New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gpg #8
Gpg #8
Conversation
This should be good now; rebased on master as of 0.7.2. |
Actually hold off; this doesn't do round-tripping, just reading. |
Added support for saving, but I want to try to get someone with a security background to review it first. |
raise Error.new("Decrypting #{path} failed.") unless $?.success? | ||
new(path, parse(lex(decrypted.split("\n")))) | ||
elsif File.exists?(path + ".gpg") && system("which gpg > /dev/null") | ||
read(path + ".gpg") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this part needed? If so, shouldn't it still check_permissions and do new(path, parse(...))?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This allows it to transparently use the .gpg
version of a netrc file if it's present. If we want the encrypted version only to be used when explicitly requested then we should remove this elsif
branch. It's a judgement call. If we do leave it, I think recursing is the right thing here to avoid duplication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess you could make a good argument against transparently preferring the encrypted version since it makes it impossible to use the unencrypted version if the encrypted one is present. I'm OK with removing the implicit .gpg
check if you think that's a problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can see both sides, are there precedents around this we can lean on to help make the call?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think "don't add any magic that can't be disabled" is enough of a principle for me. Updated to remove the magic.
Too much magic can be annoying.
This will use .netrc.gpg if present and if GPG is installed.