[PATCH] git push pull

Pass Word passwordstore at 89vx.net
Sun Jan 6 20:19:58 CET 2019


With git push and pull dependent on PASSWORD_STORE_GIT_PUSH and _PULL 
being set, defaults to not automatic.  And the fix for git clone is 
still there.  Plus doc changes.

diff --git a/man/pass.1 b/man/pass.1
index 01a3fbe..4376bfc 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -48,8 +48,8 @@ description using \fBinit\fP and
  .BR git (1).

  The \fBinit\fP command must be run before other commands in order to 
initialize
-the password store with the correct gpg key id. Passwords are encrypted 
using
-the gpg key set with \fBinit\fP.
+the password store with the correct gpg key id unless you plan to clone 
a git
+repository. Passwords are encrypted using the gpg key set with \fBinit\fP.

  There is a corresponding bash completion script for use with tab 
completing
  password names in
@@ -71,8 +71,9 @@ is recommended so that the batch decryption does not 
require as much user
  intervention. If \fI--path\fP or \fI-p\fP is specified, along with an 
argument,
  a specific gpg-id or set of gpg-ids is assigned for that specific sub 
folder of
  the password store. If only one \fIgpg-id\fP is given, and it is an 
empty string,
-then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP 
(or root if
-unspecified) is removed.
+then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP 
(or root
+if unspecified) is removed. Do not use this option if you plan to clone 
from a
+remote git repository.
  .TP
  \fBls\fP \fIsubfolder\fP
  List names of passwords inside the tree at
@@ -168,7 +169,11 @@ in addition to initializing the git repository, add 
the current contents of the
  store to the repository in an initial commit. If the git config key 
\fIpass.signcommits\fP
  is set to \fItrue\fP, then all commits will be signed using 
\fIuser.signingkey\fP or the
  default git signing key. This config key may be turned on using:
-.B `pass git config --bool --add pass.signcommits true`
+\fB `pass git config --bool --add pass.signcommits true`\fP.  If the 
first of
+\fIgit-command-args\fP is \fBclone\fP, clone the provided git URL. The
+environment variables \fIPASSWORD_STORE_GIT_PUSH\fP and
+\fIPASSWORD_STORE_GIT_PULL\fP can be set to "true" to specify that a 
git pull is
+done before commits and a git push is done after commits.
  .TP
  \fBhelp\fP
  Show usage message.
@@ -387,6 +392,20 @@ Total 7 (delta 0), reused 0 (delta 0)
  .br
  To kexec.com:pass-store

+.B zx2c4 at desktop ~ $ pass git clone kexec.com:pass-store
+.br
+Cloning into '/Users/zx2c4/.password-store'...
+.br
+remote: Counting objects: 101, done.
+.br
+remote: Compressing objects: 100% (97/97), done.
+.br
+remote: Total 101 (delta 30), reused 0 (delta 0)
+.br
+Receiving objects: 100% (101/101), 21.85 KiB | 1.99 MiB/s, done.
+.br
+Resolving deltas: 100% (30/30), done.
+
  .SH FILES

  .TP
@@ -459,6 +478,14 @@ upper-case fingerprint in this variable. If 
multiple fingerprints are specified,
  separated by a whitespace character, then signatures must match at 
least one.
  The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up 
to date.
  .TP
+.I PASSWORD_STORE_GIT_PULL
+This environment variable must be set to "true" for git pull to 
automatically
+run before a commit.
+.TP
+.I PASSWORD_STORE_GIT_PUSH
+This environment variable must be set to "true" for git push to 
automatically
+run after a commit.
+.TP
  .I EDITOR
  The location of the text editor used by \fBedit\fP.
  .SH SEE ALSO
diff --git a/src/password-store.sh b/src/password-store.sh
index d89d455..efbdf5e 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -19,6 +19,8 @@ CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
  GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"
  CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:graph:]}"
  CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}"
+GIT_PUSH=0; [[ "$PASSWORD_STORE_GIT_PUSH" =~ ^[YyTt1] ]] && GIT_PUSH=1
+GIT_PULL=0; [[ "$PASSWORD_STORE_GIT_PULL" =~ ^[YyTt1] ]] && GIT_PULL=1

  export GIT_CEILING_DIRECTORIES="$PREFIX/.."

@@ -43,7 +45,10 @@ git_commit() {
      local sign=""
      [[ -n $INNER_GIT_DIR ]] || return
      [[ $(git -C "$INNER_GIT_DIR" config --bool --get pass.signcommits) 
== "true" ]] && sign="-S"
+    local remote=$(git -C "$INNER_GIT_DIR" remote -v)
+    [[ "$remote" ]] && (( "$GIT_PULL" )) && git -C "$INNER_GIT_DIR" pull
      git -C "$INNER_GIT_DIR" commit $sign -m "$1"
+    [[ "$remote" ]] && (( "$GIT_PUSH" )) && git -C "$INNER_GIT_DIR" push
  }
  yesno() {
      [[ -t 0 ]] || return 0
@@ -641,6 +646,8 @@ cmd_git() {
          git_add_file .gitattributes "Configure git repository for gpg 
file diff."
          git -C "$INNER_GIT_DIR" config --local diff.gpg.binary true
          git -C "$INNER_GIT_DIR" config --local diff.gpg.textconv "$GPG 
-d ${GPG_OPTS[*]}"
+    elif [[ $1 == "clone" ]]; then
+        git "$@" "$PREFIX"
      elif [[ -n $INNER_GIT_DIR ]]; then
          tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because 
at most, this only copies encrypted files.
          export TMPDIR="$SECURE_TMPDIR"





On 1/6/19 7:11 AM, Saeed Rasooli wrote:
> I disagree with auto-push too (unless enabled explicitly with an 
> environment variable). For example if the remote git repo is encrypted 
> on server-side (something like git-remote-gcrypt), then git push 
> becomes slow. You may even want to push to a local storage device that 
> is not always plugged in. Or you are keeping your passwords in another 
> bigger repo along with some other things you want to synchronize. 
> There are many more cases that you don't want to have auto-push (or 
> maybe even auto-commit).
> Afterall this is Linux, and we never want to loose the flexibility of 
> Linux.
>
> On Sun, Jan 6, 2019, 5:36 PM Tinu Weber <takeya at bluewin.ch 
> <mailto:takeya at bluewin.ch> wrote:
>
>     On Sat, Jan 05, 2019 at 21:24:10 -0800, Pass Word wrote:
>     > This patch adds git pull before commit and push after if a
>     remote exists.
>
>     The main appeal of pass for me is that it keeps things relatively
>     simple. And for me "simple" means: I don't expect a `git commit` to
>     automagically interact with a remote; these are two distinct
>     things that
>     should IMHO not be mixed up.
>
>     If anything, I would make this optional at least.
>
>     Best,
>     Tinu
>     _______________________________________________
>     Password-Store mailing list
>     Password-Store at lists.zx2c4.com <mailto:Password-Store at lists.zx2c4.com>
>     https://lists.zx2c4.com/mailman/listinfo/password-store
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190106/67e0f769/attachment-0001.html>


More information about the Password-Store mailing list