psi-jack/yadm
1
0
Fork 0
mirror of synced 2025-01-07 05:32:17 -05:00
Code Issues Releases Wiki Activity

Handle permissions for ~/.gnupg/*gpg

Browse source 
By default, gpg keyrings and configurations will have their permissions
locked down. The option `yadm.gpg-perms` can be used to disable.
This commit is contained in:
Tim Byrne 2015-08-07 07:18:22 -05:00
parent cbb854a32b
commit 3a1a370efb
2 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
yadm
View file

@ -356,6 +356,11 @@ function perms() {
GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*") GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
fi fi
#; include all gpg files (unless disabled)
if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*")
fi
#; include globs found in YADM_ENCRYPT (if present) #; include globs found in YADM_ENCRYPT (if present)
if [ -f "$YADM_ENCRYPT" ] ; then if [ -f "$YADM_ENCRYPT" ] ; then
while IFS='' read -r glob || [ -n "$glob" ]; do while IFS='' read -r glob || [ -n "$glob" ]; do

17
yadm.1
View file

@ -241,6 +241,11 @@ This feature is enabled by default.
Disable the permission changes to Disable the permission changes to
.IR $HOME/.ssh/* . .IR $HOME/.ssh/* .
This feature is enabled by default. This feature is enabled by default.
.TP
.B yadm.gpg-perms
Disable the permission changes to
.IR $HOME/.gnupg/* .
This feature is enabled by default.
.SH ALTERNATES .SH ALTERNATES
When managing a set of files across different systems, it can be useful to have When managing a set of files across different systems, it can be useful to have
an automated way of choosing an alternate version of a file for a different an automated way of choosing an alternate version of a file for a different
@ -307,9 +312,9 @@ configuration.
Even if disabled, links can be manually created by running Even if disabled, links can be manually created by running
.BR yadm\ alt . .BR yadm\ alt .
.SH ENCRYPTION .SH ENCRYPTION
It can be useful to manage confidential files, like SSH keys, across multiple It can be useful to manage confidential files, like SSH or GPG keys, across
systems. However, doing so would put plain text data into a Git repository, multiple systems. However, doing so would put plain text data into a Git
which often resides on a public system. repository, which often resides on a public system.
.B yadm .B yadm
implements a feature which can make it easy to encrypt and decrypt a set of implements a feature which can make it easy to encrypt and decrypt a set of
files so the encrypted version can be maintained in the Git repository. files so the encrypted version can be maintained in the Git repository.
@ -325,7 +330,8 @@ This list of patterns should be relative to the configured
For example: For example:
.RS .RS
.BR \ .ssh/*.key .ssh/*.key
.gnupg/*.gpg
.RE .RE
The The
@ -363,6 +369,9 @@ The "group" and "others" permissions will be removed from the following files:
- The SSH directory and files, - The SSH directory and files,
.I .ssh/* .I .ssh/*
- The GPG directory and files,
.I .gnupg/*
.B yadm .B yadm
will automatically update permissions by default. This can be disabled using the will automatically update permissions by default. This can be disabled using the
.I yadm.auto-perms .I yadm.auto-perms