[PATCH] Check command to ensure basic sanity

Jaseem Abid jaseemabid at gmail.com
Wed Nov 22 20:56:00 CET 2017 

I recently noticed that I could not decrypt some files in the password store
because I no longer had access to the keys. I also had some corrupt files. This
command adds some basic sanity checks to the password store and prints out files
it cannot successfully decrypt.

Exits 0 if everything is OK. Prints failed files and then exists with 1
otherwise. Takes no arguments.

Code adapted from grep command with minor modifications.

If the basic approach is OK, I'll be happy to add tests, completion and
documentation.

Sample run:

    $ pass check
    $ echo $?
    0
    $ touch ~/.password-store/junk.gpg
    $ pass check
    x junk
    $ echo $?
    1

Signed-off-by: Jaseem Abid <jaseemabid at gmail.com>
---
 src/password-store.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/password-store.sh b/src/password-store.sh
index b86631d..d655605 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -410,6 +410,25 @@ cmd_grep() {
 	done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
 }
 
+cmd_check() {
+	[[ $# -ne 0 ]] && die "Usage: $PROGRAM $COMMAND"
+	local passfile ok=0
+	while read -r -d "" passfile; do
+		$($GPG -d "${GPG_OPTS[@]}" "$passfile" > /dev/null 2>&1)
+        # Decryption failed
+        if [[ $? -ne 0 ]]; then
+            ok=1
+		    passfile="${passfile%.gpg}"
+		    passfile="${passfile#$PREFIX/}"
+		    local passfile_dir="${passfile%/*}/"
+		    [[ $passfile_dir == "${passfile}/" ]] && passfile_dir=""
+		    passfile="${passfile##*/}"
+		    printf "\e[91m✘ \e[94m%s\e[1m%s\e[0m\n" "$passfile_dir" "$passfile"
+        fi
+	done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+	[[ $ok -ne 0 ]] && exit 1
+}
+
 cmd_insert() {
 	local opts multiline=0 noecho=1 force=0
 	opts="$($GETOPT -o mef -l multiline,echo,force -n "$PROGRAM" -- "$@")"
@@ -686,6 +705,7 @@ case "$1" in
 	show|ls|list) shift;		cmd_show "$@" ;;
 	find|search) shift;		cmd_find "$@" ;;
 	grep) shift;			cmd_grep "$@" ;;
+	check) shift;			cmd_check "$@" ;;
 	insert|add) shift;		cmd_insert "$@" ;;
 	edit) shift;			cmd_edit "$@" ;;
 	generate) shift;		cmd_generate "$@" ;;
-- 
2.15.0

More information about the Password-Store mailing list