Split initializing the password store from generating passwords.

This commit is contained in:
sparrowhawk 2021-01-27 16:06:28 +01:00
parent 1b2d41a34a
commit 0d431d086c
No known key found for this signature in database
GPG key ID: 6778C9C29C02D691
7 changed files with 115 additions and 21 deletions

View file

@ -46,25 +46,25 @@ then
NOSYMB="-n"
fi
# Load required GPG ID parameters.
set --
while read -r id;
do
set -- "$@" "$id"
done < "${__object:?}/parameter/gpgid"
# Load required password store location parameter.
PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
export PASSWORD_STORE_DIR
# Run every time in case GPG IDs are updated.
pass init "$@" >/dev/null
# Check if the password store is initialized.
if ! pass ls >/dev/null 2>&1;
then
cat <<- EOF >&2
__pass: this type requires the password store to be initialized.
See cdist-type__pass_init(7) and pass(1) for more information.
EOF
exit 1;
fi
# Generate a password if it does not already exist.
if [ ! -f "${PASSWORD_STORE_DIR}/${__object_id:?}.gpg" ];
then
# shellcheck disable=SC2086
pass generate $NOSYMB "${__object_id:?}" $LENGTH
pass generate $NOSYMB "${__object_id:?}" $LENGTH >/dev/null
fi
# Send it out to the messages.

View file

@ -14,9 +14,6 @@ types depending on this one should require it. This enables an administrator to
ensure a password exists using this type and then, from another type, use it as
need be.
This type also sets the GPG IDs used to encrypt the password store: beware that
the IDs passed in the last ran invocation of the type will be the ones set for
the store.
REQUIRED PARAMETERS
-------------------
@ -25,11 +22,6 @@ storedir
created if it does not exist).
REQUIRED MULTIPLE PARAMETERS
----------------------------
gpgid
The GPG IDs of the public keys used to encrypt the password store.
OPTIONAL PARAMETERS
-------------------
length
@ -37,6 +29,7 @@ length
it exists, this has no effect (and hence will not update the password, even
if the length is different from the one specified).
BOOLEAN PARAMETERS
------------------
no-symbols
@ -52,18 +45,19 @@ looks up in the cdist messages to find it:
.. code-block:: sh
__pass database/services/arandomservice
require=__pass_init \
__pass database/services/arandomservice \
--storedir password/store/location
--gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
require='__pass/database/services/arandomservice' \
__othertype --password database/service/arandomservice
--
SEE ALSO
--------
`pass`\ (7)
`pass`\ (7), `cdist-type__pass_init`\ (7)
AUTHORS

43
type/__pass_init/gencode-local Executable file
View file

@ -0,0 +1,43 @@
#!/bin/sh -e
#
# 2020 Joachim Desroches (joachim.desroches@epfl.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Check pass is installed.
command -v pass >/dev/null 2>&1 ||
{
cat <<- EOF >&2
__pass_init: this type requires pass installed.
See https://www.passwordstore.org/.
EOF
exit 1;
}
# Load required GPG ID parameters.
set --
while read -r id;
do
set -- "$@" "$id"
done < "${__object:?}/parameter/gpgid"
# Load required password store location parameter.
PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
export PASSWORD_STORE_DIR
# Do our work.
pass init "$@" >/dev/null

56
type/__pass_init/man.rst Normal file
View file

@ -0,0 +1,56 @@
cdist-type__pass_init(7)
========================
NAME
----
cdist-type__pass_init - Initialize a local password store.
DESCRIPTION
-----------
This type is intented to be used as a prerequisite to the
cdist-type__pass(7) type. It will set up a pass(1) password
store with the provided GPP2(1) public encryption key IDs.
REQUIRED PARAMETERS
-------------------
storedir
The host-local directory where the password store is to be found (or
created if it does not exist).
REQUIRED MULTIPLE PARAMETERS
----------------------------
gpgid
The GPG IDs of the public keys used to encrypt the password store.
EXAMPLES
--------
.. code-block:: sh
# Setup a repository with a GPG ID
__pass_init
--storedir password/store/location
--gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
--
SEE ALSO
--------
`pass`\ (7), `cdist-type__pass`\ (7)
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
storedir

View file