From be6cebe0df6d9ff0f67bd50cf96a5faaac00416c Mon Sep 17 00:00:00 2001 From: Sebastian Reuße Date: Wed, 25 Jan 2017 09:14:42 +0100 Subject: Don’t reencrypt data not managed by pass. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping. --- src/password-store.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/password-store.sh') diff --git a/src/password-store.sh b/src/password-store.sh index 081057a..e8948a1 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -127,7 +127,7 @@ reencrypt_path() { mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp" fi prev_gpg_recipients="${GPG_RECIPIENTS[*]}" - done < <(find "$1" -iname '*.gpg' -print0) + done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0) } check_sneaky_paths() { local path @@ -400,7 +400,7 @@ cmd_grep() { passfile="${passfile##*/}" printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile" echo "$grepresults" - done < <(find -L "$PREFIX" -iname '*.gpg' -print0) + done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0) } cmd_insert() { -- cgit v1.2.3-59-g8ed1b