-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathencrypt
More file actions
executable file
·127 lines (105 loc) · 4.17 KB
/
encrypt
File metadata and controls
executable file
·127 lines (105 loc) · 4.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/bin/bash
#
# Unified Encryption/Decryption Script for Clash Config Patch
#
# This script performs encryption or decryption based on the name it is called with.
# - As 'encrypt' (or any name other than 'decrypt'): Encrypts the patch file.
# - As 'decrypt': Decrypts the patch file.
#
# To maintain compatibility, create a symbolic link:
# ln -s encrypt decrypt
# ==============================================================================
# --- Configuration ---
# ==============================================================================
# File and Directory Paths
readonly PATCH_DIR="patch"
readonly DIFF_FILE="${PATCH_DIR}/config.diff"
readonly ENCRYPTED_FILE="${PATCH_DIR}/config.diff.enc"
readonly KEY_FILE="secret/GIST_ID" # Local file to store the key for encryption
# OpenSSL Parameters (must be identical for encryption and decryption)
readonly CIPHER="aes-256-cbc"
readonly KDF_OPTS="-pbkdf2 -iter 100000"
# ==============================================================================
# --- Core Functions ---
# ==============================================================================
# --- Encryption Logic ---
encrypt_logic() {
local key
# Determine the key from command-line argument or local file
if [ -n "$1" ]; then
key="$1"
elif [ -f "$KEY_FILE" ]; then
key=$(cat "$KEY_FILE")
else
echo "错误:请提供 GIST_ID 作为参数,或者在当前目录下创建 secret/GIST_ID 文件。" >&2
echo "用法: $0 [GIST_ID_value]" >&2
exit 1
fi
if [ -z "$key" ]; then
echo "错误:GIST_ID (密钥) 值为空。" >&2
exit 1
fi
# Ensure patch directory exists
if [ ! -d "$PATCH_DIR" ]; then
mkdir -p "$PATCH_DIR"
echo "已创建目录: $PATCH_DIR"
fi
# Ensure source diff file exists
if [ ! -f "$DIFF_FILE" ]; then
echo "错误:差异文件 '$DIFF_FILE' 未找到。" >&2
echo "请先生成 '$DIFF_FILE' 文件。" >&2
exit 1
fi
echo "正在使用提供的密钥加密 '$DIFF_FILE' 到 '$ENCRYPTED_FILE' ..."
# Encrypt using OpenSSL with a salt (default)
openssl enc "-${CIPHER}" ${KDF_OPTS} -salt -in "$DIFF_FILE" -out "$ENCRYPTED_FILE" -k "$key"
if [ $? -eq 0 ]; then
echo "加密成功: '$ENCRYPTED_FILE' 已生成。"
echo "重要提示:请勿将原始的 '$DIFF_FILE' 文件提交到仓库。"
else
echo "错误:加密失败。" >&2
exit 1
fi
}
# --- Decryption Logic ---
decrypt_logic() {
local key="$1"
if [ -z "$key" ]; then
echo "错误:解密密钥未提供。" >&2
echo "此脚本应由 GitHub Action 调用,并通过参数传入密钥。" >&2
exit 1
fi
if [ ! -f "$ENCRYPTED_FILE" ]; then
echo "错误:加密文件 '$ENCRYPTED_FILE' 未找到。" >&2
exit 1
fi
echo "正在解密 '$ENCRYPTED_FILE' 到 '$DIFF_FILE' ..."
# Decrypt using OpenSSL
openssl enc "-${CIPHER}" -d ${KDF_OPTS} -in "$ENCRYPTED_FILE" -out "$DIFF_FILE" -k "$key"
if [ $? -eq 0 ]; then
if [ -s "$DIFF_FILE" ]; then
echo "解密成功: '$DIFF_FILE' 已生成。"
else
echo "错误:解密失败或解密后的文件为空。" >&2
rm -f "$DIFF_FILE" # Clean up potentially generated empty file
exit 1
fi
else
echo "错误:解密命令执行失败。" >&2
exit 1
fi
}
# ==============================================================================
# --- Main Dispatch Logic ---
# ==============================================================================
# Get the name used to call the script
readonly SCRIPT_NAME=$(basename "$0")
# Decide which function to call based on the script name
if [ "$SCRIPT_NAME" = "decrypt" ]; then
# Pass all command-line arguments to the decryption function
decrypt_logic "$@"
else
# Called by any other name (e.g., 'encrypt'), run encryption
# Pass all command-line arguments to the encryption function
encrypt_logic "$@"
fi