[PATCH] Mult-repo support via submodules

Lance R. Vick lance at lrvick.net
Sat Nov 26 07:47:03 CET 2016 

Posts come up very frequently with people coming up with various
workarounds and hacks to support team workflows.

This month there have already been two threads requesting solutions for this:

https://lists.zx2c4.com/pipermail/password-store/2016-November/002463.html
https://lists.zx2c4.com/pipermail/password-store/2016-November/002482.html

For many it is necessary to maintain several passdb folders for
personal, family, work, projects, etc. Maintaining this typically
requires each of these with its own repo, users, and git origins.

One could come up with custom scripts/wrappers to support this (and
many do), but then those scripts must be signed and distributed and
updated properly with all members in a group which makes adoption of
pass that much more difficult. I feel this really should be solved in
pass itself and clearly others agree.

The pass maintainer has also expressed interest in in-tree solutions
to this problem but the last submission attempt fizzled out.

https://lists.zx2c4.com/pipermail/password-store/2015-April/001455.html

## Subtree Pattern ##

Currently the only workflow I have found that is natively supported by
pass today is using subtrees. I have been using the following approach
for over a year with 3 repos and 2 teams.

While it does work, it is fairly cumbersome.

Setup:

```
pass init ABCDE12345678901
pass git init
pass git remote add origin git at github.com:lrvick/passdb.git
pass git remote add -f project git at github.com:project/passdb.git
pass git remote add -f company git at github.com:company/passdb.git
cd ~/.password-store
git subtree add --prefix Project someproject master --squash
git subtree add --prefix Company someproject master --squash
```

Add/Edit

```
pass generate Project/somepass 50
pass rm Personal/somepass
pass edit Work/somepass
```

Sync to/from respective origins

```
pass git subtree push origin master
pass git subtree pull --prefix=Project project master --squash
pass git subtree pull --prefix=Company company master --squash
pass git subtree push --prefix=Project project master
pass git subtree push --prefix=Company company master
```

The above also has some particularly painful side effects when
enforcing commit signing + upstream merges. In practice this has
resulted in us having to tap a yubikey to sign once for every file in
the repo...


## Submodule Pattern ##

With the attached patch for submodule support the above could become
substantially more manageable.

Personal Setup:

```
pass init ABCDE12345678901
pass git init
git remote add origin git at github.com:lrvick/passdb.git
```

Existing shared repo setup:

```
pass git submodule add git at github.com:project/passdb.git Project
pass git submodule add git at github.com:work/passdb.git Work
pass git submodule foreach "git checkout origin master"
```

Add/Edit

```
pass generate Project/somepass 50
pass rm Personal/somepass
pass edit Work/somepass
```

Sync to/from respective origins

```
pass git push
pass git submodule foreach "git pull"
pass git submodule foreach "git push"
```

## Design and Implementation ##

This change makes `pass` commit to the innermost Git repository (as
identified by the presence of a `.git` file/folder) that contains a
file, when it is changed.

It was designed to minimize the number of changes to `pass` and not
break existing usages. A few extra tests have been supplied for the
new workflow.

Whenever a new commit is performed (upon add/edit/remove), `GIT_DIR`
and `GIT_WORK_TREE` are set to the relevant directories.

It is worth mentioning this patchset has already undergone a few
rounds of testing, bug-fixing, and code review here:

https://github.com/lrvick/password-store/pull/1

More input (or a merge!) would be very appreciated.

-- 
Lance R. Vick
__________________________________________________
Cell    -  650.686.8819
IRC     -  lrvick at irc.freenode.net
Website -  http://lrvick.net
PGP Key -  http://lrvick.net/0x36C8AAA9.asc
__________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: submodules.patch.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161125/2c6521dd/attachment-0001.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: submodules.patch
Type: text/x-patch
Size: 14240 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161125/2c6521dd/attachment-0001.bin>

More information about the Password-Store mailing list