Created
April 24, 2012 15:10
-
-
Save ewa/2480455 to your computer and use it in GitHub Desktop.
Git merge driver to decrypt (and re-encrypt) files before merging.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # WARNING: This creates and manipulates clear text copies of the | |
| # encrypted files. It tries to clean up afterwards, but lots can go | |
| # wrong. If you are seriously worried about the secrecy of the files, | |
| # don't trust this! | |
| ANCESTOR=$1 | |
| MINE=$2 | |
| OTHER=$3 | |
| WORKDIR=`mktemp -d` | |
| if ! [ -d "$WORKDIR" ] || ! [ -x "$WORKDIR" ]; then | |
| echo >&2 "Temp directory not created or not accessible: $WORKDIR" | |
| rmdir "${WORKDIR}" | |
| exit -1 | |
| fi | |
| # Cleanup | |
| cleanup() { | |
| rm "$W_ANCESTOR" "$W_MINE" "$W_OTHER" | |
| popd > /dev/null | |
| rmdir "${WORKDIR}" | |
| if [ -n "${2}" ]; then | |
| echo >&2 $2 | |
| fi | |
| exit $1 | |
| } | |
| cp $ANCESTOR $WORKDIR/ | |
| cp $MINE $WORKDIR/ | |
| cp $OTHER $WORKDIR/ | |
| W_ANCESTOR=$WORKDIR/`basename $ANCESTOR` | |
| W_MINE=$WORKDIR/`basename $MINE` | |
| W_OTHER=$WORKDIR/`basename $OTHER` | |
| #echo $ANCESTOR $MINE $OTHER $WORKDIR | |
| pushd $WORKDIR > /dev/null | |
| #Decrypt. Yes, you have to enter your password three times! (and two more to come) | |
| gpg --output ${W_ANCESTOR}.plain --decrypt $ANCESTOR | |
| [ $? -eq 0 ] || cleanup -1 "Decryption error: Abort merge" | |
| gpg --output ${W_MINE}.plain --decrypt $MINE | |
| [ $? -eq 0 ] || cleanup -1 "Decryption error: Abort merge" | |
| gpg --output ${W_OTHER}.plain --decrypt $OTHER | |
| [ $? -eq 0 ] || cleanup -1 "Decryption error: Abort merge" | |
| #XXX Can we import the merge (mergetool) preferences for the original file and use them here? | |
| git-merge-file -L "Ours" -L "Common Ancestor" -L "Theirs" ${W_MINE}.plain ${W_ANCESTOR}.plain ${W_OTHER}.plain | |
| [ $? -ge 0 ] || cleanup -2 "Git merge error." | |
| echo >&2 "Plaintext files merged. Re-encrypting." | |
| gpg --output merged.gpg --symmetric ${W_MINE}.plain | |
| [ $? -eq 0 ] || cleanup -3 "Re-encryption error" | |
| #Replace original current/our file with merged, encrypted version | |
| cp -f merged.gpg ${MINE} | |
| if [ -x /usr/bin/shred ]; then | |
| echo >&2 "Shredding plain-text files. Do not be fooled -- this doesn't mean it's truly gone!" | |
| /usr/bin/shred -u ${W_ANCESTOR}.plain ${W_MINE}.plain ${W_OTHER}.plain | |
| rm -f merged.gpg | |
| else | |
| rm -f ${W_ANCESTOR}.plain ${W_MINE}.plain ${W_OTHER}.plain | |
| rm -f merged.gpg | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment