[pass] [PATCH] Re: Setup for multiple password stores

Lenz Weber mail at lenzw.de
Sun Feb 14 19:03:25 CET 2016 

Well, sorry, this took a while but here it is.

Feedback is welcome, if there are no more improvements to make this
could prove useful upstream.

Regards,
Lenz

Am 09.02.2016 um 09:14 schrieb Lenz Weber:
> I have a patch on the shelf that should make pass behave much better
> with subrepositories.
> 
> I'll go search it this evening and send it to you, I would be happy
> about feedback.
> 
> Lenz
> 
> On 08.02.2016 19:51, Adam Liter wrote:
>> Hello,
>>
>> I'm wondering what setup folks use for having multiple password
>> stores, particularly when one of those password stores is shared
>> between multiple people.
>>
>> Currently, I'm using a .git directory inside of ~/.password-store that
>> has git submodules.
>>
>> For example, I currently have the following directory structure:
>>
>>     ├─ .password-store
>>         ├─ personal
>>         └─ collaborative-project
>>
>> where personal is my personal store of passwords and
>> collaborative-project contains passwords for a project that I'm
>> working on with somebody else. Both of these are submodules of the
>> top-level git directory so that the collaborative-project—but not the
>> personal—repository can be shared with somebody else via git cloning,
>> pushing, and pulling from/to a cloud-hosted git repository.
>>
>> However, this setup causes the automatic git committing that pass does
>> to break. For example, running:
>>
>>     pass generate personal/asdf 22
>>
>> produces:
>>
>>     fatal: Pathspec
>> '/Users/adamliter/.password-store/personal/asdf.gpg' is in submodule
>> 'personal'
>>     The generated password for personal/asdf is:
>>     py?Je17K6Bfs|Pj at qspgE1
>>
>> So it does generate the password, but the git commits are not
>> correctly written.
>>
>> Currently, I'm just manually committing things myself, but I'm
>> wondering if there is a better setup or workflow to deal with this
>> sort of situation.
>>
>> Thanks!
>>
>> (And thanks, Jason, for an awesome password manager! :) )
>>
>> -Adam
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/password-store
> 
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
> 
-------------- next part --------------
From 340a6181e6c20ab0112a969af2fbea7b8f49a6ae Mon Sep 17 00:00:00 2001
From: Lenz Weber <mail at lenzw.de>
Date: Wed, 18 Nov 2015 22:40:56 +0100
Subject: [PATCH] add git submodule support

---
 src/password-store.sh | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index d535a74..0b25121 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -23,15 +23,28 @@ export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
 # BEGIN helper functions
 #
 
+git_call() {
+	local current="$(cd $GIT_WORK_DIR; cd "$(dirname "${@: -1}")"; pwd -P)"
+	while [[ "$current" != "$GIT_WORK_DIR" && ! -e "$current/.git" ]]; do
+		current="${current%/*}"
+	done
+	[[ -e "$current/.git" ]] && export GIT_DIR="$current/.git" && export GIT_WORK_TREE="$current"
+	[[ -e $GIT_DIR ]] || return
+	case "$1" in
+		"add_file") shift; git_add_file "$@" ;;
+		*) git "$@" ;;
+	esac
+}
+
 git_add_file() {
-	[[ -d $GIT_DIR ]] || return
-	git add "$1" || return
+	[[ -e $GIT_DIR ]] || return
+	git_call add "$1" || return
 	[[ -n $(git status --porcelain "$1") ]] || return
 	git_commit "$2"
 }
 git_commit() {
 	local sign=""
-	[[ -d $GIT_DIR ]] || return
+	[[ -e $GIT_DIR ]] || return
 	[[ $(git config --bool --get pass.signcommits) == "true" ]] && sign="-S"
 	git commit $sign -m "$1"
 }
@@ -276,8 +289,8 @@ cmd_init() {
 	if [[ $# -eq 1 && -z $1 ]]; then
 		[[ ! -f "$gpg_id" ]] && die "Error: $gpg_id does not exist and so cannot be removed."
 		rm -v -f "$gpg_id" || exit 1
-		if [[ -d $GIT_DIR ]]; then
-			git rm -qr "$gpg_id"
+		if [[ -e $GIT_DIR ]]; then
+			git_call rm -qr "$gpg_id"
 			git_commit "Deinitialize ${gpg_id}."
 		fi
 		rmdir -p "${gpg_id%/*}" 2>/dev/null
@@ -499,8 +512,8 @@ cmd_delete() {
 	[[ $force -eq 1 ]] || yesno "Are you sure you would like to delete $path?"
 
 	rm $recursive -f -v "$passfile"
-	if [[ -d $GIT_DIR && ! -e $passfile ]]; then
-		git rm -qr "$passfile"
+	if [[ -e $GIT_DIR && ! -e $passfile ]]; then
+		git_call rm -qr "$passfile"
 		git_commit "Remove $path from store."
 	fi
 	rmdir -p "${passfile%/*}" 2>/dev/null
@@ -539,8 +552,8 @@ cmd_copy_move() {
 		mv $interactive -v "$old_path" "$new_path" || exit 1
 		[[ -e "$new_path" ]] && reencrypt_path "$new_path"
 
-		if [[ -d $GIT_DIR && ! -e $old_path ]]; then
-			git rm -qr "$old_path"
+		if [[ -e $GIT_DIR && ! -e $old_path ]]; then
+			git_call rm -qr "$old_path"
 			git_add_file "$new_path" "Rename ${1} to ${2}."
 		fi
 		rmdir -p "$old_dir" 2>/dev/null
@@ -560,7 +573,7 @@ cmd_git() {
 		git_add_file .gitattributes "Configure git repository for gpg file diff."
 		git config --local diff.gpg.binary true
 		git config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}"
-	elif [[ -d $GIT_DIR ]]; then
+	elif [[ -e $GIT_DIR ]]; then
 		tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files.
 		export TMPDIR="$SECURE_TMPDIR"
 		git "$@"
-- 
2.5.2

More information about the Password-Store mailing list