わけわからん、ちゃんと動いてるかこれ?
Created by 1inguini on March 12, 2025
MVH4Z55GJ75LXJNTYNSCZDG4WG42QYBLRMZMEZYTLTZ6JDI4JGUQC Dependencies
- [2]
KX42K5R4SNZINZUML33PFNTRUNNJQGG75WC7ILYB2JVQMPANG7SQC - [3]
WVXITCMSC7TRKFCRXFM57AOFXVACML5RTVXNLP5IB5465GAOWV7QC - [4]
OZXUS4F6MZQGADD3EHLKEROGNPPJ2N43IYZUCMT4ARAKNRYWI43QC - [5]
RHQIYSRWETQ37UOVCAXXGCJK3Z7D3IHFEL6ZQVLPKPIPZLVSBB2AC - [6]
5KGYLSGE2JR22BAD4FUYZX6GLNAJECF37TVOQJKE5YVBWBNO4YMQC - [7]
73XTAX7A6FELJNJMKBXJQKZTJYASRGNS56KW2GUNIQH3MYBSIGPQC - [8]
3ZLKB3ADCVKRXGGN2VNNYGXW3OMBI7DQM63ENGDTDWOQYOIOHVTQC
In channels
main
Change contents
File deletion: hello
File deletion: secret
File deletion: hello.gpg
File deletion: world
File deletion: hello.gpg
File deletion: .pijul
File deletion: config
File deletion: encrypt
File deletion: add-recipients.sh
#!/bin/sh[ -d .pijul ] || {echo 'this directory does not seem to be Pijul repositry.' >&2false}. .pijul/encrypt/scripts.sh[ "$*" ] || {echo 'Please supply the recipients fingerprints as arguments.' >&2false}mkdir -p .encrypt.d/recipient/for recipient in "$@"; dogpg --armor --export "$recipient" >".encrypt.d/recipient/$recipient.asc"doneif [ -f .encrypt.d/master_key.gpg ]; thenecho 're-encrypting master key...'$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --sign --encrypt \$(printf -- "--recipient-file$IFS%s$IFS" .encrypt.d/recipient/*.asc) \echo 'done'fi--output .encrypt.d/master_key.gpg.tmpmv .encrypt.d/master_key.gpg.tmp .encrypt.d/master_key.gpgFile deletion: init.sh
#!/bin/sh[ -d .pijul ] || {echo 'this directory does not seem to be Pijul repositry.' >&2false}. .pijul/encrypt/scripts.shif [ -f .encrypt.d/master_key.gpg ]; thenecho 'pijul-encrypt already configured!'falsefirecipients="$*"[ "$recipients" ] || {echo 'Specify recipients fingerprints.'read -r recipients}(IFS=' '.pijul/encrypt/add-recipients.sh $recipients)echo 'generating master key...'master_key=$($gpg --armor --gen-random 16 512)echo "master key generated: $master_key"$(printf -- '--recipient-file\n%s\n' .encrypt.d/recipient/*.asc) \echo "Now add .pijul/encrypt/hook-record.sh to record hook.edit .pijul/config as below:\`\`\`[hooks]record = ['.pijul/encrypt/hook-record.sh']\`\`\`"--output .encrypt.d/master_key.gpgprintf %s "$master_key" | $gpg --batch --sign --encrypt \File deletion: scripts.sh
File deletion: hook-record.sh, hook-encrypt.sh
#!/bin/shif [ -f .encrypt/master_key.gpg ]; thenecho "No master key in repositry. Repositry not initialized for pijul-encrypt" >&2falsefiencrypt() {path=$1$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --passphrase-fd 0 \}# globを展開、マッチするディレクトリの中身も全部マッチしたいのでfindを噛ませる# pijulが記録しているパスのうち`.encrypt`にマッチするものpijul add "$path.gpg"donefi# 秘密にしなければいけないファイルたちwill_be_encrypted="$tracked_glob$gpg_tracked"# 秘密のファイルに変更があれば暗号化し直すfor path in $will_be_encrypted; doif [ ! -f "$path" ]; then[ "$path" = ".encrypt.d/master_key" ] || pijul remove "$path.gpg"elseif [ -f "$path.gpg" ] &&[ "$($sha256sum <"$path")" != "$(decrypt "$path.gpg" | $sha256sum)" ]; thenrm "$path.gpg"fiif [ ! -e "$path.gpg" ]; thenencrypt "$path"fi# pijulが記録しているパスのうち`*.gpg`にマッチするもの (pijul listが変わってるのでtracked_globとは重複しない)gpg_tracked=$(pijul list | grep '\.gpg$' | sed 's/\.gpg$//'): "↓debug gpg_tracked↓$gpg_tracked"# shellcheck disable=SC2086pijul remove $tracked_glob # 秘密のファイルはさっさと記録から除外# shellcheck disable=SC2086# shellcheck disable=SC2046tracked_glob=$(printf '%s\n' $worktree_glob $(pijul list) | sort | uniq -d): "↓debug tracked_glob↓$tracked_glob"# shellcheck disable=SC2046worktree_glob=$(find $(cat .encrypt) -type f -not -name '*.gpg'): "↓debug worktree_glob↓$worktree_glob"decrypt() {path=$1$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --output - --passphrase-fd 0 \--decrypt "$path"}--sign --encrypt --symmetric \$(printf -- "--recipient-file$IFS%s$IFS" .encrypt.d/recipient/*.asc) "$path"if ! sha256sum=$(command -v sha256sum) >/dev/null; thenecho "$0 requires sha256sum" >&2falsefi. .pijul/encrypt/scripts.shFile deletion: Hello World.gpg
File deletion: .ignore
File deletion: .encrypt.d
File deletion: master_key.gpg
File deletion: .encrypt
File addition: hello
[3.1]File addition: secret
[0.17]File addition: world
[0.37]File addition: hello.gpg
[0.37]File addition: Hello World.gpg
[3.1]File addition: .pijul
[3.1]File addition: encrypt
[0.941]File addition: scripts.sh
[0.962]#!/bin/shset -eIFS=''if ! gpg=$(command -v gpg2) >/dev/null; thenecho "$0 requires gpg2" >&2falsefiFile addition: init.sh
[0.962]#!/bin/sh[ -d .pijul ] || {echo 'this directory does not seem to be Pijul repositry.' >&2false}. .pijul/encrypt/scripts.shif [ -f .encrypt.d/master_key.gpg ]; thenecho 'pijul-encrypt already configured!'falsefirecipients="$*"[ "$recipients" ] || {echo 'Specify recipients fingerprints.'read -r recipients}(IFS=' '.pijul/encrypt/add-recipients.sh $recipients)echo 'generating master key...'master_key=$($gpg --armor --gen-random 16 512)echo "master key generated: $master_key"printf %s "$master_key" | $gpg --batch --sign --encrypt \$(printf -- '--recipient-file\n%s\n' .encrypt.d/recipient/*.asc) \--output .encrypt.d/master_key.gpgecho "Now add .pijul/encrypt/hook-record.sh to record hook.edit .pijul/config as below:\`\`\`[hooks]record = ['.pijul/encrypt/hook-record.sh']\`\`\`"File addition: hook-record.sh
[0.962]#!/bin/sh. .pijul/encrypt/scripts.shif ! sha256sum=$(command -v sha256sum) >/dev/null; thenecho "$0 requires sha256sum" >&2falsefiif [ ! -f .encrypt.d/master_key.gpg ]; thenecho "No master key in repositry. Repositry not initialized for pijul-encrypt" >&2falsefiencrypt() {path=$1$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --passphrase-fd 0 \--sign --encrypt --symmetric \$(printf -- "--recipient-file$IFS%s$IFS" .encrypt.d/recipient/*.asc) "$path"}decrypt() {path=$1$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --output - --passphrase-fd 0 \--decrypt "$path"}# globを展開、マッチするディレクトリの中身も全部マッチしたいのでfindを噛ませる# shellcheck disable=SC2046worktree_glob=$(find $(cat .encrypt) -type f -not -name '*.gpg'): "↓debug worktree_glob↓$worktree_glob"# pijulが記録しているパスのうち`.encrypt`にマッチするもの# shellcheck disable=SC2086# shellcheck disable=SC2046tracked_glob=$(printf '%s\n' $worktree_glob $(pijul list) | sort | uniq -d): "↓debug tracked_glob↓$tracked_glob"# shellcheck disable=SC2086pijul remove $tracked_glob # 秘密のファイルはさっさと記録から除外# pijulが記録しているパスのうち`*.gpg`にマッチするもの (pijul listが変わってるのでtracked_globとは重複しない)gpg_tracked=$(pijul list | grep '\.gpg$' | sed 's/\.gpg$//'): "↓debug gpg_tracked↓$gpg_tracked"# 秘密にしなければいけないファイルたちwill_be_encrypted="$tracked_glob$gpg_tracked"# 秘密のファイルに変更があれば暗号化し直すfor path in $will_be_encrypted; doif [ ! -f "$path" ]; then[ "$path" = ".encrypt.d/master_key" ] || pijul remove "$path.gpg"elseif [ -f "$path.gpg" ] &&[ "$($sha256sum <"$path")" != "$(decrypt "$path.gpg" | $sha256sum)" ]; thenrm "$path.gpg"fiif [ ! -e "$path.gpg" ]; thenencrypt "$path"fipijul add "$path.gpg"fidoneFile addition: add-recipients.sh
[0.962]#!/bin/sh[ -d .pijul ] || {echo 'this directory does not seem to be Pijul repositry.' >&2false}. .pijul/encrypt/scripts.sh[ "$*" ] || {echo 'Please supply the recipients fingerprints as arguments.' >&2false}mkdir -p .encrypt.d/recipient/for recipient in "$@"; dogpg --armor --export "$recipient" >".encrypt.d/recipient/$recipient.asc"doneif [ -f .encrypt.d/master_key.gpg ]; thenecho 're-encrypting master key...'$gpg --decrypt .encrypt.d/master_key.gpg |$gpg --batch --sign --encrypt \$(printf -- "--recipient-file$IFS%s$IFS" .encrypt.d/recipient/*.asc) \--output .encrypt.d/master_key.gpg.tmpmv .encrypt.d/master_key.gpg.tmp .encrypt.d/master_key.gpgecho 'done'fiFile addition: .ignore
[3.1].git.DS_StoreFile addition: .encrypt.d
[3.1]File addition: recipient
[0.4934]File addition: 709D50D8B911D7803BBEB84B49333C087767B9C1.asc
[0.4957]-----BEGIN PGP PUBLIC KEY BLOCK-----mDMEZ9AE3BYJKwYBBAHaRw8BAQdAGN94pisGcqoak2YpkdGbI7LN7LiYx9usauKWMa7Bs8+0GzFpbmd1aW5pIDx0aGVAMWluZ3VpbmkuY29tPoiZBBMWCgBBAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAFiEEcJ1Q2LkR14A7vrhLSTM8CHdnucEFAmfQKIEFCQHhflcACgkQSTM8CHdnucH/cgD/Wx+M5frnmtpCK3eEu/mXeMc7kcHG/ABPBib4MML88AoBAOD0UxwiLVQAoj5kWgMF6KvGwyUpzP/JrJM6sSGlBy0DuDgEZ9AE3BIKKwYBBAGXVQEFAQEHQOBUFAO7TrDwCRF/wf5a4mbMg3oFtdAzHfaTRyZApolXAwEIB4h+BBgWCgAmAhsMFiEEcJ1Q2LkR14A7vrhLSTM8CHdnucEFAmfQKIcFCQHhfl0ACgkQSTM8CHdnucH63wD/aWCRxBYfY+/3ojTwXPMG/2MvkJJlUOzZOLo2vXl8+GABAJu/053eNjD8vPd7sQiMyIO1nTwnJnUXUwSp5/G+0oEKuDMEZ9AoLRYJKwYBBAHaRw8BAQdAzACcPo9xNqMc7jPtHwHvY4i7GoBq2OLrQ+quaGgIxUmI9QQYFgoAJgIbAhYhBHCdUNi5EdeAO764S0kzPAh3Z7nBBQJn0CiHBQkB4VsMAIF2IAQZFgoAHRYhBIqd6IQKm47IZWFsLax5ACEx1Ms7BQJn0CgtAAoJEKx5ACEx1Ms75tQA/iZRhOvFzUBNAB88jj+jAqklXMTVTkeeGYPe4+lzo0a/AQDr2XxM0jax5u/afXHgb9k4+zs4FxZkfXCDU/L2FdQaAAkQSTM8CHdnucGKzAD9HXR5jPl+qhJ70ji6hCl9YvR2IE6NLUa/p08us3c5e0QA/1wuoWlU2t0KHCKnvc+clv7b2Pb3Dh69BAycDGM0MicEuDMEZ9AoVxYJKwYBBAHaRw8BAQdA+lFud6c0oerH3nFcm5k0S1fCm+1ul+tr0iILkZKAUQ+IfgQYFgoAJgIbIBYhBHCdUNi5EdeAO764S0kzPAh3Z7nBBQJn0CiIBQkB4VriAAoJEEkzPAh3Z7nBGzMA/13T8AyUrEnojAkq7DpRzjDNPUHZUTdwWxlvqsF+0byqAQD5DWWlSzFBPveW0EC2jfnNsC2TuoKohYydQfI0qKghCg===PKBP-----END PGP PUBLIC KEY BLOCK-----File addition: master_key.gpg
[0.4934]File addition: .encrypt
[3.1]**/secret/*Hello World