Fix git handling in recipients operations

action/edit.go

@@ -44,7 +44,7 @@ func (s *Action) Edit(c *cli.Context) error {
 		return nil
 	}
 
-	return s.Store.SetConfirm(name, nContent, s.confirmRecipients)
+	return s.Store.SetConfirm(name, nContent, fmt.Sprintf("Edited with %s", os.Getenv("EDITOR")), s.confirmRecipients)
 }
 
 func (s *Action) editor(content []byte) ([]byte, error) {

action/generate.go

@@ -57,7 +57,7 @@ func (s *Action) Generate(c *cli.Context) error {
 
 	password := pwgen.GeneratePassword(pwlen, !noSymbols)
 
-	if err := s.Store.SetConfirm(name, password, s.confirmRecipients); err != nil {
+	if err := s.Store.SetConfirm(name, password, "Generated Password", s.confirmRecipients); err != nil {
 		return err
 	}
 

action/insert.go

@@ -45,7 +45,7 @@ func (s *Action) Insert(c *cli.Context) error {
 			return fmt.Errorf("Failed to copy after %d bytes: %s", written, err)
 		}
 
-		return s.Store.SetConfirm(name, content.Bytes(), s.confirmRecipients)
+		return s.Store.SetConfirm(name, content.Bytes(), "Read secret from STDIN", s.confirmRecipients)
 	}
 
 	// if multi-line input is requested start an editor
@@ -54,7 +54,7 @@ func (s *Action) Insert(c *cli.Context) error {
 		if err != nil {
 			return err
 		}
-		return s.Store.SetConfirm(name, []byte(content), s.confirmRecipients)
+		return s.Store.SetConfirm(name, []byte(content), fmt.Sprintf("Inserted user supplied password with %s", os.Getenv("EDITOR")), s.confirmRecipients)
 	}
 
 	// if echo mode is requested use a simple string input function
@@ -70,5 +70,5 @@ func (s *Action) Insert(c *cli.Context) error {
 		return fmt.Errorf("failed to ask for password: %v", err)
 	}
 
-	return s.Store.SetConfirm(name, []byte(content), s.confirmRecipients)
+	return s.Store.SetConfirm(name, []byte(content), "Inserted user supplied password", s.confirmRecipients)
 }

password/fsck.go

@@ -168,5 +168,5 @@ func (s *Store) fsckFixRecipients(fn string) error {
 	if err != nil {
 		return err
 	}
-	return s.Set(name, content)
+	return s.Set(name, content, "fsck fix recipients")
 }

password/recipients.go

@@ -31,11 +31,11 @@ func (s *Store) AddRecipient(id string) error {
 
 	s.recipients = append(s.recipients, id)
 
-	if err := s.saveRecipients(); err != nil {
+	if err := s.saveRecipients("Added Recipient " + id); err != nil {
 		return err
 	}
 
-	return s.reencrypt()
+	return s.reencrypt("Added Recipient " + id)
 }
 
 // RemoveRecipient will remove the given recipient from the store
@@ -63,11 +63,11 @@ func (s *Store) RemoveRecipient(id string) error {
 	}
 	s.recipients = nk
 
-	if err := s.saveRecipients(); err != nil {
+	if err := s.saveRecipients("Removed Recipient " + id); err != nil {
 		return err
 	}
 
-	return s.reencrypt()
+	return s.reencrypt("Removed Recipients " + id)
 }
 
 // Load all Recipients from the .gpg-id file into a list of Recipients.
@@ -122,7 +122,7 @@ func (s *Store) loadRecipients() ([]string, error) {
 }
 
 // Save all Recipients in memory to the .gpg-id file on disk.
-func (s *Store) saveRecipients() error {
+func (s *Store) saveRecipients(msg string) error {
 	// filepath.Dir(s.idFile()) should equal s.path, but better safe than sorry
 	if err := os.MkdirAll(filepath.Dir(s.idFile()), dirMode); err != nil {
 		return err
@@ -133,6 +133,19 @@ func (s *Store) saveRecipients() error {
 		return err
 	}
 
+	err := s.gitAdd(s.idFile())
+	if err == nil {
+		if err := s.gitCommit(msg); err != nil {
+			if err != ErrGitNotInit {
+				return err
+			}
+		}
+	} else {
+		if err != ErrGitNotInit {
+			return err
+		}
+	}
+
 	if !s.persistKeys {
 		return nil
 	}

password/root_store.go

@@ -310,15 +310,15 @@ func (r *RootStore) IsDir(name string) bool {
 }
 
 // Set encodes and write the ciphertext of one entry to disk
-func (r *RootStore) Set(name string, content []byte) error {
+func (r *RootStore) Set(name string, content []byte, reason string) error {
 	store := r.getStore(name)
-	return store.Set(strings.TrimPrefix(name, store.alias), content)
+	return store.Set(strings.TrimPrefix(name, store.alias), content, reason)
 }
 
 // SetConfirm calls Set with confirmation callback
-func (r *RootStore) SetConfirm(name string, content []byte, cb RecipientCallback) error {
+func (r *RootStore) SetConfirm(name string, content []byte, reason string, cb RecipientCallback) error {
 	store := r.getStore(name)
-	return store.SetConfirm(strings.TrimPrefix(name, store.alias), content, cb)
+	return store.SetConfirm(strings.TrimPrefix(name, store.alias), content, reason, cb)
 }
 
 // Copy will copy one entry to another location. Multi-store copies are
@@ -334,7 +334,7 @@ func (r *RootStore) Copy(from, to string) error {
 		if err != nil {
 			return err
 		}
-		if err := subTo.Set(to, content); err != nil {
+		if err := subTo.Set(to, content, fmt.Sprintf("Copied from %s to %s", from, to)); err != nil {
 			return err
 		}
 		return nil
@@ -359,7 +359,7 @@ func (r *RootStore) Move(from, to string) error {
 		if err != nil {
 			return err
 		}
-		if err := subTo.Set(to, content); err != nil {
+		if err := subTo.Set(to, content, fmt.Sprintf("Moved from %s to %s", from, to)); err != nil {
 			return err
 		}
 		if err := subFrom.Delete(from); err != nil {

password/store.go

@@ -126,7 +126,7 @@ func (s *Store) Init(ids ...string) error {
 		return fmt.Errorf("None of the recipients has a secret key. You will not be able to decrypt the secrets you add")
 	}
 
-	if err := s.saveRecipients(); err != nil {
+	if err := s.saveRecipients("Initialized Store for " + strings.Join(s.recipients, ", ")); err != nil {
 		return fmt.Errorf("failed to initialize store: %v", err)
 	}
 
@@ -233,14 +233,14 @@ func (s *Store) Exists(name string) (bool, error) {
 }
 
 // Set encodes and write the ciphertext of one entry to disk
-func (s *Store) Set(name string, content []byte) error {
-	return s.SetConfirm(name, content, nil)
+func (s *Store) Set(name string, content []byte, reason string) error {
+	return s.SetConfirm(name, content, reason, nil)
 }
 
 // SetConfirm encodes and writes the cipertext of one entry to disk. This
 // method can be passed a callback to confirm the recipients immedeately
 // before encryption.
-func (s *Store) SetConfirm(name string, content []byte, cb RecipientCallback) error {
+func (s *Store) SetConfirm(name string, content []byte, reason string, cb RecipientCallback) error {
 	p := s.passfile(name)
 
 	if !strings.HasPrefix(p, s.path) {
@@ -274,7 +274,7 @@ func (s *Store) SetConfirm(name string, content []byte, cb RecipientCallback) er
 		return err
 	}
 
-	if err := s.gitCommit(fmt.Sprintf("Save secret to %s.", name)); err != nil {
+	if err := s.gitCommit(fmt.Sprintf("Save secret to %s: %s", name, reason)); err != nil {
 		if err == ErrGitNotInit {
 			return nil
 		}
@@ -333,7 +333,7 @@ func (s *Store) Copy(from, to string) error {
 	if err != nil {
 		return err
 	}
-	if err := s.Set(to, content); err != nil {
+	if err := s.Set(to, content, fmt.Sprintf("Copied from %s to %s", from, to)); err != nil {
 		return err
 	}
 	return nil
@@ -373,7 +373,7 @@ func (s *Store) Move(from, to string) error {
 	if err != nil {
 		return err
 	}
-	if err := s.Set(to, content); err != nil {
+	if err := s.Set(to, content, fmt.Sprintf("Moved from %s to %s", from, to)); err != nil {
 		return err
 	}
 	if err := s.Delete(from); err != nil {
@@ -454,7 +454,7 @@ func (s *Store) filenameToName(fn string) string {
 }
 
 // reencrypt will re-encrypt all entries for the current recipients
-func (s *Store) reencrypt() error {
+func (s *Store) reencrypt(reason string) error {
 	entries, err := s.List("")
 	if err != nil {
 		return err
@@ -465,7 +465,7 @@ func (s *Store) reencrypt() error {
 			fmt.Printf("Failed to get current value for %s: %s\n", e, err)
 			continue
 		}
-		if err := s.Set(e, content); err != nil {
+		if err := s.Set(e, content, reason); err != nil {
 			fmt.Printf("Failed to write %s: %s\n", e, err)
 		}
 	}