diff options
author | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2015-04-17 10:46:47 +0800 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2015-05-11 13:35:03 +0200 |
commit | 4690a3021cf74b2093d296f48f205b6706f82f2a (patch) | |
tree | 25fe9df23e79a7c829f6f8926998400fac897aeb | |
parent | 7cfe27de46138757ba325f4a13001b303454aba3 (diff) |
add support for passing arbitrary options to all invocations of GPG
Uses the PASSWORD_STORE_GPG_OPTS environment variable.
Can be used to (e.g.) change the keyrings or trust model used.
-rw-r--r-- | man/pass.1 | 3 | ||||
-rwxr-xr-x | src/password-store.sh | 8 |
2 files changed, 7 insertions, 4 deletions
@@ -400,6 +400,9 @@ Overrides the default root of the git repository, which is helpful if \fIPASSWORD_STORE_DIR\fP is temporarily set to a sub-directory of the default password store. .TP +.I PASSWORD_STORE_GPG_OPTS +Additional options to be passed to all invocations of GPG. +.TP .I PASSWORD_STORE_X_SELECTION Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. See .BR xclip (1) diff --git a/src/password-store.sh b/src/password-store.sh index 7d57376..79d2096 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -6,7 +6,7 @@ umask "${PASSWORD_STORE_UMASK:-077}" set -o pipefail -GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" ) +GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" ) GPG="gpg" export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}" which gpg2 &>/dev/null && GPG="gpg2" @@ -83,7 +83,7 @@ set_gpg_recipients() { reencrypt_path() { local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile - local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")" + local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")" while read -r -d "" passfile; do local passfile_dir="${passfile%/*}" passfile_dir="${passfile_dir#$PREFIX}" @@ -100,9 +100,9 @@ reencrypt_path() { IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 unset GPG_RECIPIENTS[$index] done - gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" + gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" fi - current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" + current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" if [[ $gpg_keys != "$current_keys" ]]; then echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }" |