Split initializing the password store from generating passwords.

2021-01-27 16:06:28 +01:00 · 2021-01-27 16:06:28 +01:00 · 0d431d086c
commit 0d431d086c
parent 1b2d41a34a
7 changed files with 115 additions and 21 deletions
--- a/type/__pass/gencode-local
+++ b/type/__pass/gencode-local
@ -46,25 +46,25 @@ then
 	NOSYMB="-n"
 fi
 # Load required GPG ID parameters.
 set --
 while read -r id;
 do
 	set -- "$@" "$id"
 done < "${__object:?}/parameter/gpgid"
 # Load required password store location parameter.
 PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
 export PASSWORD_STORE_DIR
-# Run every time in case GPG IDs are updated.
+# Check if the password store is initialized.
-pass init "$@" >/dev/null
+if ! pass ls >/dev/null 2>&1;
 then
 	cat <<- EOF >&2
 	__pass: this type requires the password store to be initialized.
 	See cdist-type__pass_init(7) and pass(1) for more information.
 	EOF
 	exit 1;
 fi
 # Generate a password if it does not already exist.
 if [ ! -f "${PASSWORD_STORE_DIR}/${__object_id:?}.gpg" ];
 then
 	# shellcheck disable=SC2086
-	pass generate $NOSYMB "${__object_id:?}" $LENGTH
+	pass generate $NOSYMB "${__object_id:?}" $LENGTH >/dev/null
 fi
 # Send it out to the messages.
--- a/type/__pass/man.rst
+++ b/type/__pass/man.rst
@ -14,9 +14,6 @@ types depending on this one should require it. This enables an administrator to
 ensure a password exists using this type and then, from another type, use it as
 need be.
 This type also sets the GPG IDs used to encrypt the password store: beware that
 the IDs passed in the last ran invocation of the type will be the ones set for
 the store.
 REQUIRED PARAMETERS
 -------------------
@ -25,11 +22,6 @@ storedir
    created if it does not exist).
 REQUIRED MULTIPLE PARAMETERS
 ----------------------------
 gpgid
    The GPG IDs of the public keys used to encrypt the password store.
 OPTIONAL PARAMETERS
 -------------------
 length
@ -37,6 +29,7 @@ length
    it exists, this has no effect (and hence will not update the password, even
    if the length is different from the one specified).
 BOOLEAN PARAMETERS
 ------------------
 no-symbols
@ -52,18 +45,19 @@ looks up in the cdist messages to find it:
 .. code-block:: sh
-    __pass database/services/arandomservice
+    require=__pass_init \
    __pass database/services/arandomservice \
        --storedir password/store/location
        --gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
   require='__pass/database/services/arandomservice' \
     __othertype --password database/service/arandomservice
 --
 SEE ALSO
 --------
-`pass`\ (7)
+`pass`\ (7), `cdist-type__pass_init`\ (7)
 AUTHORS
--- a/type/__pass_init/gencode-local
+++ b/type/__pass_init/gencode-local
@ -0,0 +1,43 @@
 #!/bin/sh -e
 #
 # 2020 Joachim Desroches (joachim.desroches@epfl.ch)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 # Check pass is installed.
 command -v pass >/dev/null 2>&1 ||
 	{
 		cat <<- EOF >&2
 		__pass_init: this type requires pass installed.
 		See https://www.passwordstore.org/.
 		EOF
 		exit 1;
 	}
 # Load required GPG ID parameters.
 set --
 while read -r id;
 do
 	set -- "$@" "$id"
 done < "${__object:?}/parameter/gpgid"
 # Load required password store location parameter.
 PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
 export PASSWORD_STORE_DIR
 # Do our work.
 pass init "$@" >/dev/null
--- a/type/__pass_init/man.rst
+++ b/type/__pass_init/man.rst
@ -0,0 +1,56 @@
 cdist-type__pass_init(7)
 ========================
 NAME
 ----
 cdist-type__pass_init - Initialize a local password store.
 DESCRIPTION
 -----------
 This type is intented to be used as a prerequisite to the
 cdist-type__pass(7) type. It will set up a pass(1) password
 store with the provided GPP2(1) public encryption key IDs.
 REQUIRED PARAMETERS
 -------------------
 storedir
    The host-local directory where the password store is to be found (or
    created if it does not exist).
 REQUIRED MULTIPLE PARAMETERS
 ----------------------------
 gpgid
    The GPG IDs of the public keys used to encrypt the password store.
 EXAMPLES
 --------
 .. code-block:: sh
    # Setup a repository with a GPG ID
    __pass_init
        --storedir password/store/location
        --gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
 --
 SEE ALSO
 --------
 `pass`\ (7), `cdist-type__pass`\ (7)
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
 COPYING
 -------
 Copyright \(C) 2021 Joachim Desroches. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/type/__pass_init/parameter/required
+++ b/type/__pass_init/parameter/required
@ -0,0 +1 @@
 storedir
--- a/type/__pass_init/parameter/required_multiple
+++ b/type/__pass_init/parameter/required_multiple
--- a/type/__pass_init/singleton
+++ b/type/__pass_init/singleton