commit ca70700ed21b39d87999d27df889121d54dfaf35 from: Alex Arx via: Alex Arch date: Sun Mar 16 08:11:07 2025 UTC use GPM_ENCCMD and GPM_DECCMD instead of GPM_GPG commit - bd38331cd80bd0efb64c0262b10a2a2a0780b999 commit + ca70700ed21b39d87999d27df889121d54dfaf35 blob - b4bd84600ca578708a326c130905f4bcf860b1cc blob + 97ee7d297f1c176c3003c6c17fa32c6fe05c0b01 --- gpm +++ gpm @@ -99,26 +99,28 @@ sub prunetree { # on the command line. sub add { our ($opt_N, $opt_n, $opt_m); - my ($r, $sec, $cmd) = (getrecipient(), '', "$gpg -e"); + my ($r, $sec) = (getrecipient(), ''); - $cmd .= " -r $r" if defined $r; - getopts('Nnm') or usage(); $#ARGV >= 0 or usage(); + my $cmd = $ENV{GPM_ENCCMD} // + "$gpg -e" . (defined $r ? " -r $r" : "") . " --"; + my $outfile = $ARGV[0]; ckpath $outfile or die "bad path: $outfile\n"; -e $outfile and die "$outfile already exists\n"; if (-t STDIN && !$opt_m) { + open TTY, "/dev/tty" || die "couldn't open /dev/tty: $!\n"; system "stty -echo"; print "Secret:"; - $sec = ; + $sec = ; print "\n"; print "Repeat:"; - my $sec2 = ; + my $sec2 = ; print "\n"; if ($opt_n && !$opt_N) { chomp $sec; @@ -126,6 +128,7 @@ sub add { } system "stty echo"; + close TTY; die "Sorry\n" if $sec ne $sec2; undef $sec2; } else { @@ -211,10 +214,18 @@ sub get { my ($Nflag, $nflag) = @_; $#ARGV >= 0 or usage(); my $file = $ARGV[0]; + my $cmd = $ENV{GPM_DECCMD} // "$gpg -d --"; ckpath $file or die "bad path $file\n"; - $file = shellquote(cklegacy $file); - my $out = `$gpg -d $file`; + + open(my $freader, "<", $file) or die "Can't open < $file: $!"; + my $pid = open2(my $cmdreader, my $cmdwriter, $cmd); + print $cmdwriter $_ while (<$freader>); + close $cmdwriter; + close $freader; + my $out = ''; + while (<$cmdreader>) { $out .= $_; } + waitpid $pid, 0; $? == 0 or exit 1; chomp($out) if ($nflag && !$Nflag); @@ -292,6 +303,7 @@ my $cmd = $ARGV[0]; shift @ARGV; $gpg = $opt_g // $ENV{GPM_GPG} // "gpg"; +$gpg = $opt_g // $ENV{GPM_GPG} // "gpg"; my $gpmd = $opt_d // $ENV{GPM_DIR}; unless (defined $gpmd) { blob - 6f001fdb83113a3063e773e87187e652e70289f8 blob + c76d3c2a3348814bae7bf9a3eab0a09a73b04e45 --- gpm.1 +++ gpm.1 @@ -17,11 +17,10 @@ .Os .Sh NAME .Nm gpm -.Nd gpg-based secret (or password) manager +.Nd general secret (or password) manager .Sh SYNOPSIS .Nm .Op Fl d Ar dir -.Op Fl g Ar command .Ar command .Op Ar arg ... .Sh DESCRIPTION @@ -29,7 +28,9 @@ The utility .Nm is a secret manager. Secrets are stored in a directory tree as files, encrypted with -.Xr gpg 1 . +.Xr gpg 1 +or a custom command (see +.Sx ENVIRONMENT ) . .Nm provides several commands for manipulating secrets. Commands may be specified by their shortest unique prefix (all characters @@ -41,12 +42,6 @@ Commands may be preceeded by global options as follows The directory to store and retrieve secrets from. Overrides .Ev GPM_DIR . -.It Fl g Ar command -The -.Xr gpg 1 -command. -Overrides -.Ev GPM_GPG . .El .Pp The @@ -188,9 +183,14 @@ automatically, before any options specified on the com .El .Sh ENVIRONMENT .Bl -tag -width XDG_DATA_HOME -.It Ev GPM_GPG -Shell command to invoke -.Xr gpg 1 . +.It Ev GPM_ENCCMD +Command used for encryption. +.Dq gpg -e \-\- +if not set. +.It Ev GPM_DECCMD +Command used for decryption. +.Dq gpg -d \-\- +if not set. .It Ev GPM_DIR Directory in which the secrets are stored. .It Ev XDG_DATA_HOME