psi-jack
/
yadm
mirror of
1
0
Fork 0
Code Issues Releases Wiki Activity

Add option to list encrypted files

This commit is contained in:
Tim Byrne 2015-07-16 20:57:53 -05:00
parent 5a44ef25ca
commit d1fe16407d
3 changed files with 62 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
yadm
View File

@ -65,6 +65,9 @@ function main() {
-f) #; used by init() and clone() -f) #; used by init() and clone()
FORCE="YES" FORCE="YES"
;; ;;
-l) #; used by decrypt()
DO_LIST="YES"
;;
-w) #; used by init() and clone() -w) #; used by init() and clone()
if [[ ! "$2" =~ ^/ ]] ; then if [[ ! "$2" =~ ^/ ]] ; then
error_out "You must specify a fully qualified work tree" error_out "You must specify a fully qualified work tree"
@ -194,10 +197,16 @@ function decrypt() {
YADM_WORK=$(git config core.worktree) YADM_WORK=$(git config core.worktree)
if [ "$DO_LIST" == "YES" ] ; then
tar_option="t"
else
tar_option="x"
fi
#; decrypt the archive #; decrypt the archive
(gpg -d "$YADM_ARCHIVE" || echo 1) | tar xv -C "$YADM_WORK" (gpg -d "$YADM_ARCHIVE" || echo 1) | tar v$tar_option -C "$YADM_WORK"
if [ $? = 0 ] ; then if [ $? = 0 ] ; then
echo "All files decrypted." [ ! "$DO_LIST" == "YES" ] && echo "All files decrypted."
else else
error_out "Unable to extract encrypted files." error_out "Unable to extract encrypted files."
fi fi
@ -265,13 +274,14 @@ Commands:
yadm list [-a] - List tracked files yadm list [-a] - List tracked files
yadm alt - Create links for alternates yadm alt - Create links for alternates
yadm encrypt - Encrypt files yadm encrypt - Encrypt files
yadm decrypt - Decrypt files yadm decrypt [-l] - Decrypt files
yadm perms - Fix perms for private files yadm perms - Fix perms for private files
Files: Files:
\$HOME/.yadm/config - yadm's configuration file \$HOME/.yadm/config - yadm's configuration file
\$HOME/.yadm/repo.git - yadm's Git repository \$HOME/.yadm/repo.git - yadm's Git repository
\$HOME/.yadm/encrypt - List of globs used for encrypt/decrypt \$HOME/.yadm/encrypt - List of globs used for encrypt/decrypt
\$HOME/.yadm/files.gpg - Encrypted data stored here
Use "man yadm" for complete documentation. Use "man yadm" for complete documentation.
EOF EOF

4
yadm.1
View File

@ -36,6 +36,7 @@ list
.BR yadm " encrypt .BR yadm " encrypt
.BR yadm " decrypt .BR yadm " decrypt
.RB [ -l ]
.BR yadm " alt .BR yadm " alt
@ -136,6 +137,9 @@ Decrypt all files stored in
Files decrypted will be relative to the configured Files decrypted will be relative to the configured
.IR work-tree " (usually .IR work-tree " (usually
.IR $HOME ). .IR $HOME ).
Using the
.B -l
option will list the files stored without extracting them.
.TP .TP
.B encrypt .B encrypt
Encrypt all files matching the patterns found in Encrypt all files matching the patterns found in

89
yadm.md
View File

@ -21,7 +21,7 @@
yadm encrypt yadm encrypt
yadm decrypt yadm decrypt [-l]
yadm alt yadm alt
@ -78,18 +78,19 @@
decrypt decrypt
Decrypt all files stored in $HOME/.yadm/files.gpg. Files Decrypt all files stored in $HOME/.yadm/files.gpg. Files
decrypted will be relative to the configured work-tree (usually decrypted will be relative to the configured work-tree (usually
$HOME). $HOME). Using the -l option will list the files stored without
extracting them.
encrypt encrypt
Encrypt all files matching the patterns found in Encrypt all files matching the patterns found in
$HOME/.yadm/encrypt. See the ENCRYPTION section for more $HOME/.yadm/encrypt. See the ENCRYPTION section for more
details. details.
gitconfig gitconfig
Pass options to the git config command. Since yadm already uses Pass options to the git config command. Since yadm already uses
the config command to manage its own configurations, this com- the config command to manage its own configurations, this com-
mand is provided as a way to change configurations of the repos- mand is provided as a way to change configurations of the repos-
itory managed by yadm. One particularly useful case may be to itory managed by yadm. One particularly useful case may be to
configure the repository so untracked files are hidden from sta- configure the repository so untracked files are hidden from sta-
tus commands: tus commands:
@ -97,29 +98,29 @@
help Print a summary of yadm commands. help Print a summary of yadm commands.
init Initialize a new, empty repository for tracking dotfiles. The init Initialize a new, empty repository for tracking dotfiles. The
repository is stored in $HOME/.yadm/repo.git. By default, $HOME repository is stored in $HOME/.yadm/repo.git. By default, $HOME
will be used as the work-tree, but this can be overridden with will be used as the work-tree, but this can be overridden with
the -w option. yadm can be forced to overwrite an existing the -w option. yadm can be forced to overwrite an existing
repository by providing the -f option. repository by providing the -f option.
list Print a list of files managed by yadm. The -a option will cause list Print a list of files managed by yadm. The -a option will cause
all managed files to be listed. Otherwise, the list will only all managed files to be listed. Otherwise, the list will only
include files from the current directory or below. include files from the current directory or below.
perms Update permissions as described in the PERMISSIONS section. It perms Update permissions as described in the PERMISSIONS section. It
is usually unnecessary to run this command, as yadm automati- is usually unnecessary to run this command, as yadm automati-
cally processes permissions by default. This automatic behavior cally processes permissions by default. This automatic behavior
can be disabled by setting the configuration yadm.auto-perms to can be disabled by setting the configuration yadm.auto-perms to
"false". "false".
version version
Print the version of yadm. Print the version of yadm.
## CONFIGURATION ## CONFIGURATION
yadm uses a configuration file named $HOME/.yadm/config. This file yadm uses a configuration file named $HOME/.yadm/config. This file
uses the same format as git-config(1). Also, you can control the con- uses the same format as git-config(1). Also, you can control the con-
tents of the configuration file via the yadm config command (which tents of the configuration file via the yadm config command (which
works exactly like git-config). For example, to disable alternates you works exactly like git-config). For example, to disable alternates you
can run the command: can run the command:
@ -128,14 +129,14 @@
The following is the full list of supported configurations: The following is the full list of supported configurations:
yadm.auto-alt yadm.auto-alt
Disable the automatic linking described in the section ALTER- Disable the automatic linking described in the section ALTER-
NATES. If disabled, you may still run yadm alt manually to cre- NATES. If disabled, you may still run yadm alt manually to cre-
ate the alternate links. This feature is enabled by default. ate the alternate links. This feature is enabled by default.
yadm.auto-perms yadm.auto-perms
Disable the automatic permission changes described in the sec- Disable the automatic permission changes described in the sec-
tion PERMISSIONS. If disabled, you may still run yadm perms tion PERMISSIONS. If disabled, you may still run yadm perms
manually to update permissions. This feature is enabled by manually to update permissions. This feature is enabled by
default. default.
yadm.ssh-perms yadm.ssh-perms
@ -145,16 +146,16 @@
## ALTERNATES ## ALTERNATES
When managing a set of files across different systems, it can be useful When managing a set of files across different systems, it can be useful
to have an automated way of choosing an alternate version of a file for to have an automated way of choosing an alternate version of a file for
a different operation system or simply for a different host. yadm a different operation system or simply for a different host. yadm
implements a feature which will automatically create a symbolic link to implements a feature which will automatically create a symbolic link to
the appropriate version of a file, as long as you follow a specific the appropriate version of a file, as long as you follow a specific
naming convention. yadm can detect files with names ending with: naming convention. yadm can detect files with names ending with:
##SYSTEM or ##SYSTEM.HOSTNAME ##SYSTEM or ##SYSTEM.HOSTNAME
If there are any files managed by yadm's repository which match this If there are any files managed by yadm's repository which match this
naming convention, symbolic links will be created for the most appro- naming convention, symbolic links will be created for the most appro-
priate version. This may best be demonstrated by example. Assume the priate version. This may best be demonstrated by example. Assume the
following files are managed by yadm's repository: following files are managed by yadm's repository:
- $HOME/path/example.txt##Darwin - $HOME/path/example.txt##Darwin
@ -174,53 +175,53 @@
$HOME/path/example.txt -> $HOME/path/example.txt##Darwin $HOME/path/example.txt -> $HOME/path/example.txt##Darwin
Since the hostname doesn't match any of the managed files, the more Since the hostname doesn't match any of the managed files, the more
generic version is chosen. generic version is chosen.
If running on a Linux server named "host4" the link will be: If running on a Linux server named "host4" the link will be:
$HOME/path/example.txt -> $HOME/path/example.txt##Linux $HOME/path/example.txt -> $HOME/path/example.txt##Linux
If running on a Solaris server, no link will be created because there If running on a Solaris server, no link will be created because there
are no files managed for that SYSTEM. are no files managed for that SYSTEM.
SYSTEM is determined by running uname -s HOSTNAME by running host- SYSTEM is determined by running uname -s HOSTNAME by running host-
name -s. yadm will automatically create these links by default. This name -s. yadm will automatically create these links by default. This
can be disabled using the yadm.auto-alt configuration. Even if dis- can be disabled using the yadm.auto-alt configuration. Even if dis-
abled, links can be manually created by running yadm alt. abled, links can be manually created by running yadm alt.
## ENCRYPTION ## ENCRYPTION
It can be useful to manage confidential files, like SSH keys, across It can be useful to manage confidential files, like SSH keys, across
multiple systems. However, doing so would put plain text data into a multiple systems. However, doing so would put plain text data into a
Git repository, which often resides on a public system. yadm imple- Git repository, which often resides on a public system. yadm imple-
ments a feature which can make it easy to encrypt and decrypt a set of ments a feature which can make it easy to encrypt and decrypt a set of
files so the encrypted version can be maintained in the Git repository. files so the encrypted version can be maintained in the Git repository.
This feature will only work if the gpg(1) command is available. This feature will only work if the gpg(1) command is available.
To use this feature, a list of patterns must be created and saved as To use this feature, a list of patterns must be created and saved as
$HOME/.yadm/encrypt. This list of patterns should be relative to the $HOME/.yadm/encrypt. This list of patterns should be relative to the
configured work-tree (usually $HOME). For example: configured work-tree (usually $HOME). For example:
.ssh/*.key .ssh/*.key
The yadm encrypt command will find all files matching the patterns, and The yadm encrypt command will find all files matching the patterns, and
prompt for a password. Once a password has confirmed, the matching prompt for a password. Once a password has confirmed, the matching
files will be encrypted and saved as $HOME/.yadm/files.gpg. The pat- files will be encrypted and saved as $HOME/.yadm/files.gpg. The pat-
terns and files.gpg should be added to the yadm repository so they are terns and files.gpg should be added to the yadm repository so they are
available across multiple systems. available across multiple systems.
To decrypt these files later, or on another system run yadm decrypt and To decrypt these files later, or on another system run yadm decrypt and
provide the correct password. After files are decrypted, permissions provide the correct password. After files are decrypted, permissions
are automatically updated as described in the PERMISSIONS section. are automatically updated as described in the PERMISSIONS section.
## PERMISSIONS ## PERMISSIONS
When files are checked out of a Git repository, their initial permis- When files are checked out of a Git repository, their initial permis-
sions are dependent upon the user's umask. This can result in confiden- sions are dependent upon the user's umask. This can result in confiden-
tial files with lax permissions. tial files with lax permissions.
To prevent this, yadm will automatically update the permissions of con- To prevent this, yadm will automatically update the permissions of con-
fidential files. The "group" and "others" permissions will be removed fidential files. The "group" and "others" permissions will be removed
from the following files: from the following files:
- $HOME/.yadm/files.gpg - $HOME/.yadm/files.gpg
@ -230,7 +231,7 @@
- The SSH directory and files, .ssh/* - The SSH directory and files, .ssh/*
yadm will automatically update permissions by default. This can be dis- yadm will automatically update permissions by default. This can be dis-
abled using the yadm.auto-perms configuration. Even if disabled, per- abled using the yadm.auto-perms configuration. Even if disabled, per-
missions can be manually updated by running yadm perms. The SSH direc- missions can be manually updated by running yadm perms. The SSH direc-
tory processing can be disabled using the yadm.ssh-perms configuration. tory processing can be disabled using the yadm.ssh-perms configuration.