1
0
Fork 0
mirror of synced 2024-07-21 03:50:34 -04:00

Handle permissions for ~/.gnupg/*gpg

By default, gpg keyrings and configurations will have their permissions
locked down. The option `yadm.gpg-perms` can be used to disable.
This commit is contained in:
Tim Byrne 2015-08-07 07:18:22 -05:00
parent cbb854a32b
commit 3a1a370efb
2 changed files with 18 additions and 4 deletions

5
yadm
View file

@ -356,6 +356,11 @@ function perms() {
GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
fi
#; include all gpg files (unless disabled)
if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*")
fi
#; include globs found in YADM_ENCRYPT (if present)
if [ -f "$YADM_ENCRYPT" ] ; then
while IFS='' read -r glob || [ -n "$glob" ]; do

17
yadm.1
View file

@ -241,6 +241,11 @@ This feature is enabled by default.
Disable the permission changes to
.IR $HOME/.ssh/* .
This feature is enabled by default.
.TP
.B yadm.gpg-perms
Disable the permission changes to
.IR $HOME/.gnupg/* .
This feature is enabled by default.
.SH ALTERNATES
When managing a set of files across different systems, it can be useful to have
an automated way of choosing an alternate version of a file for a different
@ -307,9 +312,9 @@ configuration.
Even if disabled, links can be manually created by running
.BR yadm\ alt .
.SH ENCRYPTION
It can be useful to manage confidential files, like SSH keys, across multiple
systems. However, doing so would put plain text data into a Git repository,
which often resides on a public system.
It can be useful to manage confidential files, like SSH or GPG keys, across
multiple systems. However, doing so would put plain text data into a Git
repository, which often resides on a public system.
.B yadm
implements a feature which can make it easy to encrypt and decrypt a set of
files so the encrypted version can be maintained in the Git repository.
@ -325,7 +330,8 @@ This list of patterns should be relative to the configured
For example:
.RS
.BR \ .ssh/*.key
.ssh/*.key
.gnupg/*.gpg
.RE
The
@ -363,6 +369,9 @@ The "group" and "others" permissions will be removed from the following files:
- The SSH directory and files,
.I .ssh/*
- The GPG directory and files,
.I .gnupg/*
.B yadm
will automatically update permissions by default. This can be disabled using the
.I yadm.auto-perms