1 files changed, 100 insertions, 0 deletions
diff --git a/contrib/hooks/encrypt_with_checksums/post_status b/contrib/hooks/encrypt_with_checksums/post_status
new file mode 100755
index 0000000..3dd0465
--- /dev/null
+++ b/contrib/hooks/encrypt_with_checksums/post_status
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+
+# yadm - Yet Another Dotfiles Manager
+# Copyright (C) 2015-2019 Tim Byrne and Martin Zuther
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+YADM_CHECKSUMS="$YADM_HOOK_DIR/files.checksums"
+WARNING_MESSAGE="Checksums were not verified"
+
+# unpack exported array; filenames including a newline character (\n)
+# are NOT supported
+OLD_IFS="$IFS"
+IFS=$'\n'
+YADM_ENCRYPT_INCLUDE_FILES=( $YADM_ENCRYPT_INCLUDE_FILES )
+IFS="$OLD_IFS"
+
+
+function get_checksum_command {
+    # check if "shasum" exists and supports the algorithm (which is
+    # tested by sending an empty string to "shasum")
+    if command -v "shasum" > /dev/null && printf "" | shasum --algorithm "256" &> /dev/null; then
+        printf "shasum --algorithm 256"
+    # check if "sha256sum" exists
+    elif command -v "sha256sum" > /dev/null; then
+        printf "sha256sum"
+    # check if "gsha256sum" exists
+    elif command -v "gsha256sum" > /dev/null; then
+        printf "gsha256sum"
+    else
+        # display warning in bright yellow
+        printf "\033[1;33m" >&2
+        printf "\nWARNING: \"shasum\", \"sha256sum\" and \"gsha256sum\" not found.   %s\n" "$WARNING_MESSAGE." >&2
+
+        # reset output color
+        printf "\033[0m" >&2
+
+        # signal error
+        return 1
+    fi
+}
+
+
+# if there is no checksum file, exit with original status of yadm
+# command
+if [ ! -f "$YADM_CHECKSUMS" ]; then
+    exit "$YADM_HOOK_EXIT"
+fi
+
+# get checksum command
+CHECKSUM_COMMAND=$(get_checksum_command)
+
+# no command found
+if (($?)); then
+    # return original exit status of yadm command
+    exit "$YADM_HOOK_EXIT"
+fi
+
+# check encrypted files for differences and capture output and error
+# messages
+YADM_CHECKSUM_OUTPUT=$($CHECKSUM_COMMAND --check "$YADM_CHECKSUMS" 2>&1)
+ERROR_CODE=$?
+
+# handle mismatched checksums and errors
+if (($ERROR_CODE)); then
+    printf "\nSome SHA-256 sums do not match (or an error occurred):\n\n"
+
+    # display differing files and errors (highlighted in red)
+    printf "\033[0;31m"
+
+    while IFS= read -r line; do
+        # beautify output and get rid of unnecessary lines
+        line="${line%%*: [Oo][Kk]}"
+        line="${line%%: [Ff][Aa][Ii][Ll][Ee][Dd]}"
+        line="${line##*WARNING:*did NOT match}"
+
+        if [ -n "$line" ]; then
+            printf "%s\n" "$line"
+        fi
+    done <<< "$YADM_CHECKSUM_OUTPUT"
+
+    # reset output color
+    printf "\033[0m"
+
+    # display advice for differing files and signal error
+    printf "\nConsider running either \"yadm encrypt\" or \"yadm decrypt\".\n"
+    exit $ERROR_CODE
+fi