pass init does not re-encrypt existing files
Zafiris Sgouridis
zafiris at zafiris.se
Fri Jul 20 09:30:29 CEST 2018
Hi!
I had the same issue. For me it was that my directory under .password-
store was a symlink. When the function that searches for files to
reencrypt it uses find and without the "-L" flag for following symlinks
so it didn't find any files.
Are you using symlinks?
My setup:
.password-store
secrets_test -> ~/git/secret_test
I sent the patch below that adds "-L" so that find will follow symlinks
and finds the files when reencrypting.
From ab124563a079f01a2c4c0797f34eaf35f7e34579 Mon Sep 17 00:00:00 2001
From: Zafiris Sgouridis <zafiris at zafiris.se>
Date: Tue, 26 Jun 2018 11:52:32 +0200
Subject: [PATCH 1/1] Add ability to use symlinks for directory under
pass-store. Use "-L" with "find" to make it follow symlinks so that
it
also
finds files even if the directories under "./password-store" are
symlinks.
---
src/password-store.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 715dc93..368f1d9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -133,7 +133,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find -L "$1" -path '*/.git' -prune -o -iname '*.gpg'
-print0)
}
check_sneaky_paths() {
local path
--
2.17.1
Regards
Zafiris
On Thu, 2018-07-19 at 19:48 +0200, Frank Thommen wrote:
> Hi,
>
> In an attempt to use pass for a shared password store @work I tried
> the
> instructions given on
> https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592.
> However even after importing a colleagues' public gpg key, signing
> it
> and applying `pass init id1 id2`, existing entries could still not
> be
> seen by him:
>
> $ pass a/b
> gpg: decryption failed: No secret key
> $
>
> Entries created *after* the additional `pass init` could be read by
> both
> users, but not those created beforehand.
>
> We are using pass 1.5 on CentOS 7 (from EPEL). GPG is version
> 2.0.22.
>
> I'm grateful for any hint on how to re-encrypt also existing files.
>
> Cheers
> frank
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
More information about the Password-Store
mailing list