[PATCH] cmd_edit: decrypt only once
Teubel György
tgyurci at gmail.com
Thu Apr 28 07:14:25 UTC 2022
Hi!
You could use cmp -s instead of diff and check the existence of
"$tmp_original_file" instead of always creating it:
if [ -f "$tmp_orginal_file" ] && cmp -s "$tmp_file" "$tmp_original_file"; then
die "Password unchanged."
fi
Gy.
Pavel Zorin-Kranich <pzorin at math.uni-bonn.de> ezt írta (időpont: 2022.
ápr. 26., K, 18:02):
>
> Keep a second temporary copy of the decrypted file to check whether the
> password was changed.
>
> This is useful if gpg-agent times out during editing.
> ---
> src/password-store.sh | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/src/password-store.sh b/src/password-store.sh
> index 22e818f..65cd707 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -494,15 +494,18 @@ cmd_edit() {
>
> tmpdir #Defines $SECURE_TMPDIR
> local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt"
> + local tmp_original_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt"
>
> local action="Add"
> + touch "$tmp_original_file" # diff returns 2 if a file does not exist
> if [[ -f $passfile ]]; then
> $GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1
> + cp "$tmp_file" "$tmp_original_file"
> action="Edit"
> fi
> ${EDITOR:-vi} "$tmp_file"
> [[ -f $tmp_file ]] || die "New password not saved."
> - $GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged."
> + diff "$tmp_file" "$tmp_original_file" &>/dev/null && die "Password unchanged."
> while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
> yesno "GPG encryption failed. Would you like to try again?"
> done
> --
> 2.34.1
>
More information about the Password-Store
mailing list