aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAxel Tripier <axel@tripier.fr>2021-07-02 19:40:44 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2021-09-23 23:28:59 +0200
commitfde8baea4c7886237ef5acc26a18a9ecbb97c432 (patch)
treed5d97c90a90bbf377ea68b0eb1e5b839a6f89f2c
parentba454e41f67d22e0baa4388e130d9e0c03813bc3 (diff)
downloadpass-fde8baea4c7886237ef5acc26a18a9ecbb97c432.tar.zst
Exclude `*/.extensions` from grep/reencrypt
The `.extensions` directory can contain extensions code, for example as git submodules, that have `.gpg` files as part of their code but that are not files encrypted with the PGP keys of our password store. One example is `pass-tomb`, that contains `.gpg` files in `tests/gnupg`, but there are more, like `pass-update`, `pass-otp`, etc. However those `.gpg` files in the `.extensions` directory are currently processed by the `grep` and `reencrypt` functions of `pass`. At best this can cause errors to be shown to the user when grepping/reencrypting, and at worst it can cause files in the `.extensions` directory to be decrypted and returned as part of a search, or reencrypted with the incorrect PGP keys. This patch tries to mitigate that issue by removing the `*/.extensions` directories from the list of processed `.gpg` files for the grep/reencrypt functions. However this patch is not perfect as it does not take into account the fact that the `.extensions` directory can be renamed to something else using `PASSWORD_STORE_EXTENSIONS_DIR`. But knowing if this `PASSWORD_STORE_EXTENSIONS_DIR` is inside the `PREFIX` or not and formatting the path exclusion for `find` accordingly could require a fair bit of additional logic that I am not sure how you want to implement.
-rwxr-xr-xsrc/password-store.sh4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index dd627b9..48f92e1 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -137,7 +137,7 @@ reencrypt_path() {
mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp"
fi
prev_gpg_recipients="${GPG_RECIPIENTS[*]}"
- done < <(find "$1" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find "$1" -path '*/.git' -prune -o -path '*/.extensions' -prune -o -iname '*.gpg' -print0)
}
check_sneaky_paths() {
local path
@@ -430,7 +430,7 @@ cmd_grep() {
passfile="${passfile##*/}"
printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
echo "$grepresults"
- done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0)
+ done < <(find -L "$PREFIX" -path '*/.git' -prune -o -path '*/.extensions' -prune -o -iname '*.gpg' -print0)
}
cmd_insert() {