I was surprised to find there was no command to reencrypt a pass
installation without specifying the key ids manually to pass init. The
code is basically there already, so this patch adds a "reencrypt"
command (basically a copy of "init" with less code) which will use the
correct .gpg-id files for each sub directory.
diff --git bin/pass bin/pass
index b17ec580e..c10680f97 100755
--- bin/pass
+++ bin/pass
@@ -264,6 +279,8 @@ cmd_usage() {
$PROGRAM init [--path=subfolder,-p subfolder] gpg-id...
Initialize new password storage and use gpg-id for encryption.
Selectively reencrypt existing passwords using new gpg-id.
+ $PROGRAM reencrypt [--path=subfolder,-p subfolder]
+ Selectively reencrypt existing passwords based on updated
.gpg-id files.
$PROGRAM [ls] [subfolder]
List passwords.
$PROGRAM find pass-names...
@@ -349,6 +366,27 @@ cmd_init() {
git_add_file "$PREFIX/$id_path" "Reencrypt password store using new
GPG id ${id_print%, }${id_path:+ ($id_path)}."
}
+cmd_reencrypt() {
+ local opts id_path=""
+ opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")"
+ local err=$?
+ eval set -- "$opts"
+ while true; do case $1 in
+ -p|--path) id_path="$2"; shift 2 ;;
+ --) shift; break ;;
+ esac done
+
+ [[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND
[--path=subfolder,-p subfolder]"
+ [[ -n $id_path ]] && check_sneaky_paths "$id_path"
+ [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] &&
die "Error: $PREFIX/$id_path exists but is not a directory."
+
+ # set_git does a dirname operation, so trailing slash is needed
+ set_git "$PREFIX/$id_path/"
+
+ reencrypt_path "$PREFIX/$id_path"
+ git_add_file "$PREFIX/$id_path" "Reencrypt password store using
updated .gpg-id files."
+}
+
cmd_show() {
local opts selected_line clip=0 qrcode=0
opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")"
@@ -688,6 +726,7 @@ COMMAND="$1"
case "$1" in
init) shift; cmd_init "$@" ;;
+ reencrypt) shift; cmd_reencrypt "$@" ;;
help|--help) shift; cmd_usage "$@" ;;
version|--version) shift; cmd_version "$@" ;;
show|ls|list) shift; cmd_show "$@" ;;
--
Kjetil T. Homme
Redpill Linpro - Changing the Game
diff --git bin/pass bin/pass
index b17ec580e..c10680f97 100755
--- bin/pass
+++ bin/pass
@@ -264,6 +279,8 @@ cmd_usage() {
$PROGRAM init [--path=subfolder,-p subfolder] gpg-id...
Initialize new password storage and use gpg-id for encryption.
Selectively reencrypt existing passwords using new gpg-id.
+ $PROGRAM reencrypt [--path=subfolder,-p subfolder]
+ Selectively reencrypt existing passwords based on updated .gpg-id files.
$PROGRAM [ls] [subfolder]
List passwords.
$PROGRAM find pass-names...
@@ -349,6 +366,27 @@ cmd_init() {
git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}."
}
+cmd_reencrypt() {
+ local opts id_path=""
+ opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")"
+ local err=$?
+ eval set -- "$opts"
+ while true; do case $1 in
+ -p|--path) id_path="$2"; shift 2 ;;
+ --) shift; break ;;
+ esac done
+
+ [[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder]"
+ [[ -n $id_path ]] && check_sneaky_paths "$id_path"
+ [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory."
+
+ # set_git does a dirname operation, so trailing slash is needed
+ set_git "$PREFIX/$id_path/"
+
+ reencrypt_path "$PREFIX/$id_path"
+ git_add_file "$PREFIX/$id_path" "Reencrypt password store using updated .gpg-id files."
+}
+
cmd_show() {
local opts selected_line clip=0 qrcode=0
opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")"
@@ -688,6 +726,7 @@ COMMAND="$1"
case "$1" in
init) shift; cmd_init "$@" ;;
+ reencrypt) shift; cmd_reencrypt "$@" ;;
help|--help) shift; cmd_usage "$@" ;;
version|--version) shift; cmd_version "$@" ;;
show|ls|list) shift; cmd_show "$@" ;;
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
