From 3f288cd349388266ec3ebc7444e7cc2921cef567 Mon Sep 17 00:00:00 2001
From: Erik Assum <erik@assum.net>
Date: Mon, 5 Nov 2018 20:04:29 +0100
Subject: [PATCH 1/2] [Fix #2] Provide mechanism for reading gpg encrypted
 creds file

---
 README.md                       | 10 +++++++++-
 deps.edn                        |  5 ++++-
 src/deps_deploy/deps_deploy.clj | 35 ++++++++++++++++++++++++++++-----
 3 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index ba47eb5..a5125f7 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ To deploy to Clojars, simply merge
           :main-opts ["-m" "deps-deploy.deps-deploy" "deploy"
 		      "path/to/my.jar" "group-id/artifact-id" "x.y.z"]}}
 ```
-into your `deps.edn`, have a `pom.xml` handy (you can generate one with `clj -Spom),` and deploy with 
+into your `deps.edn`, have a `pom.xml` handy (you can generate one with `clj -Spom),` and deploy with
 
 ```sh
 $ env CLOJARS_USER=username CLOJARS_PASSWORD=password clj -a:deploy
@@ -23,6 +23,14 @@ $ env CLOJARS_USER=username CLOJARS_PASSWORD=password clj -a:deploy
 
 to deploy to Clojars
 
+You can also store your credentials in a symmetrically encryted file:
+
+```sh
+$ gpg --encrypt .clojars_creds.edn
+```
+
+`deps-deploy` will then prompt you for the passphrase
+
 
 `deps-deploy` also supports installing to your local `.m2` repo, by invoking `install` instead of `deploy`:
 ```clojure
diff --git a/deps.edn b/deps.edn
index b9bc62e..1b9dd6e 100644
--- a/deps.edn
+++ b/deps.edn
@@ -1,6 +1,9 @@
 {:paths ["src" "resources"]
  :deps {org.clojure/clojure {:mvn/version "RELEASE"}
-        com.cemerick/pomegranate {:mvn/version "RELEASE"}}
+        com.cemerick/pomegranate {:mvn/version "RELEASE"}
+        org.bouncycastle/bcprov-jdk15on {:mvn/version "RELEASE"}
+        org.bouncycastle/bcmail-jdk15on {:mvn/version "RELEASE"}
+        org.bouncycastle/bcpg-jdk15on {:mvn/version "RELEASE"}}
  :aliases
  {:test {:extra-paths ["test"]
          :extra-deps {org.clojure/test.check {:mvn/version "RELEASE"}}}
diff --git a/src/deps_deploy/deps_deploy.clj b/src/deps_deploy/deps_deploy.clj
index a4c1caf..7fabe98 100644
--- a/src/deps_deploy/deps_deploy.clj
+++ b/src/deps_deploy/deps_deploy.clj
@@ -1,16 +1,41 @@
 (ns deps-deploy.deps-deploy
   (:require [cemerick.pomegranate.aether :as aether]
             [clojure.edn :as edn]
-            [clojure.pprint :as pp]))
+            [clojure.pprint :as pp]
+            [clojure.java.io :as io])
+  (:import [org.bouncycastle.bcpg SymmetricKeyAlgorithmTags]
+           [org.bouncycastle.jce.provider BouncyCastleProvider]
+           [org.bouncycastle.openpgp.examples ByteArrayHandler]
+           [java.security NoSuchProviderException Security]
+           [java.io File]))
 
-(def default-repo-settings {"clojars" {:url "https://clojars.org/repo"
-                                       :username (System/getenv "CLOJARS_USERNAME")
-                                       :password (System/getenv "CLOJARS_PASSWORD")}})
+(defn read-byte-array [file]
+  (with-open [in (io/input-stream (io/file file))]
+    (let [buf (byte-array 1000)
+          n (.read in buf)]
+      buf)))
+
+(defn decrypt [file]
+  (Security/addProvider (BouncyCastleProvider.))
+  (let [encrypted-byte-array (read-byte-array file)
+        console (System/console)
+        passwd (.readPassword console "Please enter your gpg passphrase: " (to-array [(Object.)]))
+        decrypted (ByteArrayHandler/decrypt encrypted-byte-array passwd)]
+    (edn/read-string (String. decrypted))))
+
+(def clojars-gpg-file ".clojars_creds.edn.gpg")
+
+(defn clojars-repo-settings []
+  (let [settings {:url "https://clojars.org/repo"}]
+    {"clojars" (merge settings (if (.exists (File. clojars-gpg-file))
+                                 (decrypt clojars-gpg-file)
+                                 {:username (System/getenv "CLOJARS_USERNAME")
+                                  :password (System/getenv "CLOJARS_PASSWORD")}))}))
 
 (defmulti deploy :installer)
 
 (defmethod deploy :clojars [{:keys [artifact name version repository]
-                             :or {repository default-repo-settings} :as opts }]
+                             :or {repository (clojars-repo-settings)} :as opts }]
   (println "Deploying"  (str name "-" version) "to clojars as" (-> repository vals first :username))
   (aether/deploy :pom-file "pom.xml"
                  :jar-file artifact

From d82f87a849b86b7b1d449078d97bdee8d9d4f653 Mon Sep 17 00:00:00 2001
From: Erik Assum <erik@assum.net>
Date: Mon, 5 Nov 2018 21:40:49 +0100
Subject: [PATCH 2/2] Add example of how `.clojar_creds.edn` should look

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index a5125f7..3e87032 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ to deploy to Clojars
 You can also store your credentials in a symmetrically encryted file:
 
 ```sh
+$ cat > .clojars_creds.edn
+{:username "joe_user"
+ :password "r3a11ygr8"}
+ ^D
 $ gpg --encrypt .clojars_creds.edn
 ```