From 4690a3021cf74b2093d296f48f205b6706f82f2a Mon Sep 17 00:00:00 2001 From: David Adam Date: Fri, 17 Apr 2015 10:46:47 +0800 Subject: add support for passing arbitrary options to all invocations of GPG Uses the PASSWORD_STORE_GPG_OPTS environment variable. Can be used to (e.g.) change the keyrings or trust model used. --- src/password-store.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/password-store.sh b/src/password-store.sh index 7d57376..79d2096 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -6,7 +6,7 @@ umask "${PASSWORD_STORE_UMASK:-077}" set -o pipefail -GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" ) +GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" ) GPG="gpg" export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}" which gpg2 &>/dev/null && GPG="gpg2" @@ -83,7 +83,7 @@ set_gpg_recipients() { reencrypt_path() { local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile - local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")" + local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")" while read -r -d "" passfile; do local passfile_dir="${passfile%/*}" passfile_dir="${passfile_dir#$PREFIX}" @@ -100,9 +100,9 @@ reencrypt_path() { IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 unset GPG_RECIPIENTS[$index] done - gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" + gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" fi - current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" + current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" if [[ $gpg_keys != "$current_keys" ]]; then echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }" -- cgit v1.2.3