[PATCH] cmd_edit: decrypt only once
Pavel Zorin-Kranich
pzorin at math.uni-bonn.de
Tue Apr 26 16:00:01 UTC 2022
Keep a second temporary copy of the decrypted file to check whether the
password was changed.
This is useful if gpg-agent times out during editing.
---
src/password-store.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818f..65cd707 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -494,15 +494,18 @@ cmd_edit() {
tmpdir #Defines $SECURE_TMPDIR
local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt"
+ local tmp_original_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt"
local action="Add"
+ touch "$tmp_original_file" # diff returns 2 if a file does not exist
if [[ -f $passfile ]]; then
$GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1
+ cp "$tmp_file" "$tmp_original_file"
action="Edit"
fi
${EDITOR:-vi} "$tmp_file"
[[ -f $tmp_file ]] || die "New password not saved."
- $GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged."
+ diff "$tmp_file" "$tmp_original_file" &>/dev/null && die "Password unchanged."
while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
yesno "GPG encryption failed. Would you like to try again?"
done
--
2.34.1
More information about the Password-Store
mailing list