Compare commits
2 commits
7f3834ad14
...
db2418c3af
Author | SHA1 | Date | |
---|---|---|---|
db2418c3af | |||
8832a2aad6 |
1 changed files with 24 additions and 2 deletions
26
gocrypt.bash
26
gocrypt.bash
|
@ -36,16 +36,27 @@ gocrypt_unique_task_identifier() {
|
||||||
echo "pass-gocrypt-$(sha256sum <<< "$PREFIX" | cut -d ' ' -f 1)"
|
echo "pass-gocrypt-$(sha256sum <<< "$PREFIX" | cut -d ' ' -f 1)"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This file is used as a lock for all access to the encrypted password store
|
||||||
|
# so that it prevents the auto-close task from unmounting before all operations
|
||||||
|
# are completed
|
||||||
|
gocrypt_lock_file_path() {
|
||||||
|
local path="$XDG_RUNTIME_DIR"
|
||||||
|
if [ -z "$path" ] || [ ! -d "$path" ]; then
|
||||||
|
path="/tmp"
|
||||||
|
fi
|
||||||
|
echo "$path/$(gocrypt_unique_task_identifier).lck"
|
||||||
|
}
|
||||||
|
|
||||||
gocrypt_spawn_close_task() {
|
gocrypt_spawn_close_task() {
|
||||||
which systemd-run > /dev/null || return
|
which systemd-run > /dev/null || return
|
||||||
which sha256sum > /dev/null || return
|
|
||||||
|
|
||||||
local task_name="$(gocrypt_unique_task_identifier)"
|
local task_name="$(gocrypt_unique_task_identifier)"
|
||||||
# Cancel any previous task that might be present
|
# Cancel any previous task that might be present
|
||||||
systemctl --user stop "$task_name.timer" > /dev/null 2>1
|
systemctl --user stop "$task_name.timer" > /dev/null 2>1
|
||||||
|
|
||||||
# Create a new task
|
# Create a new task
|
||||||
systemd-run --user --on-active=$gocrypt_close_timeout --unit="$task_name" /usr/bin/env bash -c \
|
systemd-run --user --on-active=$gocrypt_close_timeout --unit="$task_name" \
|
||||||
|
/usr/bin/env flock -x "$(gocrypt_lock_file_path)" /usr/bin/env bash -c \
|
||||||
"fusermount -u '$PREFIX'/'$gocrypt_dec_dir' || fusermount -u -z '$PREFIX'/'$gocrypt_dec_dir'"
|
"fusermount -u '$PREFIX'/'$gocrypt_dec_dir' || fusermount -u -z '$PREFIX'/'$gocrypt_dec_dir'"
|
||||||
|
|
||||||
echo "Will close the gocryptfs mount after $gocrypt_close_timeout seconds"
|
echo "Will close the gocryptfs mount after $gocrypt_close_timeout seconds"
|
||||||
|
@ -151,6 +162,7 @@ gocrypt_close() {
|
||||||
}
|
}
|
||||||
|
|
||||||
gocrypt_delegate() {
|
gocrypt_delegate() {
|
||||||
|
# Note: the caller MUST hold the lock for accessing the encrypted password store before calling
|
||||||
gocrypt_open_check
|
gocrypt_open_check
|
||||||
# Delegate command to another `pass` instance that manages what is inside of the mountpoint
|
# Delegate command to another `pass` instance that manages what is inside of the mountpoint
|
||||||
PASSWORD_STORE_DIR="$PWD/$gocrypt_dec_dir" "$PROGRAM" "$@"
|
PASSWORD_STORE_DIR="$PWD/$gocrypt_dec_dir" "$PROGRAM" "$@"
|
||||||
|
@ -236,6 +248,13 @@ fi
|
||||||
# cd into the password store prefix
|
# cd into the password store prefix
|
||||||
cd "$PREFIX"
|
cd "$PREFIX"
|
||||||
|
|
||||||
|
# Open the lock file
|
||||||
|
touch "$(gocrypt_lock_file_path)" || exit 1
|
||||||
|
exec {lock_fd}< "$(gocrypt_lock_file_path)" || exit 1
|
||||||
|
|
||||||
|
# Always take the exclusive lock while any command is running -- to prevent the close task from running at the same time
|
||||||
|
flock -x $lock_fd
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
help)
|
help)
|
||||||
gocrypt_help
|
gocrypt_help
|
||||||
|
@ -264,3 +283,6 @@ case "$1" in
|
||||||
*)
|
*)
|
||||||
gocrypt_die "Unknown command $1 for gocrypt"
|
gocrypt_die "Unknown command $1 for gocrypt"
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# Manual unlock; not strictly necessary since exit will also release the lock
|
||||||
|
flock -u $lock_fd
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue