[pass] [PATCH] show age of password

Tijn Schuurmans tijn.schuurmans at gmail.com
Thu Jul 30 20:37:46 CEST 2015


Hi Steffen,

I didn't consider using it. It sounds like a smart idea though. It would 
be a totally different implementation of the same idea. Simpler even. 
And that is a good thing™.

Cheers,
Tijn

On 26-07-15 15:35, Steffen Vogel wrote:
> Hi,
>
> this is a nice patch!
>
> Did you considered to use git’s textconv support?
> This should allow us to use „git blame“ to get the last commit which changed the password:
>
> 	pass git blame -L 1,1 -p test.gpg | egrep ^committer-time
>
> This can also be combined with the „—since“ switch.
>
>
> To enable the textconv filter, you must add those config options to the repo:
>
> .gitattributes:
> 	*.gpg		blame=gpg
>
> .git/config:
> 	[blame „gpg]
> 		textconv = gpg —decrypt —no-tty
>
> See: https://git.wiki.kernel.org/index.php/Textconv
>
> Cheers,
>
> Steffen
>
> PS: do we use git textconv filters already in password-store?
>
>>
> Steffen Vogel
> Robensstraße 69
> 52070 Aachen
>
> Mail: post at steffenvogel.de
> Mobil: +49 1575 7180927
> Web: http://www.steffenvogel.de
> Jabber: steffen.vogel at jabber.rwth-aachen.de
>
>> Am 26.07.2015 um 14:10 schrieb Tijn Schuurmans <tijn.schuurmans at gmail.com>:
>>
>> - assume the password is stored in the first line of a password-file
>> - find the latest git revision that changes that line
>> - show all passwords by age
>> ---
>> src/password-store.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 56 insertions(+)
>>
>> diff --git a/src/password-store.sh b/src/password-store.sh
>> index c85cc33..a1e0711 100755
>> --- a/src/password-store.sh
>> +++ b/src/password-store.sh
>> @@ -127,6 +127,45 @@ check_sneaky_paths() {
>> 	done
>> }
>>
>> +git_revisions() {
>> +	[[ -d $GIT_DIR ]] || return
>> +	local path="$1"
>> +	local passfile="$path.gpg"
>> +	git log --format=%H -- $passfile
>> +}
>> +
>> +git_revision() {
>> +	[[ -d $GIT_DIR ]] || return
>> +	local path="$1"
>> +	local revision="$2"
>> +	local passfile="$path.gpg"
>> +	git show $revision:$passfile | $GPG -d "${GPG_OPTS[@]}" | head -n 1
>> +}
>> +
>> +oldest_password_change() {
>> +	[[ -d $GIT_DIR ]] || die "Error: the password store is not a git repository. Try \"$PROGRAM git init\"."
>> +	local path="$1"
>> +	check_sneaky_paths "$path"
>> +	git_revisions "$path" | while read revision
>> +	do
>> +		if [ -z "$password" ]; then
>> +			password="$(git_revision $path $revision)"
>> +		else
>> +			if [ password != "$(git_revision $path $revision)" ]; then
>> +				break
>> +			fi
>> +		fi
>> +		echo $revision
>> +	done | tail -n 1
>> +}
>> +
>> +password_ages() {
>> +	cd $PREFIX && find . -name "*.gpg" | sed 's/^\.\///' | sed 's/\.gpg$//' | while read path
>> +	do
>> +		cmd_age "$path"
>> +	done
>> +}
>> +
>> #
>> # END helper functions
>> #
>> @@ -257,6 +296,10 @@ cmd_usage() {
>> 	    $PROGRAM git git-command-args...
>> 	        If the password store is a git repository, execute a git command
>> 	        specified by git-command-args.
>> +	    $PROGRAM age pass-name
>> +	        Show when a password last changed as an absolute unix timestamp and relatively in a human readable format.
>> +	    $PROGRAM ages
>> +	        Show password age for all passwords ordered from newest to oldest.
>> 	    $PROGRAM help
>> 	        Show this text.
>> 	    $PROGRAM version
>> @@ -340,6 +383,17 @@ cmd_show() {
>> 	fi
>> }
>>
>> +cmd_age() {
>> +	local path="$1"
>> +	check_sneaky_paths "$path"
>> +	local oldest=$(oldest_password_change "$path")
>> +	git show -s --format="%ct%x09%cr%x09"$path"" "$oldest"
>> +}
>> +
>> +cmd_ages() {
>> +	password_ages | sort -r
>> +}
>> +
>> cmd_find() {
>> 	[[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
>> 	IFS="," eval 'echo "Search Terms: $*"'
>> @@ -590,6 +644,8 @@ case "$1" in
>> 	help|--help) shift;		cmd_usage "$@" ;;
>> 	version|--version) shift;	cmd_version "$@" ;;
>> 	show|ls|list) shift;		cmd_show "$@" ;;
>> +	age) shift;			cmd_age "$@" ;;
>> +	ages) shift;			cmd_ages "$@" ;;
>> 	find|search) shift;		cmd_find "$@" ;;
>> 	grep) shift;			cmd_grep "$@" ;;
>> 	insert|add) shift;		cmd_insert "$@" ;;
>> --
>> 2.4.6
>>
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/password-store
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150730/d0f4962d/attachment.html>


More information about the Password-Store mailing list