Skip to content

Commit d326a50

Browse files
chadsrchadsr
committed
scripts: only save new secrets if the files are different
1 parent 2d89803 commit d326a50

File tree

1 file changed

+27
-21
lines changed

1 file changed

+27
-21
lines changed

store_secrets.sh

Lines changed: 27 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -37,19 +37,14 @@ diff_files() {
3737
return 1
3838
fi
3939

40-
if (cmp -s "$1" "$2"); then
41-
# If they are identical, then return
40+
if is_binary "{$1}" || is_binary "${2}"; then
41+
echo "File is binary. Skipping interactive diff"
4242
return 0
43-
else
44-
if is_binary "{$1}" || is_binary "${2}"; then
45-
echo "File is binary. Skipping interactive diff"
46-
return 0
47-
fi
48-
vimdiff -d "$1" "$2" || {
49-
echo "vimdiff on ${1} <-> ${2}' exited with error"
50-
return 1
51-
}
5243
fi
44+
vimdiff -d "$1" "$2" || {
45+
echo "vimdiff on ${1} <-> ${2}' exited with error"
46+
return 1
47+
}
5348
}
5449

5550
gpg_encrypt_file() {
@@ -63,27 +58,38 @@ gpg_encrypt_file() {
6358
local output_filename
6459
output_filename=$(basename "$output_file_path")
6560
local tmp_output_file_path="${tmp_path}/${output_filename}"
61+
local input_file_existing_equal=false
6662

6763
# if the file to replace already exists, perform a diff to check for changes
6864
if [[ -f "$output_file_path" ]]; then
6965
tmp_output_file_path_current="$tmp_output_file_path".current
70-
gpg --local-user "$gpg_encryption_subkey" --armor --decrypt --yes --output "$tmp_output_file_path_current" "$output_file_path" || {
66+
gpg --quiet --no-verbose --local-user "$gpg_encryption_subkey" --armor --decrypt --yes --output "$tmp_output_file_path_current" "$output_file_path" >/dev/null || {
7167
echo "failed to decrypt file ${output_file_path} to ${tmp_output_file_path_current}"
7268
return 1
7369
}
7470

75-
diff_files "$tmp_output_file_path_current" "$input_file_path"
71+
if (cmp -s "$tmp_output_file_path_current" "$input_file_path"); then
72+
input_file_existing_equal=true
73+
else
74+
diff_files "$tmp_output_file_path_current" "$input_file_path"
75+
fi
7676
fi
7777

78-
gpg -v --local-user "$gpg_encryption_subkey" --recipient "$gpg_encryption_subkey" --armor --sign --yes --output "$tmp_output_file_path" --encrypt "$input_file_path" || {
79-
echo "failed to encrypt file ${input_file_path} to ${tmp_output_file_path}"
80-
return 1
81-
}
78+
if [[ $input_file_existing_equal == true ]]; then
79+
printf "%s <-> %s are equal. skipping encryption.\n" "$input_file_path" "$output_file_path"
80+
else
81+
gpg --quiet --no-verbose --local-user "$gpg_encryption_subkey" --recipient "$gpg_encryption_subkey" --armor --sign --yes --output "$tmp_output_file_path" --encrypt "$input_file_path" >/dev/null || {
82+
echo "failed to encrypt file ${input_file_path} to ${tmp_output_file_path}"
83+
return 1
84+
}
8285

83-
cp -f "$tmp_output_file_path" "$output_file_path" || {
84-
echo "failed to copy '${tmp_output_file_path}' to '${output_file_path}'"
85-
return 1
86-
}
86+
cp -f "$tmp_output_file_path" "$output_file_path" || {
87+
echo "failed to copy '${tmp_output_file_path}' to '${output_file_path}'"
88+
return 1
89+
}
90+
91+
printf "%s -> %s\n" "$input_file_path" "$output_file_path"
92+
fi
8793
}
8894

8995
if [[ "$current_hostname" != "$laptop_hostname" ]] && [[ "$current_hostname" != "$desktop_hostname" ]]; then

0 commit comments

Comments
 (0)