psi-jack
/
yadm
mirror of
1
0
Fork 0
Code Issues Releases Wiki Activity

Release 2.3.0 

Update version number and update documentation

* Support git-crypt (#168)
* Support specifying a command after `yadm enter`
* Expose GIT_WORK_TREE during `yadm enter` (#160)
* Support GNUPGHOME environment variable (#134)
* Assert private dirs, only when worktree = $HOME (#171)
This commit is contained in:
Tim Byrne 2019-12-17 07:15:58 -06:00
parent ba5829ad48
commit b4fd9e19c2
No known key found for this signature in database
GPG Key ID: 14DB4FC2465A4B12
6 changed files with 192 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@ -1,3 +1,10 @@
2.3.0
* Support git-crypt (#168)
* Support specifying a command after `yadm enter`
* Expose GIT_WORK_TREE during `yadm enter` (#160)
* Support GNUPGHOME environment variable (#134)
* Assert private dirs, only when worktree = $HOME (#171)
2.2.0 2.2.0
* Resolve hostname using `uname -n` (#182) * Resolve hostname using `uname -n` (#182)
* Use /etc/os-release if lsb_release is missing (#175) * Use /etc/os-release if lsb_release is missing (#175)

2
README.md
View File

@ -42,7 +42,7 @@ Features, usage, examples and installation instructions can be found on the
[master-badge]: https://img.shields.io/travis/TheLocehiliosan/yadm/master.svg?label=master [master-badge]: https://img.shields.io/travis/TheLocehiliosan/yadm/master.svg?label=master
[master-commits]: https://github.com/TheLocehiliosan/yadm/commits/master [master-commits]: https://github.com/TheLocehiliosan/yadm/commits/master
[master-date]: https://img.shields.io/github/last-commit/TheLocehiliosan/yadm/master.svg?label=master [master-date]: https://img.shields.io/github/last-commit/TheLocehiliosan/yadm/master.svg?label=master
[obs-badge]: https://img.shields.io/badge/OBS-v2.2.0-blue [obs-badge]: https://img.shields.io/badge/OBS-v2.3.0-blue
[obs-link]: https://software.opensuse.org//download.html?project=home%3ATheLocehiliosan%3Ayadm&package=yadm [obs-link]: https://software.opensuse.org//download.html?project=home%3ATheLocehiliosan%3Ayadm&package=yadm
[releases-badge]: https://img.shields.io/github/tag/TheLocehiliosan/yadm.svg?label=latest+release [releases-badge]: https://img.shields.io/github/tag/TheLocehiliosan/yadm.svg?label=latest+release
[releases-link]: https://github.com/TheLocehiliosan/yadm/releases [releases-link]: https://github.com/TheLocehiliosan/yadm/releases

2
yadm
View File

@ -20,7 +20,7 @@ if [ -z "$BASH_VERSION" ]; then
[ "$YADM_TEST" != 1 ] && exec bash "$0" "$@" [ "$YADM_TEST" != 1 ] && exec bash "$0" "$@"
fi fi
VERSION=2.2.0 VERSION=2.3.0
YADM_WORK="$HOME" YADM_WORK="$HOME"
YADM_DIR= YADM_DIR=

2
yadm.1
View File

@ -1,5 +1,5 @@
." vim: set spell so=8: ." vim: set spell so=8:
.TH yadm 1 "6 December 2019" "2.2.0" .TH yadm 1 "17 December 2019" "2.3.0"
.SH NAME .SH NAME

337
yadm.md
View File

@ -24,14 +24,16 @@
yadm encrypt yadm encrypt
yadm enter
yadm decrypt [-l] yadm decrypt [-l]
yadm alt yadm alt
yadm perms yadm perms
yadm enter [ command ]
yadm git-crypt [ options ]
yadm upgrade yadm upgrade
yadm introspect category yadm introspect category
@ -116,10 +118,15 @@
the same way you leave your normal shell (usually with the the same way you leave your normal shell (usually with the
"exit" command). This sub-shell can be used to easily interact "exit" command). This sub-shell can be used to easily interact
with your yadm repository using "git" commands. This could be with your yadm repository using "git" commands. This could be
useful if you are using a tool which uses Git directly. useful if you are using a tool which uses Git directly, such as
tig, vim-fugitive, git-cola, etc.
For example, Emacs Tramp and Magit can manage files by using Optionally, you can provide a command after "enter", and instead
this configuration: of invoking your shell, that command will be run with all of the
Git variables exposed to the command's environment.
Emacs Tramp and Magit can manage files by using this configura-
tion:
(add-to-list 'tramp-methods (add-to-list 'tramp-methods
'("yadm" '("yadm"
@ -129,59 +136,68 @@
(tramp-remote-shell "/bin/sh") (tramp-remote-shell "/bin/sh")
(tramp-remote-shell-args ("-c")))) (tramp-remote-shell-args ("-c"))))
With this config, use (magit-status "/yadm::"). If you find With this config, use (magit-status "/yadm::"). If you find
issue with Emacs 27 and zsh, trying running (setenv "SHELL" issue with Emacs 27 and zsh, trying running (setenv "SHELL"
"/bin/bash"). "/bin/bash").
git-crypt options
If git-crypt is installed, this command allows you to pass
options directly to git-crypt, with the environment configured
to use the yadm repository.
git-crypt enables transparent encryption and decryption of files
in a git repository. You can read https://github.com/AGWA/git-
crypt for details.
gitconfig gitconfig
Pass options to the git config command. Since yadm already uses Pass options to the git config command. Since yadm already uses
the config command to manage its own configurations, this com- the config command to manage its own configurations, this com-
mand is provided as a way to change configurations of the repos- mand is provided as a way to change configurations of the repos-
itory managed by yadm. One useful case might be to configure itory managed by yadm. One useful case might be to configure
the repository so untracked files are shown in status commands. the repository so untracked files are shown in status commands.
yadm initially configures its repository so that untracked files yadm initially configures its repository so that untracked files
are not shown. If you wish use the default Git behavior (to are not shown. If you wish use the default Git behavior (to
show untracked files and directories), you can remove this con- show untracked files and directories), you can remove this con-
figuration. figuration.
yadm gitconfig --unset status.showUntrackedFiles yadm gitconfig --unset status.showUntrackedFiles
help Print a summary of yadm commands. help Print a summary of yadm commands.
init Initialize a new, empty repository for tracking dotfiles. The init Initialize a new, empty repository for tracking dotfiles. The
repository is stored in $HOME/.config/yadm/repo.git. By repository is stored in $HOME/.config/yadm/repo.git. By
default, $HOME will be used as the work-tree, but this can be default, $HOME will be used as the work-tree, but this can be
overridden with the -w option. yadm can be forced to overwrite overridden with the -w option. yadm can be forced to overwrite
an existing repository by providing the -f option. an existing repository by providing the -f option.
list Print a list of files managed by yadm. The -a option will cause list Print a list of files managed by yadm. The -a option will cause
all managed files to be listed. Otherwise, the list will only all managed files to be listed. Otherwise, the list will only
include files from the current directory or below. include files from the current directory or below.
introspect category introspect category
Report internal yadm data. Supported categories are commands, Report internal yadm data. Supported categories are commands,
configs, repo, and switches. The purpose of introspection is to configs, repo, and switches. The purpose of introspection is to
support command line completion. support command line completion.
perms Update permissions as described in the PERMISSIONS section. It perms Update permissions as described in the PERMISSIONS section. It
is usually unnecessary to run this command, as yadm automati- is usually unnecessary to run this command, as yadm automati-
cally processes permissions by default. This automatic behavior cally processes permissions by default. This automatic behavior
can be disabled by setting the configuration yadm.auto-perms to can be disabled by setting the configuration yadm.auto-perms to
"false". "false".
upgrade upgrade
Version 2 of yadm uses a different directory for storing your Version 2 of yadm uses a different directory for storing your
configurations. When you start to use version 2 for the first configurations. When you start to use version 2 for the first
time, you may see warnings about moving your data to this new time, you may see warnings about moving your data to this new
directory. The easiest way to accomplish this is by running directory. The easiest way to accomplish this is by running
"yadm upgrade". This command will start by moving your yadm "yadm upgrade". This command will start by moving your yadm
repo to the new path. Next it will move any configuration data repo to the new path. Next it will move any configuration data
to the new path. If the configurations are tracked within your to the new path. If the configurations are tracked within your
yadm repo, this command will "stage" the renaming of those files yadm repo, this command will "stage" the renaming of those files
in the repo's index. Upgrading will also re-initialize all sub- in the repo's index. Upgrading will also re-initialize all sub-
modules you have added (otherwise they will be broken when the modules you have added (otherwise they will be broken when the
repo moves). After running "yadm upgrade", you should run "yadm repo moves). After running "yadm upgrade", you should run "yadm
status" to review changes which have been staged, and commit status" to review changes which have been staged, and commit
them to your repository. them to your repository.
You can read https://yadm.io/docs/upgrade_from_1 for more infor- You can read https://yadm.io/docs/upgrade_from_1 for more infor-
@ -192,40 +208,40 @@
## COMPATIBILITY ## COMPATIBILITY
Beginning with version 2.0.0, yadm introduced a couple major changes Beginning with version 2.0.0, yadm introduced a couple major changes
which may require you to adjust your configurations. See the upgrade which may require you to adjust your configurations. See the upgrade
command for help making those adjustments. command for help making those adjustments.
First, yadm now uses the "XDG Base Directory Specification" to find its First, yadm now uses the "XDG Base Directory Specification" to find its
configurations. You can read https://yadm.io/docs/upgrade_from_1 for configurations. You can read https://yadm.io/docs/upgrade_from_1 for
more information. more information.
Second, the naming conventions for alternate files have been changed. Second, the naming conventions for alternate files have been changed.
You can read https://yadm.io/docs/alternates for more information. You can read https://yadm.io/docs/alternates for more information.
If you want to retain the old functionality, you can set an environment If you want to retain the old functionality, you can set an environment
variable, YADM_COMPATIBILITY=1. Doing so will automatically use the variable, YADM_COMPATIBILITY=1. Doing so will automatically use the
old yadm directory, and process alternates the same as the pre-2.0.0 old yadm directory, and process alternates the same as the pre-2.0.0
version. This compatibility mode is deprecated, and will be removed in version. This compatibility mode is deprecated, and will be removed in
future versions. This mode exists solely for transitioning to the new future versions. This mode exists solely for transitioning to the new
paths and naming of alternates. paths and naming of alternates.
## OPTIONS ## OPTIONS
yadm supports a set of universal options that alter the paths it uses. yadm supports a set of universal options that alter the paths it uses.
The default paths are documented in the FILES section. Any path speci- The default paths are documented in the FILES section. Any path speci-
fied by these options must be fully qualified. If you always want to fied by these options must be fully qualified. If you always want to
override one or more of these paths, it may be useful to create an override one or more of these paths, it may be useful to create an
alias for the yadm command. For example, the following alias could be alias for the yadm command. For example, the following alias could be
used to override the repository directory. used to override the repository directory.
alias yadm='yadm --yadm-repo /alternate/path/to/repo' alias yadm='yadm --yadm-repo /alternate/path/to/repo'
The following is the full list of universal options. Each option The following is the full list of universal options. Each option
should be followed by a fully qualified path. should be followed by a fully qualified path.
-Y,--yadm-dir -Y,--yadm-dir
Override the yadm directory. yadm stores its data relative to Override the yadm directory. yadm stores its data relative to
this directory. this directory.
--yadm-repo --yadm-repo
@ -245,9 +261,9 @@
## CONFIGURATION ## CONFIGURATION
yadm uses a configuration file named $HOME/.config/yadm/config. This yadm uses a configuration file named $HOME/.config/yadm/config. This
file uses the same format as git-config(1). Also, you can control the file uses the same format as git-config(1). Also, you can control the
contents of the configuration file via the yadm config command (which contents of the configuration file via the yadm config command (which
works exactly like git-config). For example, to disable alternates you works exactly like git-config). For example, to disable alternates you
can run the command: can run the command:
@ -257,67 +273,67 @@
yadm.alt-copy yadm.alt-copy
If set to "true", alternate files will be copies instead of sym- If set to "true", alternate files will be copies instead of sym-
bolic links. This might be desirable, because some systems may bolic links. This might be desirable, because some systems may
not properly support symlinks. not properly support symlinks.
NOTE: The deprecated yadm.cygwin-copy option used by older ver- NOTE: The deprecated yadm.cygwin-copy option used by older ver-
sions of yadm has been replaced by yadm.alt-copy. The old sions of yadm has been replaced by yadm.alt-copy. The old
option will be removed in the next version of yadm. option will be removed in the next version of yadm.
yadm.auto-alt yadm.auto-alt
Disable the automatic linking described in the section ALTER- Disable the automatic linking described in the section ALTER-
NATES. If disabled, you may still run "yadm alt" manually to NATES. If disabled, you may still run "yadm alt" manually to
create the alternate links. This feature is enabled by default. create the alternate links. This feature is enabled by default.
yadm.auto-exclude yadm.auto-exclude
Disable the automatic exclusion of patterns defined in Disable the automatic exclusion of patterns defined in
$HOME/.config/yadm/encrypt. This feature is enabled by default. $HOME/.config/yadm/encrypt. This feature is enabled by default.
yadm.auto-perms yadm.auto-perms
Disable the automatic permission changes described in the sec- Disable the automatic permission changes described in the sec-
tion PERMISSIONS. If disabled, you may still run yadm perms tion PERMISSIONS. If disabled, you may still run yadm perms
manually to update permissions. This feature is enabled by manually to update permissions. This feature is enabled by
default. default.
yadm.auto-private-dirs yadm.auto-private-dirs
Disable the automatic creating of private directories described Disable the automatic creating of private directories described
in the section PERMISSIONS. in the section PERMISSIONS.
yadm.git-program yadm.git-program
Specify an alternate program to use instead of "git". By Specify an alternate program to use instead of "git". By
default, the first "git" found in $PATH is used. default, the first "git" found in $PATH is used.
yadm.gpg-perms yadm.gpg-perms
Disable the permission changes to $HOME/.gnupg/*. This feature Disable the permission changes to $HOME/.gnupg/*. This feature
is enabled by default. is enabled by default.
yadm.gpg-program yadm.gpg-program
Specify an alternate program to use instead of "gpg". By Specify an alternate program to use instead of "gpg". By
default, the first "gpg" found in $PATH is used. default, the first "gpg" found in $PATH is used.
yadm.gpg-recipient yadm.gpg-recipient
Asymmetrically encrypt files with a gpg public/private key pair. Asymmetrically encrypt files with a gpg public/private key pair.
Provide a "key ID" to specify which public key to encrypt with. Provide a "key ID" to specify which public key to encrypt with.
The key must exist in your public keyrings. If left blank or The key must exist in your public keyrings. If left blank or
not provided, symmetric encryption is used instead. If set to not provided, symmetric encryption is used instead. If set to
"ASK", gpg will interactively ask for recipients. See the "ASK", gpg will interactively ask for recipients. See the
ENCRYPTION section for more details. This feature is disabled ENCRYPTION section for more details. This feature is disabled
by default. by default.
yadm.ssh-perms yadm.ssh-perms
Disable the permission changes to $HOME/.ssh/*. This feature is Disable the permission changes to $HOME/.ssh/*. This feature is
enabled by default. enabled by default.
The following four "local" configurations are not stored in the The following four "local" configurations are not stored in the
$HOME/.config/yadm/config, they are stored in the local repository. $HOME/.config/yadm/config, they are stored in the local repository.
local.class local.class
Specify a class for the purpose of symlinking alternate files. Specify a class for the purpose of symlinking alternate files.
By default, no class will be matched. By default, no class will be matched.
local.hostname local.hostname
Override the hostname for the purpose of symlinking alternate Override the hostname for the purpose of symlinking alternate
files. files.
local.os local.os
@ -332,9 +348,9 @@
to have an automated way of choosing an alternate version of a file for to have an automated way of choosing an alternate version of a file for
a different operating system, host, user, etc. a different operating system, host, user, etc.
yadm will automatically create a symbolic link to the appropriate ver- yadm will automatically create a symbolic link to the appropriate ver-
sion of a file, when a valid suffix is appended to the filename. The sion of a file, when a valid suffix is appended to the filename. The
suffix contains the conditions that must be met for that file to be suffix contains the conditions that must be met for that file to be
used. used.
The suffix begins with "##", followed by any number of conditions sepa- The suffix begins with "##", followed by any number of conditions sepa-
@ -342,9 +358,9 @@
##<condition>[,<condition>,...] ##<condition>[,<condition>,...]
Each condition is an attribute/value pair, separated by a period. Some Each condition is an attribute/value pair, separated by a period. Some
conditions do not require a "value", and in that case, the period and conditions do not require a "value", and in that case, the period and
value can be omitted. Most attributes can be abbreviated as a single value can be omitted. Most attributes can be abbreviated as a single
letter. letter.
<attribute>[.<value>] <attribute>[.<value>]
@ -354,25 +370,25 @@
template, t template, t
Valid when the value matches a supported template processor. Valid when the value matches a supported template processor.
See the TEMPLATES section for more details. See the TEMPLATES section for more details.
user, u user, u
Valid if the value matches the current user. Current user is Valid if the value matches the current user. Current user is
calculated by running id -u -n. calculated by running id -u -n.
distro, d distro, d
Valid if the value matches the distro. Distro is calculated by Valid if the value matches the distro. Distro is calculated by
running lsb_release -si or by inspecting the ID from /etc/os- running lsb_release -si or by inspecting the ID from /etc/os-
release. release.
os, o Valid if the value matches the OS. OS is calculated by running os, o Valid if the value matches the OS. OS is calculated by running
uname -s. uname -s.
class, c class, c
Valid if the value matches the local.class configuration. Class Valid if the value matches the local.class configuration. Class
must be manually set using yadm config local.class <class>. See must be manually set using yadm config local.class <class>. See
the CONFIGURATION section for more details about setting the CONFIGURATION section for more details about setting
local.class. local.class.
hostname, h hostname, h
@ -383,27 +399,27 @@
Valid when no other alternate is valid. Valid when no other alternate is valid.
NOTE: The OS for "Windows Subsystem for Linux" is reported as "WSL", NOTE: The OS for "Windows Subsystem for Linux" is reported as "WSL",
even though uname identifies as "Linux". even though uname identifies as "Linux".
You may use any number of conditions, in any order. An alternate will You may use any number of conditions, in any order. An alternate will
only be used if ALL conditions are valid. For all files managed by only be used if ALL conditions are valid. For all files managed by
yadm's repository or listed in $HOME/.config/yadm/encrypt, if they yadm's repository or listed in $HOME/.config/yadm/encrypt, if they
match this naming convention, symbolic links will be created for the match this naming convention, symbolic links will be created for the
most appropriate version. most appropriate version.
The "most appropriate" version is determined by calculating a score for The "most appropriate" version is determined by calculating a score for
each version of a file. A template is always scored higher than any each version of a file. A template is always scored higher than any
symlink condition. The number of conditions is the next largest factor symlink condition. The number of conditions is the next largest factor
in scoring. Files with more conditions will always be favored. Any in scoring. Files with more conditions will always be favored. Any
invalid condition will disqualify that file completely. invalid condition will disqualify that file completely.
If you don't care to have all versions of alternates stored in the same If you don't care to have all versions of alternates stored in the same
directory as the generated symlink, you can place them in the directory as the generated symlink, you can place them in the
$HOME/.config/yadm/alt directory. The generated symlink or processed $HOME/.config/yadm/alt directory. The generated symlink or processed
template will be created using the same relative path. template will be created using the same relative path.
Alternate linking may best be demonstrated by example. Assume the fol- Alternate linking may best be demonstrated by example. Assume the fol-
lowing files are managed by yadm's repository: lowing files are managed by yadm's repository:
- $HOME/path/example.txt##default - $HOME/path/example.txt##default
@ -426,7 +442,7 @@
$HOME/path/example.txt -> $HOME/path/example.txt##os.Darwin $HOME/path/example.txt -> $HOME/path/example.txt##os.Darwin
Since the hostname doesn't match any of the managed files, the more Since the hostname doesn't match any of the managed files, the more
generic version is chosen. generic version is chosen.
If running on a Linux server named "host4", the link will be: If running on a Linux server named "host4", the link will be:
@ -441,57 +457,57 @@
$HOME/path/example.txt -> $HOME/path/example.txt##class.Work $HOME/path/example.txt -> $HOME/path/example.txt##class.Work
If no "##default" version exists and no files have valid conditions, If no "##default" version exists and no files have valid conditions,
then no link will be created. then no link will be created.
Links are also created for directories named this way, as long as they Links are also created for directories named this way, as long as they
have at least one yadm managed file within them. have at least one yadm managed file within them.
yadm will automatically create these links by default. This can be dis- yadm will automatically create these links by default. This can be dis-
abled using the yadm.auto-alt configuration. Even if disabled, links abled using the yadm.auto-alt configuration. Even if disabled, links
can be manually created by running yadm alt. can be manually created by running yadm alt.
Class is a special value which is stored locally on each host (inside Class is a special value which is stored locally on each host (inside
the local repository). To use alternate symlinks using class, you must the local repository). To use alternate symlinks using class, you must
set the value of class using the configuration local.class. This is set the value of class using the configuration local.class. This is
set like any other yadm configuration with the yadm config command. The set like any other yadm configuration with the yadm config command. The
following sets the class to be "Work". following sets the class to be "Work".
yadm config local.class Work yadm config local.class Work
Similarly, the values of os, hostname, and user can be manually over- Similarly, the values of os, hostname, and user can be manually over-
ridden using the configuration options local.os, local.hostname, and ridden using the configuration options local.os, local.hostname, and
local.user. local.user.
## TEMPLATES ## TEMPLATES
If a template condition is defined in an alternate file's "##" suffix, If a template condition is defined in an alternate file's "##" suffix,
and the necessary dependencies for the template are available, then the and the necessary dependencies for the template are available, then the
file will be processed to create or overwrite files. file will be processed to create or overwrite files.
Supported template processors: Supported template processors:
default default
This is yadm's built-in template processor. This processor is This is yadm's built-in template processor. This processor is
very basic, with a Jinja-like syntax. The advantage of this pro- very basic, with a Jinja-like syntax. The advantage of this pro-
cessor is that it only depends upon awk, which is available on cessor is that it only depends upon awk, which is available on
most *nix systems. To use this processor, specify the value of most *nix systems. To use this processor, specify the value of
"default" or just leave the value off (e.g. "##template"). "default" or just leave the value off (e.g. "##template").
j2cli To use the j2cli Jinja template processor, specify the value of j2cli To use the j2cli Jinja template processor, specify the value of
"j2" or "j2cli". "j2" or "j2cli".
envtpl To use the envtpl Jinja template processor, specify the value of envtpl To use the envtpl Jinja template processor, specify the value of
"j2" or "envtpl". "j2" or "envtpl".
NOTE: Specifying "j2" as the processor will attempt to use j2cli or NOTE: Specifying "j2" as the processor will attempt to use j2cli or
envtpl, whichever is available. envtpl, whichever is available.
If the template processor specified is available, templates will be If the template processor specified is available, templates will be
processed to create or overwrite files. processed to create or overwrite files.
During processing, the following variables are available in the tem- During processing, the following variables are available in the tem-
plate: plate:
Default Jinja Description Default Jinja Description
@ -503,10 +519,10 @@
yadm.user YADM_USER id -u -n yadm.user YADM_USER id -u -n
yadm.source YADM_SOURCE Template filename yadm.source YADM_SOURCE Template filename
NOTE: The OS for "Windows Subsystem for Linux" is reported as "WSL", NOTE: The OS for "Windows Subsystem for Linux" is reported as "WSL",
even though uname identifies as "Linux". even though uname identifies as "Linux".
NOTE: If lsb_release is not available, DISTRO will be the ID specified NOTE: If lsb_release is not available, DISTRO will be the ID specified
in /etc/os-release. in /etc/os-release.
Examples: Examples:
@ -519,7 +535,7 @@
config=dev-whatever config=dev-whatever
{% endif %} {% endif %}
would output a file named whatever with the following content if the would output a file named whatever with the following content if the
user is "harvey": user is "harvey":
config=work-Linux config=work-Linux
@ -528,7 +544,7 @@
config=dev-whatever config=dev-whatever
An equivalent Jinja template named whatever##template.j2 would look An equivalent Jinja template named whatever##template.j2 would look
like: like:
{% if YADM_USER == 'harvey' -%} {% if YADM_USER == 'harvey' -%}
@ -539,53 +555,62 @@
## ENCRYPTION ## ENCRYPTION
It can be useful to manage confidential files, like SSH or GPG keys, It can be useful to manage confidential files, like SSH or GPG keys,
across multiple systems. However, doing so would put plain text data across multiple systems. However, doing so would put plain text data
into a Git repository, which often resides on a public system. yadm can into a Git repository, which often resides on a public system. yadm can
make it easy to encrypt and decrypt a set of files so the encrypted make it easy to encrypt and decrypt a set of files so the encrypted
version can be maintained in the Git repository. This feature will version can be maintained in the Git repository. This feature will
only work if the gpg(1) command is available. only work if the gpg(1) command is available.
To use this feature, a list of patterns must be created and saved as To use this feature, a list of patterns must be created and saved as
$HOME/.config/yadm/encrypt. This list of patterns should be relative $HOME/.config/yadm/encrypt. This list of patterns should be relative
to the configured work-tree (usually $HOME). For example: to the configured work-tree (usually $HOME). For example:
.ssh/*.key .ssh/*.key
.gnupg/*.gpg .gnupg/*.gpg
Standard filename expansions (*, ?, [) are supported. If you have Bash Standard filename expansions (*, ?, [) are supported. If you have Bash
version 4, you may use "**" to match all subdirectories. Other shell version 4, you may use "**" to match all subdirectories. Other shell
expansions like brace and tilde are not supported. Spaces in paths are expansions like brace and tilde are not supported. Spaces in paths are
supported, and should not be quoted. If a directory is specified, its supported, and should not be quoted. If a directory is specified, its
contents will be included, but not recursively. Paths beginning with a contents will be included, but not recursively. Paths beginning with a
"!" will be excluded. "!" will be excluded.
The yadm encrypt command will find all files matching the patterns, and The yadm encrypt command will find all files matching the patterns, and
prompt for a password. Once a password has confirmed, the matching prompt for a password. Once a password has confirmed, the matching
files will be encrypted and saved as $HOME/.config/yadm/files.gpg. The files will be encrypted and saved as $HOME/.config/yadm/files.gpg. The
patterns and files.gpg should be added to the yadm repository so they patterns and files.gpg should be added to the yadm repository so they
are available across multiple systems. are available across multiple systems.
To decrypt these files later, or on another system run yadm decrypt and To decrypt these files later, or on another system run yadm decrypt and
provide the correct password. After files are decrypted, permissions provide the correct password. After files are decrypted, permissions
are automatically updated as described in the PERMISSIONS section. are automatically updated as described in the PERMISSIONS section.
Symmetric encryption is used by default, but asymmetric encryption may Symmetric encryption is used by default, but asymmetric encryption may
be enabled using the yadm.gpg-recipient configuration. be enabled using the yadm.gpg-recipient configuration.
NOTE: It is recommended that you use a private repository when keeping NOTE: It is recommended that you use a private repository when keeping
confidential files, even though they are encrypted. confidential files, even though they are encrypted.
Patterns found in $HOME/.config/yadm/encrypt are automatically added to Patterns found in $HOME/.config/yadm/encrypt are automatically added to
the repository's info/exclude file every time yadm encrypt is run. the repository's info/exclude file every time yadm encrypt is run.
This is to prevent accidentally committing sensitive data to the repos- This is to prevent accidentally committing sensitive data to the repos-
itory. This can be disabled using the yadm.auto-exclude configuration. itory. This can be disabled using the yadm.auto-exclude configuration.
Using git-crypt
A completely separate option for encrypting data is to install and use
git-crypt. Once installed, you can run git-crypt commands for the yadm
repo by running yadm git-crypt. git-crypt enables transparent encryp-
tion and decryption of files in a git repository. You can read
https://github.com/AGWA/git-crypt for details.
## PERMISSIONS ## PERMISSIONS
When files are checked out of a Git repository, their initial permis- When files are checked out of a Git repository, their initial permis-
sions are dependent upon the user's umask. Because of this, yadm will sions are dependent upon the user's umask. Because of this, yadm will
automatically update the permissions of some file paths. The "group" automatically update the permissions of some file paths. The "group"
and "others" permissions will be removed from the following files: and "others" permissions will be removed from the following files:
- $HOME/.config/yadm/files.gpg - $HOME/.config/yadm/files.gpg
@ -597,39 +622,39 @@
- The GPG directory and files, .gnupg/* - The GPG directory and files, .gnupg/*
yadm will automatically update permissions by default. This can be dis- yadm will automatically update permissions by default. This can be dis-
abled using the yadm.auto-perms configuration. Even if disabled, per- abled using the yadm.auto-perms configuration. Even if disabled, per-
missions can be manually updated by running yadm perms. The .ssh missions can be manually updated by running yadm perms. The .ssh
directory processing can be disabled using the yadm.ssh-perms configu- directory processing can be disabled using the yadm.ssh-perms configu-
ration. The .gnupg directory processing can be disabled using the ration. The .gnupg directory processing can be disabled using the
yadm.gpg-perms configuration. yadm.gpg-perms configuration.
When cloning a repo which includes data in a .ssh or .gnupg directory, When cloning a repo which includes data in a .ssh or .gnupg directory,
if those directories do not exist at the time of cloning, yadm will if those directories do not exist at the time of cloning, yadm will
create the directories with mask 0700 prior to merging the fetched data create the directories with mask 0700 prior to merging the fetched data
into the work-tree. into the work-tree.
When running a Git command and .ssh or .gnupg directories do not exist, When running a Git command and .ssh or .gnupg directories do not exist,
yadm will create those directories with mask 0700 prior to running the yadm will create those directories with mask 0700 prior to running the
Git command. This can be disabled using the yadm.auto-private-dirs con- Git command. This can be disabled using the yadm.auto-private-dirs con-
figuration. figuration.
## HOOKS ## HOOKS
For every command yadm supports, a program can be provided to run For every command yadm supports, a program can be provided to run
before or after that command. These are referred to as "hooks". yadm before or after that command. These are referred to as "hooks". yadm
looks for hooks in the directory $HOME/.config/yadm/hooks. Each hook looks for hooks in the directory $HOME/.config/yadm/hooks. Each hook
is named using a prefix of pre_ or post_, followed by the command which is named using a prefix of pre_ or post_, followed by the command which
should trigger the hook. For example, to create a hook which is run should trigger the hook. For example, to create a hook which is run
after every yadm pull command, create a hook named post_pull. Hooks after every yadm pull command, create a hook named post_pull. Hooks
must have the executable file permission set. must have the executable file permission set.
If a pre_ hook is defined, and the hook terminates with a non-zero exit If a pre_ hook is defined, and the hook terminates with a non-zero exit
status, yadm will refuse to run the yadm command. For example, if a status, yadm will refuse to run the yadm command. For example, if a
pre_commit hook is defined, but that command ends with a non-zero exit pre_commit hook is defined, but that command ends with a non-zero exit
status, the yadm commit will never be run. This allows one to "short- status, the yadm commit will never be run. This allows one to "short-
circuit" any operation using a pre_ hook. circuit" any operation using a pre_ hook.
Hooks have the following environment variables available to them at Hooks have the following environment variables available to them at
runtime: runtime:
YADM_HOOK_COMMAND YADM_HOOK_COMMAND
@ -649,13 +674,13 @@
## FILES ## FILES
All of yadm's configurations are relative to the "yadm directory". All of yadm's configurations are relative to the "yadm directory".
yadm uses the "XDG Base Directory Specification" to determine this yadm uses the "XDG Base Directory Specification" to determine this
directory. If the environment variable $XDG_CONFIG_HOME is defined as directory. If the environment variable $XDG_CONFIG_HOME is defined as
a fully qualified path, this directory will be $XDG_CONFIG_HOME/yadm. a fully qualified path, this directory will be $XDG_CONFIG_HOME/yadm.
Otherwise it will be $HOME/.config/yadm. Otherwise it will be $HOME/.config/yadm.
The following are the default paths yadm uses for its own data. Most The following are the default paths yadm uses for its own data. Most
of these paths can be altered using universal options. See the OPTIONS of these paths can be altered using universal options. See the OPTIONS
section for details. section for details.
@ -667,9 +692,9 @@
Configuration file for yadm. Configuration file for yadm.
$YADM_DIR/alt $YADM_DIR/alt
This is a directory to keep "alternate files" without having This is a directory to keep "alternate files" without having
them side-by-side with the resulting symlink or processed tem- them side-by-side with the resulting symlink or processed tem-
plate. Alternate files placed in this directory will be created plate. Alternate files placed in this directory will be created
relative to $HOME instead. relative to $HOME instead.
$YADM_DIR/repo.git $YADM_DIR/repo.git

2
yadm.spec
View File

@ -1,7 +1,7 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: yadm Name: yadm
Summary: Yet Another Dotfiles Manager Summary: Yet Another Dotfiles Manager
Version: 2.2.0 Version: 2.3.0
Group: Development/Tools Group: Development/Tools
Release: 1%{?dist} Release: 1%{?dist}
URL: https://yadm.io URL: https://yadm.io