small pixel drawing of a pufferfish pa 

make pa-rekey atomic

before this, interruptions of pa-rekey would corrupt whatever passwords
in the store it has managed to already replace.

this commit makes it do all the work in the temporary directory until
the very end, when the whole store is replaced at once along the keys.
arĉi arcxi@dismail.de
Fri, 05 Jul 2024 16:20:19 +0200
commit

c049af899ca8f1b636c85a8fc674532c4abda97f

parent

830c55015684235fd65c52be9e1411b588bc3d48

1 files changed, 25 insertions(+), 10 deletions(-)

jump to
M contrib/pa-rekeycontrib/pa-rekey 
@@ -22,19 +22,34 @@ 
 basedir=${XDG_DATA_HOME:=$HOME/.local/share}/pa
 : "${PA_DIR:=$basedir/passwords}"
 
-[ "$PA_IDENTITIES" ] && cp "$PA_IDENTITIES" "$basedir/identities.tmp"
-[ "$PA_RECIPIENTS" ] && cp "$PA_RECIPIENTS" "$basedir/recipients.tmp"
+mkdir "$basedir/tmp" ||
+    die "Couldn't create temporary directory"
+
+trap 'rm -rf "$basedir/tmp"; exit' EXIT
+trap 'rm -rf "$basedir/tmp"; trap - INT; kill -s INT 0' INT
 
-$age_keygen >>"$basedir/identities.tmp" 2>/dev/null
-$age_keygen -y "$basedir/identities.tmp" >>"$basedir/recipients.tmp" 2>/dev/null
+cp -R "$PA_DIR" "$basedir/tmp/passwords" ||
+    die "Couldn't copy password directory"
+
+# Remove git repository for forward secrecy.
+rm -rf "$basedir/tmp/passwords/.git"
+
+[ "$PA_IDENTITIES" ] && cp "$PA_IDENTITIES" "$basedir/tmp/identities"
+[ "$PA_RECIPIENTS" ] && cp "$PA_RECIPIENTS" "$basedir/tmp/recipients"
+
+$age_keygen >>"$basedir/tmp/identities" 2>/dev/null
+$age_keygen -y "$basedir/tmp/identities" >>"$basedir/tmp/recipients" 2>/dev/null
 
 pa list | while read -r name; do
-    pa show "$name" | $age -R "$basedir/recipients.tmp" -o "$PA_DIR/$name.tmp.age"
-    mv "$PA_DIR/$name.tmp.age" "$PA_DIR/$name.age"
+    pa show "$name" | $age -R "$basedir/tmp/recipients" -o "$basedir/tmp/passwords/$name.age" ||
+        die "Couldn't encrypt $name.age"
 done
 
-mv "$basedir/identities.tmp" "$basedir/identities"
-mv "$basedir/recipients.tmp" "$basedir/recipients"
+rm -rf "$PA_DIR"
+mv "$basedir/tmp/passwords" "$PA_DIR"
+mv "$basedir/tmp/identities" "$basedir/identities"
+mv "$basedir/tmp/recipients" "$basedir/recipients"
+rmdir "$basedir/tmp"
 
-# Recreate git repository for forward secrecy.
-[ -d "$PA_DIR/.git" ] && rm -rf "$PA_DIR/.git" && pa list >/dev/null
+# Recreate git repository if needed.
+pa list >/dev/null