summaryrefslogtreecommitdiff
path: root/src/password-store.sh
diff options
context:
space:
mode:
authorDavid Adam <zanchey@ucc.gu.uwa.edu.au>2015-04-17 10:46:47 +0800
committerJason A. Donenfeld <Jason@zx2c4.com>2015-05-11 13:35:03 +0200
commit4690a3021cf74b2093d296f48f205b6706f82f2a (patch)
tree25fe9df23e79a7c829f6f8926998400fac897aeb /src/password-store.sh
parent7cfe27de46138757ba325f4a13001b303454aba3 (diff)
downloadpass-4690a3021cf74b2093d296f48f205b6706f82f2a.tar.gz
pass-4690a3021cf74b2093d296f48f205b6706f82f2a.tar.bz2
pass-4690a3021cf74b2093d296f48f205b6706f82f2a.zip
add support for passing arbitrary options to all invocations of GPG
Uses the PASSWORD_STORE_GPG_OPTS environment variable. Can be used to (e.g.) change the keyrings or trust model used.
Diffstat (limited to '')
-rwxr-xr-xsrc/password-store.sh8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 7d57376..79d2096 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -6,7 +6,7 @@
umask "${PASSWORD_STORE_UMASK:-077}"
set -o pipefail
-GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
+GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" )
GPG="gpg"
export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
which gpg2 &>/dev/null && GPG="gpg2"
@@ -83,7 +83,7 @@ set_gpg_recipients() {
reencrypt_path() {
local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile
- local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")"
+ local groups="$($GPG $PASSWORD_STORE_GPG_OPTS --list-config --with-colons | grep "^cfg:group:.*")"
while read -r -d "" passfile; do
local passfile_dir="${passfile%/*}"
passfile_dir="${passfile_dir#$PREFIX}"
@@ -100,9 +100,9 @@ reencrypt_path() {
IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
unset GPG_RECIPIENTS[$index]
done
- gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+ gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
fi
- current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
+ current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
if [[ $gpg_keys != "$current_keys" ]]; then
echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"