[PATCH] Exclude `*/.extensions` from grep/reencrypt
Axel Tripier
axel at tripier.fr
Fri Jul 2 17:40:44 UTC 2021
The `.extensions` directory can contain extensions code, for example as
git submodules, that have `.gpg` files as part of their code but that
are not files encrypted with the PGP keys of our password store.
One example is `pass-tomb`, that contains `.gpg` files in `tests/gnupg`,
but there are more, like `pass-update`, `pass-otp`, etc.
However those `.gpg` files in the `.extensions` directory are currently
processed by the `grep` and `reencrypt` functions of `pass`.
At best this can cause errors to be shown to the user when
grepping/reencrypting, and at worst it can cause files in the
`.extensions` directory to be decrypted and returned as part of a
search, or reencrypted with the incorrect PGP keys.
This patch tries to mitigate that issue by removing the `*/.extensions`
directories from the list of processed `.gpg` files for the
grep/reencrypt functions.
However this patch is not perfect as it does not take into account the
fact that the `.extensions` directory can be renamed to something else
using `PASSWORD_STORE_EXTENSIONS_DIR`. But knowing if this
`PASSWORD_STORE_EXTENSIONS_DIR` is inside the `PREFIX` or not and
formatting the path exclusion for `find` accordingly could require a
fair bit of additional logic that I am not sure how you want to
implement.
---
src/password-store.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index a0dcf2e..3bf0391 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -137,7 +137,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find "$1" -path '*/.git' -prune -o -path '*/.extensions' -prune -o -iname '*.gpg' -print0)
}
check_sneaky_paths() {
local path
@@ -430,7 +430,7 @@ cmd_grep() {
passfile="${passfile##*/}"
printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
echo "$grepresults"
- done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find -L "$PREFIX" -path '*/.git' -prune -o -path '*/.extensions' -prune -o -iname '*.gpg' -print0)
}
cmd_insert() {
--
2.31.1
More information about the Password-Store
mailing list