PeterCxy/pass-gocrypt
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: PeterCxy:7f3834ad14df5db7a4a4dec01b3da47841cfb5ba
Branches Tags
PeterCxy:master
...
compare: PeterCxy:db2418c3af04b82364d7a6ead6492b13d566a130
Branches Tags
PeterCxy:master

2 commits
7f3834ad14 ... db2418c3af

Author SHA1 Message Date
Peter Cai db2418c3af Stop checking for the existence of sha256sum 
It should be in all coreutils packages...
 2022-11-06 17:49:08 -05:00
Peter Cai 8832a2aad6 Use a file-based lock to prevent closing while being accessed 2022-11-06 17:48:42 -05:00
1 changed files with 24 additions and 2 deletions
Show stats Expand all files Collapse all files

26
gocrypt.bash
View file

@ -36,16 +36,27 @@ gocrypt_unique_task_identifier() {
echo "pass-gocrypt-$(sha256sum <<< "$PREFIX" | cut -d ' ' -f 1)"
}
# This file is used as a lock for all access to the encrypted password store
# so that it prevents the auto-close task from unmounting before all operations
# are completed
gocrypt_lock_file_path() {
local path="$XDG_RUNTIME_DIR"
if [ -z "$path" ] || [ ! -d "$path" ]; then
path="/tmp"
fi
echo "$path/$(gocrypt_unique_task_identifier).lck"
}
gocrypt_spawn_close_task() {
which systemd-run > /dev/null || return
which sha256sum > /dev/null || return
local task_name="$(gocrypt_unique_task_identifier)"
# Cancel any previous task that might be present
systemctl --user stop "$task_name.timer" > /dev/null 2>1
# Create a new task
systemd-run --user --on-active=$gocrypt_close_timeout --unit="$task_name" /usr/bin/env bash -c \
systemd-run --user --on-active=$gocrypt_close_timeout --unit="$task_name" \
/usr/bin/env flock -x "$(gocrypt_lock_file_path)" /usr/bin/env bash -c \
"fusermount -u '$PREFIX'/'$gocrypt_dec_dir' || fusermount -u -z '$PREFIX'/'$gocrypt_dec_dir'"
echo "Will close the gocryptfs mount after $gocrypt_close_timeout seconds"
@ -151,6 +162,7 @@ gocrypt_close() {
}
gocrypt_delegate() {
# Note: the caller MUST hold the lock for accessing the encrypted password store before calling
gocrypt_open_check
# Delegate command to another `pass` instance that manages what is inside of the mountpoint
PASSWORD_STORE_DIR="$PWD/$gocrypt_dec_dir" "$PROGRAM" "$@"
@ -236,6 +248,13 @@ fi
# cd into the password store prefix
cd "$PREFIX"
# Open the lock file
touch "$(gocrypt_lock_file_path)" || exit 1
exec {lock_fd}< "$(gocrypt_lock_file_path)" || exit 1
# Always take the exclusive lock while any command is running -- to prevent the close task from running at the same time
flock -x $lock_fd
case "$1" in
help)
gocrypt_help
@ -264,3 +283,6 @@ case "$1" in
*)
gocrypt_die "Unknown command $1 for gocrypt"
esac
# Manual unlock; not strictly necessary since exit will also release the lock
flock -u $lock_fd