Created
May 24, 2016 11:50
-
-
Save glogiotatidis/e0ab45ed5575a9d7973390dace0552b0 to your computer and use it in GitHub Desktop.
Git-crypt remove user.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Script to remove GPG key from git-crypt | |
| # | |
| # It will re-initialize git-crypt for the repository and re-add all keys except | |
| # the one requested for removal. | |
| # | |
| # Note: You still need to change all your secrets to fully protect yourself. | |
| # Removing a user will prevent them from reading future changes but they will | |
| # still have a copy of the data up to the point of their removal. | |
| # | |
| # Use: | |
| # ./remove-gpg-user.sh [FULL_GPG_FINGERPRINT] | |
| # | |
| # E.g.: | |
| # ./remove-gpg-user.sh 3BC18383F838C0B815B961480F8CAF5467D | |
| # | |
| # The script will create multiple commits to your repo. Feel free to squash them | |
| # all down to one. | |
| # | |
| # Based on https://github.com/AGWA/git-crypt/issues/47#issuecomment-212734882 | |
| # | |
| # | |
| set -e | |
| if [ -z "$1" ] | |
| then | |
| echo " Use:" | |
| echo " ./remove-gpg-user.sh [FULL_GPG_FINGERPRINT]" | |
| echo "" | |
| echo " E.g.:" | |
| echo " ./remove-gpg-user.sh 3BC18383F838C0B815B961480F8CAF5467D" | |
| exit; | |
| fi | |
| TMPDIR=`mktemp -d` | |
| CURRENT_DIR=`git rev-parse --show-toplevel` | |
| BASENAME=$(basename `pwd`) | |
| # Unlock the directory, we need to copy encrypted versions of the files | |
| git crypt unlock | |
| # Work on copy. | |
| cp -rp `pwd` $TMPDIR | |
| pushd $TMPDIR/$BASENAME | |
| # Remove encrypted files and git-crypt | |
| git crypt status | grep -v "not encrypted" > encrypted-files | |
| awk '{print $2}' encrypted-files | xargs rm | |
| git commit -a -m "Remove encrypted files" | |
| rm -rf .git-crypt | |
| git commit -a -m "Remove git-crypt" | |
| rm -rf .git/git-crypt | |
| # Re-initialize git crypt | |
| git crypt init | |
| # Add existing users, except the | |
| for keyfilename in `ls $CURRENT_DIR/.git-crypt/keys/default/0/*gpg`; do | |
| basename=`basename $keyfilename` | |
| key=${basename%.*} | |
| if [[ $key == $1 ]]; then | |
| continue; | |
| fi | |
| git crypt add-gpg-user $key | |
| done | |
| cd $CURRENT_DIR | |
| for i in `awk '{print $2}' ${TMPDIR}/${BASENAME}/encrypted-files`; do | |
| cp -rp --parents $i $TMPDIR/$BASENAME; | |
| done | |
| cd $TMPDIR/$BASENAME | |
| for i in `awk '{print $2}' encrypted-files`; do | |
| git add $i | |
| done | |
| git commit -a -m "New encrypted files" | |
| popd | |
| git crypt lock | |
| git pull $TMPDIR/$BASENAME | |
| rm -rf $TMPDIR |
Please make this into a pr! 😄
I believe that --parents is not supported on MAC OS/X machines.
As indicated on Stack Overflow, you can use either gcp (coming from the coreutils homebrew: brew install coreutils) or rsync -rp -R $i $TMPDIR/$BASENAME; -- see https://gist.github.com/Falkor/7b29f16f5f79404fe41476be0d992783 (@glogiotatidis if you want to update your own gist ;))
Added a new version, which allows spaces in filenames: https://gist.github.com/elektro-wolle/ed8da166474af46aad3bd7189665077f
Uses /usr/local/bin/gcp for MacOS-compatibility.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hmm no pull requests for gists? I hacked the script a bit more to allow multiple keys https://gist.github.com/phunehehe/c083a3d27c1e1c8f316ad6790368b8b5.