diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-22 19:17:45 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-04-22 19:17:45 +0200 |
| commit | 6c1c551fc6227f6d955eb3884124a7e1d0a38fb8 (patch) | |
| tree | f6d11998c32963056224f3e709c83c94b6e63ca8 /src | |
| parent | f82e9d6cf3bc3a12bdfce89bf319d76f79e66efc (diff) | |
| download | pass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.tar.gz pass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.tar.bz2 pass-6c1c551fc6227f6d955eb3884124a7e1d0a38fb8.zip | |
reencryption: take into account groups
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
| -rwxr-xr-x | src/password-store.sh | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index 7ea5d4c..6144cac 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -92,6 +92,14 @@ reencrypt_path() { local prev_gpg_recipients local gpg_keys local current_keys + local config + local saved_ifs + local -A groups + while read -r config; do + [[ $config =~ cfg:group:* ]] || continue + groups[$(cut -d : -f 3 <<<"$config")]="$(cut -d : -f 4 <<<"$config")" + done < <($GPG --list-config --with-colons) + while read -r -d "" passfile; do passfile_dir="${passfile%/*}" passfile_dir="${passfile_dir#$PREFIX}" @@ -101,8 +109,18 @@ reencrypt_path() { passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" set_gpg_recipients "$passfile_dir" - [[ $prev_gpg_recipients != "${GPG_RECIPIENTS[@]}" ]] && - gpg_keys="$($GPG --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)" + if [[ $prev_gpg_recipients != "${GPG_RECIPIENTS[@]}" ]]; then + for config in "${!GPG_RECIPIENTS[@]}"; do + [[ ${groups[${GPG_RECIPIENTS[$config]}]} ]] || continue + saved_ifs="$IFS" + IFS=";" + GPG_RECIPIENTS+=( ${groups[${GPG_RECIPIENTS[$config]}]} ) + IFS="$saved_ifs" + unset GPG_RECIPIENTS[$config] + done + gpg_keys="$($GPG --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)" + + fi current_keys="$($GPG -v --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | sort -u)" if [[ $gpg_keys != "$current_keys" ]]; then @@ -110,7 +128,6 @@ reencrypt_path() { $GPG -d $GPG_OPTS "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" $GPG_OPTS && mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp" fi - prev_gpg_recipients="${GPG_RECIPIENTS[@]}" done < <(find "$PREFIX" -iname '*.gpg' -print0) } @@ -285,15 +302,14 @@ cmd_init() { git_commit "Deinitialized ${gpg_id}." fi rmdir -p "${gpg_id%/*}" 2>/dev/null - exit 0 + else + mkdir -v -p "$PREFIX/$id_path" + printf "%s\n" "$@" > "$gpg_id" + local id_print="$(printf "%s, " "$@")" + echo "Password store initialized for ${id_print%, }" + git_add_file "$gpg_id" "Set GPG id to ${id_print%, }." fi - mkdir -v -p "$PREFIX/$id_path" - printf "%s\n" "$@" > "$gpg_id" - local id_print="$(printf "%s, " "$@")" - echo "Password store initialized for ${id_print%, }" - git_add_file "$gpg_id" "Set GPG id to ${id_print%, }." - agent_check reencrypt_path "$PREFIX/$id_path" git_add_file "$PREFIX/$id_path" "Reencrypted password store using new GPG id ${id_print%, }." |