[pass] [PATCH] show age of password

Steffen Vogel post at steffenvogel.de
Sun Jul 26 15:35:24 CEST 2015 

Hi,

this is a nice patch!

Did you considered to use git’s textconv support?
This should allow us to use „git blame“ to get the last commit which changed the password:

	pass git blame -L 1,1 -p test.gpg | egrep ^committer-time

This can also be combined with the „—since“ switch.


To enable the textconv filter, you must add those config options to the repo:

.gitattributes:
	*.gpg		blame=gpg

.git/config:
	[blame „gpg]
		textconv = gpg —decrypt —no-tty

See: https://git.wiki.kernel.org/index.php/Textconv

Cheers,

Steffen

PS: do we use git textconv filters already in password-store?

—

Steffen Vogel
Robensstraße 69
52070 Aachen

Mail: post at steffenvogel.de
Mobil: +49 1575 7180927
Web: http://www.steffenvogel.de
Jabber: steffen.vogel at jabber.rwth-aachen.de

> Am 26.07.2015 um 14:10 schrieb Tijn Schuurmans <tijn.schuurmans at gmail.com>:
> 
> - assume the password is stored in the first line of a password-file
> - find the latest git revision that changes that line
> - show all passwords by age
> ---
> src/password-store.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 56 insertions(+)
> 
> diff --git a/src/password-store.sh b/src/password-store.sh
> index c85cc33..a1e0711 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -127,6 +127,45 @@ check_sneaky_paths() {
> 	done
> }
> 
> +git_revisions() {
> +	[[ -d $GIT_DIR ]] || return
> +	local path="$1"
> +	local passfile="$path.gpg"
> +	git log --format=%H -- $passfile
> +}
> +
> +git_revision() {
> +	[[ -d $GIT_DIR ]] || return
> +	local path="$1"
> +	local revision="$2"
> +	local passfile="$path.gpg"
> +	git show $revision:$passfile | $GPG -d "${GPG_OPTS[@]}" | head -n 1
> +}
> +
> +oldest_password_change() {
> +	[[ -d $GIT_DIR ]] || die "Error: the password store is not a git repository. Try \"$PROGRAM git init\"."
> +	local path="$1"
> +	check_sneaky_paths "$path"
> +	git_revisions "$path" | while read revision
> +	do
> +		if [ -z "$password" ]; then
> +			password="$(git_revision $path $revision)"
> +		else
> +			if [ password != "$(git_revision $path $revision)" ]; then
> +				break
> +			fi
> +		fi
> +		echo $revision
> +	done | tail -n 1
> +}
> +
> +password_ages() {
> +	cd $PREFIX && find . -name "*.gpg" | sed 's/^\.\///' | sed 's/\.gpg$//' | while read path
> +	do
> +		cmd_age "$path"
> +	done
> +}
> +
> #
> # END helper functions
> #
> @@ -257,6 +296,10 @@ cmd_usage() {
> 	    $PROGRAM git git-command-args...
> 	        If the password store is a git repository, execute a git command
> 	        specified by git-command-args.
> +	    $PROGRAM age pass-name
> +	        Show when a password last changed as an absolute unix timestamp and relatively in a human readable format.
> +	    $PROGRAM ages
> +	        Show password age for all passwords ordered from newest to oldest.
> 	    $PROGRAM help
> 	        Show this text.
> 	    $PROGRAM version
> @@ -340,6 +383,17 @@ cmd_show() {
> 	fi
> }
> 
> +cmd_age() {
> +	local path="$1"
> +	check_sneaky_paths "$path"
> +	local oldest=$(oldest_password_change "$path")
> +	git show -s --format="%ct%x09%cr%x09"$path"" "$oldest"
> +}
> +
> +cmd_ages() {
> +	password_ages | sort -r
> +}
> +
> cmd_find() {
> 	[[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
> 	IFS="," eval 'echo "Search Terms: $*"'
> @@ -590,6 +644,8 @@ case "$1" in
> 	help|--help) shift;		cmd_usage "$@" ;;
> 	version|--version) shift;	cmd_version "$@" ;;
> 	show|ls|list) shift;		cmd_show "$@" ;;
> +	age) shift;			cmd_age "$@" ;;
> +	ages) shift;			cmd_ages "$@" ;;
> 	find|search) shift;		cmd_find "$@" ;;
> 	grep) shift;			cmd_grep "$@" ;;
> 	insert|add) shift;		cmd_insert "$@" ;;
> --
> 2.4.6
> 
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150726/fc32bf18/attachment.asc>

More information about the Password-Store mailing list