#!/bin/bash # # $Id$ export ORIGINAL=$1 shift export GPGOPTS="--use-agent" if [ -z "$ORIGINAL" ] ; then echo "FATAL: No file specified to edit." exit 1 fi if [ ! -f "$ORIGINAL" ] ; then echo "FATAL: No such file: $ORIGINAL" exit 2 fi if ! /etc/init.d/siredit-fs status >/dev/null 2>/dev/null ; then echo "FATAL: siredit-fs not running, please sudo /etc/init.d/siredit-fs start" exit 3 fi export ORINAME=$(basename "$ORIGINAL") #echo "DEBUG: ORINAME=$ORINAME" export ORIDIR=$(dirname "$ORIGINAL") if [ -z "$ORIDIR" ] ; then ORIDIR=$(pwd) fi #echo "DEBUG: ORINAME=$ORINAME" export RAMDIR="/tmp/siredit.ramfs/$$" #echo "DEBUG: RAMDIR=$RAMDIR" if [ ! -d /tmp/siredit.ramfs ] ; then echo "FATAL: No ramdir $RAMDIR" exit 11 fi mkdir -pv $RAMDIR if [ ! "$?" = "0" ] ; then echo "FATAL: Unable to create $RAMDIR" exit 12 fi chmod go-rwx $RAMDIR export RAMFILE="$RAMDIR/$ORINAME" #echo "DEBUG: RAMFILE=$RAMFILE" cp -uva $ORIGINAL $RAMFILE if [ ! "$?" = "0" ] ; then echo "FATAL: Unable to copy $ORIGINAL to $RAMFILE" exit 13 fi export EDITNAME=$ORINAME #echo "DEBUG: EDITNAME=$EDITNAME" export GPGNAME=$(echo "$ORINAME" |egrep "\.gpg$" 2>/dev/null) if [ -n "$GPGNAME" ] ; then EDITNAME=$(echo "$ORINAME" |sed -e 's/\.gpg$//') #echo "DEBUG: gpg'd EDITNAME=$EDITNAME" echo gpg $GPGOPTS --decrypt --output $RAMDIR/$EDITNAME $RAMDIR/$ORINAME gpg $GPGOPTS --decrypt --output $RAMDIR/$EDITNAME $RAMDIR/$ORINAME if [ ! "$?" = "0" ] ; then if [ -f $RAMDIR/$EDITNAME ] ; then echo "ERROR: Eventually unable to decrypt $RAMDIR/$ORINAME," echo " but got $RAMDIR/$EDITNAME" echo "Assuming yubikey/gpg-agent hickup and continuing anyway" else echo "FATAL: Unable to decrypt $RAMDIR/$ORINAME" rm -rfv $RAMDIR exit 14 fi fi fi export EDITFILE="$RAMDIR/$EDITNAME" #echo "DEBUG: EDITFILE=$EDITFILE" # FIXME think about which editor to start echo "Please edit the file and quit the editor program!" export SIREDITEDITOR="$VISUAL" if [ -z "$SIREDITEDITOR" ] ; then SIREDITEDITOR="$EDITOR" fi CSVNAME=$(echo "$EDITNAME" |egrep "\.(csv|tab)$") if [ -n "$CSVNAME" ] ; then SIREDITEDITOR="csvedit" if [ -f $ORIDIR/$EDITNAME.csvedit-meta ] ; then cp -uva $ORIDIR/$EDITNAME.csvedit-meta $RAMDIR/ fi fi if [ -z "$SIREDITEDITOR" ] ; then echo "Neither \$VISUAL nor \$EDITOR set and no .csv file, falling back to vi." SIREDITEDITOR="vi" fi cp -uva $EDITFILE $EDITFILE.orig #echo "DEBUG: SIREDITEDITOR=$SIREDITEDITOR" echo $SIREDITEDITOR $EDITFILE $SIREDITEDITOR $EDITFILE echo "Editor quitted." cmp -s $EDITFILE $EDITFILE.orig if [ "$?" = "0" ] ; then echo "No changes on $EDITFILE, exiting." rm -rfv $RAMDIR exit 0 fi if [ -n "$GPGNAME" ] ; then export ROPTS="" export DEFAULTKEY="" if [ -f ~/.gnupg/gpg.conf ] ; then DEFAULTKEY=$(cat ~/.gnupg/gpg.conf |egrep "^default-key " |cut -f2 -d ' ') if [ -n "$DEFAULTKEY" ] ; then ROPTS="$ROPTS -r $DEFAULTKEY" #echo "DEBUG: after adding own key, ROPTS=$ROPTS" else echo "WARNING: Unable to re-encryt for Yourself (no default-key line)." echo "Please fill ~/.gnupg/gpg.conf with a default-key line." fi else echo "WARNING: Unable to re-encryt for Yourself (no ~/.gnupg/gpg.conf)." echo "Please fill ~/.gnupg/gpg.conf with a default-key line." fi #echo "DEBUG: after adding eventual own key, ROPTS=$ROPTS" ENCTOLIST=$(gpg --decrypt --list-only --status-fd 1 2>/dev/null $ORIGINAL |grep ENC_TO |awk '{print $3}') #RECIPIENTS=$(gpg --list-keys $ENCTOLIST |egrep "<.*@.*>" |cut -f2 -d '<' |cut -f1 -d '>') RECIPIENTS=$(gpg --list-keys $ENCTOLIST |egrep "^ ") for RECEPIENT in $RECIPIENTS do ROPTS="$ROPTS -r $RECEPIENT" #echo "DEBUG: growing ROPTS=$ROPTS" done #echo "DEBUG: final ROPTS=$ROPTS" mv -v $RAMDIR/$ORINAME $RAMDIR/$ORINAME.orig echo gpg $GPGOPTS $ROPTS --output $RAMDIR/$ORINAME --encrypt $RAMDIR/$EDITNAME gpg $GPGOPTS $ROPTS --output $RAMDIR/$ORINAME --encrypt $RAMDIR/$EDITNAME if [ ! "$?" = "0" ] ; then if [ -f $RAMDIR/$ORINAME ] ; then echo "ERROR: Unable to re-encrypt $RAMDIR/$EDITNAME," echo " but got $RAMDIR/$ORINAME" echo "Assuming yubikey/gpg-agent hickup and continuing anyway" else echo "FATAL: Unable to re-encrypt $RAMDIR/$EDITNAME" rm -rfv $RAMDIR exit 31 fi fi fi echo cp -uva $RAMDIR/$ORINAME $ORIGINAL cp -uva $RAMDIR/$ORINAME $ORIGINAL if [ ! "$?" = "0" ] ; then echo "FATAL: Unable to copy $RAMDIR/$ORINAME to $ORIGINAL" rm -rfv $RAMDIR exit 32 fi test -f $RAMDIR/$EDITNAME.csvedit-meta && cp -uva $RAMDIR/$EDITNAME.csvedit-meta $ORIDIR/ rm -rfv $RAMDIR