-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.travis.decrypt.sh
executable file
·58 lines (50 loc) · 2.25 KB
/
.travis.decrypt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/env bash
# Usage:
# $ .travis.decrypt.sh <rsa-file-destination>
#
# Takes an encrypted file, unencrypts it and splits it in two.
#
# This script assumes that said file, when unencrypted, contains two sections:
#
# 1. A script containing environment variables definitions (export VAR="value")
# 2. A private RSA key that Travis will use to perform passwordless SSH authentication.
# This file will be stored in the location given as a first positional argument
# to this script.
#
# The two sections are separated by a "file separator", which is a
# single line (see FILE_SEPARATOR variable down below).
#
# 1st argument: location on which we will store the RSA private key
RSA_PRIVATE_KEY_DESTINATION=$1
# location on which we will unencrypt the file
UNENCRYPTED_FILE_DESTINATION="/tmp/travis_deployment_key"
# file separator
FILE_SEPARATOR="###-#-#-#-qbic-quick-and-dirty-file-separator-#-#-#-###"
## IMPORTANT: the variables starting with "encrypted_..." are different for every repository, make sure you edit this line
echo "Decrypting secret sauce..."
if [ -z "$encrypted_c9fdf0a9e647_key" ]
then
echo "key is empty"
else
echo "key is set"
fi
if [ -z "$encrypted_c9fdf0a9e647_iv" ]
then
echo "iv is empty"
else
echo "iv is set"
fi
openssl aes-256-cbc -K $encrypted_c9fdf0a9e647_key -iv $encrypted_c9fdf0a9e647_iv -in travis_deployment_key.enc -out $UNENCRYPTED_FILE_DESTINATION -d
echo "Decryption returned $?"
# find in which line is our file separator
FILE_SEPARATOR_LINE=`grep --line-number "$FILE_SEPARATOR" $UNENCRYPTED_FILE_DESTINATION | cut --fields 1 --delimiter=:`
# we know that the first part contains a script that will set all required environment variables, we just source it as-is
echo "Sourcing"
source <(head --lines $(( $FILE_SEPARATOR_LINE - 1 )) $UNENCRYPTED_FILE_DESTINATION)
echo "BOGUS_VARIABLE=$BOGUS_VALUE"
# the second part of the unencrypted file contains a private key, output the last part of the unencrypted file into the desired destination
tail --lines +$(( $FILE_SEPARATOR_LINE + 1 )) $UNENCRYPTED_FILE_DESTINATION > $RSA_PRIVATE_KEY_DESTINATION
# make sure to change file permissions on this very special file
chmod 600 $RSA_PRIVATE_KEY_DESTINATION
# remove the unencrypted file
rm -f $UNENCRYPTED_FILE_DESTINATION