[pass] [PATCH] See: "Bugfix for Mac's diskutil"

Mon Jun 2 21:39:46 CEST 2014

With my previous commit I missed that `pass git status` also uses
mounted ramdisks, and needs to be safely removed there as well.
Therefore I moved the cleanup_tmp function to the beginning of
src/password-store.sh's helper functions. The caveat is that any locally
defined tmp_file's need to be passed to the function's arguments. The
intended use for this function is the command for `trap` definitions

I also added a new test to t0600 to account for `pass git status`
behavior.

This commit passes all tests. Further testing and comments appreciated.

---
 src/password-store.sh               |   21 ++++++++++++---------
 tests/t0600-darwin-test-diskutil.sh |    7 ++++++-
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index d8c052e..3ba3bdd 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -22,6 +22,16 @@ export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
 # BEGIN helper functions
 #
 
+shred_tmpfile() {
+	# If there is a local tmp_file var somewhere, be sure to pass it to
+	# shred_tmpfile() as an argument when you define a trap
+	tmp_file="$1"
+	$SHRED "$tmp_file"
+	if [[ $(uname) == Darwin ]]; then
+		cleanup_tmp
+	fi
+	rm -rf "$SECURE_TMPDIR" "$tmp_file"
+}
 git_add_file() {
 	[[ -d $GIT_DIR ]] || return
 	git add "$1" || return
@@ -413,14 +423,7 @@ cmd_edit() {
 
 	tmpdir #Defines $SECURE_TMPDIR
 	local tmp_file="$(TMPDIR="$SECURE_TMPDIR" mktemp -t "$template")"
-	eval "shred_tmpfile() {
-		$SHRED '$tmp_file'
-		if [[ $(uname) == Darwin ]]; then
-			cleanup_tmp
-		fi
-		rm -rf '$SECURE_TMPDIR' '$tmp_file'
-	}"
-	trap shred_tmpfile INT TERM EXIT
+	trap shred_tmpfile "$tmp_file" INT TERM EXIT
 
 
 	local action="Add"
@@ -570,7 +573,7 @@ cmd_git() {
 		git config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}"
 	elif [[ -d $GIT_DIR ]]; then
 		tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files.
-		trap "rm -rf '$SECURE_TMPDIR'" INT TERM EXIT
+		trap shred_tmpfile INT TERM EXIT
 		export TMPDIR="$SECURE_TMPDIR"
 		git "$@"
 	else
diff --git a/tests/t0600-darwin-test-diskutil.sh b/tests/t0600-darwin-test-diskutil.sh
index 9c82e19..d43ee67 100755
--- a/tests/t0600-darwin-test-diskutil.sh
+++ b/tests/t0600-darwin-test-diskutil.sh
@@ -22,7 +22,7 @@ test_expect_success 'Setup initial key and git' '
 initial_disk_env=($(mounted_disks))
 
 # These two tests are copied from test-0100 and test-0200
-# The point is to create a situation where mounting a /dev/diskX is required.
+# The point is to create a situation where mounting a ramdisk is required.
 test_expect_success 'Test "insert" command' '
   "$PASS" init $KEY1 &&
   echo "Hello world" | "$PASS" insert -e cred1 &&
@@ -38,6 +38,11 @@ test_expect_success 'Test "edit" command' '
   [[ $("$PASS" show cred1) == "$FAKE_EDITOR_PASSWORD" ]]
 '
 
+# `pass git status` also uses mounted ramdisks
+test_expect_success 'Test "git" command' '
+  "$PASS" git status
+'
+
 end_disk_env=($(mounted_disks))
 
 # Simply test if the number of mounted disks is the same as when we began.
-- 
1.7.10.4

