Handle permissions for ~/.gnupg/*gpg
By default, gpg keyrings and configurations will have their permissions locked down. The option `yadm.gpg-perms` can be used to disable.
This commit is contained in:
Tim Byrne
parent
cbb854a32b
commit
3a1a370efb
2 changed files with 18 additions and 4 deletions
5
yadm
5
yadm
|
|
@ -356,6 +356,11 @@ function perms() {
|
|||
GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
|
||||
fi
|
||||
|
||||
#; include all gpg files (unless disabled)
|
||||
if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
|
||||
GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*")
|
||||
fi
|
||||
|
||||
#; include globs found in YADM_ENCRYPT (if present)
|
||||
if [ -f "$YADM_ENCRYPT" ] ; then
|
||||
while IFS='' read -r glob || [ -n "$glob" ]; do
|
||||
|
|
|
|||
17
yadm.1
17
yadm.1
|
|
@ -241,6 +241,11 @@ This feature is enabled by default.
|
|||
Disable the permission changes to
|
||||
.IR $HOME/.ssh/* .
|
||||
This feature is enabled by default.
|
||||
.TP
|
||||
.B yadm.gpg-perms
|
||||
Disable the permission changes to
|
||||
.IR $HOME/.gnupg/* .
|
||||
This feature is enabled by default.
|
||||
.SH ALTERNATES
|
||||
When managing a set of files across different systems, it can be useful to have
|
||||
an automated way of choosing an alternate version of a file for a different
|
||||
|
|
@ -307,9 +312,9 @@ configuration.
|
|||
Even if disabled, links can be manually created by running
|
||||
.BR yadm\ alt .
|
||||
.SH ENCRYPTION
|
||||
It can be useful to manage confidential files, like SSH keys, across multiple
|
||||
systems. However, doing so would put plain text data into a Git repository,
|
||||
which often resides on a public system.
|
||||
It can be useful to manage confidential files, like SSH or GPG keys, across
|
||||
multiple systems. However, doing so would put plain text data into a Git
|
||||
repository, which often resides on a public system.
|
||||
.B yadm
|
||||
implements a feature which can make it easy to encrypt and decrypt a set of
|
||||
files so the encrypted version can be maintained in the Git repository.
|
||||
|
|
@ -325,7 +330,8 @@ This list of patterns should be relative to the configured
|
|||
For example:
|
||||
|
||||
.RS
|
||||
.BR \ .ssh/*.key
|
||||
.ssh/*.key
|
||||
.gnupg/*.gpg
|
||||
.RE
|
||||
|
||||
The
|
||||
|
|
@ -363,6 +369,9 @@ The "group" and "others" permissions will be removed from the following files:
|
|||
- The SSH directory and files,
|
||||
.I .ssh/*
|
||||
|
||||
- The GPG directory and files,
|
||||
.I .gnupg/*
|
||||
|
||||
.B yadm
|
||||
will automatically update permissions by default. This can be disabled using the
|
||||
.I yadm.auto-perms
|
||||
|
|
|
|||
Loading…
Reference in a new issue