[pass] [PATCH] Don’t reencrypt data not managed by pass.

[Sebastian Reuße]

Sebastian Reuße <seb at wirrsal.net> writes:

> When keeping the password-store under git, it can make sense using a git
> extension such as git-annex instead of the native git object store to
> store the encrypted files. Inter alia, this allows one to selectively
> expire old copies of the encrypted data, while otherwise, one would need
> to recreate the complete repository when a key should no longer have
> access to some of the data.
>
> Since using the git-annex object store means that *.gpg files (and
> directories named *.gpg) are kept under .git/… (non-writable), the
> reencryption logic used by pass currently fails. To remedy this, we now
> ignore everything kept under .git when looking for files to reencrypt or
> when grepping.
> ---
>  src/password-store.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/password-store.sh b/src/password-store.sh
> index 63be840..de4cadc 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -111,7 +111,7 @@ reencrypt_path() {
>  			mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
>  		fi
>  		prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
> -	done < <(find "$1" -iname '*.gpg' -print0)
> +	done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
>  }
>  check_sneaky_paths() {
>  	local path
> @@ -352,7 +352,7 @@ cmd_grep() {
>  		passfile="${passfile##*/}"
>  		printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
>  		echo "$grepresults"
> -	done < <(find -L "$PREFIX" -iname '*.gpg' -print0)
> +	done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
>  }
>  
>  cmd_insert() {

Anyone get a chance to review this? Any pointers? Having this applied
would rid me of needing to maintain a forked version on my machines. ;)

Kind regards,
S.