Newer
Older
#!/bin/bash
#
# # pass-git-svn
#
# This is an extension to the [standard linux password
# manager](https://www.passwordstore.org/) that allows passwords to
# back up to an svn repository instead of a git repository. This
# extension does that by using git-svn.
#
############################################################
# ## Install
#
# You will need a newer version of pass that has extensions enabled.
# Install pass 1.7+ from the [github
# repo](https://git.zx2c4.com/password-store) or from Debian's
# experimental repository (assuming you have the experimental repo
# pinned in /etc/apt/preferences):
# You will also need a copy of this extension:
# git clone https://github.com/OpenTechStrategies/pass-git-svn
#
# Setup your environment (you might want to add this to .bashrc):
#
# export PASSWORD_STORE_ENABLE_EXTENSIONS=true
#
# cp <path-to-pass-git-svn-repo>/git-svn.bash ~/.password-store/.extensions
# chmod +x ~/.password-store/.extensions/git-svn.bash
# pass git-svn clone https://example.com/repos/work/trunk/.password-store
#
############################################################
# ## Using pass-git-svn
#
# You can use pass as you normally would. It's in-built git routines
# will keep checking in your local changes. When it's time to sync
# with your svn server, use `pass git-svn fetch` and `pass git-svn
# rebase` to pull down changes. Then, use `pass git-svn dcommit` to
# send your changes up to the svn server.
#
############################################################
# ## Authorizing new people to read/write to the password store
#
# Just add them to .gpg-id. This works on a per-directory basis, so you
# can restrict people by leaving them out of that file. TODO: verify
# that lots of people in a parent dir is effectively restricted by fewer
# people in the subdir .gpg-id.
#
# Note that adding somebody to the .gpg-id does not actually
# re-encrypt all the files in that directory with that person's key.
# Same with removing a person. TODO: investigate whether the init
# command can be used to handle this. Or else script opening and
# saving all the files to update the list of keys that will decrypt
# them.
#
###########################################################
# If you already have pass running with another configuration, you can add
# alias workpass='PASSWORD_STORE_ENABLE_EXTENSIONS=true PASSWORD_STORE_DIR=~/.work-password-store pass'
# This will let you do `workpass git-svn fetch` to sync your work
# passwords and keep them separate from your usual ~/.password-store.
# You can continue to access your non-work passwords with `pass`. You
# can also use symlinks to access your work passwords from your
# non-work password store. You'll still need to workpass for git-svn
# commands, though.
###########################################################
# ## Contributing
#
# Please file bug reports and issue patch requests in the GitHub
#
# This extension is based on some code found in password-store.sh from
# the [standard linux password
# manager](https://www.passwordstore.org/). That code is licensed
# under GPLv2+. This extension is copyright 2017 James Vasile
# <james@opentechstrategies.com> and is released under the terms of
# the [GNU General Public License, Version
# 3](https://www.gnu.org/licenses/gpl-3.0-standalone.html) or later.
#
###########################################################
# ## Documentation
#
# This extension will display documentation if run directly as a bash
# script or as an extension if you do `pass git-svn help`
if [[ "$0" == ${BASH_SOURCE[0]} || $1 == "help" || -z "$1" ]]; then
tail -n +3 ${BASH_SOURCE[0]} | sed "s/^\#\# //" | grep ^\# | sed "s/\#\#\#\#\#\#\#\#\#\#*//" | sed "s/. \?//"
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
set_git "$PREFIX/"
if [[ $1 == "clone" ]]; then
INNER_GIT_DIR="$PREFIX"
pushd "$INNER_GIT_DIR" > /dev/null
[[ -e .gpg-id ]] && mv .gpg-id /tmp/.gpg-id.orig
touch .gitignore
grep -q .gitattributes .gitignore || echo .gitattributes >> .gitignore
grep -q .gitignore .gitignore || echo .gitignore >> .gitignore
grep -q .extensions .gitignore || echo .extensions >> .gitignore
shift
git svn clone "$1" . || exit 1
cat /tmp/.gpg-id.orig >> .gpg-id
sort -u .gpg-id -o .gpg-id
popd > /dev/null
git_add_file "$PREFIX" "Add current contents of password store."
echo '*.gpg diff=gpg' > "$PREFIX/.gitattributes"
git_add_file .gitattributes "Configure git repository for gpg file diff."
git -C "$INNER_GIT_DIR" config --local diff.gpg.binary true
git -C "$INNER_GIT_DIR" config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}"
elif [[ -n $INNER_GIT_DIR ]]; then
pushd $INNER_GIT_DIR > /dev/null
tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files.
export TMPDIR="$SECURE_TMPDIR"
git svn "$@"
popd > /dev/null
else
die "Error: the password store is not a git-svn repository. Try \"$PROGRAM git-svn init\"."
fi