for #811: allow some perm warnings in non-verbose mode (#825)

sobolevn · Apr 16, 2022 · 084a525 · 084a525
1 parent 80ccb42
commit 084a525
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@
 - Adds `SECRETS_GPG_ARMOR` env variable to use `gpg --armor`
   when encrypting files, so secret files are stored
   in text format rather than binary (#631)
-- Suppress fewer permission warnings from gnupg in verbose mode (#811)
+- Allow gnupg permission warnings in `tell`, `hide`, `reveal`, and `removeperson` (#811)
 - `git secret init` now sets `.gitsecret/keys` permission to 0700 (#811)
 
 ### Bugfixes

diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh
@@ -806,7 +806,8 @@ function _decrypt {
   fi
 
   if [[ -z "$_SECRETS_VERBOSE" ]]; then
-    args+=( "--quiet" "--no-permission-warning" )
+    # we no longer use --no-permission-warning here, for #811
+    args+=( "--quiet" )
   fi
 
   set +e   # disable 'set -e' so we can capture exit_code

diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh
@@ -174,9 +174,7 @@ function hide {
           args+=( '--armor' )
         fi
 
-        if [[ -n "$_SECRETS_VERBOSE" ]]; then
-            args+=( '--no-permission-warning' )
-        fi
+        # we no longer use --no-permission-warning here in non-verbose mode, for #811
 
         # we depend on $recipients being split on whitespace
         # shellcheck disable=SC2206

diff --git a/src/commands/git_secret_removeperson.sh b/src/commands/git_secret_removeperson.sh
@@ -31,9 +31,7 @@ function removeperson {
   _assert_keyring_contains_emails_at_least_once "$secrets_dir_keys" "git-secret keyring" "${emails[@]}"
 
   local args=( --homedir "$secrets_dir_keys" --batch --yes )
-  if [[ -n "$_SECRETS_VERBOSE" ]]; then
-    args+=( '--no-permission-warning' )
-  fi
+  # we no longer use --no-permission-warning here in non-verbose mode, for #811
 
   for email in "${emails[@]}"; do
     # see https://github.com/bats-core/bats-core#file-descriptor-3-read-this-if-bats-hangs for info about 3>&-

diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh
@@ -86,8 +86,9 @@ function tell {
       $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" 3>&-
       exit_code=$?
     else
-      # It means that homedir is set as an extra argument via `-d`:
-      $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \
+      # This means that homedir is set as an extra argument via `-d`:
+      # we no longer use --no-permission-warning here, for #811
+      $SECRETS_GPG_COMMAND --homedir="$homedir" \
         --export -a "$email" > "$keyfile" 3>&-
       exit_code=$?
     fi