summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-04 04:07:21 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-04 04:07:21 +0000
commit0f0d95f6f55c918a33ef4ff8f99520cc5100c44e (patch)
tree24edb40e48decf286101ae175b3ce0bd309d7933
parentInitial commit. (diff)
downloadpass-tomb-0f0d95f6f55c918a33ef4ff8f99520cc5100c44e.zip
pass-tomb-0f0d95f6f55c918a33ef4ff8f99520cc5100c44e.tar.xz
Adding upstream version 1.1.upstream/1.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--CHANGELOG.md39
-rw-r--r--LICENSE675
-rw-r--r--Makefile41
-rw-r--r--README.md228
-rwxr-xr-xclose.bash29
-rwxr-xr-xopen.bash29
-rw-r--r--pass-tomb.1246
-rw-r--r--tests/.gitignore2
-rw-r--r--tests/00_create.sh28
-rw-r--r--tests/10_noinit.sh16
-rw-r--r--tests/20_shared.sh15
-rw-r--r--tests/30_subfolder.sh18
-rw-r--r--tests/40_timer.sh52
-rw-r--r--tests/50_errors.sh28
-rw-r--r--tests/60_install.sh27
-rw-r--r--tests/Makefile62
-rw-r--r--tests/aggregate-results71
-rw-r--r--tests/setup122
-rw-r--r--tests/sharness851
-rwxr-xr-xtomb.bash354
20 files changed, 2933 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..51cee91
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,39 @@
+# Changes By Release
+
+All the releases are signed using the GPG key
+[`06A26D531D56C42D66805049C5469996F0DF68EC`](https://pujol.io/keys/)
+
+## 1.1 - 2017-12-10
+
+* Add --force option, force operation (i.e. even if swap is active) #13.
+
+## 1.0 - 2017-05-20
+
+**This is the first stable release.**
+
+**New features**
+* New `-t` option automatically close the password store using a systemd timer.
+* New `-p` option to create & open the password tomb in a subfolder of the password store.
+* New `-n` option to create a password tomb but do not initialise the password store.
+
+**Code Quality**
+* The test suite has been changed from an handmade one to the [sharness](https://github.com/chriscool/sharness) test suite.
+* Added code coverage using [kcov](https://github.com/SimonKagstrom/kcov).
+* The new test suite and code coverage are at the origin of a lot of debugging.
+
+## 0.5 - 2017-04-14
+
+* Added `--no-init` or `-n` option. With this option, pass-tomb create a tomb but do not initialise the password store.
+* Added a quiet mode using `-q`
+* Various spelling corrections and code improvement.
+* **Warning**: `pass-tomb 0.5` still requires `tomb` to be installed from the master branch:
+
+## 0.2 - 2017-02-28
+
+* Add support for password tomb named with extension. See #2
+* Update the way to set ownership when mounting a tomb. See #1
+* Support for the last version of tomb option using GPG key.
+
+## 0.1 - 2017-02-21
+
+* Initial release
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..9a29dbe
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,675 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ pass-tomb
+ Copyright (C) 2017 Alexandre PUJOL
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ pass-tomb Copyright (C) 2017 Alexandre PUJOL
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..98cf482
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,41 @@
+PROG ?= tomb
+PREFIX ?= /usr
+DESTDIR ?=
+LIBDIR ?= $(PREFIX)/lib
+SYSTEM_EXTENSION_DIR ?= $(LIBDIR)/password-store/extensions
+MANDIR ?= $(PREFIX)/share/man
+
+all:
+ @echo "pass-$(PROG) is a shell script and does not need compilation, it can be simply executed."
+ @echo ""
+ @echo "To install it try \"make install\" instead."
+ @echo
+ @echo "To run pass $(PROG) one needs to have some tools installed on the system:"
+ @echo " Tomb and password store"
+
+install:
+ @install -v -d "$(DESTDIR)$(MANDIR)/man1"
+ @install -v -d "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/"
+ @install -v -m 0755 $(PROG).bash "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/$(PROG).bash"
+ @install -v -m 0755 open.bash "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/open.bash"
+ @install -v -m 0755 close.bash "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/close.bash"
+ @install -v -m 0644 pass-$(PROG).1 "$(DESTDIR)$(MANDIR)/man1/pass-$(PROG).1"
+ @echo
+ @echo "pass-$(PROG) is installed succesfully"
+ @echo
+
+uninstall:
+ @rm -vrf \
+ "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/$(PROG).bash" \
+ "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/open.bash" \
+ "$(DESTDIR)$(SYSTEM_EXTENSION_DIR)/close.bash" \
+ "$(DESTDIR)$(MANDIR)/man1/pass-$(PROG).1" \
+
+test:
+ make -C tests
+
+lint:
+ shellcheck -s bash -e SC2181,SC2024 $(PROG).bash
+
+
+.PHONY: install uninstall test lint
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a0b67d2
--- /dev/null
+++ b/README.md
@@ -0,0 +1,228 @@
+<h1 align="center">pass tomb</h1>
+<p align="center">
+ <a href="https://travis-ci.org/roddhjav/pass-tomb">
+ <img src="https://img.shields.io/travis/roddhjav/pass-tomb/master.svg?style=flat-square"
+ alt="Build Status" /></a>
+ <a href="https://coveralls.io/github/roddhjav/pass-tomb">
+ <img src="https://img.shields.io/coveralls/roddhjav/pass-tomb/master.svg?style=flat-square"
+ alt="Code Coverage" /></a>
+ <a href="https://www.codacy.com/app/roddhjav/pass-tomb">
+ <img src="https://img.shields.io/codacy/grade/1c58ea63487a4b82874b05220d500c60/master.svg?style=flat-square"
+ alt="Code Quality" /></a>
+ <a href="https://github.com/roddhjav/pass-tomb/releases/latest">
+ <img src="https://img.shields.io/github/release/roddhjav/pass-tomb.svg?maxAge=600&style=flat-square"
+ alt="Last Release" /></a>
+</p>
+<p align="center">
+A <a href="https://www.passwordstore.org/">pass</a> extension that helps to
+keep the whole tree of password encrypted inside a
+<a href="https://www.dyne.org/software/tomb/">tomb</a>.
+</p>
+
+## Description
+
+Due to the structure of `pass`, file- and directory names are not encrypted in
+the password store. `pass-tomb` provides a convenient solution to put your
+password store in a [tomb][github-tomb] and then keep your password tree
+encrypted when you are not using it.
+
+It uses the same GPG key to encrypt passwords and tomb, therefore you don't need
+to manage more key or secret. Moreover, you can ask pass-tomb to automatically
+close your store after a given time.
+
+**The new workflow is the following:**
+* Create a password tomb with `pass tomb`
+ - Create a new tomb and open it in `~/.password-store`
+ - Initialise the password store with the same GPG key
+* Use tomb as usual
+* When finished, close the password tomb: `pass close`
+* To use pass again, you need to open the password tomb: `pass open`
+
+## Usage
+
+```
+pass tomb 1.1 - A pass extension that helps to keep the whole tree of
+ password encrypted inside a tomb.
+
+Usage:
+ pass tomb [-n] [-t time] [-f] [-p subfolder] gpg-id...
+ Create and initialise a new password tomb
+ Use gpg-id for encryption of both tomb and passwords
+
+ pass open [subfolder] [-t time] [-f]
+ Open a password tomb
+
+ pass close [store]
+ Close a password tomb
+
+Options:
+ -n, --no-init Do not initialise the password store
+ -t, --timer Close the store after a given time
+ -p, --path Create the store for that specific subfolder
+ -f, --force Force operation (i.e. even if swap is active)
+ -q, --quiet Be quiet
+ -v, --verbose Be verbose
+ -d, --debug Print tomb debug messages
+ --unsafe Speed up tomb creation (for testing only)
+ -V, --version Show version information.
+ -h, --help Print this help message and exit.
+
+More information may be found in the pass-tomb(1) man page.
+```
+
+See `man pass-tomb` for more information.
+
+## Examples
+
+**Create a new password tomb**
+```
+$ pass tomb <gpg-id>
+ (*) Your password tomb has been created and opened in ~/.password-store.
+ (*) Password store initialized for <gpg-id>
+ . Your tomb is: ~/.password.tomb
+ . Your tomb key is: ~/.password.key.tomb
+ . You can now use pass as usual.
+ . When finished, close the password tomb using 'pass close'.
+```
+
+**Open a password tomb**
+```
+$ pass open
+ (*) Your password tomb has been opened in ~/.password-store.
+ . You can now use pass as usual.
+ . When finished, close the password tomb using 'pass close'.
+```
+
+**Close a password tomb**
+```
+$ pass close
+ (*) Your password tomb has been closed.
+ . Your passwords remain present in ~/.password.tomb.
+```
+
+**Create a new password tomb and set a timer**
+```
+$ pass tomb <gpg-id> --timer=1h
+ (*) Your password tomb has been created and opened in ~/.password-store.
+ (*) Password store initialized for <gpg-id>
+ . Your tomb is: ~/.password.tomb
+ . Your tomb key is: ~/.password.key.tomb
+ . You can now use pass as usual.
+ . This password store will be closed in 1h
+```
+
+```
+$ pass open
+(*) Your password tomb has been opened in ~/.password-store.
+ . You can now use pass as usual.
+ . This password store will be closed in 1h
+```
+
+**Open a password store and set a timer**
+```
+$ pass open --timer=10min
+ (*) Your password tomb has been opened in ~/.password-store.
+ . You can now use pass as usual.
+ . This password store will be closed in 10min
+```
+
+## Environment Variables
+
+* `PASSWORD_STORE_TOMB`: path to `tomb` executable
+* `PASSWORD_STORE_TOMB_FILE`: path to the password tomb (default: `~/.password.tomb`)
+* `PASSWORD_STORE_TOMB_KEY`: path to the password tomb key file (default: `~/.password.key.tomb`)
+* `PASSWORD_STORE_TOMB_SIZE`: password tomb size in MB (default: `10`)
+
+## Multiple password tombs
+It is possible to create multiple pass tomb and open them separately. You only
+need to set the tomb file, key and the password store directory manually using
+the environment variables:
+
+**Create a tomb**
+```sh
+PASSWORD_STORE_TOMB_FILE=<tomb_path> PASSWORD_STORE_TOMB_KEY=<key_path> PASSWORD_STORE_DIR=<dir_path> pass tomb <gpgid>
+```
+
+**Open/Close a tomb**
+```sh
+PASSWORD_STORE_TOMB_FILE=<tomb_path> PASSWORD_STORE_TOMB_KEY=<key_path> PASSWORD_STORE_DIR=<dir_path> pass open
+PASSWORD_STORE_TOMB_FILE=<tomb_path> PASSWORD_STORE_TOMB_KEY=<key_path> PASSWORD_STORE_DIR=<dir_path> pass close
+```
+
+If you always need a second password store, you can create a pass alias, `pass2` that will manage the second store with in `.bashrc`:
+```sh
+alias pass2='PASSWORD_STORE_TOMB_FILE=<tomb_path> PASSWORD_STORE_TOMB_KEY=<key_path> PASSWORD_STORE_DIR=<dir_path> pass'
+```
+
+## Advanced use
+Using `tomb` to store your password repository, you can take advantage of the
+tomb advanced feature like *steganography* and *private cloud storage*. The
+[tomb website][tomb] provide a good presentation of the features available with
+Tomb. Moreover, you can read my guide on how to use [Tomb with GPG keys][pujol.io-tomb].
+
+## Installation
+
+**Requirements**
+* `pass 1.7.0` or greater.
+* `tomb 2.4` or greater.
+* A `systemd` linux distribution is required to use the timer feature.
+
+**From git**
+```sh
+git clone https://github.com/roddhjav/pass-tomb/
+cd pass-tomb
+sudo make install # Add: PREFIX=/usr/local for OS X
+```
+
+**ArchLinux**
+
+`pass-tomb` is available in the [Arch User Repository][aur].
+```sh
+pacaur -S pass-tomb # or your preferred AUR install method
+```
+
+**Stable version**
+```
+wget https://github.com/roddhjav/pass-tomb/releases/download/v1.1/pass-tomb-1.1.tar.gz
+tar xzf pass-tomb-1.1.tar.gz
+cd pass-tomb-1.1
+sudo make install
+```
+
+[Releases][releases] and commits are signed using [`06A26D531D56C42D66805049C5469996F0DF68EC`][keys].
+You should check the key's fingerprint and verify the signature:
+```sh
+wget https://github.com/roddhjav/pass-tomb/releases/download/v1.1/pass-tomb-1.1.tar.gz.asc
+gpg --recv-keys 06A26D531D56C42D66805049C5469996F0DF68EC
+gpg --verify pass-tomb-1.1.tar.gz.asc
+```
+
+
+## Contribution
+Feedback, contributors, pull requests are all very welcome.
+
+
+## License
+
+ Copyright (C) 2017 Alexandre PUJOL
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+[tomb]: https://www.dyne.org/software/tomb/
+[github-tomb]: https://github.com/dyne/Tomb
+[pujol.io-tomb]: https://pujol.io/blog/tomb-with-gpg-keys/
+[keys]: https://pujol.io/keys
+[aur]: https://aur.archlinux.org/packages/pass-tomb
+[releases]: https://github.com/roddhjav/pass-tomb/releases
+[keybase]: https://keybase.io/roddhjav
diff --git a/close.bash b/close.bash
new file mode 100755
index 0000000..2b5235c
--- /dev/null
+++ b/close.bash
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Tomb manager - Password Store Extension (https://www.passwordstore.org/)
+# Copyright (C) 2017 Alexandre PUJOL <alexandre@pujol.io>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# shellcheck disable=SC2068,SC1090
+
+if [[ -x "${PASSWORD_STORE_EXTENSIONS_DIR}/tomb.bash" ]]; then
+ source "${PASSWORD_STORE_EXTENSIONS_DIR}/tomb.bash"
+elif [[ -x "${SYSTEM_EXTENSION_DIR}/tomb.bash" ]]; then
+ source "${SYSTEM_EXTENSION_DIR}/tomb.bash"
+else
+ die "Unable to load the pass tomb extension."
+fi
+
+cmd_close "$@"
diff --git a/open.bash b/open.bash
new file mode 100755
index 0000000..b402c91
--- /dev/null
+++ b/open.bash
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Tomb manager - Password Store Extension (https://www.passwordstore.org/)
+# Copyright (C) 2017 Alexandre PUJOL <alexandre@pujol.io>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# shellcheck disable=SC2068,SC1090
+
+if [[ -x "${PASSWORD_STORE_EXTENSIONS_DIR}/tomb.bash" ]]; then
+ source "${PASSWORD_STORE_EXTENSIONS_DIR}/tomb.bash"
+elif [[ -x "${SYSTEM_EXTENSION_DIR}/tomb.bash" ]]; then
+ source "${SYSTEM_EXTENSION_DIR}/tomb.bash"
+else
+ die "Unable to load the pass tomb extension."
+fi
+
+cmd_open "$@"
diff --git a/pass-tomb.1 b/pass-tomb.1
new file mode 100644
index 0000000..604ad18
--- /dev/null
+++ b/pass-tomb.1
@@ -0,0 +1,246 @@
+.TH pass-tomb 1 "May 2017" "pass-tomb"
+
+.SH NAME
+pass tomb - A \fBpass\fP(1) extension that helps to keep the whole tree of
+password encrypted inside a \fBtomb\fP(1).
+
+.SH SYNOPSIS
+\fBpass tomb\fP [args] gpgid...
+.br
+\fBpass open \fP [args]
+.br
+\fBpass close\fP [args]
+
+.SH DESCRIPTION
+Due to the structure of \fBpass\fP(1), file- and directory names are not encrypted
+in the password store. \fBpass tomb\fP provides a convenient solution to put your
+password store in a \fBtomb\fP(1) and then keep your password tree encrypted
+when you are not using it.
+
+It uses the same GPG key to encrypt passwords and tomb, therefore you don't need
+to manage more key or secret. Moreover, you can ask pass-tomb to automatically
+close your store after a given time.
+
+.TP
+.B The new workflow is the following:
+.IP
+1. Create a password tomb with \fBpass tomb\fP. It creates a new tomb and opens it
+in ~/.password-store. Then it initialises the password repository with the same
+GPG key.
+.IP
+2. Use tomb as usual.
+.IP
+3. When finished close the password tomb: \fBpass close\fP.
+.IP
+4. To use pass again, you need to open the password tomb: \fBpass open\fP.
+
+
+.SH COMMAND
+
+.TP
+\fBpass tomb\fP [ \fI--no-init\fP, \fI-n\fP ] [\fI--timer=time\fP, \fI-t time\fP]
+ [ \fI--path=subfolder\fP, \fI-p subfolder\fP ] [\fI--force\fP, \fI-f\fP] \fIgpg-id...\fP
+
+Create and initialise a new password tomb. This command must be run first,
+before a password store can be used.
+
+Use
+.I gpg-id
+for encryption of both passwords and tomb. Multiple gpg-ids may be specified,
+in order to encrypt the tomb and each password with multiple ids.
+
+If \fI--path\fP or \fI-p\fP is specified, along with an argument,
+a specific password tomb using gpg-id or a set of gpg-ids is assigned for that
+specific subfolder of the password store.
+
+If \fI--no-init\fP, \fI-n\fP is specified, do not initialise the password store.
+By default, pass-tomb initialises the password store with the same key(s) it
+generated the tomb. The purpose of this option is to let the user free to
+initialise the password store with a different key or set of keys.
+
+If \fI--timer\fP, \fI-t\fP is specified, along with an argument, the password
+store will be automatically closed using a systemd timer after a given time. This
+time will be saved in the .timer file present in the store.
+
+If \fI--force\fP is specified, the password store will create or mount the
+password store even if a plain text swap is present. Make sure you know what you
+are doing if you force an operation.
+
+.TP
+\fBpass open\fP [\fI--timer=time\fP, \fI-t time\fP] [\fI--force\fP, \fI-f\fP] [\fIsubfolder\fP]
+Open a password tomb. If a .timer file is present in the store, a systemd timer
+will be initialized.
+
+If \fI--timer\fP, \fI-t\fP is specified, along with an
+argument, the password store will be automatically closed using a systemd timer
+after a given time. If a .time file was already present in the store, this time will be updated.
+
+If \fI--force\fP is specified, the password store will create or mount the
+password store even if a plain text swap is present. Make sure you know what you
+are doing if you force an operation.
+
+If \fIsubfolder\fP is specified, the password store will be opened in the subfolder.
+
+.TP
+\fBpass close\fP [\fIstore\fP]
+Close a password tomb.
+
+If \fIstore\fP is specified, pass close will try to close this store.
+
+.SH OPTIONS
+.TP
+\fB\-n\fB, \-\-no-init\fR
+Do not initialise the password store
+
+.TP
+\fB\-t\fB, \-\-timer\fR
+Close the store after a given time
+
+.TP
+\fB\-p\fB, \-\-path\fR
+Create the store for that specific subfolder
+
+.TP
+\fB\-f\fB, \-\-force\fR
+Force the tomb operations (i.e. even if swap is active)
+
+.TP
+\fB\-q\fB, \-\-quiet\fR
+Be quiet
+
+.TP
+\fB\-v\fB, \-\-verbose\fR
+Be verbose
+
+.TP
+\fB\-d\fB, \-\-debug\fR
+Print tomb debug messages
+
+.TP
+\fB\-\-unsafe\fR
+Speed up tomb creation (for testing purposes only)
+
+.TP
+\fB\-V\fB, \-\-version\fR
+Show version information
+
+.TP
+\fB\-h\fB, \-\-help\fR
+Show usage message
+
+
+.SH EXAMPLES
+.TP
+Create a new password tomb
+.B zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com
+.br
+ (*) Your password tomb has been created and opened in ~/.password-store.
+.br
+ (*) Password store initialised for Jason@zx2c4.com.
+.br
+ . Your tomb is: ~/.password.tomb
+.br
+ . Your tomb key is: ~/.password.key.tomb
+.br
+ . You can now use pass as usual.
+.br
+ . When finished, close the password tomb using 'pass close'.
+
+.TP
+Open a password tomb
+.B zx2c4@laptop ~ $ pass open
+.br
+ (*) Your password tomb has been opened in ~/.password-store.
+.br
+ . You can now use pass as usual.
+.br
+ . When finished, close the password tomb using 'pass close'.
+
+.TP
+Close a password tomb
+.B zx2c4@laptop ~ $ pass close
+.br
+ (*) Your password tomb has been closed.
+.br
+ . Your passwords remain present in ~/.password.tomb.
+
+.TP
+Create a new password tomb and set a timer
+.B zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com --timer=1h
+.br
+ (*) Your password tomb has been created and opened in ~/.password-store.
+.br
+ (*) Password store initialised for Jason@zx2c4.com.
+.br
+ . Your tomb is: ~/.password.tomb
+.br
+ . Your tomb key is: ~/.password.key.tomb
+.br
+ . You can now use pass as usual.
+.br
+ . This password store will be closed in 1h
+.br
+.B zx2c4@laptop ~ $ pass open
+.br
+ (*) Your password tomb has been opened in ~/.password-store.
+.br
+ . You can now use pass as usual.
+.br
+ . This password store will be closed in 1h
+
+.TP
+Open a password tomb and set a timer
+.B zx2c4@laptop ~ $ pass open
+.br
+ (*) Your password tomb has been opened in ~/.password-store.
+.br
+ . You can now use pass as usual.
+.br
+ . This password store will be closed in 10min
+
+
+
+.SH ENVIRONMENT VARIABLES
+.TP
+.I PASSWORD_STORE_TOMB
+Path to tomb executable
+.TP
+.I PASSWORD_STORE_TOMB_FILE
+Path to the password tomb, by default \fI~/.password.tomb\fP
+.TP
+.I PASSWORD_STORE_TOMB_KEY
+Path to the password tomb key file by default \fI~/.password.key.tomb\fP
+.TP
+.I PASSWORD_STORE_TOMB_SIZE
+Password tomb size in MB, by default \fI10\fP
+
+
+.SH SEE ALSO
+.BR pass(1),
+.BR tomb(1),
+.BR pass-import(1),
+.BR pass-update(1),
+.BR pass-otp(1)
+
+
+.SH AUTHORS
+.B pass tomb
+was written by
+.MT alexandre@pujol.io
+Alexandre Pujol
+.ME .
+
+
+.SH COPYING
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
diff --git a/tests/.gitignore b/tests/.gitignore
new file mode 100644
index 0000000..389e85f
--- /dev/null
+++ b/tests/.gitignore
@@ -0,0 +1,2 @@
+gnupg/
+test-results/
diff --git a/tests/00_create.sh b/tests/00_create.sh
new file mode 100644
index 0000000..aa4894e
--- /dev/null
+++ b/tests/00_create.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb creation"
+
+source ./setup
+test_cleanup
+
+test_export "password"
+test_expect_success 'Password tomb creation & populate' '
+ _pass tomb $KEY1 --verbose --unsafe &&
+ _pass_populate &&
+ _pass close
+ '
+
+test_expect_success 'Password tomb open & close' '
+ _pass open &&
+ _pass close
+ '
+
+test_expect_success 'Password tomb creation with plain swap' '
+ sudo swapon -a &&
+ _pass open --force &&
+ _pass close &&
+ sudo swapoff -a
+ '
+
+test_done
diff --git a/tests/10_noinit.sh b/tests/10_noinit.sh
new file mode 100644
index 0000000..78261fd
--- /dev/null
+++ b/tests/10_noinit.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb without store initialisation."
+
+source ./setup
+
+test_export "noinit"
+test_expect_success 'Testing password store creation without store initialisation' '
+ _pass tomb $KEY1 --no-init --verbose --unsafe &&
+ _pass init $KEY2 &&
+ _pass_populate &&
+ _pass close
+ '
+
+test_done
diff --git a/tests/20_shared.sh b/tests/20_shared.sh
new file mode 100644
index 0000000..9c4722d
--- /dev/null
+++ b/tests/20_shared.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb with shared keys."
+
+source ./setup
+
+test_export "shared"
+test_expect_success 'Testing a shared password tomb' '
+ _pass tomb $KEY1 $KEY2 $KEY3 --verbose --unsafe &&
+ _pass_populate &&
+ _pass close
+ '
+
+test_done
diff --git a/tests/30_subfolder.sh b/tests/30_subfolder.sh
new file mode 100644
index 0000000..b693565
--- /dev/null
+++ b/tests/30_subfolder.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb in subfolder."
+
+source ./setup
+
+test_export "subfolder"
+test_expect_success 'Testing password tomb in subfolder' '
+ path=perso &&
+ _pass tomb $KEY1 --path=$path --verbose --unsafe &&
+ _pass_populate $path &&
+ _pass close &&
+ _pass open $path &&
+ _pass close
+ '
+
+test_done
diff --git a/tests/40_timer.sh b/tests/40_timer.sh
new file mode 100644
index 0000000..90c5c8e
--- /dev/null
+++ b/tests/40_timer.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb with timer."
+
+source ./setup
+
+_tomb_unmounted() {
+ local name="$1"
+ test -z "$(mount -l | grep /dev/mapper/tomb.$name)"
+ return $?
+}
+
+if test_have_prereq SYSTEMD; then
+
+ test_export "timer"
+ test_expect_success 'Testing timer: password store creation' '
+ _pass tomb $KEY1 --timer=20s --verbose --unsafe &&
+ [[ -e $PASSWORD_STORE_DIR/.timer ]] &&
+ [[ "$(cat $PASSWORD_STORE_DIR/.timer)" == "20s" ]]
+ '
+
+ test_export "password" # Using already generated tomb
+ test_expect_success 'Testing timer: password store opening with given time' '
+ _pass open --timer=20s --verbose &&
+ [[ "$(cat $PASSWORD_STORE_DIR/.timer)" == "20s" ]]
+ '
+
+ test_export "shared" # Using already generated tomb
+ test_expect_success 'Testing timer: ensure password store is open long enough' '
+ _pass open --timer=20s --verbose &&
+ [[ -e $PASSWORD_STORE_DIR/.timer ]] &&
+ [[ "$(cat $PASSWORD_STORE_DIR/.timer)" == "20s" ]] &&
+ sleep 10s &&
+ test_must_fail _tomb_unmounted "shared"
+ '
+
+ sleep 30s
+ test_expect_success 'Testing timer: ensure all password store are closed' '
+ _tomb_unmounted "timer" &&
+ _tomb_unmounted "password"
+ '
+
+ test_export "timer" # Using already generated tomb
+ test_expect_success 'Testing timer: password store opening' '
+ _pass open --verbose &&
+ sleep 40s &&
+ _tomb_unmounted
+ '
+fi
+
+test_done
diff --git a/tests/50_errors.sh b/tests/50_errors.sh
new file mode 100644
index 0000000..124a6ed
--- /dev/null
+++ b/tests/50_errors.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb errors handling."
+
+source ./setup
+
+test_export "invalidkey"
+test_expect_success 'Password tomb creation with invalid key' '
+ test_must_fail _pass tomb $KEY_INVALID --debug --unsafe
+ '
+
+test_expect_success 'Testing store creation with a public key' '
+ test_must_fail _pass tomb $KEY_PUBLIC --verbose --unsafe
+ '
+
+test_expect_success 'Testing wrong tomb parameters' '
+ PASSWORD_STORE_TOMB_SIZE=5 test_must_fail _pass tomb $KEY1 --quiet --unsafe &&
+ PASSWORD_STORE_TOMB_FILE="$TMP/password.tomb" test_must_fail _pass tomb $KEY1 --quiet --unsafe &&
+ PASSWORD_STORE_TOMB_KEY="$TMP/password.key" test_must_fail _pass tomb $KEY1 --quiet --unsafe
+ '
+
+test_expect_success 'Testing help messages' '
+ _pass tomb --help &&
+ _pass tomb --version
+ '
+
+test_done
diff --git a/tests/60_install.sh b/tests/60_install.sh
new file mode 100644
index 0000000..7f90cdd
--- /dev/null
+++ b/tests/60_install.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2016,SC1091
+
+export test_description="pass-tomb installation."
+
+source ./setup
+
+test_export "password" # Using already generated tomb
+
+if test_have_prereq TRAVIS; then
+ test_expect_success 'Testing install.' '
+ sudo make --directory=$EXT_HOME install
+ '
+
+ export PASSWORD_STORE_ENABLE_EXTENSIONS=''
+ export PASSWORD_STORE_EXTENSIONS_DIR=''
+ test_expect_success 'Testing installated extension.' '
+ _pass open &&
+ _pass close
+ '
+
+ test_expect_success 'Testing uninstall.' '
+ sudo make --directory=$EXT_HOME uninstall
+ '
+fi
+
+test_done
diff --git a/tests/Makefile b/tests/Makefile
new file mode 100644
index 0000000..8c22656
--- /dev/null
+++ b/tests/Makefile
@@ -0,0 +1,62 @@
+# Run tests
+#
+# Copyright (c) 2011-2012 Mathias Lafeldt
+# Copyright (c) 2005-2012 Git project
+# Copyright (c) 2005-2012 Junio C Hamano
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/ .
+
+SHELL := /bin/bash
+SHELL_PATH ?= $(SHELL)
+SHELL_PATH_SQ = $(subst ','\'',$(SHELL_PATH))
+RM ?= rm -f
+PROVE ?= prove
+AGGREGATE_SCRIPT ?= aggregate-results
+DEFAULT_TEST_TARGET ?= test
+TEST_OPTS ?= --verbose --immediate --chain-lint --root=/tmp/sharness
+
+T = $(sort $(wildcard *.sh))
+
+all: $(DEFAULT_TEST_TARGET)
+
+test: pre-clean
+ $(MAKE) aggregate-results-and-cleanup
+
+prove: pre-clean
+ @echo "*** prove ***"; $(PROVE) --exec '$(SHELL_PATH_SQ)' $(PROVE_OPTS) $(T) :: $(TEST_OPTS)
+ $(MAKE) clean-except-prove-cache
+
+$(T):
+ @echo "*** $@ ***"; '$(SHELL_PATH_SQ)' $@ $(TEST_OPTS)
+
+pre-clean:
+ $(RM) -r test-results
+
+clean-except-prove-cache:
+ $(RM) -r 'trash directory'.* test-results
+
+clean: clean-except-prove-cache
+ $(RM) .prove
+
+aggregate-results-and-cleanup: $(T)
+ $(MAKE) aggregate-results
+ $(MAKE) clean
+
+aggregate-results:
+ for f in test-results/*.counts; do \
+ echo "$$f"; \
+ done | '$(SHELL_PATH_SQ)' '$(AGGREGATE_SCRIPT)'
+
+.PHONY: all test prove $(T) pre-clean clean
+.PHONY: aggregate-results-and-cleanup aggregate-results
diff --git a/tests/aggregate-results b/tests/aggregate-results
new file mode 100644
index 0000000..288f29a
--- /dev/null
+++ b/tests/aggregate-results
@@ -0,0 +1,71 @@
+#!/bin/bash
+#
+# Copyright (c) 2008-2012 Git project
+# 2017 Alexandre PUJOL <alexandre@pujol.io>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/ .
+
+COVERAGE="true"
+if [[ "$COVERAGE" == "true" ]]; then
+ KCOV="$(which kcov)"
+ if [[ ! -e "$KCOV" ]]; then
+ echo "Could not find kcov command"
+ exit 1
+ fi
+ TMP="/tmp/pass-tomb"
+ COVERED=($(find $TMP/*.sh -maxdepth 0 -type d))
+ [[ -z "$TRAVIS_JOB_ID" ]] || TRAVIS="--coveralls-id=$TRAVIS_JOB_ID"
+ "$KCOV" $TRAVIS --merge "$TMP/kcov" "${COVERED[@]}"
+fi
+
+failed_tests=
+fixed=0
+success=0
+failed=0
+broken=0
+total=0
+
+while read file; do
+ while read type value; do
+ case $type in
+ '')
+ continue ;;
+ fixed)
+ fixed=$(($fixed + $value)) ;;
+ success)
+ success=$(($success + $value)) ;;
+ failed)
+ failed=$(($failed + $value))
+ if test $value != 0; then
+ test_name=$(expr "$file" : 'test-results/\(.*\)\.[0-9]*\.counts')
+ failed_tests="$failed_tests $test_name"
+ fi
+ ;;
+ broken)
+ broken=$(($broken + $value)) ;;
+ total)
+ total=$(($total + $value)) ;;
+ esac
+ done <"$file"
+done
+
+if test -n "$failed_tests"; then
+ printf "\nfailed test(s):$failed_tests\n\n"
+fi
+
+printf "%-8s%d\n" fixed $fixed
+printf "%-8s%d\n" success $success
+printf "%-8s%d\n" failed $failed
+printf "%-8s%d\n" broken $broken
+printf "%-8s%d\n" total $total
diff --git a/tests/setup b/tests/setup
new file mode 100644
index 0000000..b1d8299
--- /dev/null
+++ b/tests/setup
@@ -0,0 +1,122 @@
+#!/usr/bin/env bash
+# Tomb manager - Password Store Extension (https://www.passwordstore.org/)
+# Copyright (C) 2017 Alexandre PUJOL <alexandre@pujol.io>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# This file should be sourced by all test-scripts
+#
+# This scripts sets the following:
+# $PASS Full path to password-store script to test
+# $GPG Name of gpg executable
+# $KEY{1..5} GPG key ids of testing keys
+# $TEST_HOME This folder
+#
+
+# shellcheck disable=SC1091
+
+# Project directories
+TEST_HOME="$(pwd)"
+EXT_HOME="$(dirname "$TEST_HOME")"
+
+
+# Check dependencies
+_die() { echo "${@}" && exit 1; }
+PASS="$(which pass)"; TOMB="$(which tomb)"; GPG="$(which gpg)"; COVERAGE="true"
+[[ -e "$PASS" ]] || _die "Could not find pass command"
+[[ -e "$TOMB" ]] || _die "Could not find tomb command"
+if [[ ! -e "$GPG" ]]; then
+ if which gpg2 &>/dev/null; then
+ GPG="gpg2"
+ else
+ _die "Could not find gpg command"
+ fi
+fi
+if [[ "$COVERAGE" == "true" ]]; then
+ KCOV="$(which kcov)"; [[ -e "$KCOV" ]] || _die "Could not find kcov command"
+ _pass() { "$KCOV" --exclude-path="$PASS" "$TMP/$0" "$PASS" "${@}"; }
+else
+ _pass() { "$PASS" "${@}"; }
+fi
+
+
+# sharness config
+source ./sharness
+export TMP="/tmp/pass-tomb"
+
+
+# Check for auxiliary programs
+[[ -z "$TRAVIS_JOB_ID" ]] || test_set_prereq TRAVIS
+command -v systemd-run > /dev/null && test_set_prereq SYSTEMD
+
+
+# Prepare pass config vars
+unset PASSWORD_STORE_DIR
+unset PASSWORD_STORE_KEY
+unset PASSWORD_STORE_GIT
+unset PASSWORD_STORE_GPG_OPTS
+unset PASSWORD_STORE_X_SELECTION
+unset PASSWORD_STORE_CLIP_TIME
+unset PASSWORD_STORE_UMASK
+unset PASSWORD_STORE_GENERATED_LENGTH
+unset PASSWORD_STORE_CHARACTER_SET
+unset PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS
+unset PASSWORD_STORE_ENABLE_EXTENSIONS
+unset PASSWORD_STORE_EXTENSIONS_DIR
+unset PASSWORD_STORE_SIGNING_KEY
+unset PASSWORD_STORE_TOMB
+unset PASSWORD_STORE_TOMB_FILE
+unset PASSWORD_STORE_TOMB_KEY
+unset GNUPGHOME
+unset EDITOR
+
+export PASSWORD_STORE_ENABLE_EXTENSIONS=true
+export PASSWORD_STORE_EXTENSIONS_DIR="$EXT_HOME"
+export PASSWORD_STORE_TOMB="$TOMB"
+
+
+# GnuPG config
+unset GPG_AGENT_INFO
+export GNUPGHOME="$TEST_HOME/gnupg/"
+export KEY1="D4C78DB7920E1E27F5416B81CC9DB947CF90C77B"
+export KEY2="70BD448330ACF0653645B8F2B4DDBFF0D774A374"
+export KEY3="62EBE74BE834C2EC71E6414595C4B715EB7D54A8"
+export KEY4="9378267629F989A0E96677B7976DD3D6E4691410"
+export KEY5="4D2AFBDE67C60F5999D143AFA6E073D439E5020C"
+export KEY_PUBLIC="6E2AA5413833357EF9CA5F16D1F2750C5B995BE4"
+export KEY_INVALID="8BEB79760D3D8748267E27F5416BFF9987DB13AF"
+chmod 700 "$GNUPGHOME"
+
+
+# Test helpers
+
+_pass_populate() {
+ local path=""
+ [[ -z "$1" ]] || path="$1/"
+ pass generate "${path}Tests/user1"
+ pass generate "${path}Tests/user2"
+}
+
+test_cleanup() {
+ "$TOMB" slam all &> /dev/null
+ sudo rm -rf "$TMP"
+ mkdir -p "$TMP"
+}
+
+test_export() {
+ export testname="$1"
+ export PASSWORD_STORE_DIR="$TMP/${testname}-store"
+ export PASSWORD_STORE_TOMB_FILE="$TMP/${testname}.tomb"
+ export PASSWORD_STORE_TOMB_KEY="$TMP/${testname}.key"
+}
diff --git a/tests/sharness b/tests/sharness
new file mode 100644
index 0000000..1d57ce9
--- /dev/null
+++ b/tests/sharness
@@ -0,0 +1,851 @@
+#!/bin/sh
+#
+# Copyright (c) 2011-2012 Mathias Lafeldt
+# Copyright (c) 2005-2012 Git project
+# Copyright (c) 2005-2012 Junio C Hamano
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/ .
+
+# Public: Current version of Sharness.
+SHARNESS_VERSION="1.0.0"
+export SHARNESS_VERSION
+
+# Public: The file extension for tests. By default, it is set to "t".
+: ${SHARNESS_TEST_EXTENSION:=t}
+export SHARNESS_TEST_EXTENSION
+
+# Reset TERM to original terminal if found, otherwise save orignal TERM
+[ "x" = "x$SHARNESS_ORIG_TERM" ] &&
+ SHARNESS_ORIG_TERM="$TERM" ||
+ TERM="$SHARNESS_ORIG_TERM"
+# Public: The unsanitized TERM under which sharness is originally run
+export SHARNESS_ORIG_TERM
+
+# Export SHELL_PATH
+: ${SHELL_PATH:=$SHELL}
+export SHELL_PATH
+
+# For repeatability, reset the environment to a known state.
+# TERM is sanitized below, after saving color control sequences.
+LANG=C
+LC_ALL=C
+PAGER=cat
+TZ=UTC
+EDITOR=:
+export LANG LC_ALL PAGER TZ EDITOR
+unset VISUAL CDPATH GREP_OPTIONS
+
+# Line feed
+LF='
+'
+
+[ "x$TERM" != "xdumb" ] && (
+ [ -t 1 ] &&
+ tput bold >/dev/null 2>&1 &&
+ tput setaf 1 >/dev/null 2>&1 &&
+ tput sgr0 >/dev/null 2>&1
+ ) &&
+ color=t
+
+while test "$#" -ne 0; do
+ case "$1" in
+ -d|--d|--de|--deb|--debu|--debug)
+ debug=t; shift ;;
+ -i|--i|--im|--imm|--imme|--immed|--immedi|--immedia|--immediat|--immediate)
+ immediate=t; shift ;;
+ -l|--l|--lo|--lon|--long|--long-|--long-t|--long-te|--long-tes|--long-test|--long-tests)
+ TEST_LONG=t; export TEST_LONG; shift ;;
+ --in|--int|--inte|--inter|--intera|--interac|--interact|--interacti|--interactiv|--interactive|--interactive-|--interactive-t|--interactive-te|--interactive-tes|--interactive-test|--interactive-tests):
+ TEST_INTERACTIVE=t; export TEST_INTERACTIVE; verbose=t; shift ;;
+ -h|--h|--he|--hel|--help)
+ help=t; shift ;;
+ -v|--v|--ve|--ver|--verb|--verbo|--verbos|--verbose)
+ verbose=t; shift ;;
+ -q|--q|--qu|--qui|--quie|--quiet)
+ # Ignore --quiet under a TAP::Harness. Saying how many tests
+ # passed without the ok/not ok details is always an error.
+ test -z "$HARNESS_ACTIVE" && quiet=t; shift ;;
+ --chain-lint)
+ chain_lint=t; shift ;;
+ --no-chain-lint)
+ chain_lint=; shift ;;
+ --no-color)
+ color=; shift ;;
+ --root=*)
+ root=$(expr "z$1" : 'z[^=]*=\(.*\)')
+ shift ;;
+ *)
+ echo "error: unknown test option '$1'" >&2; exit 1 ;;
+ esac
+done
+
+if test -n "$color"; then
+ # Save the color control sequences now rather than run tput
+ # each time say_color() is called. This is done for two
+ # reasons:
+ # * TERM will be changed to dumb
+ # * HOME will be changed to a temporary directory and tput
+ # might need to read ~/.terminfo from the original HOME
+ # directory to get the control sequences
+ # Note: This approach assumes the control sequences don't end
+ # in a newline for any terminal of interest (command
+ # substitutions strip trailing newlines). Given that most
+ # (all?) terminals in common use are related to ECMA-48, this
+ # shouldn't be a problem.
+ say_color_error=$(tput bold; tput setaf 1) # bold red
+ say_color_skip=$(tput setaf 4) # blue
+ say_color_warn=$(tput setaf 3) # brown/yellow
+ say_color_pass=$(tput setaf 2) # green
+ say_color_info=$(tput setaf 6) # cyan
+ say_color_reset=$(tput sgr0)
+ say_color_="" # no formatting for normal text
+ say_color() {
+ test -z "$1" && test -n "$quiet" && return
+ eval "say_color_color=\$say_color_$1"
+ shift
+ printf "%s\\n" "$say_color_color$*$say_color_reset"
+ }
+else
+ say_color() {
+ test -z "$1" && test -n "$quiet" && return
+ shift
+ printf "%s\n" "$*"
+ }
+fi
+
+TERM=dumb
+export TERM
+
+error() {
+ say_color error "error: $*"
+ EXIT_OK=t
+ exit 1
+}
+
+say() {
+ say_color info "$*"
+}
+
+test -n "$test_description" || error "Test script did not set test_description."
+
+if test "$help" = "t"; then
+ echo "$test_description"
+ exit 0
+fi
+
+exec 5>&1
+exec 6<&0
+if test "$verbose" = "t"; then
+ exec 4>&2 3>&1
+else
+ exec 4>/dev/null 3>/dev/null
+fi
+
+test_failure=0
+test_count=0
+test_fixed=0
+test_broken=0
+test_success=0
+
+die() {
+ code=$?
+ if test -n "$EXIT_OK"; then
+ exit $code
+ else
+ echo >&5 "FATAL: Unexpected exit with code $code"
+ exit 1
+ fi
+}
+
+EXIT_OK=
+trap 'die' EXIT
+
+# Public: Define that a test prerequisite is available.
+#
+# The prerequisite can later be checked explicitly using test_have_prereq or
+# implicitly by specifying the prerequisite name in calls to test_expect_success
+# or test_expect_failure.
+#
+# $1 - Name of prerequiste (a simple word, in all capital letters by convention)
+#
+# Examples
+#
+# # Set PYTHON prerequisite if interpreter is available.
+# command -v python >/dev/null && test_set_prereq PYTHON
+#
+# # Set prerequisite depending on some variable.
+# test -z "$NO_GETTEXT" && test_set_prereq GETTEXT
+#
+# Returns nothing.
+test_set_prereq() {
+ satisfied_prereq="$satisfied_prereq$1 "
+}
+satisfied_prereq=" "
+
+# Public: Check if one or more test prerequisites are defined.
+#
+# The prerequisites must have previously been set with test_set_prereq.
+# The most common use of this is to skip all the tests if some essential
+# prerequisite is missing.
+#
+# $1 - Comma-separated list of test prerequisites.
+#
+# Examples
+#
+# # Skip all remaining tests if prerequisite is not set.
+# if ! test_have_prereq PERL; then
+# skip_all='skipping perl interface tests, perl not available'
+# test_done
+# fi
+#
+# Returns 0 if all prerequisites are defined or 1 otherwise.
+test_have_prereq() {
+ # prerequisites can be concatenated with ','
+ save_IFS=$IFS
+ IFS=,
+ set -- $*
+ IFS=$save_IFS
+
+ total_prereq=0
+ ok_prereq=0
+ missing_prereq=
+
+ for prerequisite; do
+ case "$prerequisite" in
+ !*)
+ negative_prereq=t
+ prerequisite=${prerequisite#!}
+ ;;
+ *)
+ negative_prereq=
+ esac
+
+ total_prereq=$(($total_prereq + 1))
+ case "$satisfied_prereq" in
+ *" $prerequisite "*)
+ satisfied_this_prereq=t
+ ;;
+ *)
+ satisfied_this_prereq=
+ esac
+
+ case "$satisfied_this_prereq,$negative_prereq" in
+ t,|,t)
+ ok_prereq=$(($ok_prereq + 1))
+ ;;
+ *)
+ # Keep a list of missing prerequisites; restore
+ # the negative marker if necessary.
+ prerequisite=${negative_prereq:+!}$prerequisite
+ if test -z "$missing_prereq"; then
+ missing_prereq=$prerequisite
+ else
+ missing_prereq="$prerequisite,$missing_prereq"
+ fi
+ esac
+ done
+
+ test $total_prereq = $ok_prereq
+}
+
+# You are not expected to call test_ok_ and test_failure_ directly, use
+# the text_expect_* functions instead.
+
+test_ok_() {
+ test_success=$(($test_success + 1))
+ say_color "" "ok $test_count - $@"
+}
+
+test_failure_() {
+ test_failure=$(($test_failure + 1))
+ say_color error "not ok $test_count - $1"
+ shift
+ echo "$@" | sed -e 's/^/# /'
+ test "$immediate" = "" || { EXIT_OK=t; exit 1; }
+}
+
+test_known_broken_ok_() {
+ test_fixed=$(($test_fixed + 1))
+ say_color error "ok $test_count - $@ # TODO known breakage vanished"
+}
+
+test_known_broken_failure_() {
+ test_broken=$(($test_broken + 1))
+ say_color warn "not ok $test_count - $@ # TODO known breakage"
+}
+
+# Public: Execute commands in debug mode.
+#
+# Takes a single argument and evaluates it only when the test script is started
+# with --debug. This is primarily meant for use during the development of test
+# scripts.
+#
+# $1 - Commands to be executed.
+#
+# Examples
+#
+# test_debug "cat some_log_file"
+#
+# Returns the exit code of the last command executed in debug mode or 0
+# otherwise.
+test_debug() {
+ test "$debug" = "" || eval "$1"
+}
+
+# Public: Stop execution and start a shell.
+#
+# This is useful for debugging tests and only makes sense together with "-v".
+# Be sure to remove all invocations of this command before submitting.
+test_pause() {
+ if test "$verbose" = t; then
+ "$SHELL_PATH" <&6 >&3 2>&4
+ else
+ error >&5 "test_pause requires --verbose"
+ fi
+}
+
+test_eval_() {
+ # This is a separate function because some tests use
+ # "return" to end a test_expect_success block early.
+ case ",$test_prereq," in
+ *,INTERACTIVE,*)
+ eval "$*"
+ ;;
+ *)
+ eval </dev/null >&3 2>&4 "$*"
+ ;;
+ esac
+}
+
+test_run_() {
+ test_cleanup=:
+ expecting_failure=$2
+ test_eval_ "$1"
+ eval_ret=$?
+
+ if test "$chain_lint" = "t"; then
+ test_eval_ "(exit 117) && $1"
+ if test "$?" != 117; then
+ error "bug in the test script: broken &&-chain: $1"
+ fi
+ fi
+
+ if test -z "$immediate" || test $eval_ret = 0 || test -n "$expecting_failure"; then
+ test_eval_ "$test_cleanup"
+ fi
+ if test "$verbose" = "t" && test -n "$HARNESS_ACTIVE"; then
+ echo ""
+ fi
+ return "$eval_ret"
+}
+
+test_skip_() {
+ test_count=$(($test_count + 1))
+ to_skip=
+ for skp in $SKIP_TESTS; do
+ case $this_test.$test_count in
+ $skp)
+ to_skip=t
+ break
+ esac
+ done
+ if test -z "$to_skip" && test -n "$test_prereq" && ! test_have_prereq "$test_prereq"; then
+ to_skip=t
+ fi
+ case "$to_skip" in
+ t)
+ of_prereq=
+ if test "$missing_prereq" != "$test_prereq"; then
+ of_prereq=" of $test_prereq"
+ fi
+
+ say_color skip >&3 "skipping test: $@"
+ say_color skip "ok $test_count # skip $1 (missing $missing_prereq${of_prereq})"
+ : true
+ ;;
+ *)
+ false
+ ;;
+ esac
+}
+
+# Public: Run test commands and expect them to succeed.
+#
+# When the test passed, an "ok" message is printed and the number of successful
+# tests is incremented. When it failed, a "not ok" message is printed and the
+# number of failed tests is incremented.
+#
+# With --immediate, exit test immediately upon the first failed test.
+#
+# Usually takes two arguments:
+# $1 - Test description
+# $2 - Commands to be executed.
+#
+# With three arguments, the first will be taken to be a prerequisite:
+# $1 - Comma-separated list of test prerequisites. The test will be skipped if
+# not all of the given prerequisites are set. To negate a prerequisite,
+# put a "!" in front of it.
+# $2 - Test description
+# $3 - Commands to be executed.
+#
+# Examples
+#
+# test_expect_success \
+# 'git-write-tree should be able to write an empty tree.' \
+# 'tree=$(git-write-tree)'
+#
+# # Test depending on one prerequisite.
+# test_expect_success TTY 'git --paginate rev-list uses a pager' \
+# ' ... '
+#
+# # Multiple prerequisites are separated by a comma.
+# test_expect_success PERL,PYTHON 'yo dawg' \
+# ' test $(perl -E 'print eval "1 +" . qx[python -c "print 2"]') == "4" '
+#
+# Returns nothing.
+test_expect_success() {
+ test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq=
+ test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_success"
+ export test_prereq
+ if ! test_skip_ "$@"; then
+ say >&3 "expecting success: $2"
+ if test_run_ "$2"; then
+ test_ok_ "$1"
+ else
+ test_failure_ "$@"
+ fi
+ fi
+ echo >&3 ""
+}
+
+# Public: Run test commands and expect them to fail. Used to demonstrate a known
+# breakage.
+#
+# This is NOT the opposite of test_expect_success, but rather used to mark a
+# test that demonstrates a known breakage.
+#
+# When the test passed, an "ok" message is printed and the number of fixed tests
+# is incremented. When it failed, a "not ok" message is printed and the number
+# of tests still broken is incremented.
+#
+# Failures from these tests won't cause --immediate to stop.
+#
+# Usually takes two arguments:
+# $1 - Test description
+# $2 - Commands to be executed.
+#
+# With three arguments, the first will be taken to be a prerequisite:
+# $1 - Comma-separated list of test prerequisites. The test will be skipped if
+# not all of the given prerequisites are set. To negate a prerequisite,
+# put a "!" in front of it.
+# $2 - Test description
+# $3 - Commands to be executed.
+#
+# Returns nothing.
+test_expect_failure() {
+ test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq=
+ test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_failure"
+ export test_prereq
+ if ! test_skip_ "$@"; then
+ say >&3 "checking known breakage: $2"
+ if test_run_ "$2" expecting_failure; then
+ test_known_broken_ok_ "$1"
+ else
+ test_known_broken_failure_ "$1"
+ fi
+ fi
+ echo >&3 ""
+}
+
+# Public: Run command and ensure that it fails in a controlled way.
+#
+# Use it instead of "! <command>". For example, when <command> dies due to a
+# segfault, test_must_fail diagnoses it as an error, while "! <command>" would
+# mistakenly be treated as just another expected failure.
+#
+# This is one of the prefix functions to be used inside test_expect_success or
+# test_expect_failure.
+#
+# $1.. - Command to be executed.
+#
+# Examples
+#
+# test_expect_success 'complain and die' '
+# do something &&
+# do something else &&
+# test_must_fail git checkout ../outerspace
+# '
+#
+# Returns 1 if the command succeeded (exit code 0).
+# Returns 1 if the command died by signal (exit codes 130-192)
+# Returns 1 if the command could not be found (exit code 127).
+# Returns 0 otherwise.
+test_must_fail() {
+ "$@"
+ exit_code=$?
+ if test $exit_code = 0; then
+ echo >&2 "test_must_fail: command succeeded: $*"
+ return 1
+ elif test $exit_code -gt 129 -a $exit_code -le 192; then
+ echo >&2 "test_must_fail: died by signal: $*"
+ return 1
+ elif test $exit_code = 127; then
+ echo >&2 "test_must_fail: command not found: $*"
+ return 1
+ fi
+ return 0
+}
+
+# Public: Run command and ensure that it succeeds or fails in a controlled way.
+#
+# Similar to test_must_fail, but tolerates success too. Use it instead of
+# "<command> || :" to catch failures caused by a segfault, for instance.
+#
+# This is one of the prefix functions to be used inside test_expect_success or
+# test_expect_failure.
+#
+# $1.. - Command to be executed.
+#
+# Examples
+#
+# test_expect_success 'some command works without configuration' '
+# test_might_fail git config --unset all.configuration &&
+# do something
+# '
+#
+# Returns 1 if the command died by signal (exit codes 130-192)
+# Returns 1 if the command could not be found (exit code 127).
+# Returns 0 otherwise.
+test_might_fail() {
+ "$@"
+ exit_code=$?
+ if test $exit_code -gt 129 -a $exit_code -le 192; then
+ echo >&2 "test_might_fail: died by signal: $*"
+ return 1
+ elif test $exit_code = 127; then
+ echo >&2 "test_might_fail: command not found: $*"
+ return 1
+ fi
+ return 0
+}
+
+# Public: Run command and ensure it exits with a given exit code.
+#
+# This is one of the prefix functions to be used inside test_expect_success or
+# test_expect_failure.
+#
+# $1 - Expected exit code.
+# $2.. - Command to be executed.
+#
+# Examples
+#
+# test_expect_success 'Merge with d/f conflicts' '
+# test_expect_code 1 git merge "merge msg" B master
+# '
+#
+# Returns 0 if the expected exit code is returned or 1 otherwise.
+test_expect_code() {
+ want_code=$1
+ shift
+ "$@"
+ exit_code=$?
+ if test $exit_code = $want_code; then
+ return 0
+ fi
+
+ echo >&2 "test_expect_code: command exited with $exit_code, we wanted $want_code $*"
+ return 1
+}
+
+# Public: Compare two files to see if expected output matches actual output.
+#
+# The TEST_CMP variable defines the command used for the comparision; it
+# defaults to "diff -u". Only when the test script was started with --verbose,
+# will the command's output, the diff, be printed to the standard output.
+#
+# This is one of the prefix functions to be used inside test_expect_success or
+# test_expect_failure.
+#
+# $1 - Path to file with expected output.
+# $2 - Path to file with actual output.
+#
+# Examples
+#
+# test_expect_success 'foo works' '
+# echo expected >expected &&
+# foo >actual &&
+# test_cmp expected actual
+# '
+#
+# Returns the exit code of the command set by TEST_CMP.
+test_cmp() {
+ ${TEST_CMP:-diff -u} "$@"
+}
+
+# Public: portably print a sequence of numbers.
+#
+# seq is not in POSIX and GNU seq might not be available everywhere,
+# so it is nice to have a seq implementation, even a very simple one.
+#
+# $1 - Starting number.
+# $2 - Ending number.
+#
+# Examples
+#
+# test_expect_success 'foo works 10 times' '
+# for i in $(test_seq 1 10)
+# do
+# foo || return
+# done
+# '
+#
+# Returns 0 if all the specified numbers can be displayed.
+test_seq() {
+ i="$1"
+ j="$2"
+ while test "$i" -le "$j"
+ do
+ echo "$i" || return
+ i=$(expr "$i" + 1)
+ done
+}
+
+# Public: Check if the file expected to be empty is indeed empty, and barfs
+# otherwise.
+#
+# $1 - File to check for emptyness.
+#
+# Returns 0 if file is empty, 1 otherwise.
+test_must_be_empty() {
+ if test -s "$1"
+ then
+ echo "'$1' is not empty, it contains:"
+ cat "$1"
+ return 1
+ fi
+}
+
+# Public: Schedule cleanup commands to be run unconditionally at the end of a
+# test.
+#
+# If some cleanup command fails, the test will not pass. With --immediate, no
+# cleanup is done to help diagnose what went wrong.
+#
+# This is one of the prefix functions to be used inside test_expect_success or
+# test_expect_failure.
+#
+# $1.. - Commands to prepend to the list of cleanup commands.
+#
+# Examples
+#
+# test_expect_success 'test core.capslock' '
+# git config core.capslock true &&
+# test_when_finished "git config --unset core.capslock" &&
+# do_something
+# '
+#
+# Returns the exit code of the last cleanup command executed.
+test_when_finished() {
+ test_cleanup="{ $*
+ } && (exit \"\$eval_ret\"); eval_ret=\$?; $test_cleanup"
+}
+
+# Public: Schedule cleanup commands to be run unconditionally when all tests
+# have run.
+#
+# This can be used to clean up things like test databases. It is not needed to
+# clean up temporary files, as test_done already does that.
+#
+# Examples:
+#
+# cleanup mysql -e "DROP DATABASE mytest"
+#
+# Returns the exit code of the last cleanup command executed.
+final_cleanup=
+cleanup() {
+ final_cleanup="{ $*
+ } && (exit \"\$eval_ret\"); eval_ret=\$?; $final_cleanup"
+}
+
+# Public: Summarize test results and exit with an appropriate error code.
+#
+# Must be called at the end of each test script.
+#
+# Can also be used to stop tests early and skip all remaining tests. For this,
+# set skip_all to a string explaining why the tests were skipped before calling
+# test_done.
+#
+# Examples
+#
+# # Each test script must call test_done at the end.
+# test_done
+#
+# # Skip all remaining tests if prerequisite is not set.
+# if ! test_have_prereq PERL; then
+# skip_all='skipping perl interface tests, perl not available'
+# test_done
+# fi
+#
+# Returns 0 if all tests passed or 1 if there was a failure.
+test_done() {
+ EXIT_OK=t
+
+ if test -z "$HARNESS_ACTIVE"; then
+ test_results_dir="$SHARNESS_TEST_DIRECTORY/test-results"
+ mkdir -p "$test_results_dir"
+ test_results_path="$test_results_dir/$this_test.$$.counts"
+
+ cat >>"$test_results_path" <<-EOF
+ total $test_count
+ success $test_success
+ fixed $test_fixed
+ broken $test_broken
+ failed $test_failure
+
+ EOF
+ fi
+
+ if test "$test_fixed" != 0; then
+ say_color error "# $test_fixed known breakage(s) vanished; please update test(s)"
+ fi
+ if test "$test_broken" != 0; then
+ say_color warn "# still have $test_broken known breakage(s)"
+ fi
+ if test "$test_broken" != 0 || test "$test_fixed" != 0; then
+ test_remaining=$(( $test_count - $test_broken - $test_fixed ))
+ msg="remaining $test_remaining test(s)"
+ else
+ test_remaining=$test_count
+ msg="$test_count test(s)"
+ fi
+
+ case "$test_failure" in
+ 0)
+ # Maybe print SKIP message
+ if test -n "$skip_all" && test $test_count -gt 0; then
+ error "Can't use skip_all after running some tests"
+ fi
+ [ -z "$skip_all" ] || skip_all=" # SKIP $skip_all"
+
+ if test $test_remaining -gt 0; then
+ say_color pass "# passed all $msg"
+ fi
+ say "1..$test_count$skip_all"
+
+ test_eval_ "$final_cleanup"
+
+ test -d "$remove_trash" &&
+ cd "$(dirname "$remove_trash")" &&
+ rm -rf "$(basename "$remove_trash")"
+
+ exit 0 ;;
+
+ *)
+ say_color error "# failed $test_failure among $msg"
+ say "1..$test_count"
+
+ exit 1 ;;
+
+ esac
+}
+
+# Public: Root directory containing tests. Tests can override this variable,
+# e.g. for testing Sharness itself.
+: ${SHARNESS_TEST_DIRECTORY:=$(pwd)}
+export SHARNESS_TEST_DIRECTORY
+
+# Public: Source directory of test code and sharness library.
+# This directory may be different from the directory in which tests are
+# being run.
+: ${SHARNESS_TEST_SRCDIR:=$(cd $(dirname $0) && pwd)}
+export SHARNESS_TEST_SRCDIR
+
+# Public: Build directory that will be added to PATH. By default, it is set to
+# the parent directory of SHARNESS_TEST_DIRECTORY.
+: ${SHARNESS_BUILD_DIRECTORY:="$SHARNESS_TEST_DIRECTORY/.."}
+PATH="$SHARNESS_BUILD_DIRECTORY:$PATH"
+export PATH SHARNESS_BUILD_DIRECTORY
+
+# Public: Path to test script currently executed.
+SHARNESS_TEST_FILE="$0"
+export SHARNESS_TEST_FILE
+
+# Prepare test area.
+SHARNESS_TRASH_DIRECTORY="trash directory.$(basename "$SHARNESS_TEST_FILE" ".$SHARNESS_TEST_EXTENSION")"
+test -n "$root" && SHARNESS_TRASH_DIRECTORY="$root/$SHARNESS_TRASH_DIRECTORY"
+case "$SHARNESS_TRASH_DIRECTORY" in
+/*) ;; # absolute path is good
+ *) SHARNESS_TRASH_DIRECTORY="$SHARNESS_TEST_DIRECTORY/$SHARNESS_TRASH_DIRECTORY" ;;
+esac
+test "$debug" = "t" || remove_trash="$SHARNESS_TRASH_DIRECTORY"
+rm -rf "$SHARNESS_TRASH_DIRECTORY" || {
+ EXIT_OK=t
+ echo >&5 "FATAL: Cannot prepare test area"
+ exit 1
+}
+
+
+#
+# Load any extensions in $srcdir/sharness.d/*.sh
+#
+if test -d "${SHARNESS_TEST_SRCDIR}/sharness.d"
+then
+ for file in "${SHARNESS_TEST_SRCDIR}"/sharness.d/*.sh
+ do
+ # Ensure glob was not an empty match:
+ test -e "${file}" || break
+
+ if test -n "$debug"
+ then
+ echo >&5 "sharness: loading extensions from ${file}"
+ fi
+ . "${file}"
+ if test $? != 0
+ then
+ echo >&5 "sharness: Error loading ${file}. Aborting."
+ exit 1
+ fi
+ done
+fi
+
+# Public: Empty trash directory, the test area, provided for each test. The HOME
+# variable is set to that directory too.
+export SHARNESS_TRASH_DIRECTORY
+
+HOME="$SHARNESS_TRASH_DIRECTORY"
+export HOME
+
+mkdir -p "$SHARNESS_TRASH_DIRECTORY" || exit 1
+# Use -P to resolve symlinks in our working directory so that the cwd
+# in subprocesses like git equals our $PWD (for pathname comparisons).
+cd -P "$SHARNESS_TRASH_DIRECTORY" || exit 1
+
+this_test=${SHARNESS_TEST_FILE##*/}
+this_test=${this_test%.$SHARNESS_TEST_EXTENSION}
+for skp in $SKIP_TESTS; do
+ case "$this_test" in
+ $skp)
+ say_color info >&3 "skipping test $this_test altogether"
+ skip_all="skip all tests in $this_test"
+ test_done
+ esac
+done
+
+test -n "$TEST_LONG" && test_set_prereq EXPENSIVE
+test -n "$TEST_INTERACTIVE" && test_set_prereq INTERACTIVE
+
+# Make sure this script ends with code 0
+:
+
+# vi: set ts=4 sw=4 noet :
diff --git a/tomb.bash b/tomb.bash
new file mode 100755
index 0000000..f7bfaf5
--- /dev/null
+++ b/tomb.bash
@@ -0,0 +1,354 @@
+#!/usr/bin/env bash
+# Tomb manager - Password Store Extension (https://www.passwordstore.org/)
+# Copyright (C) 2017 Alexandre PUJOL <alexandre@pujol.io>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# shellcheck disable=SC2181,SC2024
+
+readonly TOMB="${PASSWORD_STORE_TOMB:-tomb}"
+readonly TOMB_FILE="${PASSWORD_STORE_TOMB_FILE:-$HOME/.password.tomb}"
+readonly TOMB_KEY="${PASSWORD_STORE_TOMB_KEY:-$HOME/.password.tomb.key}"
+readonly TOMB_SIZE="${PASSWORD_STORE_TOMB_SIZE:-10}"
+
+readonly _UID="$(id -u "$USER")"
+readonly _GID="$(id -g "$USER")"
+
+readonly VERSION="1.1"
+
+#
+# Common colors and functions
+#
+readonly green='\e[0;32m'
+readonly yellow='\e[0;33m'
+readonly magenta='\e[0;35m'
+readonly Bold='\e[1m'
+readonly Bred='\e[1;31m'
+readonly Bgreen='\e[1;32m'
+readonly Byellow='\e[1;33m'
+readonly Bblue='\e[1;34m'
+readonly Bmagenta='\e[1;35m'
+readonly reset='\e[0m'
+_message() { [ "$QUIET" = 0 ] && echo -e " ${Bold} . ${reset} ${*}" >&2; }
+_warning() { [ "$QUIET" = 0 ] && echo -e " ${Byellow} w ${reset} ${yellow}${*}${reset}" >&2; }
+_success() { [ "$QUIET" = 0 ] && echo -e " ${Bgreen}(*)${reset} ${green}${*}${reset}" >&2; }
+_error() { echo -e " ${Bred}[x]${reset} ${Bold}Error :${reset} ${*}" >&2; }
+_die() { _error "${@}" && exit 1; }
+_verbose() { [ "$VERBOSE" = 0 ] || echo -e " ${Bmagenta} . ${reset} ${magenta}pass${reset} ${*}" >&2; }
+_verbose_tomb() { [ "$VERBOSE" = 0 ] || echo -e " ${Bmagenta} . ${reset} ${*}" >&2; }
+
+# Check program dependencies
+#
+# pass tomb depends on tomb
+_ensure_dependencies() {
+ command -v "$TOMB" &> /dev/null || _die "Tomb is not present."
+}
+
+# $@ is the list of all the recipient used to encrypt a tomb key
+is_valid_recipients() {
+ typeset -a recipients
+ recipients=($@)
+
+ # All the keys ID must be valid (the public keys must be present in the database)
+ for gpg_id in "${recipients[@]}"; do
+ gpg --list-keys "$gpg_id" &> /dev/null
+ if [[ $? != 0 ]]; then
+ _warning "${gpg_id} is not a valid key ID."
+ return 1
+ fi
+ done
+
+ # At least one private key must be present
+ for gpg_id in "${recipients[@]}"; do
+ gpg --list-secret-keys "$gpg_id" &> /dev/null
+ if [[ $? = 0 ]]; then
+ return 0
+ fi
+ done
+ return 1
+}
+
+_tomb() {
+ local ii ret
+ local cmd="$1"; shift
+ "$TOMB" "$cmd" "$@" "$FORCE" "$DEBUG" &> "$TMP"
+ ret=$?
+ while read -r ii; do
+ _verbose_tomb "$ii"
+ done <"$TMP"
+ [[ $ret == 0 ]] || _die "Unable to ${cmd} the password tomb."
+}
+
+# Systemd timer to close the passwod store.
+# $1: Delay before to run the pass-close service
+# $2: Path in the password store to save the delay (may be empty)
+# return 0 on success, 1 otherwise
+_timer() {
+ local ret ii delay="$1" path="$2"
+ _tmp_create
+ sudo systemd-run --system --on-active="$delay" \
+ --description="pass-close timer" --unit="pass-close-$RANDOM" \
+ --setenv="PASSWORD_STORE_TOMB_FILE=$TOMB_FILE" \
+ --setenv="PASSWORD_STORE_EXTENSIONS_DIR=$PASSWORD_STORE_EXTENSIONS_DIR" \
+ --setenv="PASSWORD_STORE_ENABLE_EXTENSIONS=$PASSWORD_STORE_ENABLE_EXTENSIONS" \
+ bash -c '/usr/bin/pass close --verbose' &> "$TMP"
+ ret=$?
+ while read -r ii; do
+ _verbose "$ii"
+ done <"$TMP"
+ if [[ $ret == 0 ]]; then
+ echo "$delay" > "${PREFIX}/${path}/.timer"
+ _verbose "Timer successfully created"
+ echo 0
+ else
+ _warning "Unable to set the timer to close the password tomb in $delay."
+ echo 1
+ fi
+ return $ret
+}
+
+# Provide a random filename in shared memory
+_tmp_create() {
+ local tfile
+ tmpdir # Defines $SECURE_TMPDIR
+ tfile="$(mktemp -u "$SECURE_TMPDIR/XXXXXXXXXXXXXXXXXXXX")" # Temporary file
+
+ umask 066
+ [[ $? == 0 ]] || _die "Fatal error setting permission umask for temporary files."
+ [[ -r "$tfile" ]] && _die "Someone is messing up with us trying to hijack temporary files.";
+
+ touch "$tfile"
+ [[ $? == 0 ]] || _die "Fatal error creating temporary file: ${tfile}."
+
+ TMP="$tfile"
+ return 0
+}
+
+# Set ownership when mounting a tomb
+# $1: Tomb path
+_set_ownership() {
+ local path="$1"
+ _verbose "Setting user permissions on ${path}"
+ sudo chown -R "${_UID}:${_GID}" "${path}" || _die "Unable to set ownership permission on ${path}."
+ sudo chmod 0711 "${path}" || _die "Unable to set permissions on ${path}."
+}
+
+cmd_tomb_version() {
+ cat <<-_EOF
+ $PROGRAM tomb $VERSION - A pass extension that helps to keep the whole tree of
+ password encrypted inside a tomb.
+ _EOF
+}
+
+cmd_tomb_usage() {
+ cmd_tomb_version
+ echo
+ cat <<-_EOF
+ Usage:
+ $PROGRAM tomb [-n] [-t time] [-f] [-p subfolder] gpg-id...
+ Create and initialise a new password tomb
+ Use gpg-id for encryption of both tomb and passwords
+
+ $PROGRAM open [subfolder] [-t time] [-f]
+ Open a password tomb
+
+ $PROGRAM close [store]
+ Close a password tomb
+
+ Options:
+ -n, --no-init Do not initialise the password store
+ -t, --timer Close the store after a given time
+ -p, --path Create the store for that specific subfolder
+ -f, --force Force operation (i.e. even if swap is active)
+ -q, --quiet Be quiet
+ -v, --verbose Be verbose
+ -d, --debug Print tomb debug messages
+ --unsafe Speed up tomb creation (for testing only)
+ -V, --version Show version information.
+ -h, --help Print this help message and exit.
+
+ More information may be found in the pass-tomb(1) man page.
+ _EOF
+}
+
+# Open a password tomb
+cmd_open() {
+ local path="$1"; shift;
+
+ # Sanity checks
+ check_sneaky_paths "$path" "$TOMB_FILE" "$TOMB_KEY"
+ [[ -e "$TOMB_FILE" ]] || _die "There is no password tomb to open."
+ [[ -e "$TOMB_KEY" ]] || _die "There is no password tomb key."
+
+ # Open the passwod tomb
+ _tmp_create
+ _verbose "Opening the password tomb $TOMB_FILE using the key $TOMB_KEY"
+ _tomb open "$TOMB_FILE" -k "$TOMB_KEY" -g "${PREFIX}/${path}"
+ _set_ownership "${PREFIX}/${path}"
+
+ # Read, initialise and start the timer
+ local timed=1
+ if [[ -z "$TIMER" ]]; then
+ if [[ -e "${PREFIX}/${path}/.timer" ]]; then
+ TIMER="$(cat "${PREFIX}/${path}/.timer")"
+ [[ -z "$TIMER" ]] || timed="$(_timer "$TIMER" "${path}")"
+ fi
+ else
+ timed="$(_timer "$TIMER" "${path}")"
+ fi
+
+ # Success!
+ _success "Your password tomb has been opened in ${PREFIX}/."
+ _message "You can now use pass as usual."
+ if [[ $timed == 0 ]]; then
+ _message "This password store will be closed in $TIMER"
+ else
+ _message "When finished, close the password tomb using 'pass close'."
+ fi
+ return 0
+}
+
+# Close a password tomb
+cmd_close() {
+ local _tomb_name _tomb_file="$1"
+ [[ -z "$_tomb_file" ]] && _tomb_file="$TOMB_FILE"
+
+ # Sanity checks
+ check_sneaky_paths "$_tomb_file"
+ [[ -e "$_tomb_file" ]] || _die "There is no password tomb to close."
+ _tomb_name="${_tomb_file##*/}"
+ _tomb_name="${_tomb_name%.*}"
+ [[ -z "$_tomb_name" ]] && _die "There is no password tomb."
+
+ _tmp_create
+ _verbose "Closing the password tomb $_tomb_file"
+ _tomb close "$_tomb_name"
+
+ _success "Your password tomb has been closed."
+ _message "Your passwords remain present in ${_tomb_file}."
+ return 0
+}
+
+# Create a new password tomb and initialise the password repository.
+# $1: path subfolder
+# $@: gpg-ids
+cmd_tomb() {
+ local path="$1"; shift;
+ typeset -a RECIPIENTS
+ [[ -z "$*" ]] && _die "$PROGRAM $COMMAND [-n] [-t time] [-p subfolder] gpg-id..."
+ RECIPIENTS=($@)
+
+ # Sanity checks
+ check_sneaky_paths "$path" "$TOMB_FILE" "$TOMB_KEY"
+ if ! is_valid_recipients "${RECIPIENTS[@]}"; then
+ _die "You set an invalid GPG ID."
+ elif [[ -e "$TOMB_KEY" ]]; then
+ _die "The tomb key ${TOMB_KEY} already exists. I won't overwrite it."
+ elif [[ -e "$TOMB_FILE" ]]; then
+ _die "The password tomb ${TOMB_FILE} already exists. I won't overwrite it."
+ elif [[ "$TOMB_SIZE" -lt 10 ]]; then
+ _die "A password tomb cannot be smaller than 10 MB."
+ fi
+ if [[ $UNSAFE -ne 0 ]]; then
+ _warning "Using unsafe mode to speed up tomb generation."
+ _warning "Only use it for testing purposes."
+ local unsafe=(--unsafe --use-urandom)
+ fi
+
+ # Sharing support
+ local recipients_arg tmp_arg
+ if [ "${#RECIPIENTS[@]}" -gt 1 ]; then
+ tmp_arg="${RECIPIENTS[*]}"
+ recipients_arg=${tmp_arg// /,}
+ else
+ recipients_arg="${RECIPIENTS[0]}"
+ fi
+
+ # Create the password tomb
+ _tmp_create
+ _verbose "Creating a password tomb with the GPG key(s): ${RECIPIENTS[*]}"
+ _tomb dig "$TOMB_FILE" -s "$TOMB_SIZE"
+ _tomb forge "$TOMB_KEY" -gr "$recipients_arg" "${unsafe[@]}"
+ _tomb lock "$TOMB_FILE" -k "$TOMB_KEY" -gr "$recipients_arg"
+ _tomb open "$TOMB_FILE" -k "$TOMB_KEY" -gr "$recipients_arg" "${PREFIX}/${path}"
+ _set_ownership "${PREFIX}/${path}"
+
+ # Use the same recipients to initialise the password store
+ local ret path_cmd=()
+ if [[ $NOINIT -eq 0 ]]; then
+ [[ -z "$path" ]] || path_cmd=("--path=${path}")
+ ret="$(cmd_init "${RECIPIENTS[@]}" "${path_cmd[@]}")"
+ if [[ ! -e "${PREFIX}/${path}/.gpg-id" ]]; then
+ _warning "$ret"
+ _die "Unable to initialise the password store."
+ fi
+ fi
+
+ # Initialise the timer
+ local timed=1
+ [[ -z "$TIMER" ]] || timed="$(_timer "$TIMER" "${path}")"
+
+ # Success!
+ _success "Your password tomb has been created and opened in ${PREFIX}."
+ [[ -z "$ret" ]] || _success "$ret"
+ _message "Your tomb is: ${TOMB_FILE}"
+ _message "Your tomb key is: ${TOMB_KEY}"
+ if [[ -z "$ret" ]]; then
+ _message "You need to initialise the store with 'pass init gpg-id...'."
+ else
+ _message "You can now use pass as usual."
+ fi
+ if [[ $timed == 0 ]]; then
+ _message "This password store will be closed in $TIMER"
+ else
+ _message "When finished, close the password tomb using 'pass close'."
+ fi
+ return 0
+}
+
+# Check dependencies are present or bail out
+_ensure_dependencies
+
+# Global options
+UNSAFE=0
+VERBOSE=0
+QUIET=0
+FORCE=""
+DEBUG=""
+NOINIT=0
+TIMER=""
+
+# Getopt options
+small_arg="vdhVp:qnt:f"
+long_arg="verbose,debug,help,version,path:,unsafe,quiet,no-init,timer:,force"
+opts="$($GETOPT -o $small_arg -l $long_arg -n "$PROGRAM $COMMAND" -- "$@")"
+err=$?
+eval set -- "$opts"
+while true; do case $1 in
+ -q|--quiet) QUIET=1; VERBOSE=0; DEBUG=""; shift ;;
+ -v|--verbose) VERBOSE=1; shift ;;
+ -d|--debug) DEBUG="-D"; VERBOSE=1; shift ;;
+ -f|--force) FORCE="--force"; shift ;;
+ -h|--help) shift; cmd_tomb_usage; exit 0 ;;
+ -V|--version) shift; cmd_tomb_version; exit 0 ;;
+ -p|--path) id_path="$2"; shift 2 ;;
+ -t|--timer) TIMER="$2"; shift 2 ;;
+ -n|--no-init) NOINIT=1; shift ;;
+ --unsafe) UNSAFE=1; shift ;;
+ --) shift; break ;;
+esac done
+
+[[ $err -ne 0 ]] && cmd_tomb_usage && exit 1
+[[ "$COMMAND" == "tomb" ]] && cmd_tomb "$id_path" "$@"