[PATCH] Allow comments in .gpg-id

Kjetil Torgrim Homme kjetil.homme at redpill-linpro.com
Tue Dec 17 17:55:58 CET 2019

We are using password-store to share secrets within our organisation, so
there are dozens of entries in our .gpg-id files.  A list of anonymous
64-bit values is hard to work with (e.g., when a colleague leaves or a
new one arrives), so I would like to allow an optional comment to each line.

The current logic allows space separated fingerprints like

  8239 26C1 119D DD65 CC49  4A44 7708 DF87 BE42 C343

so we must continue to support spaces in the values.

It is also allowed to use a user-id in the form of a mail address, like
"kjetil.homme at redpill-linpro.com", although I find that a little icky
myself (probably not rational).  You can even include the full name of
the person, like

  Kjetil Torgrim Homme (work) <kjetil.homme at redpill-linpro.com>

but it must match what is in the key exactly (including the
parenthesis), so it is a little fickle.

My proposed patch is kept simple: it reads each line into two variables,
which means the first variable contains the first word, and the second
variable the rest of the word.  If the second variable starts with a
"#", it is ignored.  Otherwise the complete line is used.  This means I
am not allowed to add comments to the fingerprint version or the full id
version, but I think the simplicity of the patch makes it worth it to
not support that variant.

(I don't know how to make Thunderbird/Enigmail not add linebreaks, so I
attach the patch as a file in addition to the inline copy below.)

diff --git src/password-store.sh src/password-store.sh
index 7264ffc..b17ec58 100755
--- src/password-store.sh
+++ src/password-store.sh
@@ -98,7 +98,11 @@ set_gpg_recipients() {
 	verify_file "$current"

 	local gpg_id
-	while read -r gpg_id; do
+	while read -r gpg_id additional_columns; do
+		case $additional_columns in
+			""|"# "*) : ;; # only keep first column, strip comment
+			*)        gpg_id="${gpg_id} ${additional_columns}" ;;
+		esac
 		GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )
 		GPG_RECIPIENTS+=( "$gpg_id" )
 	done < "$current"

Kjetil T. Homme
Redpill Linpro - Changing the game
-------------- next part --------------
A non-text attachment was scrubbed...
Name: comments-in-gpg-id.patch
Type: text/x-patch
Size: 545 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191217/598aaa11/attachment.bin>

More information about the Password-Store mailing list