Only assert private dirs, when worktree = $HOME (#171)

test/test_perms.py

@@ -38,7 +38,7 @@ def test_perms(runner, yadm_y, paths, ds1, autoperms):
     cmd = 'perms'
     if autoperms != 'notest':
         cmd = 'status'
-    run = runner(yadm_y(cmd))
+    run = runner(yadm_y(cmd), env={'HOME': paths.work})
     assert run.success
     assert run.err == ''
     if cmd == 'perms':
@@ -81,7 +81,7 @@ def test_perms_control(runner, yadm_y, paths, ds1, sshperms, gpgperms):
         assert not oct(private.stat().mode).endswith('00'), (
             'Path started secured')
 
-    run = runner(yadm_y('perms'))
+    run = runner(yadm_y('perms'), env={'HOME': paths.work})
     assert run.success
     assert run.err == ''
     assert run.out == ''

yadm

@@ -1107,14 +1107,17 @@ function perms() {
   # include the archive created by "encrypt"
   [ -f "$YADM_ARCHIVE" ] && GLOBS+=("$YADM_ARCHIVE")
 
-  # include all .ssh files (unless disabled)
-  if [[ $(config --bool yadm.ssh-perms) != "false" ]] ; then
-    GLOBS+=(".ssh" ".ssh/*" ".ssh/.[!.]*")
-  fi
+  # only include private globs if using HOME as worktree
+  if [ "$YADM_WORK" = "$HOME" ]; then
+    # include all .ssh files (unless disabled)
+    if [[ $(config --bool yadm.ssh-perms) != "false" ]] ; then
+      GLOBS+=(".ssh" ".ssh/*" ".ssh/.[!.]*")
+    fi
 
-  # include all gpg files (unless disabled)
-  if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
-    GLOBS+=(".gnupg" ".gnupg/*" ".gnupg/.[!.]*")
+    # include all gpg files (unless disabled)
+    if [[ $(config --bool yadm.gpg-perms) != "false" ]] ; then
+      GLOBS+=(".gnupg" ".gnupg/*" ".gnupg/.[!.]*")
+    fi
   fi
 
   # include any files we encrypt