fix script itself

2025-11-04 12:38:10 +00:00 · 2024-01-11 22:38:01 +01:00 · 2024-01-11 22:38:01 +01:00 · c2e5c2295d
commit c2e5c2295d
parent 240e01257d
3 changed files with 12 additions and 8 deletions
--- a/dotfiles/bin/secretfiles
+++ b/dotfiles/bin/secretfiles
@ -11,8 +11,18 @@ set -euf -o pipefail
 # age encryption / decryption helpers
 # based on https://git.sr.ht/~digital/secretFiles
 #
+# For macOS coreutils and gnu-getopt are required to
+# run this script.
+# brew install coreutils gnu-getopt
+#
 #---------------------------------------------------

+#TMPPATH="/dev/shm"
+TMPPATH="/tmp"
+
+[[ -d "/opt/homebrew/opt/coreutils/libexec/gnubin" ]] && export PATH="/opt/homebrew/opt/coreutils/libexec/gnubin:${PATH}"
+[[ -d "/opt/homebrew/opt/gnu-getopt/bin" ]] && export PATH="/opt/homebrew/opt/gnu-getopt/bin:${PATH}"
+
 # get recipients for age file to encrypt with
 get-recipients-list() {
  local target="${1}"
@ -75,7 +85,7 @@ edit-file() {

  local working_directory="${2:-$(pwd)}"
  local secret_path="${working_directory}/${1}"
-  local tmp_path="$(mktemp -p /dev/shm)"
+  local tmp_path="$(mktemp -p ${TMPPATH})"
  local recipients_list=$(get-recipients-list "${secret_path}")
  local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "${working_directory}/secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "${working_directory}/secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}"

@ -120,7 +130,7 @@ reencrypt-all() {

  local working_directory="${2:-$(pwd)}"
  local identity="${1:-/dev/stdin}"
-  local identity_file="$(mktemp -u -p /dev/shm)"
+  local identity_file="$(mktemp -u -p ${TMPPATH})"

  # make the identity file reuseable, in case it actually is /dev/stdin
  umask 177