[prev in list] [next in list] [prev in thread] [next in thread]
List: password-store
Subject: Re: [PATCH] Mult-repo support via submodules
From: Lenz Weber <mail () lenzw ! de>
Date: 2016-11-26 13:52:59
Message-ID: e98c2a71-320c-29c5-9cad-79fd8e59881a () lenzw ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I wrote something similar about a year ago, but I believe it required
less changes to pass.
You can look it up here:
https://lists.zx2c4.com/pipermail/password-store/2016-February/002099.html
Maybe it's worth taking a look at both and maybe even combining them? :)
Regards,
Lenz
Am 26.11.2016 um 07:47 schrieb Lance R. Vick:
> Posts come up very frequently with people coming up with various
> workarounds and hacks to support team workflows.
>
> This month there have already been two threads requesting solutions for this:
>
> https://lists.zx2c4.com/pipermail/password-store/2016-November/002463.html
> https://lists.zx2c4.com/pipermail/password-store/2016-November/002482.html
>
> For many it is necessary to maintain several passdb folders for
> personal, family, work, projects, etc. Maintaining this typically
> requires each of these with its own repo, users, and git origins.
>
> One could come up with custom scripts/wrappers to support this (and
> many do), but then those scripts must be signed and distributed and
> updated properly with all members in a group which makes adoption of
> pass that much more difficult. I feel this really should be solved in
> pass itself and clearly others agree.
>
> The pass maintainer has also expressed interest in in-tree solutions
> to this problem but the last submission attempt fizzled out.
>
> https://lists.zx2c4.com/pipermail/password-store/2015-April/001455.html
>
> ## Subtree Pattern ##
>
> Currently the only workflow I have found that is natively supported by
> pass today is using subtrees. I have been using the following approach
> for over a year with 3 repos and 2 teams.
>
> While it does work, it is fairly cumbersome.
>
> Setup:
>
> ```
> pass init ABCDE12345678901
> pass git init
> pass git remote add origin git@github.com:lrvick/passdb.git
> pass git remote add -f project git@github.com:project/passdb.git
> pass git remote add -f company git@github.com:company/passdb.git
> cd ~/.password-store
> git subtree add --prefix Project someproject master --squash
> git subtree add --prefix Company someproject master --squash
> ```
>
> Add/Edit
>
> ```
> pass generate Project/somepass 50
> pass rm Personal/somepass
> pass edit Work/somepass
> ```
>
> Sync to/from respective origins
>
> ```
> pass git subtree push origin master
> pass git subtree pull --prefix=Project project master --squash
> pass git subtree pull --prefix=Company company master --squash
> pass git subtree push --prefix=Project project master
> pass git subtree push --prefix=Company company master
> ```
>
> The above also has some particularly painful side effects when
> enforcing commit signing + upstream merges. In practice this has
> resulted in us having to tap a yubikey to sign once for every file in
> the repo...
>
>
> ## Submodule Pattern ##
>
> With the attached patch for submodule support the above could become
> substantially more manageable.
>
> Personal Setup:
>
> ```
> pass init ABCDE12345678901
> pass git init
> git remote add origin git@github.com:lrvick/passdb.git
> ```
>
> Existing shared repo setup:
>
> ```
> pass git submodule add git@github.com:project/passdb.git Project
> pass git submodule add git@github.com:work/passdb.git Work
> pass git submodule foreach "git checkout origin master"
> ```
>
> Add/Edit
>
> ```
> pass generate Project/somepass 50
> pass rm Personal/somepass
> pass edit Work/somepass
> ```
>
> Sync to/from respective origins
>
> ```
> pass git push
> pass git submodule foreach "git pull"
> pass git submodule foreach "git push"
> ```
>
> ## Design and Implementation ##
>
> This change makes `pass` commit to the innermost Git repository (as
> identified by the presence of a `.git` file/folder) that contains a
> file, when it is changed.
>
> It was designed to minimize the number of changes to `pass` and not
> break existing usages. A few extra tests have been supplied for the
> new workflow.
>
> Whenever a new commit is performed (upon add/edit/remove), `GIT_DIR`
> and `GIT_WORK_TREE` are set to the relevant directories.
>
> It is worth mentioning this patchset has already undergone a few
> rounds of testing, bug-fixing, and code review here:
>
> https://github.com/lrvick/password-store/pull/1
>
> More input (or a merge!) would be very appreciated.
>
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I wrote something similar about a year
ago, but I believe it required less changes to pass.<br>
<br>
You can look it up here:<br>
<a class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/pipermail/password-store/2016-February/002099.html">https://lists.zx2c4.com/pipermail/password-store/2016-February/002099.html</a><br>
<br>
Maybe it's worth taking a look at both and maybe even combining
them? :)<br>
<br>
Regards,<br>
Lenz<br>
<br>
Am 26.11.2016 um 07:47 schrieb Lance R. Vick:<br>
</div>
<blockquote
cite="mid:CAKNki=m3AxH7fawz0hUinUr85Pps-0Q78MppaxuLD7oUY9WzEg@mail.gmail.com"
type="cite">
<pre wrap="">Posts come up very frequently with people coming up with various
workarounds and hacks to support team workflows.
This month there have already been two threads requesting solutions for this:
<a class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/pipermail/password-store/2016-November/002463.html">https://lists.zx2c4.com/pipermail/password-store/2016-November/002463.html</a>
<a class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/pipermail/password-store/2016-November/002482.html">https://lists.zx2c4.com/pipermail/password-store/2016-November/002482.html</a>
For many it is necessary to maintain several passdb folders for
personal, family, work, projects, etc. Maintaining this typically
requires each of these with its own repo, users, and git origins.
One could come up with custom scripts/wrappers to support this (and
many do), but then those scripts must be signed and distributed and
updated properly with all members in a group which makes adoption of
pass that much more difficult. I feel this really should be solved in
pass itself and clearly others agree.
The pass maintainer has also expressed interest in in-tree solutions
to this problem but the last submission attempt fizzled out.
<a class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/pipermail/password-store/2015-April/001455.html">https://lists.zx2c4.com/pipermail/password-store/2015-April/001455.html</a>
## Subtree Pattern ##
Currently the only workflow I have found that is natively supported by
pass today is using subtrees. I have been using the following approach
for over a year with 3 repos and 2 teams.
While it does work, it is fairly cumbersome.
Setup:
```
pass init ABCDE12345678901
pass git init
pass git remote add origin <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:lrvick/passdb.git">git@github.com:lrvick/passdb.git</a> \
pass git remote add -f project <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:project/passdb.git">git@github.com:project/passdb.git</a> \
pass git remote add -f company <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:company/passdb.git">git@github.com:company/passdb.git</a> \
cd ~/.password-store git subtree add --prefix Project someproject master --squash
git subtree add --prefix Company someproject master --squash
```
Add/Edit
```
pass generate Project/somepass 50
pass rm Personal/somepass
pass edit Work/somepass
```
Sync to/from respective origins
```
pass git subtree push origin master
pass git subtree pull --prefix=Project project master --squash
pass git subtree pull --prefix=Company company master --squash
pass git subtree push --prefix=Project project master
pass git subtree push --prefix=Company company master
```
The above also has some particularly painful side effects when
enforcing commit signing + upstream merges. In practice this has
resulted in us having to tap a yubikey to sign once for every file in
the repo...
## Submodule Pattern ##
With the attached patch for submodule support the above could become
substantially more manageable.
Personal Setup:
```
pass init ABCDE12345678901
pass git init
git remote add origin <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:lrvick/passdb.git">git@github.com:lrvick/passdb.git</a> \
```
Existing shared repo setup:
```
pass git submodule add <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:project/passdb.git">git@github.com:project/passdb.git</a> \
Project pass git submodule add <a class="moz-txt-link-abbreviated" \
href="mailto:git@github.com:work/passdb.git">git@github.com:work/passdb.git</a> Work \
pass git submodule foreach "git checkout origin master" ```
Add/Edit
```
pass generate Project/somepass 50
pass rm Personal/somepass
pass edit Work/somepass
```
Sync to/from respective origins
```
pass git push
pass git submodule foreach "git pull"
pass git submodule foreach "git push"
```
## Design and Implementation ##
This change makes `pass` commit to the innermost Git repository (as
identified by the presence of a `.git` file/folder) that contains a
file, when it is changed.
It was designed to minimize the number of changes to `pass` and not
break existing usages. A few extra tests have been supplied for the
new workflow.
Whenever a new commit is performed (upon add/edit/remove), `GIT_DIR`
and `GIT_WORK_TREE` are set to the relevant directories.
It is worth mentioning this patchset has already undergone a few
rounds of testing, bug-fixing, and code review here:
<a class="moz-txt-link-freetext" \
href="https://github.com/lrvick/password-store/pull/1">https://github.com/lrvick/password-store/pull/1</a>
More input (or a merge!) would be very appreciated.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Password-Store mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a> <a \
class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/mailman/listinfo/password-store">https://lists.zx2c4.com/mailman/listinfo/password-store</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>
_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic