commit ae49ca64df0243ccf9bc826035f79533939d92c6
parent 17b155bab2914fbf4658497f84dfc2eeefa43b0e
Author: St John Karp <contact@stjo.hn>
Date: Tue, 7 Sep 2021 22:15:04 -0400
Fix the edit command and add handling for some scenarios
- Fixed the gpg2 command used when editing a password.
- Create the password's folder if it doesn't already exist.
- Only try to encrypt/delete the temp file if it's been saved.
I'm currently using this in lieu of the "insert" command, which I
can't figure out how to implement securely. Either I read input
into a variable, which doesn't sound secure, or I have the user
input a password directly into gpg2, which requires doing CTRL-D
to end the input.
Diffstat:
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/balrog b/balrog
@@ -65,12 +65,22 @@ KEY_FILE="$STORE/$KEY.gpg"
while [ -n "$ACTION" ] ; do
case "$ACTION" in
edit)
+ # Create the path.
+ mkdir -p "${KEY_FILE%/*}"
+
# Decrypt to a temporary file, allow the user to edit it,
# then re-encrypt and delete the temp file.
- gpg2 --decrypt --quiet "$KEY_FILE" --output "$TMP_FILE"
+ [ -f "$KEY_FILE" ] &&
+ gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE"
+
+ # Allow the user to edit a temporary file,
+ # then encrypt it and delete the temp file.
"${EDITOR:-vi}" "$TMP_FILE"
- gpg2 --quiet --encrypt --default-recipient-self --output "$KEY_FILE" 2> /dev/null
- rm "$TMP_FILE"
+
+ [ -f "$TMP_FILE" ] &&
+ gpg2 --quiet --yes --encrypt --default-recipient-self --output "$KEY_FILE" "$TMP_FILE" 2> /dev/null &&
+ rm "$TMP_FILE" ||
+ echo "No changes..."
ACTION=''
;;