Support downloading keys from gitlab as well, support specifying multiple recipients

349239b8 · Thomas Neidhart · b8501771 · 349239b8
Verified Commit 349239b8 authored 1 year ago by Thomas Neidhart
--- a/github/encrypt.sh
+++ b/github/encrypt.sh
@@ -17,7 +17,7 @@ function download() {
  local TMP_FILE=$(mktemp)
  local HTTP_CODE=$(curl --silent --output ${TMP_FILE} --write-out "%{http_code}" -L "${URL}")
  if [[ ${HTTP_CODE} -lt 200 || ${HTTP_CODE} -gt 299 ]]; then
-    rm ${TMP_FILE}
+    rm -f ${TMP_FILE}
    return 1
  fi
  cp ${TMP_FILE} ${OUTPUT_FILE}
@@ -36,32 +36,64 @@ function download_public_key_from_github() {
  fi
 }

-function get_github_handle() {
+function download_public_key_from_gitlab() {
+  local USER="$1"
+  local KEY_FILE="$2"
+
+  if ! download "https://gitlab.eclipse.org/${USER}.keys" ${KEY_FILE}; then
+    return 1
+  else
+    return 0
+  fi
+}
+
+function get_eclipse_profile() {
  local USER=$1
  local TMP_FILE=$(mktemp)

  if download "https://api.eclipse.org/account/profile/${USER}" ${TMP_FILE}; then
-    local GITHUB_HANDLE=$(cat "${TMP_FILE}" | jq -r ".github_handle")
-    echo ${GITHUB_HANDLE}
+    cat "${TMP_FILE}"
  fi

  rm -f ${TMP_FILE}
 }

+function get_github_handle() {
+  local PROFILE=$1
+  local GITHUB_HANDLE=$(echo "${PROFILE}" | jq -r ".github_handle")
+  echo ${GITHUB_HANDLE}
+}
+
 function encrypt_content() {
-  local KEY_FILE=$1
-  local INPUT=$2
-  local OUTPUT=$3
+  local INPUT=$1
+  local OUTPUT=$2
+  shift
+  shift
+  local KEY_FILES=("$@")
+
+  local ARGS="-a "
+
+  for KEY_FILE in "${KEY_FILES[@]}"
+  do
+    ARGS+="-R ${KEY_FILE} "
+  done

-  if [ -z $OUTPUT ]; then
-    age -R "${KEY_FILE}" -a "${INPUT}"
+  if [ ! -z ${OUTPUT} ]; then
+    ARGS+="-o ${OUTPUT} "
+  fi
+
+  if ! age ${ARGS} "${INPUT}"; then
+    return 1
  else
-    age -R "${KEY_FILE}" -a -o "${OUTPUT}" "${INPUT}"
+    return 0
  fi
 }

 function cleanup() {
-  rm -f ${KEY_FILE}
+  for KEY_FILE in "${KEY_FILES[@]}"
+  do
+      rm -f ${KEY_FILE}
+  done
 }

 usage() {
@@ -73,12 +105,16 @@ Usage: $(basename "${0}") [OPTIONS] [INPUT]
 Only a single INPUT file may be specified. If -o is not specified, OUTPUT defaults to standard output.

 Options:
-  -e user        Encrypt for a recipient identified by an Eclipse user id
-  -g user        Encrypt for a recipient identified by a GitHub user id
-  -o filename    Write encrypted or decrypted file to OUTPUT instead of standard output.
+  -e USER        Encrypt for a recipient identified by an Eclipse user id.
+                 This option can be repeated and combined with -g and the file can be decrypted
+                 by all provided recipients independently.
+  -g USER        Encrypt for a recipient identified by a GitHub user id.
+                 This option can be repeated and combined with -e and the file can be decrypted
+                 by all provided recipients independently.
+  -o OUTPUT      Write encrypted or decrypted file to OUTPUT instead of standard output.
                 If OUTPUT already exists it will be overwritten.
-  -v             Enable verbose output
-  -h             Show this help
+  -v             Enable verbose output.
+  -h             Show this help.

 "
  echo "$USAGE"
@@ -97,15 +133,17 @@ then
    exit 1
 fi

+ECLIPSE_USERS=()
+GITHUB_USERS=()
 VERBOSE=false

 while getopts ":e:g:i:o:v" o; do
    case "${o}" in
        e)
-            ECLIPSE_USER=${OPTARG}
+            ECLIPSE_USERS+=(${OPTARG})
            ;;
        g)
-            GITHUB_USER=${OPTARG}
+            GITHUB_USERS+=(${OPTARG})
            ;;
        i)
            INPUT_FILE=${OPTARG}
@@ -124,34 +162,65 @@ done

 shift $((OPTIND-1))

-if [ ! -z ${ECLIPSE_USER-} ] && [ ! -z ${GITHUB_USER-} ]; then
-  echo "Can not specify an Eclipse user id and a GitHub user id at the same time"
-  exit 1
-elif [ -z ${ECLIPSE_USER-} ] && [ -z ${GITHUB_USER-} ]; then
-  echo "Need to specify either an Eclipse user id or a GitHub user id"
+if [ ${#ECLIPSE_USERS[@]} -eq 0 ] && [ ${#GITHUB_USERS[@]} -eq 0 ]; then
+  print_error "Need to specify at least 1 recipient"
+  usage
  exit 1
 fi

 trap cleanup EXIT

-if [ ! -z ${ECLIPSE_USER-} ]; then
-  print_verbose "Encrypting for Eclipse user with id '${ECLIPSE_USER}'"
-  GITHUB_USER=$(get_github_handle "${ECLIPSE_USER}")
-  if [ -z ${ECLIPSE_USER} ]; then
-    echo "Failed to get GitHub handle from Eclipse user ${ECLIPSE_USER}"
+KEY_FILES=()
+
+# trying to get keyfiles for any eclipse user
+for USER in "${ECLIPSE_USERS[@]}"
+do
+  print_verbose "Downloading keyfile for Eclipse user '${USER}'"
+  KEY_FILE=$(mktemp)
+
+  ECLIPSE_PROFILE=$(get_eclipse_profile "${USER}")
+  if [ -z "${ECLIPSE_PROFILE}" ]; then
+    print_error "No Eclipse profile found for user '${USER}'"
    exit 1
  fi
-else
-  print_verbose "Encrypting for GitHub user with id '${GITHUB_USER}'"
-fi

-KEY_FILE=$(mktemp)
-if ! download_public_key_from_github "${GITHUB_USER}" "${KEY_FILE}"; then
-  print_error "Failed to download keys from GitHub for user '${GITHUB_USER}'"
-  exit 1
-else
-  print_verbose "Downloaded keys for user '${GITHUB_USER}'"
-fi
+  if ! download_public_key_from_gitlab "${USER}" "${KEY_FILE}"; then
+    print_verbose "Failed to download keys from Gitlab for user '${USER}', trying GitHub..."
+
+    GITHUB_USER=$(get_github_handle "${ECLIPSE_PROFILE}")
+    if [ -z ${GITHUB_USER} ]; then
+      print_error "Failed to get GitHub handle for Eclipse user '${USER}'"
+      exit 1
+    fi
+
+    if ! download_public_key_from_github "${GITHUB_USER}" "${KEY_FILE}"; then
+      print_error "Failed to download keys from GitHub for user '${GITHUB_USER}'"
+      exit 1
+    else
+      print_verbose "Downloaded keys from GitHub for user '${GITHUB_USER}'"
+    fi
+  else
+    print_verbose "Downloaded keys from Gitlab for user '${USER}'"
+  fi
+
+  KEY_FILES+=($KEY_FILE)
+done
+
+# trying to get keyfiles for any github user
+for USER in "${GITHUB_USERS[@]}"
+do
+  print_verbose "Downloading keyfile for GitHub user '${USER}'"
+  KEY_FILE=$(mktemp)
+
+  if ! download_public_key_from_github "${USER}" "${KEY_FILE}"; then
+    print_verbose "Failed to download keys from GitHub for user '${USER}'"
+    exit 1
+  else
+    print_verbose "Downloaded keys from GitHub for user '${USER}'"
+  fi
+
+  KEY_FILES+=($KEY_FILE)
+done

 INPUT=${1--}

@@ -161,4 +230,4 @@ else
  print_verbose "Encrypting to '${OUTPUT_FILE}'"
 fi

-encrypt_content "${KEY_FILE}" "${INPUT}" "${OUTPUT_FILE-}"
+encrypt_content "${INPUT}" "${OUTPUT_FILE-}" "${KEY_FILES[@]}"