commit d738b3bd8b5d452bacb6e73f5a4f5464a212175b
parent a69f84a9fd12a29623a1bebec9d650b403a83d1d
Author: Natasha Kerensikova <natgh@instinctive.eu>
Date: Sun, 23 Nov 2025 18:10:27 +0000
Cross-recipient re-encryption is controlled by RECURSIVE rather than DECISION
Diffstat:
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/spec/action_spec.sh b/spec/action_spec.sh
@@ -1984,7 +1984,6 @@ Describe 'Action Functions'
Describe 'do_reencrypt'
PREFIX="${SHELLSPEC_WORKDIR}/prefix"
- DECISION=default
do_decrypt() {
mocklog do_decrypt "$@"
@@ -2017,6 +2016,7 @@ Describe 'Action Functions'
AfterEach cleanup
It 're-encrypts a single file'
+ DECISION=default
result() {
%text:expand
#|$ scm_begin
@@ -2033,6 +2033,8 @@ Describe 'Action Functions'
End
It 'recursively re-encrypts a directory'
+ DECISION=default
+ RECURSIVE=no
result() {
%text:expand
#|$ scm_begin
@@ -2053,6 +2055,8 @@ Describe 'Action Functions'
End
It 'recursively re-encrypts the whole store as /'
+ DECISION=default
+ RECURSIVE=no
result() {
%text:expand
#|$ scm_begin
@@ -2077,6 +2081,8 @@ Describe 'Action Functions'
End
It 'recursively re-encrypts the whole store as the empty string'
+ DECISION=default
+ RECURSIVE=no
result() {
%text:expand
#|$ scm_begin
@@ -2102,6 +2108,7 @@ Describe 'Action Functions'
It 'asks for confirmation before each file'
DECISION=interactive
+ RECURSIVE=no
YESNO_NEXT=n
yesno() {
mocklog yesno "$@"
diff --git a/src/pashage.sh b/src/pashage.sh
@@ -439,7 +439,9 @@ do_deinit() {
scm_begin
scm_rm "${TARGET}"
if ! [ "${DECISION}" = keep ]; then
+ RECURSIVE=no
do_reencrypt_dir "${PREFIX}/$1"
+ unset RECURSIVE
fi
scm_commit "Deinitialize ${LOC}"
rmdir -p -- "${PREFIX}/$1" 2>/dev/null || true
@@ -770,7 +772,9 @@ do_init() {
printf '%s\n' "$@" >>"${TARGET}"
scm_add "${TARGET#"${PREFIX}/"}"
if ! [ "${DECISION}" = keep ]; then
+ RECURSIVE=no
do_reencrypt_dir "${SUBDIR}"
+ unset RECURSIVE
fi
scm_commit "Set age recipients at ${LOC}"
printf '%s\n' "Password store recipients set at ${LOC}"
@@ -955,6 +959,7 @@ do_list_or_show() {
# Re-encrypts a file or a directory
# $1: entry name
# DECISION: whether to ask before re-encryption
+# RECURSIVE: whether to also re-encrypt subfolders with their own recipients
do_reencrypt() {
scm_begin
@@ -984,11 +989,12 @@ do_reencrypt() {
# Recursively re-encrypts a directory
# $1: absolute directory path
# DECISION: whether to ask before re-encryption
+# RECURSIVE: whether to also re-encrypt subfolders with their own recipients
do_reencrypt_dir() {
for ENTRY in "${1%/}"/*; do
if [ -d "${ENTRY}" ]; then
if ! [ -e "${ENTRY}/.age-recipients" ] \
- || [ "${DECISION}" = force ]
+ || [ "${RECURSIVE}" = yes ]
then
do_reencrypt_dir "${ENTRY}"
fi
@@ -1702,6 +1708,7 @@ cmd_reencrypt() {
DECISION=default
OVERWRITE=yes
PARSE_ERROR=no
+ RECURSIVE=no
while [ $# -ge 1 ]; do
case "$1" in
