feat: Add edit-encrypted command

Author: twpayne

assets/chezmoi.io/docs/reference/commands/edit-encrypted.md

@@ -0,0 +1,13 @@
+# `edit-encrypted` *filename*...
+
+Edit the encrypted files *filename*s.
+
+Each *filename* is decrypted to a temporary directory, the editor is invoked on
+the decrypted files. After the editor returns, each the decrypted file is
+re-encrypted.
+
+## Examples
+
+  ```sh
+  chezmoi edit-encrypted encrypted_file
+  ```

assets/chezmoi.io/mkdocs.yml

@@ -164,6 +164,7 @@ nav:
     - edit: reference/commands/edit.md
     - edit-config: reference/commands/edit-config.md
     - edit-config-template: reference/commands/edit-config-template.md
+    - edit-encrypted: reference/commands/edit-encrypted.md
     - encrypt: reference/commands/encrypt.md
     - execute-template: reference/commands/execute-template.md
     - forget: reference/commands/forget.md

internal/cmd/config.go

@@ -1912,6 +1912,7 @@ func (c *Config) newRootCmd() (*cobra.Command, error) {
 		c.newEditCmd(),
 		c.newEditConfigCmd(),
 		c.newEditConfigTemplateCmd(),
+		c.newEditEncryptedCmd(),
 		c.newEncryptCmd(),
 		c.newExecuteTemplateCmd(),
 		c.newForgetCmd(),

internal/cmd/editencryptedcmd.go

@@ -0,0 +1,85 @@
+package cmd
+
+import (
+	"path/filepath"
+
+	"github.com/spf13/cobra"
+
+	"chezmoi.io/chezmoi/internal/chezmoi"
+)
+
+func (c *Config) newEditEncryptedCmd() *cobra.Command {
+	editEncryptedCmd := &cobra.Command{
+		GroupID: groupIDEncryption,
+		Use:     "edit-encrypted filename...",
+		Short:   "Edit an encrypted file",
+		Long:    mustLongHelp("edit-encrypted"),
+		Example: example("edit-encrypted"),
+		Args:    cobra.MinimumNArgs(1),
+		RunE:    c.runEditEncryptedCmd,
+		Annotations: newAnnotations(
+			modifiesSourceDirectory,
+			persistentStateModeEmpty,
+			runsCommands,
+		),
+	}
+	return editEncryptedCmd
+}
+
+func (c *Config) runEditEncryptedCmd(cmd *cobra.Command, args []string) error {
+	type argument struct {
+		ciphertextAbsPath chezmoi.AbsPath
+		plaintextAbsPath  chezmoi.AbsPath
+	}
+
+	arguments := make([]argument, len(args))
+
+	// Write plaintexts to a temporary directory.
+	tempDirAbsPath, err := c.tempDir("chezmoi-edit-encrypted")
+	if err != nil {
+		return err
+	}
+	for i, arg := range args {
+		arg = filepath.Clean(arg)
+		ciphertextAbsPath, err := chezmoi.NewAbsPathFromExtPath(arg, c.homeDirAbsPath)
+		if err != nil {
+			return err
+		}
+		arguments[i].ciphertextAbsPath = ciphertextAbsPath
+		ciphertext, err := c.baseSystem.ReadFile(ciphertextAbsPath)
+		if err != nil {
+			return err
+		}
+		relPath := ciphertextAbsPath.MustTrimDirPrefix(c.homeDirAbsPath)
+		plaintextAbsPath := tempDirAbsPath.Join(relPath)
+		if err := c.encryption.DecryptToFile(plaintextAbsPath, ciphertext); err != nil {
+			return err
+		}
+		arguments[i].plaintextAbsPath = plaintextAbsPath
+	}
+
+	// Run the editor on the plaintexts.
+	editorArgs := make([]string, len(arguments))
+	for i, argument := range arguments {
+		editorArgs[i] = argument.plaintextAbsPath.String()
+	}
+	if err := c.runEditor(editorArgs); err != nil {
+		return err
+	}
+
+	// Write the ciphertexts.
+	//
+	// FIXME only write the ciphertext if the plaintext has changed
+	// FIXME preserve original plaintext file mode
+	for _, argument := range arguments {
+		ciphertext, err := c.encryption.EncryptFile(argument.plaintextAbsPath)
+		if err != nil {
+			return err
+		}
+		if err := c.baseSystem.WriteFile(argument.ciphertextAbsPath, ciphertext, 0o666&^c.Umask); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

internal/cmd/helps.gen.go

@@ -0,0 +1,15 @@
+mkageconfig
+[windows] unix2dos golden/edited-plaintext
+[windows] unix2dos golden/plaintext
+
+# test that chezmoi edit-encrypted edits encrypted files
+exec chezmoi encrypt -o $HOME/ciphertext golden/plaintext
+exec chezmoi edit-encrypted $HOME/ciphertext
+exec chezmoi decrypt $HOME/ciphertext
+cmp stdout golden/edited-plaintext
+
+-- golden/edited-plaintext --
+# contents of plaintext
+# edited
+-- golden/plaintext --
+# contents of plaintext