Add tests for symmetric GPG encryption

twpayne · twpayne · commit 2cdbbd7afc2c · 2021-04-03T23:21:42.000+02:00
diff --git a/main_test.go b/main_test.go
@@ -233,9 +233,10 @@ func cmdMkGPGConfig(ts *testscript.TestScript, neg bool, args []string) {
 	if neg {
 		ts.Fatalf("unupported: ! mkgpgconfig")
 	}
-	if len(args) > 0 {
-		ts.Fatalf("usage: mkgpgconfig")
+	if len(args) > 1 || len(args) == 1 && args[0] != "-symmetric" {
+		ts.Fatalf("usage: mkgpgconfig [-symmetric]")
 	}
+	symmetric := len(args) == 1 && args[0] == "-symmetric"
 
 	// Create a new directory for GPG. We can't use a subdirectory of the
 	// testscript's working directory because on darwin the absolute path can
@@ -260,17 +261,22 @@ func cmdMkGPGConfig(ts *testscript.TestScript, neg bool, args []string) {
 
 	configFile := filepath.Join(ts.Getenv("HOME"), ".config", "chezmoi", "chezmoi.toml")
 	ts.Check(os.MkdirAll(filepath.Dir(configFile), 0o777))
-	ts.Check(os.WriteFile(configFile, []byte(fmt.Sprintf(chezmoitest.JoinLines(
+	lines := []string{
 		`encryption = "gpg"`,
 		`[gpg]`,
 		`  args = [`,
-		`    "--homedir", %q,`,
+		`    "--homedir", ` + quote(gpgHomeDir) + `,`,
 		`    "--no-tty",`,
-		`    "--passphrase", %q,`,
+		`    "--passphrase", ` + quote(passphrase) + `,`,
 		`    "--pinentry-mode", "loopback",`,
 		`  ]`,
-		`  recipient = %q`,
-	), gpgHomeDir, passphrase, key)), 0o666))
+	}
+	if symmetric {
+		lines = append(lines, `  symmetric = true`)
+	} else {
+		lines = append(lines, `  recipient = "`+key+`"`)
+	}
+	ts.Check(os.WriteFile(configFile, []byte(chezmoitest.JoinLines(lines...)), 0o666))
 }
 
 // cmdMkHomeDir makes and populates a home directory.
@@ -430,6 +436,10 @@ func prependDirToPath(dir, path string) string {
 	return strings.Join(append([]string{dir}, filepath.SplitList(path)...), string(os.PathListSeparator))
 }
 
+func quote(s string) string {
+	return fmt.Sprintf("%q", s)
+}
+
 func setup(env *testscript.Env) error {
 	var (
 		binDir  = filepath.Join(env.WorkDir, "bin")
diff --git a/testdata/scripts/gpgencryption_symmetric.txt b/testdata/scripts/gpgencryption_symmetric.txt
@@ -0,0 +1,43 @@
+[!exec:gpg] stop
+
+mkhomedir
+mkgpgconfig -symmetric
+
+# test that chezmoi add --encrypt encrypts
+cp golden/.encrypted $HOME
+chezmoi add --encrypt $HOME${/}.encrypted
+exists $CHEZMOISOURCEDIR/encrypted_dot_encrypted.asc
+! grep plaintext $CHEZMOISOURCEDIR/encrypted_dot_encrypted.asc
+
+# test that chezmoi apply decrypts
+rm $HOME/.encrypted
+chezmoi apply --force
+cmp golden/.encrypted $HOME/.encrypted
+
+# test that chezmoi apply --exclude=encrypted does not apply encrypted files
+rm $HOME/.encrypted
+chezmoi apply --exclude=encrypted --force
+! exists $HOME/.encrypted
+chezmoi apply --force
+cmp $HOME/.encrypted golden/.encrypted
+
+# test that chezmoi detects gpg encryption if gpg is configured but encryption = "gpg" is not set
+removeline $CHEZMOICONFIGDIR/chezmoi.toml 'encryption = "gpg"'
+chezmoi cat $HOME${/}.encrypted
+cmp stdout golden/.encrypted
+
+# test that chezmoi edit --apply transparently decrypts and re-encrypts
+chezmoi edit --apply --force $HOME${/}.encrypted
+grep '# edited' $HOME/.encrypted
+
+# test that chezmoi files in subdirectories can be encrypted and that suffix can be set
+appendline $CHEZMOICONFIGDIR/chezmoi.toml '  suffix = ".gpg"'
+mkdir $HOME/.dir
+cp golden/.encrypted $HOME/.dir
+chezmoi add --encrypt $HOME${/}.dir${/}.encrypted
+! grep plaintext $CHEZMOISOURCEDIR/dot_dir/encrypted_dot_encrypted.gpg
+chezmoi edit --apply $HOME${/}.dir${/}.encrypted
+grep '# edited' $HOME/.dir/.encrypted
+
+-- golden/.encrypted --
+plaintext
