aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2014-05-10 17:48:24 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2014-05-10 17:48:24 +0200
commit36a5583120ad8a6f939a8971284424d580c48ab2 (patch)
treeda7026cfe6356c8288b520900043e1c0a68c106b
parentconfigure git to decrypt gpg files automatically (diff)
downloadpassword-store-36a5583120ad8a6f939a8971284424d580c48ab2.tar.xz
password-store-36a5583120ad8a6f939a8971284424d580c48ab2.zip
git: use secure tmp directory
-rwxr-xr-xsrc/password-store.sh15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index f466a8f..65283b8 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -163,10 +163,13 @@ clip() {
echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds."
}
tmpdir() {
+ local warn=1
+ [[ $1 == "nowarn" ]] && warn=0
+ local template="$PROGRAM.XXXXXXXXXXXXX"
if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
SECURE_TMPDIR="$(TMPDIR=/dev/shm mktemp -d -t "$template")"
else
- yesno "$(cat <<-_EOF
+ [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF
Your system does not have /dev/shm, which means that it may
be difficult to entirely erase the temporary non-encrypted
password file after editing.
@@ -554,16 +557,20 @@ cmd_copy_move() {
}
cmd_git() {
+ tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files.
+ trap "rm -rf '$SECURE_TMPDIR'" INT TERM EXIT
+ export TMPDIR="$SECURE_TMPDIR"
+
if [[ $1 == "init" ]]; then
git "$@" || exit 1
git_add_file "$PREFIX" "Add current contents of password store."
echo '*.gpg diff=gpg' > "$PREFIX/.gitattributes"
- git_add_file .gitattributes "Assigning diff attribute for gpg files"
+ git_add_file .gitattributes "Configure git repository for gpg file diff."
git config --local diff.gpg.binary true
- git config --local diff.gpg.textconv "$GPG ${GPG_OPTS[*]} --decrypt"
+ git config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}"
elif [[ -d $GIT_DIR ]]; then
- exec git "$@"
+ git "$@"
else
die "Error: the password store is not a git repository. Try \"$PROGRAM git init\"."
fi