Class: Travis::CLI::EncryptFile

Inherits:
RepoCommand show all
Defined in:
lib/travis/cli/encrypt_file.rb

Constant Summary

Constants inherited from RepoCommand

RepoCommand::GIT_REGEX, RepoCommand::TRAVIS

Constants inherited from Command

Command::DAY, Command::HOUR, Command::MINUTE, Command::WEEK

Constants included from Tools::Assets

Tools::Assets::BASE

Instance Attribute Summary collapse

Attributes inherited from RepoCommand

#slug

Attributes inherited from ApiCommand

#enterprise_name, #session

Attributes inherited from Command

#arguments, #config, #debug, #force_interactive, #formatter, #input, #output

Instance Method Summary collapse

Methods inherited from RepoCommand

#repository

Methods inherited from ApiCommand

#authenticate, #detected_endpoint?, #endpoint_config, #enterprise?, #initialize, #org?, #pro?, #sync

Methods included from Travis::Client::Methods

#access_token, #access_token=, #account, #accounts, #api_endpoint, #api_endpoint=, #artifact, #broadcasts, #build, #cancel, #explicit_api_endpoint?, #github_auth, #hooks, #job, #lint, #listen, #repo, #repos, #restart, #user

Methods inherited from Command

abstract, abstract?, #check_completion, #check_ruby, #check_version, command_name, #command_name, #debug?, description, #execute, #help, #info, #initialize, #last_check, #on_signal, #parse, #say, skip, subcommands, #terminal, #time, #usage, #usage_for, #write_to

Methods included from Parser

#new, #on, #on_initialize

Methods included from Tools::Assets

#asset, #asset_path

Constructor Details

This class inherits a constructor from Travis::CLI::ApiCommand

Instance Attribute Details

#stageObject

Returns the value of attribute stage


13
14
15
# File 'lib/travis/cli/encrypt_file.rb', line 13

def stage
  @stage
end

Instance Method Details

#decrypt_command(path) ⇒ Object


69
70
71
# File 'lib/travis/cli/encrypt_file.rb', line 69

def decrypt_command(path)
  "openssl aes-256-cbc -K $#{env_name(:key)} -iv $#{env_name(:iv)} -in #{escape_path(path)} -out #{escape_path(decrypt_to)} -d"
end

#decrypt_to_for(input_path) ⇒ Object


105
106
107
108
109
110
111
112
# File 'lib/travis/cli/encrypt_file.rb', line 105

def decrypt_to_for(input_path)
  return if input_path == '-'
  if input_path.start_with? Dir.home
    input_path.sub(Dir.home, '~')
  else
    input_path
  end
end

#env_name(name) ⇒ Object


79
80
81
82
# File 'lib/travis/cli/encrypt_file.rb', line 79

def env_name(name)
  @env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(Dir.pwd)[0..5])}"
  "#{@env_prefix}_#{name}"
end

#escape_path(path) ⇒ Object


114
115
116
# File 'lib/travis/cli/encrypt_file.rb', line 114

def escape_path(path)
  Shellwords.escape(path).sub(/^\\~\//, '~\/')
end

#notes(input_path, output_path) ⇒ Object


84
85
86
87
88
89
90
# File 'lib/travis/cli/encrypt_file.rb', line 84

def notes(input_path, output_path)
  say "\nkey: #{color(key, :info)}\niv:  #{color(iv,  :info)}" if print_key?
  empty_line
  say "Make sure to add #{color(output_path, :info)} to the git repository."
  say "Make sure #{color("not", :underline)} to add #{color(input_path, :info)} to the git repository." if input_path != '-'
  say "Commit all changes to your #{color('.travis.yml', :info)}."
end

#output_path_for(input_path) ⇒ Object


118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/travis/cli/encrypt_file.rb', line 118

def output_path_for(input_path)
  case input_path
  when '-'           then return '-'
  when /^(.+)\.enc$/ then return $1 if     decrypt?
  when /^(.+)\.dec$/ then return $1 unless decrypt?
  end

  if interactive? and input_path =~ /(\.enc|\.dec)$/
    exit 1 unless danger_zone? "File extension of input file is #{color($1, :info)}, are you sure that is correct?"
  end

  "#{input_path}.#{decrypt ? 'dec' : 'enc'}"
end

57
58
59
60
# File 'lib/travis/cli/encrypt_file.rb', line 57

def print_command(command)
  empty_line
  say command, template(__FILE__)
end

#run(input_path, output_path = nil) ⇒ Object


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/travis/cli/encrypt_file.rb', line 25

def run(input_path, output_path = nil)
  self.decrypt_to ||= decrypt_to_for(input_path)
  output_path     ||= File.basename(output_path_for(input_path))
  self.output       = $stdout.tty? ? StringIO.new : $stderr if output_path == '-'
  result            = transcode(input_path)

  if output_path == '-'
    $stdout.puts result
  else
    say "storing result as #{color(output_path, :info)}"
    write_file(output_path, result, force)
    return if decrypt?

    error "requires --decrypt-to option when reading from stdin" unless decrypt_to?

    set_env_vars

    command = decrypt_command(output_path)
    stage ? store_command(command) : print_command(command)

    notes(input_path, output_path)
  end
end

#set_env_varsObject


73
74
75
76
77
# File 'lib/travis/cli/encrypt_file.rb', line 73

def set_env_vars
  say "storing secure env variables for decryption"
  repository.env_vars.upsert env_name(:key), key, :public => false
  repository.env_vars.upsert env_name(:iv),  iv,  :public => false
end

#setupObject


49
50
51
52
53
54
55
# File 'lib/travis/cli/encrypt_file.rb', line 49

def setup
  super
  self.key        ||= SecureRandom.hex(32) unless decrypt?
  self.iv         ||= SecureRandom.hex(16) unless decrypt?
  error "key must be 64 characters long and a valid hex number" unless key =~ /^[a-f0-9]{64}$/
  error "iv must be 32 characters long and a valid hex number"  unless iv  =~ /^[a-f0-9]{32}$/
end

#store_command(command) ⇒ Object


62
63
64
65
66
67
# File 'lib/travis/cli/encrypt_file.rb', line 62

def store_command(command)
  travis_config[stage] = Array(travis_config[stage])
  travis_config[stage].delete(command)
  travis_config[stage].unshift(command)
  save_travis_config
end

#transcode(input_path) ⇒ Object


92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/travis/cli/encrypt_file.rb', line 92

def transcode(input_path)
  description = "stdin#{' (waiting for input)' if $stdin.tty?}" if input_path == '-'
  say "#{decrypt ? "de" : "en"}crypting #{color(description || input_path, :info)} for #{color(slug, :info)}"

  data     = input_path == '-' ? $stdin.read : File.binread(input_path)
  aes      = OpenSSL::Cipher.new('AES-256-CBC')
  decrypt  ? aes.decrypt : aes.encrypt
  aes.key  = [key].pack('H*')
  aes.iv   = [iv].pack('H*')

  aes.update(data) + aes.final
end