Hi, this is a nice patch!
Did you considered to use git’s textconv support?
This should allow us to use „git blame“ to get the last commit which changed
the password:
pass git blame -L 1,1 -p test.gpg | egrep ^committer-time
This can also be combined with the „—since“ switch.
To enable the textconv filter, you must add those config options to the repo:
.gitattributes:
*.gpg blame=gpg
.git/config:
[blame „gpg]
textconv = gpg —decrypt —no-tty
See: https://git.wiki.kernel.org/index.php/Textconv
Cheers,
Steffen
PS: do we use git textconv filters already in password-store?
—
Steffen Vogel
Robensstraße 69
52070 Aachen
Mail: [email protected]
Mobil: +49 1575 7180927
Web: http://www.steffenvogel.de
Jabber: [email protected]
> Am 26.07.2015 um 14:10 schrieb Tijn Schuurmans <[email protected]>:
>
> - assume the password is stored in the first line of a password-file
> - find the latest git revision that changes that line
> - show all passwords by age
> ---
> src/password-store.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 56 insertions(+)
>
> diff --git a/src/password-store.sh b/src/password-store.sh
> index c85cc33..a1e0711 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -127,6 +127,45 @@ check_sneaky_paths() {
> done
> }
>
> +git_revisions() {
> + [[ -d $GIT_DIR ]] || return
> + local path="$1"
> + local passfile="$path.gpg"
> + git log --format=%H -- $passfile
> +}
> +
> +git_revision() {
> + [[ -d $GIT_DIR ]] || return
> + local path="$1"
> + local revision="$2"
> + local passfile="$path.gpg"
> + git show $revision:$passfile | $GPG -d "${GPG_OPTS[@]}" | head -n 1
> +}
> +
> +oldest_password_change() {
> + [[ -d $GIT_DIR ]] || die "Error: the password store is not a git
> repository. Try \"$PROGRAM git init\"."
> + local path="$1"
> + check_sneaky_paths "$path"
> + git_revisions "$path" | while read revision
> + do
> + if [ -z "$password" ]; then
> + password="$(git_revision $path $revision)"
> + else
> + if [ password != "$(git_revision $path $revision)" ];
> then
> + break
> + fi
> + fi
> + echo $revision
> + done | tail -n 1
> +}
> +
> +password_ages() {
> + cd $PREFIX && find . -name "*.gpg" | sed 's/^\.\///' | sed 's/\.gpg$//'
> | while read path
> + do
> + cmd_age "$path"
> + done
> +}
> +
> #
> # END helper functions
> #
> @@ -257,6 +296,10 @@ cmd_usage() {
> $PROGRAM git git-command-args...
> If the password store is a git repository, execute a git command
> specified by git-command-args.
> + $PROGRAM age pass-name
> + Show when a password last changed as an absolute unix timestamp
> and relatively in a human readable format.
> + $PROGRAM ages
> + Show password age for all passwords ordered from newest to
> oldest.
> $PROGRAM help
> Show this text.
> $PROGRAM version
> @@ -340,6 +383,17 @@ cmd_show() {
> fi
> }
>
> +cmd_age() {
> + local path="$1"
> + check_sneaky_paths "$path"
> + local oldest=$(oldest_password_change "$path")
> + git show -s --format="%ct%x09%cr%x09"$path"" "$oldest"
> +}
> +
> +cmd_ages() {
> + password_ages | sort -r
> +}
> +
> cmd_find() {
> [[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
> IFS="," eval 'echo "Search Terms: $*"'
> @@ -590,6 +644,8 @@ case "$1" in
> help|--help) shift; cmd_usage "$@" ;;
> version|--version) shift; cmd_version "$@" ;;
> show|ls|list) shift; cmd_show "$@" ;;
> + age) shift; cmd_age "$@" ;;
> + ages) shift; cmd_ages "$@" ;;
> find|search) shift; cmd_find "$@" ;;
> grep) shift; cmd_grep "$@" ;;
> insert|add) shift; cmd_insert "$@" ;;
> --
> 2.4.6
>
> _______________________________________________
> Password-Store mailing list
> [email protected]
> http://lists.zx2c4.com/mailman/listinfo/password-store
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
