`eval` has always been used to process the globs in `.yadm/encrypt`.
This is being removed, as there is a risk of executing "dirty" data
found in `.yadm/encrypt`.
Caveats of this change:
* Brace and tilde expansion will no longer work in `.yadm/encrypt`
* Paths with spaces must not be quoted anymore
Directories are created prior to merge during clone, and prior to any
Git command run.
This directly addresses CVE-2017-11353.
When cloning a repo which includes data in a .ssh or .gnupg directory,
if those directories do not exist at the time of cloning, yadm will
create the directories with mask 0700 prior to merging the fetched data
into the work-tree.
When running a Git command and .ssh or .gnupg directories do not exist,
create those directories with mask 0700 prior to running the Git
command. However, do not create those directories if
yadm.auto-private-dirs is false.
`uname -s` was already being executed every run for *cygwin* detection.
I've consolidated all of the OS detection into a single function. This
also fixed the problem of running `uname -s` twice for the `alt`
command.
With the new functionality, when the 'alt' command is called (or automatically
triggered), any file with a name ending in '##yadm_tmpl' is treated as a jinja
template. The template is processed by envtpl and the result is written to a
file without the '##yadm_tmpl' name. The variables passed into the template
processing are
YADM_CLASS
YADM_OS
YADM_HOSTNAME
YADM_USER
These variables are set according to the normal rules for
CLASS, OS, HOSTNAME, and USER during the alt processing.
Overrides are meant to be local to each system, unlike other
configurations which are often added to a user's dotfiles repository.
With this change, the configurations change names:
alt.class => local.class
alt.os => local.os
alt.host => local.host
alt.user => local.user