From 8f8367d5a52948a8032f72fef85358beff18bef7 Mon Sep 17 00:00:00 2001 From: Federico Angelilli Date: Fri, 22 Dec 2023 15:59:19 +0100 Subject: Minor corrections --- crypt.sh | 75 +++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/crypt.sh b/crypt.sh index e3d7928..275461f 100755 --- a/crypt.sh +++ b/crypt.sh @@ -4,6 +4,7 @@ umask 077 set -o pipefail CRYPT_PATH="${CRYPT_PATH:-~/.crypt}" +CRYPT_EXTENSION="${CRYPT_EXTENSION:-$CRYPT_PATH/.extensions}" # UTILITIES declare -A _colors=( @@ -37,6 +38,41 @@ confirm() { [[ $ans == [yY] ]] || exit 1 } +sneaky_path() { + local path + for path in "$@"; do + [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]] \ + && error "Error: You have passed a sneaky path..." + done +} + +tmpdir() { + [[ -n $SECURE_TMPDIR ]] && return + local template="$PROGRAM.XXXXXXXXXXXXX" + if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then + SECURE_TMPDIR="$(mktemp -d "/dev/shm/$template")" + remove_tmpfile() { + rm -rf "$SECURE_TMPDIR" + } + trap remove_tmpfile EXIT + else + [[ $1 == "nowarn" ]] || confirm "$(cat <<-_EOF + Your system does not have /dev/shm, which means that it may + be difficult to entirely erase the temporary non-encrypted + password file after editing. + + Are you sure you would like to continue? + _EOF + )" + SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")" + shred_tmpfile() { + find "$SECURE_TMPDIR" -type f -exec $SHRED {} + + rm -rf "$SECURE_TMPDIR" + } + trap shred_tmpfile EXIT + fi +} + # GIT HANDLING unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE GIT_INDEX_FILE GIT_INDEX_VERSION GIT_OBJECT_DIRECTORY GIT_COMMON_DIR export GIT_CEILING_DIRECTORIES="$CRYPT_PATH/.." @@ -116,40 +152,7 @@ gpg_recipients() { done < "$current" } -sneaky_path() { - local path - for path in "$@"; do - [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]] \ - && error "Error: You have passed a sneaky path..." - done -} - -tmpdir() { - [[ -n $SECURE_TMPDIR ]] && return - local template="$PROGRAM.XXXXXXXXXXXXX" - if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then - SECURE_TMPDIR="$(mktemp -d "/dev/shm/$template")" - remove_tmpfile() { - rm -rf "$SECURE_TMPDIR" - } - trap remove_tmpfile EXIT - else - [[ $1 == "nowarn" ]] || confirm "$(cat <<-_EOF - Your system does not have /dev/shm, which means that it may - be difficult to entirely erase the temporary non-encrypted - password file after editing. - - Are you sure you would like to continue? - _EOF - )" - SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")" - shred_tmpfile() { - find "$SECURE_TMPDIR" -type f -exec $SHRED {} + - rm -rf "$SECURE_TMPDIR" - } - trap shred_tmpfile EXIT - fi -} +#TODO: SIGNING reencrypt_path() { local prev_gpg_recipients="" gpg_keys="" current_keys="" index file @@ -181,7 +184,7 @@ reencrypt_path() { mv "$file_temp" "$file" || rm -f "$file_temp" fi prev_gpg_recipients="${GPG_RECIPIENTS[*]}" - done < <(find "$1" -path '*/.git' -prune -o -name '*.extensions' -prune -o -iname '*.gpg' -print0) + done < <(find "$1" -path '*/.git' -prune -o -name '*/.extensions' -prune -o -iname '*.gpg' -print0) } # FILE INFO @@ -343,7 +346,7 @@ check_file() { case ${#matches[@]} in 0) [[ "$2" == "noask" ]] || confirm_file "$path" ;; 1) [[ "${matches[0]}" =~ $CRYPT_PATH/(.*)\.gpg ]] && echo "${BASH_REMATCH[1]}" ;; - *) error "Ambiguous entry name: ${matches[@]}" ;; + *) error "Ambiguous entry name: $(echo "${matches[@]}" | sed "s~$CRYPT_PATH/\([^[:space:]]*\).gpg~\1~g")" ;; esac } -- cgit v1.2.3