Gpg #8
Gpg #8
Conversation
|
This should be good now; rebased on master as of 0.7.2. |
|
Actually hold off; this doesn't do round-tripping, just reading. |
|
Added support for saving, but I want to try to get someone with a security background to review it first. |
| raise Error.new("Decrypting #{path} failed.") unless $?.success? | ||
| new(path, parse(lex(decrypted.split("\n")))) | ||
| elsif File.exists?(path + ".gpg") && system("which gpg > /dev/null") | ||
| read(path + ".gpg") |
There was a problem hiding this comment.
Is this part needed? If so, shouldn't it still check_permissions and do new(path, parse(...))?
There was a problem hiding this comment.
This allows it to transparently use the .gpg version of a netrc file if it's present. If we want the encrypted version only to be used when explicitly requested then we should remove this elsif branch. It's a judgement call. If we do leave it, I think recursing is the right thing here to avoid duplication.
There was a problem hiding this comment.
I guess you could make a good argument against transparently preferring the encrypted version since it makes it impossible to use the unencrypted version if the encrypted one is present. I'm OK with removing the implicit .gpg check if you think that's a problem.
There was a problem hiding this comment.
I can see both sides, are there precedents around this we can lean on to help make the call?
There was a problem hiding this comment.
I think "don't add any magic that can't be disabled" is enough of a principle for me. Updated to remove the magic.
Too much magic can be annoying.
This will use .netrc.gpg if present and if GPG is installed.