Hi Steffen,
I didn't consider using it. It sounds like a smart idea though. It would
be a totally different implementation of the same idea. Simpler even.
And that is a good thing™.
Cheers,
Tijn
On 26-07-15 15:35, Steffen Vogel wrote:
Hi,
this is a nice patch!
Did you considered to use git’s textconv support?
This should allow us to use „git blame“ to get the last commit which changed
the password:
pass git blame -L 1,1 -p test.gpg | egrep ^committer-time
This can also be combined with the „—since“ switch.
To enable the textconv filter, you must add those config options to the repo:
.gitattributes:
*.gpg blame=gpg
.git/config:
[blame „gpg]
textconv = gpg —decrypt —no-tty
See: https://git.wiki.kernel.org/index.php/Textconv
Cheers,
Steffen
PS: do we use git textconv filters already in password-store?
—
Steffen Vogel
Robensstraße 69
52070 Aachen
Mail: [email protected]
Mobil: +49 1575 7180927
Web: http://www.steffenvogel.de
Jabber: [email protected]
Am 26.07.2015 um 14:10 schrieb Tijn Schuurmans <[email protected]>:
- assume the password is stored in the first line of a password-file
- find the latest git revision that changes that line
- show all passwords by age
---
src/password-store.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/src/password-store.sh b/src/password-store.sh
index c85cc33..a1e0711 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -127,6 +127,45 @@ check_sneaky_paths() {
done
}
+git_revisions() {
+ [[ -d $GIT_DIR ]] || return
+ local path="$1"
+ local passfile="$path.gpg"
+ git log --format=%H -- $passfile
+}
+
+git_revision() {
+ [[ -d $GIT_DIR ]] || return
+ local path="$1"
+ local revision="$2"
+ local passfile="$path.gpg"
+ git show $revision:$passfile | $GPG -d "${GPG_OPTS[@]}" | head -n 1
+}
+
+oldest_password_change() {
+ [[ -d $GIT_DIR ]] || die "Error: the password store is not a git repository. Try
\"$PROGRAM git init\"."
+ local path="$1"
+ check_sneaky_paths "$path"
+ git_revisions "$path" | while read revision
+ do
+ if [ -z "$password" ]; then
+ password="$(git_revision $path $revision)"
+ else
+ if [ password != "$(git_revision $path $revision)" ];
then
+ break
+ fi
+ fi
+ echo $revision
+ done | tail -n 1
+}
+
+password_ages() {
+ cd $PREFIX && find . -name "*.gpg" | sed 's/^\.\///' | sed 's/\.gpg$//'
| while read path
+ do
+ cmd_age "$path"
+ done
+}
+
#
# END helper functions
#
@@ -257,6 +296,10 @@ cmd_usage() {
$PROGRAM git git-command-args...
If the password store is a git repository, execute a git command
specified by git-command-args.
+ $PROGRAM age pass-name
+ Show when a password last changed as an absolute unix timestamp
and relatively in a human readable format.
+ $PROGRAM ages
+ Show password age for all passwords ordered from newest to
oldest.
$PROGRAM help
Show this text.
$PROGRAM version
@@ -340,6 +383,17 @@ cmd_show() {
fi
}
+cmd_age() {
+ local path="$1"
+ check_sneaky_paths "$path"
+ local oldest=$(oldest_password_change "$path")
+ git show -s --format="%ct%x09%cr%x09"$path"" "$oldest"
+}
+
+cmd_ages() {
+ password_ages | sort -r
+}
+
cmd_find() {
[[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
IFS="," eval 'echo "Search Terms: $*"'
@@ -590,6 +644,8 @@ case "$1" in
help|--help) shift; cmd_usage "$@" ;;
version|--version) shift; cmd_version "$@" ;;
show|ls|list) shift; cmd_show "$@" ;;
+ age) shift; cmd_age "$@" ;;
+ ages) shift; cmd_ages "$@" ;;
find|search) shift; cmd_find "$@" ;;
grep) shift; cmd_grep "$@" ;;
insert|add) shift; cmd_insert "$@" ;;
--
2.4.6
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
