small pixel drawing of a pufferfish pa

Normalize age args, remove dep(), failed -> couldnt
Jes Olson j3s@c3f.net
Thu, 29 Dec 2022 13:21:23 -0800
commit

2b863a8abda8aa7c743fabb4c62d9d981212ccd7

parent

6ebc9447b57d5f368880e1416f212db4e6a8f466

1 files changed, 16 insertions(+), 19 deletions(-)

jump to
M papa

@@ -19,7 +19,7 @@ # shellcheck disable=2154

[ "$pass" = "$pass2" ] || die "Passwords do not match" fi - [ "$pass" ] || die "Failed to generate a password" + [ "$pass" ] || die "Couldn't generate a password" # Mimic the use of an array for storing arguments by... using # the function's argument list. This is very apt isn't it?

@@ -32,7 +32,7 @@ #

# Heredocs are sometimes implemented via temporary files, # however this is typically done using 'mkstemp()' which # is more secure than a leak in '/proc'. - age -R "$recipients_file" -o "$name.age" <<-EOF && + age --encrypt -R "$recipients_file" -o "$name.age" <<-EOF && $pass EOF printf '%s\n' "Saved '$name' to the store."

@@ -42,13 +42,13 @@ pw_edit() {

name=$1 [ -f "$name.age" ] || - die "Failed to access $name" + die "Couldn't access $name" # Use /dev/shm because it's an in-memory # space that we can use to store private data # & securely wipe it [ -d /dev/shm ] || - die "Failed to access /dev/shm" + die "Couldn't access /dev/shm" # Reimplement mktemp here, because # mktemp isn't defined in POSIX

@@ -57,22 +57,23 @@

tmpfile="$tmpdir/$name.age" mkdir "$tmpdir" || - die "Failed to create shared memory dir" + die "Couldn't create shared memory dir" trap "rm -rf $tmpdir" EXIT # Handle nested items (/foo/bar.age) mkdir -p "$(dirname $tmpfile)" - age -i "$identities_file" --decrypt "$name.age" 2>/dev/null >"$tmpfile" || - die "Could not decrypt $name.age" + age --decrypt -i "$identities_file" -o "$tmpfile" "$name.age" || + die "Couldn't decrypt $name.age" "${EDITOR:-vi}" "$tmpfile" [ -f "$tmpfile" ] || die "New password not saved" - cat "$tmpfile" | age -R "$recipients_file" > "$name.age" + age --encrypt -R "$recipients_file" -o "$name.age" "$tmpfile" || + die "Couldn't encrypt $name.age" } pw_del() {

@@ -87,8 +88,8 @@ }

} pw_show() { - age -i "$identities_file" --decrypt "$1.age" 2>/dev/null || - die "Could not decrypt $1.age" + age --decrypt -i "$identities_file" "$1.age" || + die "Couldn't decrypt $1.age" } pw_list() {

@@ -112,13 +113,6 @@ #

# TODO: add more safety/compat here in case /dev/urandom doesn't exist LC_ALL=C tr -dc "$2" </dev/urandom | dd ibs=1 obs=1 count="$1" 2>/dev/null -} - -dep() { - for dep; do - command -v "$dep" >/dev/null 2>&1 || - die "$dep not found, install per https://github.com/FiloSottile/age" - done } yn() {

@@ -214,8 +208,11 @@ # Ensure that globbing is disabled

# to avoid insecurities with word-splitting. set -f - glob "$1" '[aes]*' && - dep age age-keygen + command -v age >/dev/null 2>&1 || + die "age not found, install per https://github.com/FiloSottile/age" + + command -v age-keygen >/dev/null 2>&1 || + die "age not found, install per https://github.com/FiloSottile/age" glob "$1" '[ades]*' && [ -z "$2" ] && die "Missing [name] argument"