Handle permissions for `~/.gnupg/*gpg`
By default, gpg keyrings and configurations will have their permissions locked down. The option `yadm.gpg-perms` can be used to disable.
This commit is contained in:
Tim Byrne
parent
cbb854a32b
commit
3a1a370efb
5
yadm
5
yadm
|
|
@ -356,6 +356,11 @@ function perms() {
|
||||||
GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
|
GLOBS=("${GLOBS[@]}" ".ssh" ".ssh/*")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#; include all gpg files (unless disabled)
|
||||||
|
if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
|
||||||
|
GLOBS=("${GLOBS[@]}" ".gnupg" ".gnupg/*")
|
||||||
|
fi
|
||||||
|
|
||||||
#; include globs found in YADM_ENCRYPT (if present)
|
#; include globs found in YADM_ENCRYPT (if present)
|
||||||
if [ -f "$YADM_ENCRYPT" ] ; then
|
if [ -f "$YADM_ENCRYPT" ] ; then
|
||||||
while IFS='' read -r glob || [ -n "$glob" ]; do
|
while IFS='' read -r glob || [ -n "$glob" ]; do
|
||||||
|
|
|
||||||
17
yadm.1
17
yadm.1
|
|
@ -241,6 +241,11 @@ This feature is enabled by default.
|
||||||
Disable the permission changes to
|
Disable the permission changes to
|
||||||
.IR $HOME/.ssh/* .
|
.IR $HOME/.ssh/* .
|
||||||
This feature is enabled by default.
|
This feature is enabled by default.
|
||||||
|
.TP
|
||||||
|
.B yadm.gpg-perms
|
||||||
|
Disable the permission changes to
|
||||||
|
.IR $HOME/.gnupg/* .
|
||||||
|
This feature is enabled by default.
|
||||||
.SH ALTERNATES
|
.SH ALTERNATES
|
||||||
When managing a set of files across different systems, it can be useful to have
|
When managing a set of files across different systems, it can be useful to have
|
||||||
an automated way of choosing an alternate version of a file for a different
|
an automated way of choosing an alternate version of a file for a different
|
||||||
|
|
@ -307,9 +312,9 @@ configuration.
|
||||||
Even if disabled, links can be manually created by running
|
Even if disabled, links can be manually created by running
|
||||||
.BR yadm\ alt .
|
.BR yadm\ alt .
|
||||||
.SH ENCRYPTION
|
.SH ENCRYPTION
|
||||||
It can be useful to manage confidential files, like SSH keys, across multiple
|
It can be useful to manage confidential files, like SSH or GPG keys, across
|
||||||
systems. However, doing so would put plain text data into a Git repository,
|
multiple systems. However, doing so would put plain text data into a Git
|
||||||
which often resides on a public system.
|
repository, which often resides on a public system.
|
||||||
.B yadm
|
.B yadm
|
||||||
implements a feature which can make it easy to encrypt and decrypt a set of
|
implements a feature which can make it easy to encrypt and decrypt a set of
|
||||||
files so the encrypted version can be maintained in the Git repository.
|
files so the encrypted version can be maintained in the Git repository.
|
||||||
|
|
@ -325,7 +330,8 @@ This list of patterns should be relative to the configured
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
.RS
|
.RS
|
||||||
.BR \ .ssh/*.key
|
.ssh/*.key
|
||||||
|
.gnupg/*.gpg
|
||||||
.RE
|
.RE
|
||||||
|
|
||||||
The
|
The
|
||||||
|
|
@ -363,6 +369,9 @@ The "group" and "others" permissions will be removed from the following files:
|
||||||
- The SSH directory and files,
|
- The SSH directory and files,
|
||||||
.I .ssh/*
|
.I .ssh/*
|
||||||
|
|
||||||
|
- The GPG directory and files,
|
||||||
|
.I .gnupg/*
|
||||||
|
|
||||||
.B yadm
|
.B yadm
|
||||||
will automatically update permissions by default. This can be disabled using the
|
will automatically update permissions by default. This can be disabled using the
|
||||||
.I yadm.auto-perms
|
.I yadm.auto-perms
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue