Password-Store Digest, Vol 79, Issue 3

Jo -l joel.voyer at gmail.com
Wed Dec 18 16:29:47 CET 2019 


> Le 18 12 2019 à 12:00, password-store-request at lists.zx2c4.com a écrit :
> 
> Send Password-Store mailing list submissions to
> 	password-store at lists.zx2c4.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.zx2c4.com/mailman/listinfo/password-store
> or, via email, send a message with subject or body 'help' to
> 	password-store-request at lists.zx2c4.com
> 
> You can reach the person managing the list at
> 	password-store-owner at lists.zx2c4.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Password-Store digest..."
> 
> 
> Today's Topics:
> 
>   1. [PATCH] Allow comments in .gpg-id (Kjetil Torgrim Homme)
>   2. Re: [PATCH] Allow comments in .gpg-id (Amir Yalon)
>   3. Re: [PATCH] Allow comments in .gpg-id (Rune Juhl Jacobsen)
>   4. Re: [PATCH] Allow comments in .gpg-id (Rune Juhl Jacobsen)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 17 Dec 2019 17:55:58 +0100
> From: Kjetil Torgrim Homme <kjetil.homme at redpill-linpro.com>
> To: password-store at lists.zx2c4.com
> Subject: [PATCH] Allow comments in .gpg-id
> Message-ID: <ac01d295-67c9-c682-bf67-5d8a8753dad3 at redpill-linpro.com>
> Content-Type: text/plain; charset="utf-8"
> 
> We are using password-store to share secrets within our organisation, so
> there are dozens of entries in our .gpg-id files.  A list of anonymous
> 64-bit values is hard to work with (e.g., when a colleague leaves or a
> new one arrives), so I would like to allow an optional comment to each line.
> 
> The current logic allows space separated fingerprints like
> 
>  8239 26C1 119D DD65 CC49  4A44 7708 DF87 BE42 C343
> 
> so we must continue to support spaces in the values.
> 
> It is also allowed to use a user-id in the form of a mail address, like
> "kjetil.homme at redpill-linpro.com", although I find that a little icky
> myself (probably not rational).  You can even include the full name of
> the person, like
> 
>  Kjetil Torgrim Homme (work) <kjetil.homme at redpill-linpro.com>
> 
> but it must match what is in the key exactly (including the
> parenthesis), so it is a little fickle.
> 
> My proposed patch is kept simple: it reads each line into two variables,
> which means the first variable contains the first word, and the second
> variable the rest of the word.  If the second variable starts with a
> "#", it is ignored.  Otherwise the complete line is used.  This means I
> am not allowed to add comments to the fingerprint version or the full id
> version, but I think the simplicity of the patch makes it worth it to
> not support that variant.
> 
> (I don't know how to make Thunderbird/Enigmail not add linebreaks, so I
> attach the patch as a file in addition to the inline copy below.)
> 
> diff --git src/password-store.sh src/password-store.sh
> index 7264ffc..b17ec58 100755
> --- src/password-store.sh
> +++ src/password-store.sh
> @@ -98,7 +98,11 @@ set_gpg_recipients() {
> 	verify_file "$current"
> 
> 	local gpg_id
> -	while read -r gpg_id; do
> +	while read -r gpg_id additional_columns; do
> +		case $additional_columns in
> +			""|"# "*) : ;; # only keep first column, strip comment
> +			*)        gpg_id="${gpg_id} ${additional_columns}" ;;
> +		esac
> 		GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )
> 		GPG_RECIPIENTS+=( "$gpg_id" )
> 	done < "$current"
> 
> 
> -- 
> Kjetil T. Homme
> Redpill Linpro - Changing the game
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: comments-in-gpg-id.patch
> Type: text/x-patch
> Size: 545 bytes
> Desc: not available
> URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191217/598aaa11/attachment-0001.bin>
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 18 Dec 2019 11:39:37 +0200
> From: "Amir Yalon" <quoiceehoh-20180826 at yxejamir.net>
> To: password-store at lists.zx2c4.com
> Subject: Re: [PATCH] Allow comments in .gpg-id
> Message-ID: <33af2c47-e990-42ee-8c28-43e7b31c69d9 at www.fastmail.com>
> Content-Type: text/plain; charset="us-ascii"
> 
> On Tue, Dec 17, 2019, at 18:55, Kjetil Torgrim Homme wrote:
>> - while read -r gpg_id; do
>> + while read -r gpg_id additional_columns; do
>> + case $additional_columns in
>> + ""|"# "*) : ;; # only keep first column, strip comment
>> + *) gpg_id="${gpg_id} ${additional_columns}" ;;
>> + esac
> It may be simpler to do gpg_id="${gpg_id%%#*}" instead.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191218/866491ba/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Wed, 18 Dec 2019 11:35:10 +0100
> From: "Rune Juhl Jacobsen" <rune at juhljacobsen.dk>
> To: password-store at lists.zx2c4.com
> Subject: Re: [PATCH] Allow comments in .gpg-id
> Message-ID: <87o8w5hqg1.fsf at juhljacobsen.dk>
> Content-Type: text/plain; format=flowed
> 
> I would probably reach for grep and do something like this 
> instead:
> 
> diff --git a/src/password-store.sh b/src/password-store.sh index 
> 77f3eda..ce3f7fb 100755 --- a/src/password-store.sh +++ 
> b/src/password-store.sh @@ -99,7 +99,7 @@ set_gpg_recipients() { 
>   verify_file "$current" 
> 
>   local gpg_id 
> -       while read -r gpg_id; do +  grep -Eo '^[^#]+' | grep -Ev 
> '^\s*$' | while read -r gpg_id; do 
>     GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" ) GPG_RECIPIENTS+=( 
>     "$gpg_id" ) 
>   done < "$current" 
> 
> 
> This will remove comments no matter if they're full lines or not, 
> and will remove any lines containing only whitespace as well.
> 
> I'm not sure about using `grep -E` though. It's more portable than 
> `grep -e` or `egrep`, but I'm not sure if it'd be better to use 
> `grep -P`, or if it's better to simply loop over all lines and use 
> Bash regexes and BASH_REMATCH to remove comments and empty lines.
> 
> /Rune
> 
> "Amir Yalon" <quoiceehoh-20180826 at yxejamir.net> writes:
> 
>> On Tue, Dec 17, 2019, at 18:55, Kjetil Torgrim Homme wrote: 
>>> - while read -r gpg_id; do + while read -r gpg_id 
>>> additional_columns; do + case $additional_columns in + ""|"# 
>>> "*) : ;; # only keep first column, strip comment + *) 
>>> gpg_id="${gpg_id} ${additional_columns}" ;; + esac 
>> It may be simpler to do gpg_id="${gpg_id%%#*}" instead. 
>> _______________________________________________ Password-Store 
>> mailing list Password-Store at lists.zx2c4.com 
>> https://lists.zx2c4.com/mailman/listinfo/password-store 
> 
> -- 
> Rune Juhl Jacobsen
> rune at juhljacobsen.dk
> +45 6016 8337
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Wed, 18 Dec 2019 11:39:45 +0100
> From: "Rune Juhl Jacobsen" <rune at juhljacobsen.dk>
> To: password-store at lists.zx2c4.com
> Subject: Re: [PATCH] Allow comments in .gpg-id
> Message-ID: <87immdhq8e.fsf at juhljacobsen.dk>
> Content-Type: text/plain; charset="us-ascii"; Format="flowed"
> 
> Ouch, it seems like my editor ate a newline in the diff; sorry. 
> Hopefully this works better...
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: text/x-diff
> Size: 424 bytes
> Desc: not available
> URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191218/ab3fa47a/attachment-0001.diff>
> -------------- next part --------------
> 
> /Rune
> 
> "Rune Juhl Jacobsen" <rune at juhljacobsen.dk> writes:
> 
>> I would probably reach for grep and do something like this 
>> instead: 
>> 
>> diff --git a/src/password-store.sh b/src/password-store.sh index 
>> 77f3eda..ce3f7fb 100755 --- a/src/password-store.sh +++ 
>> b/src/password-store.sh @@ -99,7 +99,7 @@ set_gpg_recipients() {  
>>   verify_file "$current"  
>> 
>>   local gpg_id  
>> -       while read -r gpg_id; do +  grep -Eo '^[^#]+' | grep -Ev 
>> '^\s*$' | while read -r gpg_id; do  
>>     GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" ) GPG_RECIPIENTS+=( 
>>     "$gpg_id" )  
>>   done < "$current"  
>> 
>> This will remove comments no matter if they're full lines or 
>> not,  and will remove any lines containing only whitespace as 
>> well. 
>> 
>> I'm not sure about using `grep -E` though. It's more portable 
>> than  `grep -e` or `egrep`, but I'm not sure if it'd be better 
>> to use  `grep -P`, or if it's better to simply loop over all 
>> lines and use  Bash regexes and BASH_REMATCH to remove comments 
>> and empty lines. 
>> 
>> /Rune 
>> 
>> "Amir Yalon" <quoiceehoh-20180826 at yxejamir.net> writes: 
>> 
>>> On Tue, Dec 17, 2019, at 18:55, Kjetil Torgrim Homme wrote:  
>>>> - while read -r gpg_id; do + while read -r gpg_id 
>>>> additional_columns; do + case $additional_columns in + ""|"# 
>>>> "*) : ;; # only keep first column, strip comment + *) 
>>>> gpg_id="${gpg_id} ${additional_columns}" ;; + esac  
>>> It may be simpler to do gpg_id="${gpg_id%%#*}" instead. 
>>> _______________________________________________ Password-Store 
>>> mailing list Password-Store at lists.zx2c4.com 
>>> https://lists.zx2c4.com/mailman/listinfo/password-store  
>> 
>> --  Rune Juhl Jacobsen rune at juhljacobsen.dk +45 6016 8337 
> 
> -- 
> Rune Juhl Jacobsen
> rune at juhljacobsen.dk
> +45 6016 8337
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
> 
> 
> ------------------------------
> 
> End of Password-Store Digest, Vol 79, Issue 3
> *********************************************

More information about the Password-Store mailing list