Class: Travis::CLI::EncryptFile
Constant Summary
Constants inherited
from RepoCommand
RepoCommand::GIT_REGEX, RepoCommand::TRAVIS
Constants inherited
from Command
Command::DAY, Command::HOUR, Command::MINUTE, Command::WEEK
Tools::Assets::BASE
Instance Attribute Summary collapse
Attributes inherited from RepoCommand
#slug
Attributes inherited from ApiCommand
#enterprise_name, #session
Attributes inherited from Command
#arguments, #config, #debug, #force_interactive, #formatter, #input, #output
Instance Method Summary
collapse
Methods inherited from RepoCommand
#repository
Methods inherited from ApiCommand
#authenticate, #detected_endpoint?, #endpoint_config, #enterprise?, #initialize, #org?, #pro?, #sync
#access_token, #access_token=, #account, #accounts, #api_endpoint, #api_endpoint=, #artifact, #broadcasts, #build, #cancel, #explicit_api_endpoint?, #github_auth, #hooks, #job, #lint, #listen, #logout, #repo, #repos, #restart, #user
Methods inherited from Command
abstract, abstract?, #check_completion, #check_ruby, #check_version, #command_name, command_name, #debug?, description, #error, #execute, #help, #info, #initialize, #last_check, #on_signal, #parse, #say, skip, subcommands, #terminal, #time, #usage, #usage_for, #warn, #write_to
#asset, #asset_path
Methods included from Parser
#new, #on, #on_initialize
Instance Attribute Details
#stage ⇒ Object
Returns the value of attribute stage.
13
14
15
|
# File 'lib/travis/cli/encrypt_file.rb', line 13
def stage
@stage
end
|
Instance Method Details
#decrypt_command(path) ⇒ Object
71
72
73
|
# File 'lib/travis/cli/encrypt_file.rb', line 71
def decrypt_command(path)
"openssl aes-256-cbc -K $#{env_name(path, :key)} -iv $#{env_name(path, :iv)} -in #{escape_path(path)} -out #{escape_path(decrypt_to)} -d"
end
|
#decrypt_to_for(input_path) ⇒ Object
107
108
109
110
111
112
113
114
|
# File 'lib/travis/cli/encrypt_file.rb', line 107
def decrypt_to_for(input_path)
return if input_path == '-'
if input_path.start_with? Dir.home
input_path.sub(Dir.home, '~')
else
input_path
end
end
|
#env_name(input_path, name) ⇒ Object
81
82
83
84
|
# File 'lib/travis/cli/encrypt_file.rb', line 81
def env_name(input_path, name)
@env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(input_path)[0..5])}"
"#{@env_prefix}_#{name}"
end
|
#escape_path(path) ⇒ Object
116
117
118
|
# File 'lib/travis/cli/encrypt_file.rb', line 116
def escape_path(path)
Shellwords.escape(path).sub(/^\\~\//, '~\/')
end
|
#notes(input_path, output_path) ⇒ Object
86
87
88
89
90
91
92
|
# File 'lib/travis/cli/encrypt_file.rb', line 86
def notes(input_path, output_path)
say "\nkey: #{color(key, :info)}\niv: #{color(iv, :info)}" if print_key?
empty_line
say "Make sure to add #{color(output_path, :info)} to the git repository."
say "Make sure #{color("not", :underline)} to add #{color(input_path, :info)} to the git repository." if input_path != '-'
say "Commit all changes to your #{color('.travis.yml', :info)}."
end
|
#output_path_for(input_path) ⇒ Object
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# File 'lib/travis/cli/encrypt_file.rb', line 120
def output_path_for(input_path)
case input_path
when '-' then return '-'
when /^(.+)\.enc$/ then return $1 if decrypt?
when /^(.+)\.dec$/ then return $1 unless decrypt?
end
if interactive? and input_path =~ /(\.enc|\.dec)$/
exit 1 unless danger_zone? "File extension of input file is #{color($1, :info)}, are you sure that is correct?"
end
"#{input_path}.#{decrypt ? 'dec' : 'enc'}"
end
|
#print_command(command) ⇒ Object
59
60
61
62
|
# File 'lib/travis/cli/encrypt_file.rb', line 59
def print_command(command)
empty_line
say command, template(__FILE__)
end
|
#run(input_path, output_path = nil) ⇒ Object
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# File 'lib/travis/cli/encrypt_file.rb', line 25
def run(input_path, output_path = nil)
confirm = force_interactive.nil? || force_interactive
self.decrypt_to ||= decrypt_to_for(input_path)
output_path ||= File.basename(output_path_for(input_path))
self.output = $stdout.tty? ? StringIO.new : $stderr if output_path == '-'
result = transcode(input_path)
if output_path == '-'
$stdout.puts result
else
say "storing result as #{color(output_path, :info)}"
write_file(output_path, result, force)
return if decrypt?
error "requires --decrypt-to option when reading from stdin" unless decrypt_to?
set_env_vars(input_path)
command = decrypt_command(output_path)
stage ? store_command(command, confirm) : print_command(command)
notes(input_path, output_path)
end
end
|
#set_env_vars(input_path) ⇒ Object
75
76
77
78
79
|
# File 'lib/travis/cli/encrypt_file.rb', line 75
def set_env_vars(input_path)
say "storing secure env variables for decryption"
repository.env_vars.upsert env_name(input_path, :key), key, :public => false
repository.env_vars.upsert env_name(input_path, :iv), iv, :public => false
end
|
#setup ⇒ Object
51
52
53
54
55
56
57
|
# File 'lib/travis/cli/encrypt_file.rb', line 51
def setup
super
self.key ||= SecureRandom.hex(32) unless decrypt?
self.iv ||= SecureRandom.hex(16) unless decrypt?
error "key must be 64 characters long and a valid hex number" unless key =~ /^[a-f0-9]{64}$/
error "iv must be 32 characters long and a valid hex number" unless iv =~ /^[a-f0-9]{32}$/
end
|
#store_command(command, confirm) ⇒ Object
64
65
66
67
68
69
|
# File 'lib/travis/cli/encrypt_file.rb', line 64
def store_command(command, confirm)
travis_config[stage] = Array(travis_config[stage])
travis_config[stage].delete(command)
travis_config[stage].unshift(command)
confirm_and_save_travis_config confirm
end
|
#transcode(input_path) ⇒ Object
94
95
96
97
98
99
100
101
102
103
104
105
|
# File 'lib/travis/cli/encrypt_file.rb', line 94
def transcode(input_path)
description = "stdin#{' (waiting for input)' if $stdin.tty?}" if input_path == '-'
say "#{decrypt ? "de" : "en"}crypting #{color(description || input_path, :info)} for #{color(slug, :info)}"
data = input_path == '-' ? $stdin.read : File.binread(input_path)
aes = OpenSSL::Cipher.new('AES-256-CBC')
decrypt ? aes.decrypt : aes.encrypt
aes.key = [key].pack('H*')
aes.iv = [iv].pack('H*')
aes.update(data) + aes.final
end
|