diff options
author | Axel Tripier <axel@tripier.fr> | 2021-07-02 19:40:44 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-09-23 15:28:59 -0600 |
commit | fde8baea4c7886237ef5acc26a18a9ecbb97c432 (patch) | |
tree | d5d97c90a90bbf377ea68b0eb1e5b839a6f89f2c /contrib/revelation2pass.py | |
parent | ba454e41f67d22e0baa4388e130d9e0c03813bc3 (diff) |
Exclude `*/.extensions` from grep/reencrypt
The `.extensions` directory can contain extensions code, for example as
git submodules, that have `.gpg` files as part of their code but that
are not files encrypted with the PGP keys of our password store.
One example is `pass-tomb`, that contains `.gpg` files in `tests/gnupg`,
but there are more, like `pass-update`, `pass-otp`, etc.
However those `.gpg` files in the `.extensions` directory are currently
processed by the `grep` and `reencrypt` functions of `pass`.
At best this can cause errors to be shown to the user when
grepping/reencrypting, and at worst it can cause files in the
`.extensions` directory to be decrypted and returned as part of a
search, or reencrypted with the incorrect PGP keys.
This patch tries to mitigate that issue by removing the `*/.extensions`
directories from the list of processed `.gpg` files for the
grep/reencrypt functions.
However this patch is not perfect as it does not take into account the
fact that the `.extensions` directory can be renamed to something else
using `PASSWORD_STORE_EXTENSIONS_DIR`. But knowing if this
`PASSWORD_STORE_EXTENSIONS_DIR` is inside the `PREFIX` or not and
formatting the path exclusion for `find` accordingly could require a
fair bit of additional logic that I am not sure how you want to
implement.
Diffstat (limited to 'contrib/revelation2pass.py')
0 files changed, 0 insertions, 0 deletions