-
Jason A. Donenfeld authored
Matthew writes: If the initial decrypt fails then the rest of the line shouldn't continue, as it won't be a properly decrypted password being re-encrypted and written over the existing passfile. One solution to this would be to enable pipefail (set -o pipefail) - either just before, or at the start of this script. This would cause the failure of any of the commands in a pipe to set the return status of the whole pipeline to non-zero (the last failed command's return code is used). We take his suggestion with this patch. While we're at it, we take a little bit extra care (though not too much extra care) to select a more random intermediate password, in case folks have a strange habit of using a dot-new extension on files. Suggested-by:Matthew Richardson <m.richardson@ed.ac.uk> Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld authoredMatthew writes: If the initial decrypt fails then the rest of the line shouldn't continue, as it won't be a properly decrypted password being re-encrypted and written over the existing passfile. One solution to this would be to enable pipefail (set -o pipefail) - either just before, or at the start of this script. This would cause the failure of any of the commands in a pipe to set the return status of the whole pipeline to non-zero (the last failed command's return code is used). We take his suggestion with this patch. While we're at it, we take a little bit extra care (though not too much extra care) to select a more random intermediate password, in case folks have a strange habit of using a dot-new extension on files. Suggested-by:
