature which will automatically create a symbolic link to
|
||||
the appropriate version of a file, as long as you follow a specific
|
||||
the appropriate version of a file, as long as you follow a specific
|
||||
naming convention. yadm can detect files with names ending with:
|
||||
|
||||
##SYSTEM or ##SYSTEM.HOSTNAME
|
||||
|
||||
If there are any files managed by yadm's repository which match this
|
||||
naming convention, symbolic links will be created for the most appro-
|
||||
priate version. This may best be demonstrated by example. Assume the
|
||||
If there are any files managed by yadm's repository which match this
|
||||
naming convention, symbolic links will be created for the most appro-
|
||||
priate version. This may best be demonstrated by example. Assume the
|
||||
following files are managed by yadm's repository:
|
||||
|
||||
- $HOME/path/example.txt##Darwin
|
||||
|
|
@ -174,53 +175,53 @@
|
|||
|
||||
$HOME/path/example.txt -> $HOME/path/example.txt##Darwin
|
||||
|
||||
Since the hostname doesn't match any of the managed files, the more
|
||||
Since the hostname doesn't match any of the managed files, the more
|
||||
generic version is chosen.
|
||||
|
||||
If running on a Linux server named "host4" the link will be:
|
||||
|
||||
$HOME/path/example.txt -> $HOME/path/example.txt##Linux
|
||||
|
||||
If running on a Solaris server, no link will be created because there
|
||||
If running on a Solaris server, no link will be created because there
|
||||
are no files managed for that SYSTEM.
|
||||
|
||||
SYSTEM is determined by running uname -s HOSTNAME by running host-
|
||||
name -s. yadm will automatically create these links by default. This
|
||||
can be disabled using the yadm.auto-alt configuration. Even if dis-
|
||||
SYSTEM is determined by running uname -s HOSTNAME by running host-
|
||||
name -s. yadm will automatically create these links by default. This
|
||||
can be disabled using the yadm.auto-alt configuration. Even if dis-
|
||||
abled, links can be manually created by running yadm alt.
|
||||
|
||||
## ENCRYPTION
|
||||
It can be useful to manage confidential files, like SSH keys, across
|
||||
multiple systems. However, doing so would put plain text data into a
|
||||
Git repository, which often resides on a public system. yadm imple-
|
||||
ments a feature which can make it easy to encrypt and decrypt a set of
|
||||
It can be useful to manage confidential files, like SSH keys, across
|
||||
multiple systems. However, doing so would put plain text data into a
|
||||
Git repository, which often resides on a public system. yadm imple-
|
||||
ments a feature which can make it easy to encrypt and decrypt a set of
|
||||
files so the encrypted version can be maintained in the Git repository.
|
||||
This feature will only work if the gpg(1) command is available.
|
||||
|
||||
To use this feature, a list of patterns must be created and saved as
|
||||
$HOME/.yadm/encrypt. This list of patterns should be relative to the
|
||||
To use this feature, a list of patterns must be created and saved as
|
||||
$HOME/.yadm/encrypt. This list of patterns should be relative to the
|
||||
configured work-tree (usually $HOME). For example:
|
||||
|
||||
.ssh/*.key
|
||||
|
||||
The yadm encrypt command will find all files matching the patterns, and
|
||||
prompt for a password. Once a password has confirmed, the matching
|
||||
files will be encrypted and saved as $HOME/.yadm/files.gpg. The pat-
|
||||
terns and files.gpg should be added to the yadm repository so they are
|
||||
prompt for a password. Once a password has confirmed, the matching
|
||||
files will be encrypted and saved as $HOME/.yadm/files.gpg. The pat-
|
||||
terns and files.gpg should be added to the yadm repository so they are
|
||||
available across multiple systems.
|
||||
|
||||
To decrypt these files later, or on another system run yadm decrypt and
|
||||
provide the correct password. After files are decrypted, permissions
|
||||
provide the correct password. After files are decrypted, permissions
|
||||
are automatically updated as described in the PERMISSIONS section.
|
||||
|
||||
|
||||
## PERMISSIONS
|
||||
When files are checked out of a Git repository, their initial permis-
|
||||
When files are checked out of a Git repository, their initial permis-
|
||||
sions are dependent upon the user's umask. This can result in confiden-
|
||||
tial files with lax permissions.
|
||||
|
||||
To prevent this, yadm will automatically update the permissions of con-
|
||||
fidential files. The "group" and "others" permissions will be removed
|
||||
fidential files. The "group" and "others" permissions will be removed
|
||||
from the following files:
|
||||
|
||||
- $HOME/.yadm/files.gpg
|
||||
|
|
@ -230,7 +231,7 @@
|
|||
- The SSH directory and files, .ssh/*
|
||||
|
||||
yadm will automatically update permissions by default. This can be dis-
|
||||
abled using the yadm.auto-perms configuration. Even if disabled, per-
|
||||
abled using the yadm.auto-perms configuration. Even if disabled, per-
|
||||
missions can be manually updated by running yadm perms. The SSH direc-
|
||||
tory processing can be disabled using the yadm.ssh-perms configuration.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue