commit 84815317659d40319703bac18cd4388990ed4cee
parent 002882684ba3fb5b4d191794888d139f6b89f64d
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Fri, 18 Apr 2014 01:57:13 +0200
reencrypt: remove option, do automatically
Diffstat:
5 files changed, 25 insertions(+), 39 deletions(-)
diff --git a/man/pass.1 b/man/pass.1
@@ -51,14 +51,14 @@ password names in
.SH COMMANDS
.TP
-\fBinit\fP [ \fI--reencrypt\fP, \fI-e\fP ] [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP
+\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP
Initialize new password storage and use
.I gpg-id
for encryption. Multiple gpg-ids may be specified, in order to encrypt each
password with multiple ids. This command must be run first before a password
-store can be used. If \fI--reencrypt\fP or \fI-e\fP is specified, reencrypt
-all existing passwords in the password store using \fIgpg-id\fP. Note that
-use of
+store can be used. If the specified \fIgpg-id\fP is different from the key
+used in any existing files, these files will be reencrypted to use the new id.
+Note that use of
.BR gpg-agent (1)
is recommended so that the batch decryption does not require as much user
intervention. If \fI--path\fP or \fI-p\fP is specified, along with an argument,
@@ -126,18 +126,18 @@ alternatively named \fBremove\fP or \fBdelete\fP. If \fI--recursive\fP or \fI-r\
is specified, delete pass-name recursively if it is a directory. If \fI--force\fP
or \fI-f\fP is specified, do not interactively prompt before removal.
.TP
-\fBmv\fP [ \fI--reencrypt\fP, \fI-e\fP ] [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP
+\fBmv\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP
Renames the password or directory named \fIold-path\fP to \fInew-path\fP. This
command is alternatively named \fBrename\fP. If \fI--force\fP is specified,
silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a
-trailing \fI/\fP, it is always treated as a directory. Passwords may be optionally
+trailing \fI/\fP, it is always treated as a directory. Passwords are selectively
reencrypted to the corresponding keys of their new destination.
.TP
-\fBcp\fP [ \fI--reencrypt\fP, \fI-e\fP ] [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP
+\fBcp\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP
Copies the password or directory named \fIold-path\fP to \fInew-path\fP. This
command is alternatively named \fBcopy\fP. If \fI--force\fP is specified,
silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a
-trailing \fI/\fP, it is always treated as a directory. Passwords may be optionally
+trailing \fI/\fP, it is always treated as a directory. Passwords are selectively
reencrypted to the corresponding keys of their new destination.
.TP
\fBgit\fP \fIgit-command-args\fP...
diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion
@@ -65,7 +65,7 @@ _pass()
if [[ $lastarg == "-p" || $lastarg == "--path" ]]; then
_pass_complete_folders
else
- COMPREPLY+=($(compgen -W "-e --reencrypt -p --path" -- ${cur}))
+ COMPREPLY+=($(compgen -W "-p --path" -- ${cur}))
_pass_complete_keys
fi
;;
@@ -85,7 +85,7 @@ _pass()
_pass_complete_entries
;;
cp|copy|mv|rename)
- COMPREPLY+=($(compgen -W "-e --reencrypt -f --force" -- ${cur}))
+ COMPREPLY+=($(compgen -W "-f --force" -- ${cur}))
_pass_complete_entries
;;
rm|remove|delete)
diff --git a/src/completion/pass.fish-completion b/src/completion/pass.fish-completion
@@ -62,9 +62,7 @@ complete -c $PROG -f -A -n '__fish_pass_needs_command' -a help -d 'Command: show
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a version -d 'Command: show program version'
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a init -d 'Command: initialize new password storage'
-complete -c $PROG -f -A -n '__fish_pass_uses_command init' -s e -l reencrypt -d 'Reencrypt existing passwords using new gpg-id'
complete -c $PROG -f -A -n '__fish_pass_uses_command init' -s p -l path -d 'Assign gpg-id for specified sub folder of password store'
-complete -c $PROG -f -A -n '__fish_contains_opt -s e reencrypt' -a '(__fish_pass_print_gpg_keys)'
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a ls -d 'Command: list passwords'
complete -c $PROG -f -A -n '__fish_pass_uses_command ls' -a "(__fish_pass_print_entry_dirs)"
@@ -83,12 +81,10 @@ complete -c $PROG -f -A -n '__fish_pass_uses_command generate' -a "(__fish_pass_
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a mv -d 'Command: rename existing password'
complete -c $PROG -f -A -n '__fish_pass_uses_command mv' -s f -l force -d 'Force rename'
-complete -c $PROG -f -A -n '__fish_pass_uses_command mv' -s e -l reencrypt -d 'Reencrypt files if new location has different gpg-id'
complete -c $PROG -f -A -n '__fish_pass_uses_command mv' -a "(__fish_pass_print_entries_and_dirs)"
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a cp -d 'Command: copy existing password'
complete -c $PROG -f -A -n '__fish_pass_uses_command cp' -s f -l force -d 'Force copy'
-complete -c $PROG -f -A -n '__fish_pass_uses_command cp' -s e -l reencrypt -d 'Reencrypt files if new location has different gpg-id'
complete -c $PROG -f -A -n '__fish_pass_uses_command cp' -a "(__fish_pass_print_entries_and_dirs)"
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a rm -d 'Command: remove existing password'
diff --git a/src/completion/pass.zsh-completion b/src/completion/pass.zsh-completion
@@ -23,8 +23,6 @@ _pass () {
case "${cmd}" in
init)
_arguments : \
- "-e[re-encrypt existing passwords]" \
- "--reencrypt[re-encrypt existing passwords]" \
"-p[gpg-id will only be applied to this subfolder]" \
"--path[gpg-id will only be applied to this subfolder]"
_pass_complete_keys
@@ -51,9 +49,7 @@ _pass () {
cp|copy|mv|rename)
_arguments : \
"-f[force rename]" \
- "--force[force rename]" \
- "-e[reencrypt to new gpg-id]" \
- "--reencrypt[reencrypt to new gpg-id]"
+ "--force[force rename]"
_pass_complete_entries_with_subdirs
;;
rm)
diff --git a/src/password-store.sh b/src/password-store.sh
@@ -200,9 +200,9 @@ cmd_usage() {
echo
cat <<-_EOF
Usage:
- $PROGRAM init [--reencrypt,-e] [--path=subfolder,-p subfolder] gpg-id...
+ $PROGRAM init [--path=subfolder,-p subfolder] gpg-id...
Initialize new password storage and use gpg-id for encryption.
- Optionally reencrypt existing passwords using new gpg-id.
+ Selectively reencrypt existing passwords using new gpg-id.
$PROGRAM [ls] [subfolder]
List passwords.
$PROGRAM find pass-names...
@@ -224,10 +224,10 @@ cmd_usage() {
Prompt before overwriting existing password unless forced.
$PROGRAM rm [--recursive,-r] [--force,-f] pass-name
Remove existing password or directory, optionally forcefully.
- $PROGRAM mv [--reencrypt,-e] [--force,-f] old-path new-path
- Renames or moves old-path to new-path, optionally forcefully, optionally reencrypting.
- $PROGRAM cp [--reencrypt,-e] [--force,-f] old-path new-path
- Copies old-path to new-path, optionally forcefully, optionally reencrypting.
+ $PROGRAM mv [--force,-f] old-path new-path
+ Renames or moves old-path to new-path, optionally forcefully, selectively reencrypting.
+ $PROGRAM cp [--force,-f] old-path new-path
+ Copies old-path to new-path, optionally forcefully, selectively reencrypting.
$PROGRAM git git-command-args...
If the password store is a git repository, execute a git command
specified by git-command-args.
@@ -241,21 +241,19 @@ cmd_usage() {
}
cmd_init() {
- local reencrypt=0
local id_path=""
local opts
- opts="$($GETOPT -o ep: -l reencrypt,path: -n "$PROGRAM" -- "$@")"
+ opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")"
local err=$?
eval set -- "$opts"
while true; do case $1 in
- -e|--reencrypt) reencrypt=1; shift ;;
-p|--path) id_path="$2"; shift 2 ;;
--) shift; break ;;
esac done
if [[ $err -ne 0 || $# -lt 1 ]]; then
- echo "Usage: $PROGRAM $COMMAND [--reencrypt,-e] [--path=subfolder,-p subfolder] gpg-id..."
+ echo "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
exit 1
fi
if [[ -n $id_path && ! -d $PREFIX/$id_path ]]; then
@@ -272,11 +270,9 @@ cmd_init() {
echo "Password store initialized for ${id_print%, }"
git_add_file "$gpg_id" "Set GPG id to ${id_print%, }."
- if [[ $reencrypt -eq 1 ]]; then
- agent_check
- reencrypt_path "$PREFIX/$id_path"
- git_add_file "$PREFIX/$id_path" "Reencrypted password store using new GPG id ${id_print%, }."
- fi
+ agent_check
+ reencrypt_path "$PREFIX/$id_path"
+ git_add_file "$PREFIX/$id_path" "Reencrypted password store using new GPG id ${id_print%, }."
}
cmd_show() {
@@ -536,18 +532,16 @@ cmd_copy_move() {
shift
local force=0
- local reencrypt=0
local opts
opts="$($GETOPT -o f -l force -n "$PROGRAM" -- "$@")"
local err=$?
eval set -- "$opts"
while true; do case $1 in
-f|--force) force=1; shift ;;
- -e|--reencrypt) reencrypt=1; shift ;;
--) shift; break ;;
esac done
if [[ $# -ne 2 ]]; then
- echo "Usage: $PROGRAM $COMMAND [--reencrypt,-e] [--force,-f] old-path new-path"
+ echo "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path"
exit 1
fi
local old_path="$PREFIX/${1%/}"
@@ -571,7 +565,7 @@ cmd_copy_move() {
if [[ $move -eq 1 ]]; then
mv $interactive -v "$old_path" "$new_path" || exit 1
- [[ $reencrypt -eq 1 && -e "$new_path" ]] && reencrypt_path "$new_path"
+ [[ -e "$new_path" ]] && reencrypt_path "$new_path"
if [[ -d $GIT_DIR && ! -e $old_path ]]; then
git rm -qr "$old_path"
@@ -583,7 +577,7 @@ cmd_copy_move() {
done
else
cp $interactive -r -v "$old_path" "$new_path" || exit 1
- [[ $reencrypt -eq 1 && -e "$new_path" ]] && reencrypt_path "$new_path"
+ [[ -e "$new_path" ]] && reencrypt_path "$new_path"
git_add_file "$new_path" "Copied ${1} to ${2}."
fi
}
