[pass] [PATCH] OSX: gpgtools, ramdisk and file extensions

Lenz Weber mail at lenzw.de
Sat Apr 4 16:25:20 CEST 2015 

Hi,
I can't comment on your other changes, but #5 is definitely not the way
to go - it does not resolve the fact that the underlying Regex is wrong
from the beginning (from the back of my head it was something along
the lines that sed does not support | as OR without the extended flag,
but treats it as a normal symbol).

You might try this patch:
http://lists.zx2c4.com/pipermail/password-store/2015-March/001402.html

Regards,
Lenz

Am Sat, 04 Apr 2015 01:32:06 -0500
schrieb mitzip <password-store at mitzip.com>:

> 1) Detect gpgtools in it's non-standard directory [upstream wontfix]
> 2) Add shredding for tmp files in /dev/shm as they could be swapped
> 3) Add shredding and ramdisk tmpdir for OSX
> 4) Detect OSX's shred command, srm.
> 5) Remove .gpg file extensions for PassFF in OSX (set final regex
> 	match to 0 or 1 times)
> ---
>   src/password-store.sh | 32 ++++++++++++++++++++++++++++----
>   1 file changed, 28 insertions(+), 4 deletions(-)
> 
> diff --git a/src/password-store.sh b/src/password-store.sh
> index 47f7ffa..8f67f00 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -10,7 +10,13 @@ GPG_OPTS=( "--quiet" "--yes"
> "--compress-algo=none" "--no-encrypt-to" )
>   GPG="gpg"
>   export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
>   which gpg2 &>/dev/null && GPG="gpg2"
> -[[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch" 
> "--use-agent" )
> +
> +# Check if gpgtools is installed under OSX
> +# 
> http://support.gpgtools.org/discussions/problems/9091-usrbingpgconf#comment_27431107
> +# https://gpgtools.lighthouseapp.com/projects/66001/tickets/114
> +[[ -f /usr/local/MacGPG2/bin/gpg2 ]] && 
> GPG="/usr/local/MacGPG2/bin/gpg2"
> +
> +[[ -n $GPG_AGENT_INFO || "$GPG" != "gpg" ]] && GPG_OPTS+=( "--batch" 
> "--use-agent" )
> 
>   PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
>   X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
> @@ -161,9 +167,23 @@ tmpdir() {
>   	if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
>   		SECURE_TMPDIR="$(mktemp -d "/dev/shm/$template")"
>   		remove_tmpfile() {
> +			find "$SECURE_TMPDIR" -type f -exec $SHRED
> {} + rm -rf "$SECURE_TMPDIR"
>   		}
>   		trap remove_tmpfile INT TERM EXIT
> +	elif [[ "$OSTYPE" == "darwin"* && -n "$(which hdiutil)" &&
> -n "$(which diskutil)" ]]; then
> +		NUMSECTORS=2000  # a sector is 512 bytes
> +		DeviceName=$(hdiutil attach -nomount
> ram://$NUMSECTORS)
> +		diskutil quiet eraseVolume HFS+ osxshm $DeviceName
> +		diskutil quiet disableJournal $DeviceName
> +		SECURE_TMPDIR="$(mktemp -d
> "/Volumes/osxshm/$template")"
> +		remove_tmpfile() {
> +			$SHRED -r $SECURE_TMPDIR
> +			umount /Volumes/osxshm
> +			diskutil quiet secureErase 2 $DeviceName
> +			diskutil quiet eject $DeviceName
> +		}
> +		trap remove_tmpfile INT TERM EXIT
>   	else
>   		[[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF
>   		Your system does not have /dev/shm, which means
> that it may @@ -183,7 +203,11 @@ tmpdir() {
> 
>   }
>   GETOPT="getopt"
> -SHRED="shred -f -z"
> +if [[ "$OSTYPE" == "darwin"* && -n "$(which srm)" ]]; then
> +	SHRED="srm -f -z"
> +else
> +	SHRED="shred -f -z"
> +fi
> 
>   source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr 
> '[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE
> 
> @@ -322,7 +346,7 @@ cmd_show() {
>   		else
>   			echo "${path%\/}"
>   		fi
> -		tree -C -l --noreport "$PREFIX/$path" | tail -n +2 |
> sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' # remove .gpg
> at end of line, but keep colors
> +		tree -C -l --noreport "$PREFIX/$path" | tail -n +2 |
> sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)\{0,1\}/\1\2/g' #
> remove .gpg at end of line, but keep colors
>   	elif [[ -z $path ]]; then
>   		die "Error: password store is empty. Try \"pass
> init\"." else
> @@ -334,7 +358,7 @@ cmd_find() {
>   	[[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND
> pass-names..." IFS="," eval 'echo "Search Terms: $*"'
>   	local terms="*$(printf '%s*|*' "$@")"
> -	tree -C -l --noreport -P "${terms%|*}" --prune --matchdirs 
> --ignore-case "$PREFIX" | tail -n +2 | sed 
> 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g'
> +	tree -C -l --noreport -P "${terms%|*}" --prune --matchdirs 
> --ignore-case "$PREFIX" | tail -n +2 | sed 
> 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)\{0,1\}/\1\2/g' #
> remove .gpg at end of line, but keep colors
>   }
> 
>   cmd_grep() {

More information about the Password-Store mailing list