summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2014-04-22 19:17:45 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2014-04-22 19:17:45 +0200
commit6c1c551fc6227f6d955eb3884124a7e1d0a38fb8 (patch)
treef6d11998c32963056224f3e709c83c94b6e63ca8
parentf82e9d6cf3bc3a12bdfce89bf319d76f79e66efc (diff)
downloadpass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.tar.gz
pass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.tar.bz2
pass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.zip
reencryption: take into account groups
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rwxr-xr-xsrc/password-store.sh36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 7ea5d4c..6144cac 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -92,6 +92,14 @@ reencrypt_path() {
local prev_gpg_recipients
local gpg_keys
local current_keys
+ local config
+ local saved_ifs
+ local -A groups
+ while read -r config; do
+ [[ $config =~ cfg:group:* ]] || continue
+ groups[$(cut -d : -f 3 <<<"$config")]="$(cut -d : -f 4 <<<"$config")"
+ done < <($GPG --list-config --with-colons)
+
while read -r -d "" passfile; do
passfile_dir="${passfile%/*}"
passfile_dir="${passfile_dir#$PREFIX}"
@@ -101,8 +109,18 @@ reencrypt_path() {
passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--"
set_gpg_recipients "$passfile_dir"
- [[ $prev_gpg_recipients != "${GPG_RECIPIENTS[@]}" ]] &&
- gpg_keys="$($GPG --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)"
+ if [[ $prev_gpg_recipients != "${GPG_RECIPIENTS[@]}" ]]; then
+ for config in "${!GPG_RECIPIENTS[@]}"; do
+ [[ ${groups[${GPG_RECIPIENTS[$config]}]} ]] || continue
+ saved_ifs="$IFS"
+ IFS=";"
+ GPG_RECIPIENTS+=( ${groups[${GPG_RECIPIENTS[$config]}]} )
+ IFS="$saved_ifs"
+ unset GPG_RECIPIENTS[$config]
+ done
+ gpg_keys="$($GPG --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)"
+
+ fi
current_keys="$($GPG -v --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | sort -u)"
if [[ $gpg_keys != "$current_keys" ]]; then
@@ -110,7 +128,6 @@ reencrypt_path() {
$GPG -d $GPG_OPTS "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" $GPG_OPTS &&
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
-
prev_gpg_recipients="${GPG_RECIPIENTS[@]}"
done < <(find "$PREFIX" -iname '*.gpg' -print0)
}
@@ -285,15 +302,14 @@ cmd_init() {
git_commit "Deinitialized ${gpg_id}."
fi
rmdir -p "${gpg_id%/*}" 2>/dev/null
- exit 0
+ else
+ mkdir -v -p "$PREFIX/$id_path"
+ printf "%s\n" "$@" > "$gpg_id"
+ local id_print="$(printf "%s, " "$@")"
+ echo "Password store initialized for ${id_print%, }"
+ git_add_file "$gpg_id" "Set GPG id to ${id_print%, }."
fi
- mkdir -v -p "$PREFIX/$id_path"
- printf "%s\n" "$@" > "$gpg_id"
- local id_print="$(printf "%s, " "$@")"
- echo "Password store initialized for ${id_print%, }"
- git_add_file "$gpg_id" "Set GPG id to ${id_print%, }."
-
agent_check
reencrypt_path "$PREFIX/$id_path"
git_add_file "$PREFIX/$id_path" "Reencrypted password store using new GPG id ${id_print%, }."