Re: pass init does not re-encrypt existing files (SOLVED)
Dear all, On 07/19/2018 07:48 PM, Frank Thommen wrote: Hi, In an attempt to use pass for a shared password store @work I tried the instructions given on https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592. However even after importing a colleagues' public gpg key, signing it and applying `pass init id1 id2`, existing entries could still not be seen by him: $ pass a/b gpg: decryption failed: No secret key $ Entries created *after* the additional `pass init` could be read by both users, but not those created beforehand. We are using pass 1.5 on CentOS 7 (from EPEL). GPG is version 2.0.22. I'm grateful for any hint on how to re-encrypt also existing files. Cheers frank Problem solved: It was a combined issue of RTFM and used pass version. The pass version provided by EPEL for CentOS is 1.5, this version has an additional switch "-e" or "--reencrypt" for `pass init` which seems to have been dropped in later versions. At least it is not mentioned on https://git.zx2c4.com/password-store/about/ or on https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592. I /should/ have read the local manpage in addition to the online documentation ;-) It is working now: * for version 1.5: pass init -e id1 id2 # requires -e * for version 1.7.2: pass initid1 id2 # no need for -e Cheers frank ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass init does not re-encrypt existing files
Hi,
we don't use symlinks. All files are directly in the passord store,
which is referred to by the $PASSWORD_STORE_DIR environment variable.
Cheers
frank
On 20/07/18 09:30, Zafiris Sgouridis wrote:
Hi!
I had the same issue. For me it was that my directory under .password-
store was a symlink. When the function that searches for files to
reencrypt it uses find and without the "-L" flag for following symlinks
so it didn't find any files.
Are you using symlinks?
My setup:
.password-store
secrets_test -> ~/git/secret_test
I sent the patch below that adds "-L" so that find will follow symlinks
and finds the files when reencrypting.
From ab124563a079f01a2c4c0797f34eaf35f7e34579 Mon Sep 17 00:00:00 2001
From: Zafiris Sgouridis
Date: Tue, 26 Jun 2018 11:52:32 +0200
Subject: [PATCH 1/1] Add ability to use symlinks for directory under
pass-store. Use "-L" with "find" to make it follow symlinks so that
it
also
finds files even if the directories under "./password-store" are
symlinks.
---
src/password-store.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 715dc93..368f1d9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -133,7 +133,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find -L "$1" -path '*/.git' -prune -o -iname '*.gpg'
-print0)
}
check_sneaky_paths() {
local path
--
Frank Thommen | HD-HuB / DKFZ Heidelberg
| f.thom...@dkfz-heidelberg.de
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass init does not re-encrypt existing files
Hi!
I had the same issue. For me it was that my directory under .password-
store was a symlink. When the function that searches for files to
reencrypt it uses find and without the "-L" flag for following symlinks
so it didn't find any files.
Are you using symlinks?
My setup:
.password-store
secrets_test -> ~/git/secret_test
I sent the patch below that adds "-L" so that find will follow symlinks
and finds the files when reencrypting.
From ab124563a079f01a2c4c0797f34eaf35f7e34579 Mon Sep 17 00:00:00 2001
From: Zafiris Sgouridis
Date: Tue, 26 Jun 2018 11:52:32 +0200
Subject: [PATCH 1/1] Add ability to use symlinks for directory under
pass-store. Use "-L" with "find" to make it follow symlinks so that
it
also
finds files even if the directories under "./password-store" are
symlinks.
---
src/password-store.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 715dc93..368f1d9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -133,7 +133,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find -L "$1" -path '*/.git' -prune -o -iname '*.gpg'
-print0)
}
check_sneaky_paths() {
local path
--
2.17.1
Regards
Zafiris
On Thu, 2018-07-19 at 19:48 +0200, Frank Thommen wrote:
> Hi,
>
> In an attempt to use pass for a shared password store @work I tried
> the
> instructions given on
> https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592.
> However even after importing a colleagues' public gpg key, signing
> it
> and applying `pass init id1 id2`, existing entries could still not
> be
> seen by him:
>
> $ pass a/b
> gpg: decryption failed: No secret key
> $
>
> Entries created *after* the additional `pass init` could be read by
> both
> users, but not those created beforehand.
>
> We are using pass 1.5 on CentOS 7 (from EPEL). GPG is version
> 2.0.22.
>
> I'm grateful for any hint on how to re-encrypt also existing files.
>
> Cheers
> frank
> ___
> Password-Store mailing list
> Password-Store@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
