pass init does not re-encrypt existing files

Zafiris Sgouridis zafiris at zafiris.se
Fri Jul 20 09:30:29 CEST 2018


Hi!

I had the same issue. For me it was that my directory under .password-
store was a symlink. When the function that searches for files to
reencrypt it uses find and without the "-L" flag for following symlinks
so it didn't find any files.

Are you using symlinks?


My setup:

.password-store
     secrets_test -> ~/git/secret_test


I sent the patch below that adds "-L" so that find will follow symlinks
and finds the files when reencrypting.



 From ab124563a079f01a2c4c0797f34eaf35f7e34579 Mon Sep 17 00:00:00 2001
 From: Zafiris Sgouridis <zafiris at zafiris.se>
Date: Tue, 26 Jun 2018 11:52:32 +0200
Subject: [PATCH 1/1] Add ability to use symlinks for directory under
  pass-store. Use "-L" with "find" to make it follow symlinks so that
it 
also
  finds files even if the directories under "./password-store" are 
symlinks.

---
  src/password-store.sh | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 715dc93..368f1d9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -133,7 +133,7 @@ reencrypt_path() {
             mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
         fi
         prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
-   done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+   done < <(find -L "$1" -path '*/.git' -prune -o -iname '*.gpg' 
-print0)
  }
  check_sneaky_paths() {
     local path
-- 
2.17.1



Regards
Zafiris


On Thu, 2018-07-19 at 19:48 +0200, Frank Thommen wrote:
> Hi,
> 
> In an attempt to use pass for a shared password store @work I tried
> the 
> instructions given on 
> https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592. 
> However even after importing a colleagues' public gpg key, signing
> it 
> and applying `pass init id1 id2`, existing entries could still not
> be 
> seen by him:
> 
> $ pass a/b
> gpg: decryption failed: No secret key
> $
> 
> Entries created *after* the additional `pass init` could be read by
> both 
> users, but not those created beforehand.
> 
> We are using pass 1.5 on CentOS 7 (from EPEL).  GPG is version
> 2.0.22.
> 
> I'm grateful for any hint on how to re-encrypt also existing files.
> 
> Cheers
> frank
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store


More information about the Password-Store mailing list