Re: [PATCH] add "pass reencrypt" sub command

Wed, 08 Jan 2020 03:44:18 -0800

Nice, I've been looking for that. I've actually implemented it too, but as an extension instead of patching password-store: https://github.com/runejuhl/pass-reencrypt ...your implementation looks a lot cleaner though :) 

/Rune

Kjetil Torgrim Homme <[email protected]> writes:
I was surprised to find there was no command to reencrypt a pass installation without specifying the key ids manually to pass init. The code is basically there already, so this patch adds a "reencrypt" command (basically a copy of "init" with less code) which will use the correct .gpg-id files for each sub directory. diff --git bin/pass bin/pass index b17ec580e..c10680f97 100755 --- bin/pass +++ bin/pass @@ -264,6 +279,8 @@ cmd_usage() { $PROGRAM init [--path=subfolder,-p subfolder] gpg-id... Initialize new password storage and use gpg-id for encryption. Selectively reencrypt existing passwords using new gpg-id. + $PROGRAM reencrypt [--path=subfolder,-p subfolder] + Selectively reencrypt existing passwords based on updated .gpg-id files. $PROGRAM [ls] [subfolder] List passwords. $PROGRAM find pass-names... @@ -349,6 +366,27 @@ cmd_init() { git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." } +cmd_reencrypt() { + local opts id_path="" + opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")" + local err=$? + eval set -- "$opts" + while true; do case $1 in + -p|--path) id_path="$2"; shift 2 ;; + --) shift; break ;; + esac done + + [[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder]" + [[ -n $id_path ]] && check_sneaky_paths "$id_path" + [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory." + + # set_git does a dirname operation, so trailing slash is needed + set_git "$PREFIX/$id_path/" + + reencrypt_path "$PREFIX/$id_path" + git_add_file "$PREFIX/$id_path" "Reencrypt password store using updated .gpg-id files." +} + cmd_show() { local opts selected_line clip=0 qrcode=0 opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")" @@ -688,6 +726,7 @@ COMMAND="$1" case "$1" in init) shift; cmd_init "$@" ;; + reencrypt) shift; cmd_reencrypt "$@" ;; help|--help) shift; cmd_usage "$@" ;; version|--version) shift; cmd_version "$@" ;; show|ls|list) shift; cmd_show "$@" ;; -- Kjetil T. Homme Redpill Linpro - Changing the Game diff --git bin/pass bin/pass index b17ec580e..c10680f97 100755 --- bin/pass +++ bin/pass @@ -264,6 +279,8 @@ cmd_usage() { $PROGRAM init [--path=subfolder,-p subfolder] gpg-id... Initialize new password storage and use gpg-id for encryption. Selectively reencrypt existing passwords using new gpg-id. + $PROGRAM reencrypt [--path=subfolder,-p subfolder] + Selectively reencrypt existing passwords based on updated .gpg-id files. $PROGRAM [ls] [subfolder] List passwords. $PROGRAM find pass-names... @@ -349,6 +366,27 @@ cmd_init() { git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." } +cmd_reencrypt() { + local opts id_path="" + opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")" + local err=$? + eval set -- "$opts" + while true; do case $1 in + -p|--path) id_path="$2"; shift 2 ;; + --) shift; break ;; + esac done + + [[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder]" + [[ -n $id_path ]] && check_sneaky_paths "$id_path" + [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory." + + # set_git does a dirname operation, so trailing slash is needed + set_git "$PREFIX/$id_path/" + + reencrypt_path "$PREFIX/$id_path" + git_add_file "$PREFIX/$id_path" "Reencrypt password store using updated .gpg-id files." +} + cmd_show() { local opts selected_line clip=0 qrcode=0 opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")" @@ -688,6 +726,7 @@ COMMAND="$1" case "$1" in init) shift; cmd_init "$@" ;; + reencrypt) shift; cmd_reencrypt "$@" ;; help|--help) shift; cmd_usage "$@" ;; version|--version) shift; cmd_version "$@" ;; show|ls|list) shift; cmd_show "$@" ;; _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store 

--
Rune Juhl Jacobsen
[email protected]
+45 6016 8337
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store

Reply via email to