[PATCH] Die on GPG reencryption error

[Phillip Raffeck]

If reencryption of the password store fails, pass nonetheless creates a
commit for reencryption and exits with status code 0. This path
introduces error handling to fail on reencryption errors.
---
 src/password-store.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818f..5c82785 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -110,6 +110,7 @@ set_gpg_recipients() {
 reencrypt_path() {
 	local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile
 	local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")"
+	local err=0
 	while read -r -d "" passfile; do
 		[[ -L $passfile ]] && continue
 		local passfile_dir="${passfile%/*}"
@@ -133,11 +134,14 @@ reencrypt_path() {
 
 		if [[ $gpg_keys != "$current_keys" ]]; then
 			echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
-			$GPG -d "${GPG_OPTS[@]}" "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}" &&
-			mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
+			$GPG -d "${GPG_OPTS[@]}" "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"
+			gpgerr=$?
+			[[ $gpgerr -eq 0 ]] && mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
+			err=$(($err+$gpgerr))
 		fi
 		prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
 	done < <(find "$1" -path '*/.git' -prune -o -path '*/.extensions' -prune -o -iname '*.gpg' -print0)
+	return $err
 }
 check_sneaky_paths() {
 	local path
@@ -361,7 +365,7 @@ cmd_init() {
 		fi
 	fi
 
-	reencrypt_path "$PREFIX/$id_path"
+	reencrypt_path "$PREFIX/$id_path" || die "Could not reencrypt password store"
 	git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}."
 }
 
-- 
2.45.0