[pass] Handling errors in pipes

Matthew Richardson m.richardson at ed.ac.uk
Tue Apr 8 16:18:04 CEST 2014

There is a problem with the re-encrypt code in password-store, with the

$GPG -d $GPG_OPTS "$passfile" | $GPG -e "${gpg_recipient_args[@]}" -o
"$passfile.new" $GPG_OPTS && mv -v "$passfile.new" "$passfile"

If the initial decrypt fails then the rest of the line shouldn't
continue, as it won't be a properly decrypted password being
re-encrypted and written over the existing passfile.

One solution to this would be to enable pipefail (set -o pipefail) -
either just before, or at the start of this script.  This would cause
the failure of any of the commands in a pipe to set the return status of
the whole pipeline to non-zero (the last failed command's return code is

Not submitted a patch as I'm not sure if this is the only place this
happens in the code, or if changing the setting of pipefail globally
could cause any issues elsewhere.



The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140408/01eabe50/attachment.asc>

More information about the Password-Store mailing list