-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathunlock_repo.py
executable file
·58 lines (51 loc) · 1.75 KB
/
unlock_repo.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/env python
"""Unlock the repo key using a pre-shared passphrase and use it to unlock the repo"""
import os
import sys
from shlex import split as shplit
from getpass import getpass
from subprocess import Popen
from subprocess import PIPE
from subprocess import check_output
from subprocess import CalledProcessError
try:
keyfile = [
keyfile
for keyfile in [f"{dir}/.binder/key.asc" for dir in (".", "..")]
if os.path.exists(keyfile)
][0]
except IndexError:
print("Error: No keyfile found!", file=sys.stderr)
sys.exit(1)
# Ensure we have user.name/email configured in case we have to stash/unstash
try:
_ = check_output(shplit("git config --local user.name"), text=True)
_ = check_output(shplit("git config --local user.email"), text=True)
except CalledProcessError:
_ = check_output(shplit("git config --local user.name User"), text=True)
_ = check_output(
shplit("git config --local user.email user@example.com"), text=True
)
unstash = lambda: None # If there are no changes to stash, we don't need to unstash
if check_output(shplit("git stash"), text=True).startswith("Saved"):
unstash = lambda: check_output(shplit("git stash pop"), text=True) # for later...
gpg_proc = Popen(
shplit(
f"gpg --batch --quiet --yes"
f" --passphrase {getpass('Enter secret: ')} --decrypt {keyfile}"
),
stdout=PIPE,
)
git_proc = Popen(
shplit("git crypt unlock -"),
stdin=gpg_proc.stdout,
stdout=PIPE,
stderr=PIPE,
text=True,
)
gpg_proc.stdout.close() # Allow gpg_proc to receive a SIGPIPE if git_proc exits.
stdout, stderr = git_proc.communicate(timeout=3)
_ = unstash() # if needed
if stderr:
print("Error: Incorrect passphrase!", file=sys.stderr)
sys.exit(1)