[PATCH] init: allow using without gpg-id to reencrypt directory
Dominique Martinet
asmadeus at codewreck.org
Wed Mar 29 21:19:28 UTC 2023
When using gpg groups in .gpg-id (through gpg.conf), it is useful to
periodically re-encrypt the whole password store without changing the
.gpg-id files in it.
The reencrypt_path helper already expands groups and correctly
identifies when group contents changed to only reencrypt on an as-need
basis, but the function is not otherwise exposed (except through two mv
or cp...) so having this functionality in init would be quite useful.
---
Note: didn't adjust tests, it might make sense to modify
t0300-reencryption.sh to modify a group and test that,
but gpg doesn't seem to provide any command to modify config on the fly
(oh, using `PASSWORD_STORE_GPG_OPTS=--group=groupname=member` seems to
properly be additive, but tests setup clears that variable (as it
should!) and the test script helpers will need adjustments so there's a
bit of work required)
I can look at it if really required, otherwise I've tested locally and
it just works as one would expect.
man/pass.1 | 5 +++--
src/password-store.sh | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/man/pass.1 b/man/pass.1
index a555dcb26bc6..eccb3b7faa9c 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -58,7 +58,7 @@ password names in
.SH COMMANDS
.TP
-\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP
+\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] [ \fIgpg-id...\fP ]
Initialize new password storage and use
.I gpg-id
for encryption. Multiple gpg-ids may be specified, in order to encrypt each
@@ -72,7 +72,8 @@ intervention. If \fI--path\fP or \fI-p\fP is specified, along with an argument,
a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of
the password store. If only one \fIgpg-id\fP is given, and it is an empty string,
then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP (or root if
-unspecified) is removed.
+unspecified) is removed. If no \fIgpg-id\fP are given, the directory is reencrypted
+without modifying the \fI.gpg-id\fP file.
.TP
\fBls\fP \fIsubfolder\fP
List names of passwords inside the tree at
diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818fd548a..5415f40faf3a 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -328,7 +328,7 @@ cmd_init() {
--) shift; break ;;
esac done
- [[ $err -ne 0 || $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
+ [[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
[[ -n $id_path ]] && check_sneaky_paths "$id_path"
[[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory."
@@ -343,7 +343,7 @@ cmd_init() {
git_commit "Deinitialize ${gpg_id}${id_path:+ ($id_path)}."
fi
rmdir -p "${gpg_id%/*}" 2>/dev/null
- else
+ elif [[ $# -ge 1 ]]; then
mkdir -v -p "$PREFIX/$id_path"
printf "%s\n" "$@" > "$gpg_id"
local id_print="$(printf "%s, " "$@")"
--
2.39.2
More information about the Password-Store
mailing list