[PATCH] Use GPG_OPTS when verifying .gpg-id signature

vnctdj vnctdj at laposte.net
Mon Apr 13 10:29:40 CEST 2020


I use a pass-specific gpg home directory. I tell pass about it by using
PASSWORD_STORE_GPG_OPTS="--homedir dir".
I also tell pass to sign files with PASSWORD_STORE_SIGNING_KEY.

However "pass init" returns "Signing of .gpg_id unsuccessful." because
we forgot to hand it GPG_OPTS. This patch fixes that oversight. Also
fixes a typo in two related error messages.
---
 src/password-store.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 77f3eda..56903f0 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -352,9 +352,9 @@ cmd_init() {
 			for key in $PASSWORD_STORE_SIGNING_KEY; do
 				signing_keys+=( --default-key $key )
 			done
-			$GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || die "Could not sign .gpg_id."
-			key="$($GPG --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')"
-			[[ -n $key ]] || die "Signing of .gpg_id unsuccessful."
+			$GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || die "Could not sign $gpg_id."
+			key="$($GPG "${GPG_OPTS[@]}" --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')"
+			[[ -n $key ]] || die "Signing of $gpg_id unsuccessful."
 			git_add_file "$gpg_id.sig" "Signing new GPG id with ${key//[$IFS]/,}."
 		fi
 	fi
-- 
2.24.0



More information about the Password-Store mailing list