diff options
| author | Sebastian Reuße <seb@wirrsal.net> | 2017-01-25 09:14:42 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-02-25 13:40:03 +0100 |
| commit | be6cebe0df6d9ff0f67bd50cf96a5faaac00416c (patch) | |
| tree | 377354c6dc3f8f46c24bcb317a13b370aa7f5971 | |
| parent | 3691b66a31266b83b0b047ee955139cdb91f3ede (diff) | |
Don’t reencrypt data not managed by pass.
When keeping the password-store under git, it can make sense using a git
extension such as git-annex instead of the native git object store to
store the encrypted files. Inter alia, this allows one to selectively
expire old copies of the encrypted data, while otherwise, one would need
to recreate the complete repository when a key should no longer have
access to some of the data.
Since using the git-annex object store means that *.gpg files (and
directories named *.gpg) are kept under .git/… (non-writable), the
reencryption logic used by pass currently fails. To remedy this, we now
ignore everything kept under .git when looking for files to reencrypt or
when grepping.
| -rwxr-xr-x | src/password-store.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index 081057a..e8948a1 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -127,7 +127,7 @@ reencrypt_path() { mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp" fi prev_gpg_recipients="${GPG_RECIPIENTS[*]}" - done < <(find "$1" -iname '*.gpg' -print0) + done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0) } check_sneaky_paths() { local path @@ -400,7 +400,7 @@ cmd_grep() { passfile="${passfile##*/}" printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile" echo "$grepresults" - done < <(find -L "$PREFIX" -iname '*.gpg' -print0) + done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0) } cmd_insert() { |