mirror of
				https://github.com/TheLocehiliosan/yadm
				synced 2025-06-13 13:03:58 +00:00 
			
		
		
		
	Support yadm.gpg-recipient = ASK
				
					
				
			This commit is contained in:
		
							parent
							
								
									5ad5b2df7e
								
							
						
					
					
						commit
						ea3b2ecfa8
					
				| @ -76,7 +76,7 @@ function validate_archive() { | |||||||
|       foreach {pid spawnid os_error_flag value} [wait] break |       foreach {pid spawnid os_error_flag value} [wait] break | ||||||
| EOF | EOF | ||||||
|   else |   else | ||||||
|     gpg -q -d "$T_YADM_ARCHIVE" || echo 1 | tar t | sort > "$T_TMP/archive_list" |     gpg -q -d "$T_YADM_ARCHIVE" | tar t | sort > "$T_TMP/archive_list" | ||||||
|   fi |   fi | ||||||
| 
 | 
 | ||||||
|   #; inventory what is expected in the archive |   #; inventory what is expected in the archive | ||||||
| @ -534,7 +534,7 @@ EOF | |||||||
|   run expect <<EOF |   run expect <<EOF | ||||||
|     set timeout 2; |     set timeout 2; | ||||||
|     spawn ${T_YADM_Y[*]} encrypt; |     spawn ${T_YADM_Y[*]} encrypt; | ||||||
|     expect "recipient:" {send "$T_KEY_NAME\n\n"} |     expect "Enter the user ID" {send "$T_KEY_NAME\n\n"} | ||||||
|     expect "$" |     expect "$" | ||||||
|     foreach {pid spawnid os_error_flag value} [wait] break |     foreach {pid spawnid os_error_flag value} [wait] break | ||||||
|     exit \$value |     exit \$value | ||||||
|  | |||||||
							
								
								
									
										10
									
								
								yadm
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								yadm
									
									
									
									
									
								
							| @ -228,10 +228,12 @@ function encrypt() { | |||||||
| 
 | 
 | ||||||
|   #; Build gpg options for gpg |   #; Build gpg options for gpg | ||||||
|   GPG_KEY="$(config yadm.gpg-recipient)" |   GPG_KEY="$(config yadm.gpg-recipient)" | ||||||
|   if [ "$GPG_KEY" != "" ]; then |   if [ "$GPG_KEY" = "ASK" ]; then | ||||||
|     GPG_OPTS="-er $GPG_KEY" |     GPG_OPTS=("--no-default-recipient" "-e") | ||||||
|  |   elif [ "$GPG_KEY" != "" ]; then | ||||||
|  |     GPG_OPTS=("-e" "-r $GPG_KEY") | ||||||
|   else |   else | ||||||
|     GPG_OPTS="-c" |     GPG_OPTS=("-c") | ||||||
|   fi |   fi | ||||||
| 
 | 
 | ||||||
|   #; build a list of globs from YADM_ENCRYPT |   #; build a list of globs from YADM_ENCRYPT | ||||||
| @ -243,7 +245,7 @@ function encrypt() { | |||||||
|   done < "$YADM_ENCRYPT" |   done < "$YADM_ENCRYPT" | ||||||
| 
 | 
 | ||||||
|   #; encrypt all files which match the globs |   #; encrypt all files which match the globs | ||||||
|   tar -cv "${GLOBS[@]}" | gpg --yes "$GPG_OPTS" --output "$YADM_ARCHIVE" |   tar -cv "${GLOBS[@]}" | gpg --yes "${GPG_OPTS[@]}" --output "$YADM_ARCHIVE" | ||||||
|   if [ $? = 0 ]; then |   if [ $? = 0 ]; then | ||||||
|     echo "Wrote new file: $YADM_ARCHIVE" |     echo "Wrote new file: $YADM_ARCHIVE" | ||||||
|   else |   else | ||||||
|  | |||||||
							
								
								
									
										12
									
								
								yadm.1
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								yadm.1
									
									
									
									
									
								
							| @ -295,9 +295,12 @@ This feature is enabled by default. | |||||||
| .TP | .TP | ||||||
| .B yadm.gpg-recipient | .B yadm.gpg-recipient | ||||||
| Asymmetrically encrypt files with a gpg public/private key pair. | Asymmetrically encrypt files with a gpg public/private key pair. | ||||||
| Provide a key ID to encrypt against that public key. | Provide a "key ID" to specify which public key to encrypt with. | ||||||
|  | The key must exist in your public keyrings. | ||||||
| If left blank or not provided, symmetric encryption is used instead. | If left blank or not provided, symmetric encryption is used instead. | ||||||
| This feature is disabled by deafult. | If set to "ASK", gpg will interactively ask for recipients. | ||||||
|  | See the ENCRYPTION section for more details. | ||||||
|  | This feature is disabled by default. | ||||||
| .SH ALTERNATES | .SH ALTERNATES | ||||||
| When managing a set of files across different systems, it can be useful to have | When managing a set of files across different systems, it can be useful to have | ||||||
| an automated way of choosing an alternate version of a file for a different | an automated way of choosing an alternate version of a file for a different | ||||||
| @ -403,6 +406,11 @@ and provide the correct password. | |||||||
| After files are decrypted, permissions are automatically updated as described | After files are decrypted, permissions are automatically updated as described | ||||||
| in the PERMISSIONS section. | in the PERMISSIONS section. | ||||||
| 
 | 
 | ||||||
|  | Symmetric encryption is used by default, but asymmetric encryption may be | ||||||
|  | enabled using the | ||||||
|  | .I yadm.gpg-recipient | ||||||
|  | configuration. | ||||||
|  | 
 | ||||||
| .BR NOTE : | .BR NOTE : | ||||||
| It is recommended that you use a private repository when keeping confidential | It is recommended that you use a private repository when keeping confidential | ||||||
| files, even though they are encrypted. | files, even though they are encrypted. | ||||||
|  | |||||||
							
								
								
									
										24
									
								
								yadm.md
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								yadm.md
									
									
									
									
									
								
							| @ -181,9 +181,12 @@ | |||||||
| 
 | 
 | ||||||
|        yadm.gpg-recipient |        yadm.gpg-recipient | ||||||
|               Asymmetrically encrypt files with a gpg public/private key pair. |               Asymmetrically encrypt files with a gpg public/private key pair. | ||||||
|               Provice a key ID to encrypt against that public key. |               Provide  a "key ID" to specify which public key to encrypt with. | ||||||
|               If left blank or not provided, symmetric encryption is used |               The key must exist in your public keyrings.  If  left  blank  or | ||||||
|               instead. This feature is disabled by deafult. |               not  provided,  symmetric encryption is used instead.  If set to | ||||||
|  |               "ASK", gpg will  interactively  ask  for  recipients.   See  the | ||||||
|  |               ENCRYPTION  section  for more details.  This feature is disabled | ||||||
|  |               by default. | ||||||
| 
 | 
 | ||||||
| ## ALTERNATES | ## ALTERNATES | ||||||
|        When managing a set of files across different systems, it can be useful |        When managing a set of files across different systems, it can be useful | ||||||
| @ -264,16 +267,19 @@ | |||||||
|        provide  the  correct password.  After files are decrypted, permissions |        provide  the  correct password.  After files are decrypted, permissions | ||||||
|        are automatically updated as described in the PERMISSIONS section. |        are automatically updated as described in the PERMISSIONS section. | ||||||
| 
 | 
 | ||||||
|        NOTE: It is recommended that you use a private repository when  keeping |        Symmetric encryption is used by default, but asymmetric encryption  may | ||||||
|  |        be enabled using the yadm.gpg-recipient configuration. | ||||||
|  | 
 | ||||||
|  |        NOTE:  It is recommended that you use a private repository when keeping | ||||||
|        confidential files, even though they are encrypted. |        confidential files, even though they are encrypted. | ||||||
| 
 | 
 | ||||||
| ## PERMISSIONS | ## PERMISSIONS | ||||||
|        When  files  are checked out of a Git repository, their initial permis- |        When files are checked out of a Git repository, their  initial  permis- | ||||||
|        sions are dependent upon the user's umask. This can result in confiden- |        sions are dependent upon the user's umask. This can result in confiden- | ||||||
|        tial files with lax permissions. |        tial files with lax permissions. | ||||||
| 
 | 
 | ||||||
|        To prevent this, yadm will automatically update the permissions of con- |        To prevent this, yadm will automatically update the permissions of con- | ||||||
|        fidential files.  The "group" and "others" permissions will be  removed |        fidential  files.  The "group" and "others" permissions will be removed | ||||||
|        from the following files: |        from the following files: | ||||||
| 
 | 
 | ||||||
|        - $HOME/.yadm/files.gpg |        - $HOME/.yadm/files.gpg | ||||||
| @ -285,13 +291,13 @@ | |||||||
|        - The GPG directory and files, .gnupg/* |        - The GPG directory and files, .gnupg/* | ||||||
| 
 | 
 | ||||||
|        yadm will automatically update permissions by default. This can be dis- |        yadm will automatically update permissions by default. This can be dis- | ||||||
|        abled using the yadm.auto-perms configuration.  Even if disabled,  per- |        abled  using the yadm.auto-perms configuration.  Even if disabled, per- | ||||||
|        missions can be manually updated by running yadm perms.  The SSH direc- |        missions can be manually updated by running yadm perms.  The SSH direc- | ||||||
|        tory processing can be disabled using the yadm.ssh-perms configuration. |        tory processing can be disabled using the yadm.ssh-perms configuration. | ||||||
| 
 | 
 | ||||||
| ## FILES | ## FILES | ||||||
|        The  following are the default paths yadm uses for its own data.  These |        The following are the default paths yadm uses for its own data.   These | ||||||
|        paths can be altered using universal options.  See the OPTIONS  section |        paths  can be altered using universal options.  See the OPTIONS section | ||||||
|        for details. |        for details. | ||||||
| 
 | 
 | ||||||
|        $HOME/.yadm |        $HOME/.yadm | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user