[pass] [PATCH] add support for passing arbitrary options to all invocations of GPG

David Adam zanchey at ucc.gu.uwa.edu.au
Fri Apr 17 04:46:47 CEST 2015


Uses the PASSWORD_STORE_GPG_OPTS environment variable.

Can be used to (e.g.) change the keyrings or trust model used.
---
 man/pass.1            | 3 +++
 src/password-store.sh | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/man/pass.1 b/man/pass.1
index 0dd6952..e1fe605 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -400,6 +400,9 @@ Overrides the default root of the git repository, which is helpful if
 \fIPASSWORD_STORE_DIR\fP is temporarily set to a sub-directory of the default
 password store.
 .TP
+.I PASSWORD_STORE_GPG_OPTS
+Additional options to be passed to all invocations of GPG.
+.TP
 .I PASSWORD_STORE_X_SELECTION
 Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. See
 .BR xclip (1)
diff --git a/src/password-store.sh b/src/password-store.sh
index 47f7ffa..88d492d 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -6,7 +6,7 @@
 umask "${PASSWORD_STORE_UMASK:-077}"
 set -o pipefail
 
-GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
+GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
 GPG="gpg"
 export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
 which gpg2 &>/dev/null && GPG="gpg2"
@@ -83,7 +83,7 @@ set_gpg_recipients() {
 
 reencrypt_path() {
 	local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile
-	local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")"
+	local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")"
 	while read -r -d "" passfile; do
 		local passfile_dir="${passfile%/*}"
 		passfile_dir="${passfile_dir#$PREFIX}"
@@ -100,9 +100,9 @@ reencrypt_path() {
 				IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
 				unset GPG_RECIPIENTS[$index]
 			done
-			gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+			gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
 		fi
-		current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
+		current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
 
 		if [[ $gpg_keys != "$current_keys" ]]; then
 			echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
-- 
2.0.1



More information about the Password-Store mailing list