diff options
-rwxr-xr-x | src/password-store.sh | 45 | ||||
-rw-r--r-- | src/platform/darwin.sh | 4 | ||||
-rw-r--r-- | src/platform/freebsd.sh | 4 | ||||
-rwxr-xr-x | tests/setup.sh | 6 | ||||
-rwxr-xr-x | tests/t0001-sanity-checks.sh | 4 | ||||
-rwxr-xr-x | tests/t0010-generate-tests.sh | 6 | ||||
-rwxr-xr-x | tests/t0020-show-tests.sh | 8 | ||||
-rwxr-xr-x | tests/t0050-mv-tests.sh | 6 | ||||
-rwxr-xr-x | tests/t0060-rm-tests.sh | 8 | ||||
-rwxr-xr-x | tests/t0100-insert-tests.sh | 6 | ||||
-rwxr-xr-x | tests/t0200-edit-tests.sh | 8 | ||||
-rwxr-xr-x | tests/t0300-reencryption.sh | 40 |
12 files changed, 73 insertions, 72 deletions
diff --git a/src/password-store.sh b/src/password-store.sh index ab78e59..3ac0fb4 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -10,6 +10,7 @@ GPG_OPTS="--quiet --yes --compress-algo=none" GPG="gpg" which gpg2 &>/dev/null && GPG="gpg2" [[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS="$GPG_OPTS --batch --use-agent" +alias gpg="command $GPG" PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" @@ -86,7 +87,7 @@ agent_check() { } reencrypt_path() { local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile - local groups="$($GPG --list-config --with-colons | grep ^cfg:group:.*)" + local groups="$(gpg --list-config --with-colons | grep ^cfg:group:.*)" while read -r -d "" passfile; do local passfile_dir="${passfile%/*}" passfile_dir="${passfile_dir#$PREFIX}" @@ -103,13 +104,13 @@ reencrypt_path() { IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 unset GPG_RECIPIENTS[$index] done - gpg_keys="$($GPG --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)" + gpg_keys="$(gpg --list-keys --keyid-format long "${GPG_RECIPIENTS[@]}" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u)" fi - current_keys="$($GPG -v --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | sort -u)" + current_keys="$(gpg -v --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | sort -u)" if [[ $gpg_keys != "$current_keys" ]]; then echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }" - $GPG -d $GPG_OPTS "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" $GPG_OPTS && + gpg -d $GPG_OPTS "$passfile" | gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" $GPG_OPTS && mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp" fi prev_gpg_recipients="${GPG_RECIPIENTS[@]}" @@ -176,8 +177,8 @@ tmpdir() { fi } -GETOPT="getopt" -SHRED="shred -f -z" +alias getopt="command getopt" +alias shred="command shred -f -z" source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr '[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE @@ -252,7 +253,7 @@ cmd_usage() { cmd_init() { local opts id_path="" - opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")" + opts="$(getopt -o p: -l path: -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in @@ -300,7 +301,7 @@ cmd_init() { cmd_show() { local opts clip=0 - opts="$($GETOPT -o c -l clip -n "$PROGRAM" -- "$@")" + opts="$(getopt -o c -l clip -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in @@ -318,9 +319,9 @@ cmd_show() { check_sneaky_paths "$path" if [[ -f $passfile ]]; then if [[ $clip -eq 0 ]]; then - exec $GPG -d $GPG_OPTS "$passfile" + exec gpg -d $GPG_OPTS "$passfile" else - local pass="$($GPG -d $GPG_OPTS "$passfile" | head -n 1)" + local pass="$(gpg -d $GPG_OPTS "$passfile" | head -n 1)" [[ -n $pass ]] || exit 1 clip "$pass" "$path" fi @@ -367,7 +368,7 @@ cmd_grep() { agent_check local search="$1" passfile while read -r -d "" passfile; do - local grepresults="$($GPG -d $GPG_OPTS "$passfile" | grep --color=always "$search")" + local grepresults="$(gpg -d $GPG_OPTS "$passfile" | grep --color=always "$search")" [ $? -ne 0 ] && continue passfile="${passfile%.gpg}" passfile="${passfile#$PREFIX/}" @@ -380,7 +381,7 @@ cmd_grep() { cmd_insert() { local opts multiline=0 noecho=1 force=0 - opts="$($GETOPT -o mef -l multiline,echo,force -n "$PROGRAM" -- "$@")" + opts="$(getopt -o mef -l multiline,echo,force -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in @@ -406,7 +407,7 @@ cmd_insert() { if [[ $multiline -eq 1 ]]; then echo "Enter contents of $path and press Ctrl+D when finished:" echo - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS + gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS elif [[ $noecho -eq 1 ]]; then local password password_again while true; do @@ -415,7 +416,7 @@ cmd_insert() { read -r -p "Retype password for $path: " -s password_again || exit 1 echo if [[ $password == "$password_again" ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$password" + gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$password" break else echo "Error: the entered passwords do not match." @@ -424,7 +425,7 @@ cmd_insert() { else local password read -r -p "Enter password for $path: " -e password - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$password" + gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$password" fi git_add_file "$passfile" "Added given password for $path to store." } @@ -442,18 +443,18 @@ cmd_edit() { local passfile="$PREFIX/$path.gpg" local template="$PROGRAM.XXXXXXXXXXXXX" - trap '$SHRED "$tmp_file"; rm -rf "$SECURE_TMPDIR" "$tmp_file"' INT TERM EXIT + trap 'shred "$tmp_file"; rm -rf "$SECURE_TMPDIR" "$tmp_file"' INT TERM EXIT tmpdir #Defines $SECURE_TMPDIR local tmp_file="$(TMPDIR="$SECURE_TMPDIR" mktemp -t "$template")" local action="Added" if [[ -f $passfile ]]; then - $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 + gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 action="Edited" fi ${EDITOR:-vi} "$tmp_file" - while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS "$tmp_file"; do + while ! gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS "$tmp_file"; do echo "GPG encryption failed. Retrying." sleep 1 done @@ -462,7 +463,7 @@ cmd_edit() { cmd_generate() { local opts clip=0 force=0 symbols="-y" - opts="$($GETOPT -o ncf -l no-symbols,clip,force -n "$PROGRAM" -- "$@")" + opts="$(getopt -o ncf -l no-symbols,clip,force -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in @@ -491,7 +492,7 @@ cmd_generate() { local pass="$(pwgen -s $symbols $length 1)" [[ -n $pass ]] || exit 1 - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$pass" + gpg -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" $GPG_OPTS <<<"$pass" git_add_file "$passfile" "Added generated password for $path to store." if [[ $clip -eq 0 ]]; then @@ -504,7 +505,7 @@ cmd_generate() { cmd_delete() { local opts recursive="" force=0 - opts="$($GETOPT -o rf -l recursive,force -n "$PROGRAM" -- "$@")" + opts="$(getopt -o rf -l recursive,force -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in @@ -542,7 +543,7 @@ cmd_copy_move() { local opts move=1 force=0 [[ $1 == "copy" ]] && move=0 shift - opts="$($GETOPT -o f -l force -n "$PROGRAM" -- "$@")" + opts="$(getopt -o f -l force -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh index 1b76c33..161b687 100644 --- a/src/platform/darwin.sh +++ b/src/platform/darwin.sh @@ -31,5 +31,5 @@ tmpdir() { mount -t hfs -o noatime -o nobrowse "$ramdisk_dev" "$SECURE_TMPDIR" || exit 1 } -GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || echo /usr/local)/bin/getopt" -SHRED="srm -f -z" +alias getopt="command $(brew --prefix gnu-getopt 2>/dev/null || echo /usr/local)/bin/getopt" +alias shred="command srm -f -z" diff --git a/src/platform/freebsd.sh b/src/platform/freebsd.sh index d93c774..da062fb 100644 --- a/src/platform/freebsd.sh +++ b/src/platform/freebsd.sh @@ -1,5 +1,5 @@ # Copyright (C) 2012 Jonathan Chu <milki@rescomp.berkeley.edu>. All Rights Reserved. # This file is licensed under the GPLv2+. Please see COPYING for more information. -GETOPT="/usr/local/bin/getopt" -SHRED="rm -P -f" +alias getopt="command /usr/local/bin/getopt" +alias shred="command rm -P -f" diff --git a/tests/setup.sh b/tests/setup.sh index 90896a7..d23cda9 100755 --- a/tests/setup.sh +++ b/tests/setup.sh @@ -29,12 +29,13 @@ if [[ ! -e $PASS ]]; then echo "Could not find password-store.sh" exit 1 fi +alias pass="command \"$PASS\"" # Note: the assumption is the test key is unencrypted. export GNUPGHOME="$TEST_HOME/gnupg/" chmod 700 "$GNUPGHOME" -GPG="gpg" -which gpg2 &>/dev/null && GPG="gpg2" +alias gpg="command gpg" +which gpg2 &>/dev/null && alias gpg="command gpg2" # We don't want to use any running agent. # We want an agent to appear to pass to be running. @@ -46,4 +47,3 @@ KEY2="D774A374" # pass test key 2 KEY3="EB7D54A8" # pass test key 3 KEY4="E4691410" # pass test key 4 KEY5="39E5020C" # pass test key 5 - diff --git a/tests/t0001-sanity-checks.sh b/tests/t0001-sanity-checks.sh index e6be9ea..17d270a 100755 --- a/tests/t0001-sanity-checks.sh +++ b/tests/t0001-sanity-checks.sh @@ -4,11 +4,11 @@ test_description='Sanity checks' . ./setup.sh test_expect_success 'Make sure we can run pass' ' - $PASS --help | grep "pass: the standard unix password manager" + pass --help | grep "pass: the standard unix password manager" ' test_expect_success 'Make sure we can initialize our test store' ' - $PASS init $KEY1 && + pass init $KEY1 && [[ -e "$PASSWORD_STORE_DIR/.gpg-id" ]] && [[ $(cat "$PASSWORD_STORE_DIR/.gpg-id") == "$KEY1" ]] ' diff --git a/tests/t0010-generate-tests.sh b/tests/t0010-generate-tests.sh index d717c00..fea9d44 100755 --- a/tests/t0010-generate-tests.sh +++ b/tests/t0010-generate-tests.sh @@ -4,9 +4,9 @@ test_description='Test generate' . ./setup.sh test_expect_success 'Test "generate" command' ' - $PASS init $KEY1 && - $PASS generate cred 19 && - [[ $($PASS show cred | wc -m) -eq 20 ]] + pass init $KEY1 && + pass generate cred 19 && + [[ $(pass show cred | wc -m) -eq 20 ]] ' test_done diff --git a/tests/t0020-show-tests.sh b/tests/t0020-show-tests.sh index 6bd0165..ede7cd1 100755 --- a/tests/t0020-show-tests.sh +++ b/tests/t0020-show-tests.sh @@ -4,13 +4,13 @@ test_description='Test show' . ./setup.sh test_expect_success 'Test "show" command' ' - $PASS init $KEY1 && - $PASS generate cred1 20 && - $PASS show cred1 + pass init $KEY1 && + pass generate cred1 20 && + pass show cred1 ' test_expect_success 'Test "show" of nonexistant password' ' - test_must_fail $PASS show cred2 + test_must_fail pass show cred2 ' test_done diff --git a/tests/t0050-mv-tests.sh b/tests/t0050-mv-tests.sh index 57472c1..1b1fef2 100755 --- a/tests/t0050-mv-tests.sh +++ b/tests/t0050-mv-tests.sh @@ -7,9 +7,9 @@ TEST_CRED="test_cred" TEST_CRED_NEW="test_cred_new" test_expect_success 'Test "mv" command' ' - $PASS init $KEY1 && - $PASS generate cred1 39 && - $PASS mv cred1 cred2 && + pass init $KEY1 && + pass generate cred1 39 && + pass mv cred1 cred2 && [[ -e $PASSWORD_STORE_DIR/cred2.gpg && ! -e $PASSWORD_STORE_DIR/cred1.gpg ]] ' diff --git a/tests/t0060-rm-tests.sh b/tests/t0060-rm-tests.sh index 50f2790..f434794 100755 --- a/tests/t0060-rm-tests.sh +++ b/tests/t0060-rm-tests.sh @@ -4,14 +4,14 @@ test_description='Test rm' . ./setup.sh test_expect_success 'Test "rm" command' ' - $PASS init $KEY1 && - $PASS generate cred1 43 && - echo "y" | $PASS rm cred1 && + pass init $KEY1 && + pass generate cred1 43 && + echo "y" | pass rm cred1 && [[ ! -e $PASSWORD_STORE_DIR/cred1.gpg ]] ' test_expect_success 'Test "rm" of non-existent password' ' - test_must_fail $PASS rm does-not-exist + test_must_fail pass rm does-not-exist ' test_done diff --git a/tests/t0100-insert-tests.sh b/tests/t0100-insert-tests.sh index 28c50d2..5820e45 100755 --- a/tests/t0100-insert-tests.sh +++ b/tests/t0100-insert-tests.sh @@ -4,9 +4,9 @@ test_description='Test insert' . ./setup.sh test_expect_success 'Test "insert" command' ' - $PASS init $KEY1 && - echo "Hello world" | $PASS insert -e cred1 && - [[ $($PASS show cred1) == "Hello world" ]] + pass init $KEY1 && + echo "Hello world" | pass insert -e cred1 && + [[ $(pass show cred1) == "Hello world" ]] ' test_done diff --git a/tests/t0200-edit-tests.sh b/tests/t0200-edit-tests.sh index fc88bd5..dfc0d10 100755 --- a/tests/t0200-edit-tests.sh +++ b/tests/t0200-edit-tests.sh @@ -4,12 +4,12 @@ test_description='Test edit' . ./setup.sh test_expect_success 'Test "edit" command' ' - $PASS init $KEY1 && - $PASS generate cred1 90 && + pass init $KEY1 && + pass generate cred1 90 && export FAKE_EDITOR_PASSWORD="big fat fake password" && export EDITOR="$TEST_HOME/fake-editor-change-password.sh" && - $PASS edit cred1 && - [[ $($PASS show cred1) == "$FAKE_EDITOR_PASSWORD" ]] + pass edit cred1 && + [[ $(pass show cred1) == "$FAKE_EDITOR_PASSWORD" ]] ' test_done diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh index fed4b5b..0d71476 100755 --- a/tests/t0300-reencryption.sh +++ b/tests/t0300-reencryption.sh @@ -6,13 +6,13 @@ test_description='Reencryption consistency' INITIAL_PASSWORD="will this password live? a big question indeed..." canonicalize_gpg_keys() { - $GPG --list-keys --keyid-format long "$@" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u + gpg --list-keys --keyid-format long "$@" | sed -n 's/sub *.*\/\([A-F0-9]\{16\}\) .*/\1/p' | sort -u } gpg_keys_from_encrypted_file() { - $GPG -v --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | sort -u + gpg -v --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | sort -u } gpg_keys_from_group() { - local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" + local output="$(gpg --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" local saved_ifs="$IFS" IFS=";" local keys=( $output ) @@ -21,75 +21,75 @@ gpg_keys_from_group() { } test_expect_success 'Setup initial key and git' ' - $PASS init $KEY1 && $PASS git init + pass init $KEY1 && pass git init ' test_expect_success 'Root key encryption' ' - $PASS insert -e folder/cred1 <<<"$INITIAL_PASSWORD" && + pass insert -e folder/cred1 <<<"$INITIAL_PASSWORD" && [[ $(canonicalize_gpg_keys "$KEY1") == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root single key' ' - $PASS init $KEY2 && + pass init $KEY2 && [[ $(canonicalize_gpg_keys "$KEY2") == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root multiple key' ' - $PASS init $KEY2 $KEY3 $KEY1 && + pass init $KEY2 $KEY3 $KEY1 && [[ $(canonicalize_gpg_keys $KEY2 $KEY3 $KEY1) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root multiple key with string' ' - $PASS init $KEY2 $KEY3 $KEY1 "pass test key 4" && + pass init $KEY2 $KEY3 $KEY1 "pass test key 4" && [[ $(canonicalize_gpg_keys $KEY2 $KEY3 $KEY1 $KEY4) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root group' ' - $PASS init group1 && + pass init group1 && [[ $(gpg_keys_from_group group1) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root group with spaces' ' - $PASS init "big group" && + pass init "big group" && [[ $(gpg_keys_from_group "big group") == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root group with spaces and other keys' ' - $PASS init "big group" $KEY3 $KEY1 $KEY2 && + pass init "big group" $KEY3 $KEY1 $KEY2 && [[ $(canonicalize_gpg_keys $KEY3 $KEY1 $KEY2 $(gpg_keys_from_group "big group")) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root group and other keys' ' - $PASS init group2 $KEY3 $KEY1 $KEY2 && + pass init group2 $KEY3 $KEY1 $KEY2 && [[ $(canonicalize_gpg_keys $KEY3 $KEY1 $KEY2 $(gpg_keys_from_group group2)) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/folder/cred1.gpg")" ]] ' test_expect_success 'Reencryption root group to identical individual with no file change' ' oldfile="$SHARNESS_TRASH_DIRECTORY/$RANDOM.$RANDOM.$RANDOM.$RANDOM.$RANDOM" && - $PASS init group1 && + pass init group1 && cp "$PASSWORD_STORE_DIR/folder/cred1.gpg" "$oldfile" && - $PASS init $KEY4 $KEY2 && + pass init $KEY4 $KEY2 && test_cmp "$PASSWORD_STORE_DIR/folder/cred1.gpg" "$oldfile" ' test_expect_success 'Reencryption subfolder multiple keys, copy' ' - $PASS init -p anotherfolder $KEY3 $KEY1 && - $PASS cp folder/cred1 anotherfolder/ && + pass init -p anotherfolder $KEY3 $KEY1 && + pass cp folder/cred1 anotherfolder/ && [[ $(canonicalize_gpg_keys $KEY1 $KEY3) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/anotherfolder/cred1.gpg")" ]] ' test_expect_success 'Reencryption subfolder multiple keys, move, deinit' ' - $PASS init -p anotherfolder2 $KEY3 $KEY4 $KEY2 && - $PASS mv -f anotherfolder anotherfolder2/ && + pass init -p anotherfolder2 $KEY3 $KEY4 $KEY2 && + pass mv -f anotherfolder anotherfolder2/ && [[ $(canonicalize_gpg_keys $KEY1 $KEY3) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/anotherfolder2/anotherfolder/cred1.gpg")" ]] && - $PASS init -p anotherfolder2/anotherfolder "" && + pass init -p anotherfolder2/anotherfolder "" && [[ $(canonicalize_gpg_keys $KEY3 $KEY4 $KEY2) == "$(gpg_keys_from_encrypted_file "$PASSWORD_STORE_DIR/anotherfolder2/anotherfolder/cred1.gpg")" ]] ' #TODO: test with more varieties of move and copy! test_expect_success 'Password lived through all transformations' ' - [[ $($PASS show anotherfolder2/anotherfolder/cred1) == "$INITIAL_PASSWORD" ]] + [[ $(pass show anotherfolder2/anotherfolder/cred1) == "$INITIAL_PASSWORD" ]] ' test_expect_success 'Git picked up all changes throughout' ' |