github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/bin/blackbox_postdeploy

github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/bin/blackbox_postdeploy (about)

     1  #!/usr/bin/env bash
     2  
     3  #
     4  # blackbox_postdeploy -- Decrypt all blackbox files.
     5  #
     6  
     7  # Usage:
     8  #   blackbox_postdeploy.sh [GROUP]
     9  #       GROUP is optional.  If supplied, the resulting files
    10  #       are chgrp'ed to that group.
    11  
    12  # Since this is often run in a security-critical situation, we
    13  # force /usr/bin and /bin to the front of the PATH.
    14  export PATH=/usr/bin:/bin:"$PATH"
    15  
    16  set -e
    17  source "${0%/*}/_blackbox_common.sh"
    18  
    19  if [[ "$1" == "" ]]; then
    20    FILE_GROUP=""
    21  else
    22    FILE_GROUP="$1"
    23  fi
    24  
    25  change_to_vcs_root
    26  prepare_keychain
    27  
    28  # Decrypt:
    29  echo '========== Decrypting new/changed files: START'
    30  while IFS= read <&99 -r unencrypted_file; do
    31    encrypted_file=$(get_encrypted_filename "$unencrypted_file")
    32    decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
    33    cp_permissions "$encrypted_file" "$unencrypted_file"
    34    if [[ ! -z "$FILE_GROUP" ]]; then
    35      chmod g+r "$unencrypted_file"
    36      chgrp "$FILE_GROUP" "$unencrypted_file"
    37    fi
    38  done 99<"$BB_FILES"
    39  
    40  echo '========== Decrypting new/changed files: DONE'