Class: Travis::CLI::EncryptFile
Constant Summary
Constants inherited
from RepoCommand
RepoCommand::GIT_REGEX, RepoCommand::TRAVIS
Constants inherited
from Command
Command::DAY, Command::HOUR, Command::MINUTE, Command::WEEK
Tools::Assets::BASE
Instance Attribute Summary collapse
Attributes inherited from RepoCommand
#slug
Attributes inherited from ApiCommand
#enterprise_name, #session
Attributes inherited from Command
#arguments, #config, #debug, #force_interactive, #formatter, #input, #output
Instance Method Summary
collapse
Methods inherited from RepoCommand
#repository
Methods inherited from ApiCommand
#authenticate, #detected_endpoint?, #endpoint_config, #enterprise?, #initialize, #pro?, #sync
#access_token, #access_token=, #account, #accounts, #api_endpoint, #api_endpoint=, #artifact, #broadcasts, #build, #cancel, #explicit_api_endpoint?, #github_auth, #hooks, #job, #lint, #listen, #logout, #regenerate_token, #remove_token, #repo, #repos, #restart, #user
Methods inherited from Command
abstract, abstract?, #check_completion, #check_ruby, #check_version, #command_name, command_name, #debug?, description, #error, #execute, #help, #info, #initialize, #last_check, #on_signal, #parse, #say, skip, subcommands, #terminal, #time, #usage, #usage_for, #warn, #write_to
asset, asset_path
Methods included from Parser
#new, #on, #on_initialize
Instance Attribute Details
#stage ⇒ Object
Returns the value of attribute stage.
14
15
16
|
# File 'lib/travis/cli/encrypt_file.rb', line 14
def stage
@stage
end
|
Instance Method Details
#decrypt_command(path) ⇒ Object
74
75
76
77
78
|
# File 'lib/travis/cli/encrypt_file.rb', line 74
def decrypt_command(path)
"openssl aes-256-cbc -K $#{env_name(path,
:key)} -iv $#{env_name(path,
:iv)} -in #{escape_path(path)} -out #{escape_path(decrypt_to)} -d"
end
|
#decrypt_to_for(input_path) ⇒ Object
116
117
118
119
120
121
122
123
124
|
# File 'lib/travis/cli/encrypt_file.rb', line 116
def decrypt_to_for(input_path)
return if input_path == '-'
if input_path.start_with? Dir.home
input_path.sub(Dir.home, '~')
else
input_path
end
end
|
#env_name(input_path, name) ⇒ Object
86
87
88
89
|
# File 'lib/travis/cli/encrypt_file.rb', line 86
def env_name(input_path, name)
@env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(input_path)[0..5])}"
"#{@env_prefix}_#{name}"
end
|
#escape_path(path) ⇒ Object
126
127
128
|
# File 'lib/travis/cli/encrypt_file.rb', line 126
def escape_path(path)
Shellwords.escape(path).sub(%r{^\\~/}, '~\/')
end
|
#notes(input_path, output_path) ⇒ Object
91
92
93
94
95
96
97
98
99
100
101
|
# File 'lib/travis/cli/encrypt_file.rb', line 91
def notes(input_path, output_path)
say "\nkey: #{color(key, :info)}\niv: #{color(iv, :info)}" if print_key?
empty_line
say "Make sure to add #{color(output_path, :info)} to the git repository."
if input_path != '-'
say "Make sure #{color('not',
:underline)} to add #{color(input_path,
:info)} to the git repository."
end
say "Commit all changes to your #{color('.travis.yml', :info)}."
end
|
#output_path_for(input_path) ⇒ Object
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
# File 'lib/travis/cli/encrypt_file.rb', line 130
def output_path_for(input_path)
case input_path
when '-' then return '-'
when /^(.+)\.enc$/ then return ::Regexp.last_match(1) if decrypt?
when /^(.+)\.dec$/ then return ::Regexp.last_match(1) unless decrypt?
end
if interactive? && input_path =~ /(\.enc|\.dec)$/ && !(danger_zone? "File extension of input file is #{color(::Regexp.last_match(1),
:info)}, are you sure that is correct?")
exit 1
end
"#{input_path}.#{decrypt ? 'dec' : 'enc'}"
end
|
#print_command(command) ⇒ Object
62
63
64
65
|
# File 'lib/travis/cli/encrypt_file.rb', line 62
def print_command(command)
empty_line
say command, template(__FILE__)
end
|
#run(input_path, output_path = nil) ⇒ Object
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# File 'lib/travis/cli/encrypt_file.rb', line 28
def run(input_path, output_path = nil)
confirm = force_interactive.nil? || force_interactive
self.decrypt_to ||= decrypt_to_for(input_path)
output_path ||= File.basename(output_path_for(input_path))
self.output = $stdout.tty? ? StringIO.new : $stderr if output_path == '-'
result = transcode(input_path)
if output_path == '-'
$stdout.puts result
else
say "storing result as #{color(output_path, :info)}"
write_file(output_path, result, force)
return if decrypt?
error 'requires --decrypt-to option when reading from stdin' unless decrypt_to?
set_env_vars(input_path)
command = decrypt_command(output_path)
stage ? store_command(command, confirm) : print_command(command)
notes(input_path, output_path)
end
end
|
#set_env_vars(input_path) ⇒ Object
80
81
82
83
84
|
# File 'lib/travis/cli/encrypt_file.rb', line 80
def set_env_vars(input_path)
say 'storing secure env variables for decryption'
repository.env_vars.upsert env_name(input_path, :key), key, public: false
repository.env_vars.upsert env_name(input_path, :iv), iv, public: false
end
|
#setup ⇒ Object
54
55
56
57
58
59
60
|
# File 'lib/travis/cli/encrypt_file.rb', line 54
def setup
super
self.key ||= SecureRandom.hex(32) unless decrypt?
self.iv ||= SecureRandom.hex(16) unless decrypt?
error 'key must be 64 characters long and a valid hex number' unless key =~ /^[a-f0-9]{64}$/
error 'iv must be 32 characters long and a valid hex number' unless iv =~ /^[a-f0-9]{32}$/
end
|
#store_command(command, confirm) ⇒ Object
67
68
69
70
71
72
|
# File 'lib/travis/cli/encrypt_file.rb', line 67
def store_command(command, confirm)
travis_config[stage] = Array(travis_config[stage])
travis_config[stage].delete(command)
travis_config[stage].unshift(command)
confirm_and_save_travis_config confirm
end
|
#transcode(input_path) ⇒ Object
103
104
105
106
107
108
109
110
111
112
113
114
|
# File 'lib/travis/cli/encrypt_file.rb', line 103
def transcode(input_path)
description = "stdin#{' (waiting for input)' if $stdin.tty?}" if input_path == '-'
say "#{decrypt ? 'de' : 'en'}crypting #{color(description || input_path, :info)} for #{color(slug, :info)}"
data = input_path == '-' ? $stdin.read : File.binread(input_path)
aes = OpenSSL::Cipher.new('AES-256-CBC')
decrypt ? aes.decrypt : aes.encrypt
aes.key = [key].pack('H*')
aes.iv = [iv].pack('H*')
aes.update(data) + aes.final
end
|