sekrit: remove -f flag for sekrit_add
Not only it parsed the wrong character 2 commits ago, it's also completely broken: file can't be overwritten, because of `chmod 400`.
This commit is contained in:
parent
f500903cba
commit
19631627d6
@ -10,7 +10,7 @@
|
|||||||
.\" Dedication along with this software. If not, see
|
.\" Dedication along with this software. If not, see
|
||||||
.\" <http://creativecommons.org/publicdomain/zero/1.0/>.
|
.\" <http://creativecommons.org/publicdomain/zero/1.0/>.
|
||||||
.\"
|
.\"
|
||||||
.Dd August 26, 2020
|
.Dd December 2, 2020
|
||||||
.Dt SEKRIT 1
|
.Dt SEKRIT 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -19,7 +19,6 @@
|
|||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm
|
.Nm
|
||||||
.Cm add
|
.Cm add
|
||||||
.Op Fl f
|
|
||||||
.Ar key
|
.Ar key
|
||||||
.Op Ar value ...
|
.Op Ar value ...
|
||||||
.Nm
|
.Nm
|
||||||
@ -52,7 +51,7 @@ Because of this,
|
|||||||
can be used as an account credentials manager,
|
can be used as an account credentials manager,
|
||||||
or as a general-purpose key-value store of encrypted information.
|
or as a general-purpose key-value store of encrypted information.
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
.It Nm Cm add Oo Fl f Oc Ar key Op Ar value ...
|
.It Nm Cm add Ar key Op Ar value ...
|
||||||
Adds a value to
|
Adds a value to
|
||||||
.Ar key .
|
.Ar key .
|
||||||
.Ar value
|
.Ar value
|
||||||
@ -65,9 +64,7 @@ will read the value from standard input.
|
|||||||
.Cm add
|
.Cm add
|
||||||
will fail if
|
will fail if
|
||||||
.Ar key
|
.Ar key
|
||||||
already has a value, unless
|
already has a value.
|
||||||
.Fl f
|
|
||||||
is specified.
|
|
||||||
.It Nm Cm cp Oo Fl k Oc Ar key
|
.It Nm Cm cp Oo Fl k Oc Ar key
|
||||||
Decrypts the value associated with
|
Decrypts the value associated with
|
||||||
.Ar key
|
.Ar key
|
||||||
|
@ -29,7 +29,7 @@ usage()
|
|||||||
{
|
{
|
||||||
cat - <<. >&2
|
cat - <<. >&2
|
||||||
Usage:
|
Usage:
|
||||||
${0##*/} add [-f] key [value ...]
|
${0##*/} add key [value ...]
|
||||||
${0##*/} cp [-k] key
|
${0##*/} cp [-k] key
|
||||||
${0##*/} gen [-l length] [chars]
|
${0##*/} gen [-l length] [chars]
|
||||||
${0##*/} get key
|
${0##*/} get key
|
||||||
@ -73,34 +73,20 @@ _sekrit_decrypt()
|
|||||||
|
|
||||||
sekrit_add()
|
sekrit_add()
|
||||||
{
|
{
|
||||||
force=no
|
|
||||||
OPTIND=1
|
|
||||||
while getopts f flag; do
|
|
||||||
case "$flag" in
|
|
||||||
f) force=yes ;;
|
|
||||||
*) usage ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
shift $((OPTIND - 1))
|
|
||||||
|
|
||||||
[ $# -ge 1 ] && [ -n "$1" ] || usage
|
[ $# -ge 1 ] && [ -n "$1" ] || usage
|
||||||
key=$1
|
key=$1
|
||||||
shift
|
shift
|
||||||
path=$(make_key_path "$key")
|
path=$(make_key_path "$key")
|
||||||
|
|
||||||
if [ -f "$path" ] && [ $force = no ]; then
|
|
||||||
err "key $key already exists"
|
|
||||||
fi
|
|
||||||
|
|
||||||
path=$SEKRIT_DIR/$key.gpg
|
|
||||||
mkdir -p "${path%/*}"
|
mkdir -p "${path%/*}"
|
||||||
|
|
||||||
|
[ ! -f "$path" ] || err "key $key already exists"
|
||||||
|
|
||||||
if [ $# -gt 0 ]; then
|
if [ $# -gt 0 ]; then
|
||||||
# use all additional parameters as a single string
|
# use all additional parameters as a single string
|
||||||
printf "%s\n" "$*"
|
printf "%s\n" "$*"
|
||||||
else
|
else
|
||||||
cat -
|
cat -
|
||||||
fi | gpg2 -qae -r "$SEKRIT_GPG_ID" >|"$path"
|
fi | gpg2 -qae -r "$SEKRIT_GPG_ID" >"$path"
|
||||||
# make it read-only
|
# make it read-only
|
||||||
chmod -- 400 "$path"
|
chmod -- 400 "$path"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user