aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src
diff options
context:
space:
mode:
authorSebastian Reuße <seb@wirrsal.net>2017-01-25 09:14:42 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2017-02-25 13:40:03 +0100
commitbe6cebe0df6d9ff0f67bd50cf96a5faaac00416c (patch)
tree377354c6dc3f8f46c24bcb317a13b370aa7f5971 /src
parenttests: fix for recent changes (diff)
downloadpassword-store-be6cebe0df6d9ff0f67bd50cf96a5faaac00416c.tar.xz
password-store-be6cebe0df6d9ff0f67bd50cf96a5faaac00416c.zip
Don’t reencrypt data not managed by pass.
When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/password-store.sh4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 081057a..e8948a1 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -127,7 +127,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -iname '*.gpg' -print0)
+ done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
}
check_sneaky_paths() {
local path
@@ -400,7 +400,7 @@ cmd_grep() {
passfile="${passfile##*/}"
printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
echo "$grepresults"
- done < <(find -L "$PREFIX" -iname '*.gpg' -print0)
+ done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
}
cmd_insert() {