commit be6cebe0df6d9ff0f67bd50cf96a5faaac00416c
parent 3691b66a31266b83b0b047ee955139cdb91f3ede
Author: Sebastian Reuße <seb@wirrsal.net>
Date: Wed, 25 Jan 2017 09:14:42 +0100
Don’t reencrypt data not managed by pass.
When keeping the password-store under git, it can make sense using a git
extension such as git-annex instead of the native git object store to
store the encrypted files. Inter alia, this allows one to selectively
expire old copies of the encrypted data, while otherwise, one would need
to recreate the complete repository when a key should no longer have
access to some of the data.
Since using the git-annex object store means that *.gpg files (and
directories named *.gpg) are kept under .git/… (non-writable), the
reencryption logic used by pass currently fails. To remedy this, we now
ignore everything kept under .git when looking for files to reencrypt or
when grepping.
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
@@ -127,7 +127,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -iname '*.gpg' -print0)
+ done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
}
check_sneaky_paths() {
local path
@@ -400,7 +400,7 @@ cmd_grep() {
passfile="${passfile##*/}"
printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
echo "$grepresults"
- done < <(find -L "$PREFIX" -iname '*.gpg' -print0)
+ done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
}
cmd_insert() {
