[pass] [PATCH] add support for passing arbitrary options to all invocations of GPG
David Adam
zanchey at ucc.gu.uwa.edu.au
Fri Apr 17 04:46:47 CEST 2015
Uses the PASSWORD_STORE_GPG_OPTS environment variable.
Can be used to (e.g.) change the keyrings or trust model used.
---
man/pass.1 | 3 +++
src/password-store.sh | 8 ++++----
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/man/pass.1 b/man/pass.1
index 0dd6952..e1fe605 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -400,6 +400,9 @@ Overrides the default root of the git repository, which is helpful if
\fIPASSWORD_STORE_DIR\fP is temporarily set to a sub-directory of the default
password store.
.TP
+.I PASSWORD_STORE_GPG_OPTS
+Additional options to be passed to all invocations of GPG.
+.TP
.I PASSWORD_STORE_X_SELECTION
Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. See
.BR xclip (1)
diff --git a/src/password-store.sh b/src/password-store.sh
index 47f7ffa..88d492d 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -6,7 +6,7 @@
umask "${PASSWORD_STORE_UMASK:-077}"
set -o pipefail
-GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
+GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
GPG="gpg"
export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
which gpg2 &>/dev/null && GPG="gpg2"
@@ -83,7 +83,7 @@ set_gpg_recipients() {
reencrypt_path() {
local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile
- local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")"
+ local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")"
while read -r -d "" passfile; do
local passfile_dir="${passfile%/*}"
passfile_dir="${passfile_dir#$PREFIX}"
@@ -100,9 +100,9 @@ reencrypt_path() {
IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
unset GPG_RECIPIENTS[$index]
done
- gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+ gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
fi
- current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
+ current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
if [[ $gpg_keys != "$current_keys" ]]; then
echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
--
2.0.1
More information about the Password-Store
mailing list