diff --git a/yadm b/yadm index 62f64ef..6997332 100755 --- a/yadm +++ b/yadm @@ -356,6 +356,11 @@ function perms() { GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*") fi + #; include all gpg files (unless disabled) + if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then + GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*") + fi + #; include globs found in YADM_ENCRYPT (if present) if [ -f "$YADM_ENCRYPT" ] ; then while IFS='' read -r glob || [ -n "$glob" ]; do diff --git a/yadm.1 b/yadm.1 index 621cc38..11ef01b 100644 --- a/yadm.1 +++ b/yadm.1 @@ -241,6 +241,11 @@ This feature is enabled by default. Disable the permission changes to .IR $HOME/.ssh/* . This feature is enabled by default. +.TP +.B yadm.gpg-perms +Disable the permission changes to +.IR $HOME/.gnupg/* . +This feature is enabled by default. .SH ALTERNATES When managing a set of files across different systems, it can be useful to have an automated way of choosing an alternate version of a file for a different @@ -307,9 +312,9 @@ configuration. Even if disabled, links can be manually created by running .BR yadm\ alt . .SH ENCRYPTION -It can be useful to manage confidential files, like SSH keys, across multiple -systems. However, doing so would put plain text data into a Git repository, -which often resides on a public system. +It can be useful to manage confidential files, like SSH or GPG keys, across +multiple systems. However, doing so would put plain text data into a Git +repository, which often resides on a public system. .B yadm implements a feature which can make it easy to encrypt and decrypt a set of files so the encrypted version can be maintained in the Git repository. @@ -325,7 +330,8 @@ This list of patterns should be relative to the configured For example: .RS -.BR \ .ssh/*.key + .ssh/*.key + .gnupg/*.gpg .RE The @@ -363,6 +369,9 @@ The "group" and "others" permissions will be removed from the following files: - The SSH directory and files, .I .ssh/* +- The GPG directory and files, +.I .gnupg/* + .B yadm will automatically update permissions by default. This can be disabled using the .I yadm.auto-perms