diff --git a/openpgp/gitprotect.sh b/openpgp/gitprotect.sh index 04ac4bf0a73bd954a4ff40994193da6ded183890..e727cb1f24a989b3d2db030ed92ef8f763ce67b8 100755 --- a/openpgp/gitprotect.sh +++ b/openpgp/gitprotect.sh @@ -201,6 +201,37 @@ if [[ $command == "init" ]]; then # Initialise the GnuPG files in local directory. gpg2 --batch --homedir "$gnupgHome" --list-keys 2>/dev/null + + # Set-up a .gitignore file that will exclude some temporary files from being + # tracked, as well as decrypted files. + cat <<EOF >> .gitignore +# BEGIN gitprotect.sh +.gnupg/pubring.gpg~ +.gnupg/random_seed +.gnupg/secring.gpg +decrypted/ +# END gitprotect.sh +EOF + # Add the empty keyring and gitignore file to the index so they can be + # committed by the user. + git add .gnupg/ + git add .gitignore + cat <<EOF +$program has set-up the repository directory for encryption. Before proceeding, +please commit the changes. The commit includes empty public and trust keryings for +GnuPG, and gitignore file that prevents inclusion of decrypted files and +temporary GnuPG files. + +Before proceeding with the commit, verify the changes with: + +git status --staged . + +After you have verfied the changes, commit the changes with (you may specify +alternative message): + +git commit .gnupg .gitignore -m "Configured directory for use with gitprotect.sh" + +EOF elif [[ $command == "addkey" ]]; then gitprotectConfigured || exit "$ERR_NOCONFIG"