From andrew.thorp.dev at gmail.com Mon Nov 4 15:17:11 2019 From: andrew.thorp.dev at gmail.com (Andrew Thorp) Date: Mon, 04 Nov 2019 09:17:11 -0500 Subject: MIgrating gpg keys? Message-ID: <1572877031.2082.0@smtp.gmail.com> Hello, I am in the process of migrating GPG keys, and I couldn't find documentation on the best way to go about adding or changing the key used for encryption in the pass database. Does anyone have any experience with this? Thanks! Andrew Thorp -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at eddiebarraco.fr Mon Nov 4 15:31:34 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 04 Nov 2019 15:31:34 +0100 Subject: MIgrating gpg keys? In-Reply-To: <1572877031.2082.0@smtp.gmail.com> Message-ID: Hello ! > I am in the process of migrating GPG keys, and I couldn't find > documentation > on the best way to go about adding or changing the key used for > encryption > in the pass database. Does anyone have any experience with this? Yes you probably just have to pass init YOUR_NEW_GPG_KEY The pass manual is not so clear about all this right. Tell us if this now work as expected. Kiss From mkesper at schokokeks.org Mon Nov 4 15:33:55 2019 From: mkesper at schokokeks.org (Michael Kesper) Date: Mon, 4 Nov 2019 15:33:55 +0100 Subject: MIgrating gpg keys? In-Reply-To: <1572877031.2082.0@smtp.gmail.com> References: <1572877031.2082.0@smtp.gmail.com> Message-ID: Hi Andrew, On 04.11.19 15:17, Andrew Thorp wrote: > Hello, > > I am in the process of migrating GPG keys, and I couldn't find documentation > on the best way to go about adding or changing the key used for encryption? > in the pass database. Does anyone have any experience with this? pass init will do that. Be sure to use the ID you get by running gpg --list-key as only that will be unique. For checking, create a temporary gnupg setup containing only your new key but not the old one and try to decrypt your secrets. pass itself is a little bit low/level here and doesn't really give you much support here. Best wishes Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: From contact at eddiebarraco.fr Mon Nov 4 15:39:15 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 04 Nov 2019 15:39:15 +0100 Subject: MIgrating gpg keys? In-Reply-To: Message-ID: > pass init will do that. > Be sure to use the ID you get by running > gpg --list-key > as only that will be unique. As I know you can use the global keyring id (gpg2 -K) or the encryption subkey (gpg2 -K --with-subkey-fingerprint). This allow to migrate to a new subkey when the old expires. Stacy From cmskog at gmail.com Mon Nov 4 17:06:50 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 17:06:50 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys Message-ID: When encrypting with a gpg key that has multiple encryption subkeys ONLY the newest encryption subkey is used when encrypting. This leads to potential problems in pass when using such a key. Consider this scenario: Let's say we are using a key K with encryption subkey A. We set up two password stores(S1 and S2) plus a git repository(G) with this key. All fine so far. Let's say now that S1 adds a encryption subkey(B) to K. S2 is still unchanged. S1 then adds a new password P, and pushes this to G, which S2 then pulls. When S2 tries to read password P it will get an error message from gpg: "gpg: decryption failed: No secret key". Even more dangerous: if S1 after adding the key does a "pass init" with K, S2 will not be able to read a single password, if it pulls this change. Patch 1,2,3 is just some tests exposing the problem. The actual fix is in patch 4. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-an-init-test-with-a-key-with-multiple-subkeys.patch Type: text/x-diff Size: 10502 bytes Desc: not available URL: From cmskog at gmail.com Mon Nov 4 17:08:28 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 17:08:28 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: Message-ID: And of the rest of the patches also.... Den m?n 4 nov. 2019 kl 17:06 skrev Carl Michael Skog : > When encrypting with a gpg key that has multiple encryption subkeys ONLY > the newest encryption subkey is used when encrypting. > This leads to potential problems in pass when using such a key. > > Consider this scenario: > Let's say we are using a key K with encryption subkey A. > We set up two password stores(S1 and S2) plus a git repository(G) with > this key. > All fine so far. > Let's say now that S1 adds a encryption subkey(B) to K. > S2 is still unchanged. > S1 then adds a new password P, and pushes this to G, which S2 then pulls. > When S2 tries to read password P it will get an error message from gpg: > "gpg: decryption failed: No secret key". > Even more dangerous: if S1 after adding the key does a "pass init" with K, > S2 will not be able to read a single password, if it pulls this change. > > Patch 1,2,3 is just some tests exposing the problem. > The actual fix is in patch 4. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Test-for-multisubkey-group-reinit.patch Type: text/x-diff Size: 1611 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Add-a-test-for-init-ing-with-multiple-subkey-key.patch Type: text/x-diff Size: 15237 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0004-Fixes-for-having-keys-with-multiple-subkeys.patch Type: text/x-diff Size: 6035 bytes Desc: not available URL: From contact at eddiebarraco.fr Mon Nov 4 17:20:05 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 04 Nov 2019 17:20:05 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: Message-ID: Hey ! > When encrypting with a gpg key that has multiple encryption subkeys ONLY > the newest encryption subkey is used when encrypting. Notes that you can use the subkey fingerprint Reed From contact at eddiebarraco.fr Mon Nov 4 17:21:14 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 04 Nov 2019 17:21:14 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: Message-ID: Hey > When encrypting with a gpg key that has multiple encryption subkeys ONLY > the newest encryption subkey is used when encrypting. Notes that you can use the encryption subkey fingerprint displayed with gpg2 -K --with-subkey-fingerprint From cmskog at gmail.com Mon Nov 4 17:37:49 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 17:37:49 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: Message-ID: Den m?n 4 nov. 2019 kl 17:21 skrev Eddie Barraco : > Hey > > > When encrypting with a gpg key that has multiple encryption subkeys ONLY > > the newest encryption subkey is used when encrypting. > > Notes that you can use the encryption subkey fingerprint displayed with > gpg2 -K --with-subkey-fingerprint > Yes, I suppose you could do "pass init" manually with all subkey fingerprints(with an ampersand appended), which is what the patch is doing... Regards, Carl Michael Skog -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmskog at gmail.com Mon Nov 4 17:42:32 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 17:42:32 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: Message-ID: Disregard my answer... You were obviously answering in the "Migrating gpg keys ?" discussion... Den m?n 4 nov. 2019 kl 17:37 skrev Carl Michael Skog : > Den m?n 4 nov. 2019 kl 17:21 skrev Eddie Barraco >: > >> Hey >> >> > When encrypting with a gpg key that has multiple encryption subkeys ONLY >> > the newest encryption subkey is used when encrypting. >> >> Notes that you can use the encryption subkey fingerprint displayed with >> gpg2 -K --with-subkey-fingerprint >> > > Yes, I suppose you could do "pass init" manually with all subkey > fingerprints(with an ampersand appended), which is what the patch is > doing... > > Regards, > Carl Michael Skog > -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at eddiebarraco.fr Mon Nov 4 17:55:56 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 4 Nov 2019 17:55:56 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: Message-ID: <20191104165556.pmziq4squxatufvy@green-medusa> > > > When encrypting with a gpg key that has multiple encryption subkeys ONLY > > > the newest encryption subkey is used when encrypting. > > > > Notes that you can use the encryption subkey fingerprint displayed with > > gpg2 -K --with-subkey-fingerprint > > > > Yes, I suppose you could do "pass init" manually with all subkey > fingerprints(with an ampersand appended), which is what the patch is > doing... In fact I'm questioning the point. IMHO: If you are using subkeys, you just have to specify the subkey id. Then you can add as many subkeys you want, pass will still be using the specified one. It is also usefull to give sort of access permissions on some pc that have or not have some subkeys. I don't really see the point on giving pass the mind behind the subkey selection. It is strongly probable that I'm missing something. I'm sorry if this is the case. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From cmskog at gmail.com Mon Nov 4 18:14:12 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 18:14:12 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: <20191104165556.pmziq4squxatufvy@green-medusa> References: <20191104165556.pmziq4squxatufvy@green-medusa> Message-ID: Den m?n 4 nov. 2019 kl 17:56 skrev Eddie Barraco : > > In fact I'm questioning the point. > > IMHO: > > If you are using subkeys, you just have to specify the subkey id. > Then you can add as many subkeys you want, pass will still be using the > specified one. It is also usefull to give sort of access permissions on > some pc that have or not have some subkeys. > > I don't really see the point on giving pass the mind behind the subkey > selection. > > It is strongly probable that I'm missing something. I'm sorry if this is > the case. > Look for example at "pass init". It explicitly claims to be reencrypting with all subkeys(It even prints them out). "Claims" is the keyword here, because it doesn't. It reencrypts in the normal gpg way(ONLY with the latest encryption subkey). There is also tests in the test suite that checks that all subkeys are used. There is just no keys with more than one subkey. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmskog at gmail.com Mon Nov 4 18:32:12 2019 From: cmskog at gmail.com (Carl Michael Skog) Date: Mon, 4 Nov 2019 18:32:12 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: <20191104165556.pmziq4squxatufvy@green-medusa> Message-ID: > Den m?n 4 nov. 2019 kl 17:56 skrev Eddie Barraco >: > >> >> In fact I'm questioning the point. > > In fact, you seem to have been bitten by this exact flaw in an earlier message("Re-encryption with another rsa gpg subkey" at Sep 18). Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at eddiebarraco.fr Mon Nov 4 18:45:34 2019 From: contact at eddiebarraco.fr (Eddie Barraco) Date: Mon, 4 Nov 2019 18:45:34 +0100 Subject: [PATCH] Fix for some flaws when using a key with multiple subkeys In-Reply-To: References: <20191104165556.pmziq4squxatufvy@green-medusa> Message-ID: <20191104174534.ufm4fatjilkgzn2c@flying-jesusraptor> > >> In fact I'm questioning the point. > > > > > In fact, you seem to have been bitten by this exact flaw in an earlier > message("Re-encryption with another rsa gpg subkey" at Sep 18). Totaly true. And so I learned to use the subkey id. And in fact, I think this is the best way to do it. The next time I'll have to "roll" my subkey, this problem will not occurs again. I didn't know there was a lack in the tests. So It's always a good things to fill thoses buguy lacks :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From grmat at sub.red Tue Nov 19 13:03:33 2019 From: grmat at sub.red (grmat) Date: Tue, 19 Nov 2019 13:03:33 +0100 Subject: Wayland status Message-ID: <53170c87-c226-990b-54e7-e1b8ddd205d2@sub.red> Hi there, I have two concerns regarding wayland: 1. the wl-clipboard patch has been upstream since February, but no stable release happened since. As distributions already roll Wayland by default, I think it would be reasonable to make a release to make pass+wayland functionality hit the distribution repos. 2. wl-clipboard has a --paste-once option that clears the clipboard immediately after pasting. I think it would make sense for pass to use this feature, but make it configurable. I could send a patch but I'm not sure if it's an option for upstream, so here are my ideas first: a) introduce a new env var, PASSWORD_STORE_PASTE_ONCE. If set, use the option. Problem: xclip doesn't have the feature, hence the config wouldn't work under X. b) activate it without an extra variable, e.g. by setting PASSWORD_STORE_CLIP_TIME to 0. What do you think? Matt From agazza at gmail.com Thu Nov 21 11:19:25 2019 From: agazza at gmail.com (Andrea Gazzaniga) Date: Thu, 21 Nov 2019 11:19:25 +0100 Subject: Problem listing password store Message-ID: Hi, I'm new to pass and I've just started adding my sensitive info into it. All was fine until today, after adding an entry, I get a line of unreadable answer when I ask the full list: $ pass Cc<...unreadable>C5L While if I ask? the list of a subfolder it works. Also QtPass can read the db just fine. I'm running version v1.7.3 on MacOs 10.13.6, installed from homebrew. Thanks, Andrea From ondrejsynacek at fastmail.com Thu Nov 21 12:37:27 2019 From: ondrejsynacek at fastmail.com (=?utf-8?b?T25kxZllaiBTeW7DocSNZWs=?=) Date: Thu, 21 Nov 2019 12:37:27 +0100 Subject: Password-Store Digest, Vol 78, Issue 6 In-Reply-To: References: Message-ID: Not sure what?s going on at your end. I?m on MacOS and what sometimes happens to me is that `pinentry` program hangs up for some reason so I can?t decrypt my passwords. I?m not an expert but I believe this program is managed by `gpg-agent` so what I usually do is that I restart it via `gpgconf --kill gpg-agent` and then it usually works fine. You can still try using `gpg` directly to decrypt the items which should work unless something is botched. I?d try logging out and logging in, maybe that?ll help as a quick fix. To be honest I?ve never encountered that specific error message and my quick online search hasn?t provided me with any information either. On 21 Nov 2019, at 12:00, password-store-request at lists.zx2c4.com wrote: > Send Password-Store mailing list submissions to > password-store at lists.zx2c4.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.zx2c4.com/mailman/listinfo/password-store > or, via email, send a message with subject or body 'help' to > password-store-request at lists.zx2c4.com > > You can reach the person managing the list at > password-store-owner at lists.zx2c4.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Password-Store digest..." > > > Today's Topics: > > 1. Problem listing password store (Andrea Gazzaniga) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 21 Nov 2019 11:19:25 +0100 > From: Andrea Gazzaniga > To: password-store at lists.zx2c4.com > Subject: Problem listing password store > Message-ID: > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi, > > I'm new to pass and I've just started adding my sensitive info into > it. > All was fine until today, after adding an entry, I get a line of > unreadable answer when I ask the full list: > > $ pass > Cc<...unreadable>C5L > > While if I ask? the list of a subfolder it works. Also QtPass can read > the db just fine. > > I'm running version v1.7.3 on MacOs 10.13.6, installed from homebrew. > > Thanks, > Andrea > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > > > ------------------------------ > > End of Password-Store Digest, Vol 78, Issue 6 > ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From zhelezoff at gmail.com Thu Nov 21 13:02:58 2019 From: zhelezoff at gmail.com (Vladimir Zhelezoff) Date: Thu, 21 Nov 2019 13:02:58 +0100 Subject: Problem listing password store In-Reply-To: References: Message-ID: I remember having this issue and for me the problem was a .gpg file in the root password-store directory. Not sure how it got created but I've removed it and all is fine now. So maybe check for any extraneous hidden files in you password store root directory. On Thu, Nov 21, 2019 at 11:20 AM Andrea Gazzaniga wrote: > Hi, > > I'm new to pass and I've just started adding my sensitive info into it. > All was fine until today, after adding an entry, I get a line of > unreadable answer when I ask the full list: > > $ pass > Cc<...unreadable>C5L > > While if I ask the list of a subfolder it works. Also QtPass can read > the db just fine. > > I'm running version v1.7.3 on MacOs 10.13.6, installed from homebrew. > > Thanks, > Andrea > > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fabricius at autistici.org Thu Nov 21 13:00:45 2019 From: fabricius at autistici.org (Fabricius Flamen) Date: Thu, 21 Nov 2019 17:30:45 +0530 Subject: Problem listing password store In-Reply-To: References: Message-ID: <87o8x5a0ig.fsf@autistici.org> Andrea Gazzaniga writes: > I'm new to pass and I've just started adding my sensitive info into it. > All was fine until today, after adding an entry, I get a line of > unreadable answer when I ask the full list: > > $ pass > Cc<...unreadable>C5L > > While if I ask the list of a subfolder it works. Also QtPass can read > the db just fine. There is no db, just files that are stored in .password-store. Try asking for list of all subfolder one by one to see what breaks pass. Remove the bad entry and insert it again, maybe something went wrong while saving that entry. Pass uses this to find the list of entries: tree -C -l --noreport "/home//.password-store" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' Play with this to see what went wrong. If you are able to reproduce this then tell us the name and subfolder of bad entry, just the name not contents. -- Fabricius Flamen 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From zhelezoff at gmail.com Thu Nov 21 13:21:49 2019 From: zhelezoff at gmail.com (Vladimir Zhelezoff) Date: Thu, 21 Nov 2019 13:21:49 +0100 Subject: Problem listing password store In-Reply-To: <87o8x5a0ig.fsf@autistici.org> References: <87o8x5a0ig.fsf@autistici.org> Message-ID: Look at my previous reply, the faulty filename for me was a bare .gpg, so hidden before more close investigation. On Thu, Nov 21, 2019 at 1:17 PM Fabricius Flamen wrote: > > Andrea Gazzaniga writes: > > > I'm new to pass and I've just started adding my sensitive info into it. > > All was fine until today, after adding an entry, I get a line of > > unreadable answer when I ask the full list: > > > > $ pass > > Cc<...unreadable>C5L > > > > While if I ask the list of a subfolder it works. Also QtPass can read > > the db just fine. > > There is no db, just files that are stored in .password-store. Try > asking for list of all subfolder one by one to see what breaks > pass. Remove the bad entry and insert it again, maybe something went > wrong while saving that entry. > > Pass uses this to find the list of entries: > > tree -C -l --noreport "/home//.password-store" | tail -n +2 | sed > -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' > > Play with this to see what went wrong. If you are able to reproduce this > then tell us the name and subfolder of bad entry, just the name not > contents. > > -- > Fabricius Flamen > 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fabricius at autistici.org Thu Nov 21 13:25:56 2019 From: fabricius at autistici.org (Fabricius Flamen) Date: Thu, 21 Nov 2019 17:55:56 +0530 Subject: Problem listing password store In-Reply-To: References: <87o8x5a0ig.fsf@autistici.org> Message-ID: <87mucp9zwe.fsf@autistici.org> Vladimir Zhelezoff writes: > Look at my previous reply, the faulty filename for me was a bare .gpg, so > hidden before more close investigation. Yeah I read that and placing a dot file in my password-store root didn't break pass. I don't think that is the issue here. Please DO NOT reply to me directly and use the mailing list, whatever client you are using sent this email to me instead of list. -- Fabricius Flamen 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From zhelezoff at gmail.com Thu Nov 21 13:43:23 2019 From: zhelezoff at gmail.com (Vladimir Zhelezoff) Date: Thu, 21 Nov 2019 13:43:23 +0100 Subject: Problem listing password store In-Reply-To: <87mucp9zwe.fsf@autistici.org> References: <87o8x5a0ig.fsf@autistici.org> <87mucp9zwe.fsf@autistici.org> Message-ID: On Thu, Nov 21, 2019 at 1:28 PM Fabricius Flamen wrote: > > Vladimir Zhelezoff writes: > > > Look at my previous reply, the faulty filename for me was a bare .gpg, so > > hidden before more close investigation. > > Yeah I read that and placing a dot file in my password-store root didn't > break pass. I don't think that is the issue here. > > Please DO NOT reply to me directly and use the mailing list, whatever > client you are using sent this email to me instead of list. > -- > Fabricius Flamen > 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 > Sorry, can use only Gmail's web interface right now. Anyway I can recreate it by doing e.g.: $ echo 'Hello pass' | gpg --encrypt --recipient PASSGPGID > ~/.password-store/.gpg $ pass Hello pass $ rm ~/.password-store/.gpg $ pass listing follows as expected... -------------- next part -------------- An HTML attachment was scrubbed... URL: From fabricius at autistici.org Thu Nov 21 13:48:12 2019 From: fabricius at autistici.org (Fabricius Flamen) Date: Thu, 21 Nov 2019 18:18:12 +0530 Subject: Problem listing password store In-Reply-To: References: <87o8x5a0ig.fsf@autistici.org> <87mucp9zwe.fsf@autistici.org> Message-ID: <87lfs99ynb.fsf@autistici.org> Vladimir Zhelezoff writes: > Sorry, can use only Gmail's web interface right now. Anyway I can recreate > it by doing e.g.: When you reply put the lists address from Cc to To and remove my address from there. > $ echo 'Hello pass' | gpg --encrypt --recipient PASSGPGID > > ~/.password-store/.gpg > $ pass > Hello pass > $ rm ~/.password-store/.gpg > $ pass > listing follows as expected... Weird, this tree output lists everthing and doesn't break which I believe is what pass uses to list entries. Yeah maybe it is this issue. tree -C -l --noreport "/home//.password-store" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' -- Fabricius Flamen 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From congdanhqx at gmail.com Thu Nov 21 14:20:29 2019 From: congdanhqx at gmail.com (Doan Tran Cong Danh) Date: Thu, 21 Nov 2019 20:20:29 +0700 Subject: [PATCH] show/ls: handle pass file with empty basename Message-ID: <20191121132029.10918-1-congdanhqx@gmail.com> We're handling both show/ls with cmd_show, with a default to show password if the password file exists and list if not. In case of user have a .gpg file in the top level directory, we will show that password because "$PREFIX/.gpg" exists. It's surprising to some users, since our manual clearly states that pass-show needs required argument. Correct it by adding a check for number of arguments. If users really want to show that password, they should explicitly ask by: pass "" Signed-off-by: Doan Tran Cong Danh --- src/password-store.sh | 2 +- tests/t0020-show-tests.sh | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/password-store.sh b/src/password-store.sh index 1d119f2..c1ea2fd 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -379,7 +379,7 @@ cmd_show() { local path="$1" local passfile="$PREFIX/$path.gpg" check_sneaky_paths "$path" - if [[ -f $passfile ]]; then + if [[ $# != 0 && -f $passfile ]]; then if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? echo "$pass" | $BASE64 -d diff --git a/tests/t0020-show-tests.sh b/tests/t0020-show-tests.sh index a4b782f..3836ed2 100755 --- a/tests/t0020-show-tests.sh +++ b/tests/t0020-show-tests.sh @@ -15,6 +15,13 @@ test_expect_success 'Test "show" command with spaces' ' [[ $("$PASS" show "I am a cred with lots of spaces") == "BLAH!!" ]] ' +test_expect_success 'Test "show/ls" command with empty name' ' + "$PASS" insert -e ""<<<"BLAH!!!" && + [[ $("$PASS" "") == "BLAH!!!" ]] && + [[ $("$PASS" | wc -l) == 3 ]] +' + + test_expect_success 'Test "show" of nonexistant password' ' test_must_fail "$PASS" show cred2 ' -- 2.24.0.158.gd77a74f4dd.dirty From agazza at gmail.com Thu Nov 21 15:32:07 2019 From: agazza at gmail.com (Andrea Gazzaniga) Date: Thu, 21 Nov 2019 15:32:07 +0100 Subject: Problem listing password store In-Reply-To: <87lfs99ynb.fsf@autistici.org> References: <87o8x5a0ig.fsf@autistici.org> <87mucp9zwe.fsf@autistici.org> <87lfs99ynb.fsf@autistici.org> Message-ID: Hi, it was indeed a .gpg file without name in the root folder - don't know how it was created (I just did a 'pass insert' before breaking it). Thanks all guys, this community is amazing :) Cheers, Andrea On 21/11/2019 13:48, Fabricius Flamen wrote: > Vladimir Zhelezoff writes: > >> Sorry, can use only Gmail's web interface right now. Anyway I can recreate >> it by doing e.g.: > When you reply put the lists address from Cc to To and remove my address > from there. > >> $ echo 'Hello pass' | gpg --encrypt --recipient PASSGPGID > >> ~/.password-store/.gpg >> $ pass >> Hello pass >> $ rm ~/.password-store/.gpg >> $ pass >> listing follows as expected... > Weird, this tree output lists everthing and doesn't break which I > believe is what pass uses to list entries. Yeah maybe it is this issue. > > tree -C -l --noreport "/home//.password-store" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' > > -- > Fabricius Flamen > 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 > > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store -------------- next part -------------- An HTML attachment was scrubbed... URL: From remi.lapeyre at lenstra.fr Thu Nov 21 17:10:48 2019 From: remi.lapeyre at lenstra.fr (=?UTF-8?Q?R=C3=A9mi_Lapeyre?=) Date: Thu, 21 Nov 2019 08:10:48 -0800 Subject: Problem listing password store In-Reply-To: References: <87o8x5a0ig.fsf@autistici.org> <87mucp9zwe.fsf@autistici.org> <87lfs99ynb.fsf@autistici.org> Message-ID: I sent a patch to fix this a few weeks back when I got this issue: https://lists.zx2c4.com/pipermail/password-store/2019-July/003698.html I think it?s ready to be merged but will make any appropriate change if needed. Le 21 novembre 2019 ? 15:35:17, Andrea Gazzaniga (agazza at gmail.com) a ?crit: Hi, it was indeed a .gpg file without name in the root folder - don't know how it was created (I just did a 'pass insert' before breaking it). Thanks all guys, this community is amazing :) Cheers, Andrea On 21/11/2019 13:48, Fabricius Flamen wrote: Vladimir Zhelezoff writes: Sorry, can use only Gmail's web interface right now. Anyway I can recreate it by doing e.g.: When you reply put the lists address from Cc to To and remove my address from there. $ echo 'Hello pass' | gpg --encrypt --recipient PASSGPGID > ~/.password-store/.gpg $ pass Hello pass $ rm ~/.password-store/.gpg $ pass listing follows as expected... Weird, this tree output lists everthing and doesn't break which I believe is what pass uses to list entries. Yeah maybe it is this issue. tree -C -l --noreport "/home//.password-store" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' -- Fabricius Flamen 3E3825E0 D81106E8 6247DD6E 61B7073C 8217D187 _______________________________________________ Password-Store mailing listPassword-Store at lists.zx2c4.comhttps://lists.zx2c4.com/mailman/listinfo/password-store _______________________________________________ Password-Store mailing list Password-Store at lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store -------------- next part -------------- An HTML attachment was scrubbed... URL: From grmat at sub.red Thu Nov 21 17:17:12 2019 From: grmat at sub.red (grmat) Date: Thu, 21 Nov 2019 17:17:12 +0100 Subject: [PATCH] clip: add option for wl-copy --paste-once In-Reply-To: <53170c87-c226-990b-54e7-e1b8ddd205d2@sub.red> References: <53170c87-c226-990b-54e7-e1b8ddd205d2@sub.red> Message-ID: <20191121161712.72602-1-grmat@sub.red> If environment variable PASSWORD_STORE_PASTE_ONCE is set, the clipboard is cleared immediately after pasting. --- man/pass.1 | 4 ++++ src/password-store.sh | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/man/pass.1 b/man/pass.1 index a555dcb..9101e27 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -429,6 +429,10 @@ for more info. Specifies the number of seconds to wait before restoring the clipboard, by default \fI45\fP seconds. .TP +.I PASSWORD_STORE_PASTE_ONCE +If this variable is set to \fItrue\fP, the clipboard is cleared immediately after the copied +password has been pasted. This currently works only under wayland, using \fBwl-clipboard\fP. +.TP .I PASSWORD_STORE_UMASK Sets the umask of all files modified by pass, by default \fI077\fP. .TP diff --git a/src/password-store.sh b/src/password-store.sh index 1d119f2..ecc5154 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -16,6 +16,7 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" EXTENSIONS="${PASSWORD_STORE_EXTENSIONS_DIR:-$PREFIX/.extensions}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" +PASTE_ONCE="${PASSWORD_STORE_PASTE_ONCE:-false}" GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" @@ -153,12 +154,16 @@ check_sneaky_paths() { clip() { if [[ -n $WAYLAND_DISPLAY ]]; then + local copy_cmd=( wl-copy ) local paste_cmd=( wl-paste -n ) if [[ $X_SELECTION == primary ]]; then copy_cmd+=( --primary ) paste_cmd+=( --primary ) fi + if [[ $PASTE_ONCE == true ]]; then + copy_cmd+=( --paste-once ) + fi local display_name="$WAYLAND_DISPLAY" elif [[ -n $DISPLAY ]]; then local copy_cmd=( xclip -selection "$X_SELECTION" ) -- 2.24.0 From impoorbuthappy at gmail.com Tue Nov 26 06:30:57 2019 From: impoorbuthappy at gmail.com (Natalia Cruz) Date: Tue, 26 Nov 2019 00:30:57 -0500 Subject: Sublime Text and Tab Completion Message-ID: Hello, I would like to use Sublime Text when editing. I've tried using echo EDITOR in several different ways but I think I need to use it explicitly with pass and I'm not sure how to do that. Could you please explain it step by step? I would like to use tab completion but it is not working. Can someone please help me with these things? Mac 10.15.1 Thanks, Natalie -------------- next part -------------- An HTML attachment was scrubbed... URL: From liberius at autistici.org Tue Nov 26 07:27:55 2019 From: liberius at autistici.org (Liberius Clavus) Date: Tue, 26 Nov 2019 11:57:55 +0530 Subject: Sublime Text and Tab Completion In-Reply-To: References: Message-ID: <875zj7xic4.fsf@xenon.liberius> Natalia Cruz writes: > I would like to use Sublime Text when editing. I've tried using echo EDITOR > in several different ways but I think I need to use it explicitly with pass > and I'm not sure how to do that. Could you please explain it step by step? Use `export EDITOR=your_editor` (place it in your rc file), you can also run `EDITOR=your_editor pass` if you want to use it with pass only. > I would like to use tab completion but it is not working. https://wiki.archlinux.org/index.php/Pass <- search for completion on this page and follow that. -- Liberius Clavus -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From matthias at bullbytes.com Tue Nov 26 09:32:48 2019 From: matthias at bullbytes.com (Matthias Braun) Date: Tue, 26 Nov 2019 09:32:48 +0100 Subject: pass edit with non-GUI editor Message-ID: <20191126083248.GE70874@zurich> I'd like to open a password entry using NeoVim in a terminal window. This is my current script: #!/usr/bin/env bash shopt -s nullglob globstar prefix=${PASSWORD_STORE_DIR-~/.password-store} password_files=( "$prefix"/**/*.gpg ) # Remove the password store directories from its entries password_files=( "${password_files[@]#"$prefix"/}" ) # Remove the ".gpg" ending password_files=( "${password_files[@]%.gpg}" ) password_entry=$(printf '%s\n' "${password_files[@]}" | rofi -dmenu "$@") [[ -n $password_entry ]] || exit pass edit "$password_entry" What I'd like to do is make `pass edit` open a new instance of termite (my terminal emulator) and pass the temporary file containing the password entry to NeoVim. Is there a way to do this? From liberius at autistici.org Tue Nov 26 10:11:31 2019 From: liberius at autistici.org (Liberius Clavus) Date: Tue, 26 Nov 2019 14:41:31 +0530 Subject: pass edit with non-GUI editor In-Reply-To: <20191126083248.GE70874@zurich> References: <20191126083248.GE70874@zurich> Message-ID: <874kyrxarg.fsf@xenon.liberius> Matthias Braun writes: > I'd like to open a password entry using NeoVim in a terminal window. > > This is my current script: > > #!/usr/bin/env bash > > shopt -s nullglob globstar > > prefix=${PASSWORD_STORE_DIR-~/.password-store} > password_files=( "$prefix"/**/*.gpg ) > > # Remove the password store directories from its entries > password_files=( "${password_files[@]#"$prefix"/}" ) > # Remove the ".gpg" ending > password_files=( "${password_files[@]%.gpg}" ) > > password_entry=$(printf '%s\n' "${password_files[@]}" | rofi -dmenu "$@") > > [[ -n $password_entry ]] || exit > > pass edit "$password_entry" > > What I'd like to do is make `pass edit` open a new instance of termite (my terminal emulator) and pass the temporary file containing the password entry to NeoVim. From what I understand when you select the entry from dmenu you want it to open a terminal emulator and edit that pass entry. If that's the case then you should read the manual for termite. For urxvt and xterm you can do, `urxvt/xterm -e sh -c "pass edit entry"`. Does this work on termite? -- Liberius Clavus -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From matthias at bullbytes.com Tue Nov 26 15:47:05 2019 From: matthias at bullbytes.com (Matthias Braun) Date: Tue, 26 Nov 2019 15:47:05 +0100 Subject: pass edit with non-GUI editor In-Reply-To: <874kyrxarg.fsf@xenon.liberius> References: <20191126083248.GE70874@zurich> <874kyrxarg.fsf@xenon.liberius> Message-ID: <20191126144705.GA1861419@zurich> On 2019-11-26 at 10:11:31, Liberius Clavus (liberius at autistici.org) wrote: > > Matthias Braun writes: > > > I'd like to open a password entry using NeoVim in a terminal window. > > > > This is my current script: > > > > #!/usr/bin/env bash > > > > shopt -s nullglob globstar > > > > prefix=${PASSWORD_STORE_DIR-~/.password-store} > > password_files=( "$prefix"/**/*.gpg ) > > > > # Remove the password store directories from its entries > > password_files=( "${password_files[@]#"$prefix"/}" ) > > # Remove the ".gpg" ending > > password_files=( "${password_files[@]%.gpg}" ) > > > > password_entry=$(printf '%s\n' "${password_files[@]}" | rofi -dmenu "$@") > > > > [[ -n $password_entry ]] || exit > > > > pass edit "$password_entry" > > > > What I'd like to do is make `pass edit` open a new instance of termite (my terminal emulator) and pass the temporary file containing the password entry to NeoVim. > > From what I understand when you select the entry from dmenu you want it > to open a terminal emulator and edit that pass entry. If that's the case > then you should read the manual for termite. > > For urxvt and xterm you can do, `urxvt/xterm -e sh -c "pass edit > entry"`. Does this work on termite? > > -- > Liberius Clavus Thanks Liberius Clavus, I figured it out: # This opens the entry in the $EDITOR inside a new termite instance termite -e "pass edit "$password_entry"" 2> /dev/null > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store From liberius at autistici.org Tue Nov 26 19:30:26 2019 From: liberius at autistici.org (Liberius Clavus) Date: Wed, 27 Nov 2019 00:00:26 +0530 Subject: Sublime Text and Tab Completion In-Reply-To: References: <875zj7xic4.fsf@xenon.liberius> <87k17ma8d4.fsf@xenon.liberius> Message-ID: <87h82qa3st.fsf@xenon.liberius> Natalia Cruz writes: > On Tue, Nov 26, 2019 at 11:52 AM Liberius Clavus > wrote: >> >> > I'm using zsh and was going to try using bash but I was unable to get >> past >> > the first part which stated to make sure bash_completion was installed. >> > Getting tab completion to work seems a bit more complicated and a bit >> over >> > my current knowledge base. I'm wondering if someone could give me >> > step-by-step instructions on how to enable zsh tab completion on MacOS? >> :) >> >> I am not familiar with zsh, look at this zsh guide for completion: >> zsh.sourceforge.net/Guide/zshguide06.html >> >> Maybe this can help: >> https://wiki.archlinux.org/index.php/Zsh#Command_completion >> >> If you can't figure it out with these links then ask on their mailing >> list or irc channel. > > Thank you! This worked! I love pass! <3 > >> Please don't top post. > > Interesting. I've never had to do that before but I found an entire article > that discusses list etiquette ;) Hopefully this is the correct formatting > this time. I like to learn. I see that you are new to this, please DO NOT send personal emails and instead reply to the list. I just discovered all our conversations didn't came from the list. Whatever client you are using should be configured to reply to list, that helps everyone. If you are not able to configure your client to do that then please choose a better client. -- Liberius Clavus -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From matt at connell.tech Wed Nov 27 05:18:28 2019 From: matt at connell.tech (Matt Connell) Date: Wed, 27 Nov 2019 05:18:28 +0100 (CET) Subject: Sublime Text and Tab Completion In-Reply-To: <87h82qa3st.fsf@xenon.liberius> References: <875zj7xic4.fsf@xenon.liberius> <87k17ma8d4.fsf@xenon.liberius> <87h82qa3st.fsf@xenon.liberius> Message-ID: <2f5d91af-c161-56dd-4113-0f700a9359dc@connell.tech> On 2019-11-26 12:30, Liberius Clavus wrote: > Whatever client you are using should be > configured to reply to list, that helps everyone. > > If you are not able to configure your client to do that then please > choose a better client. For what it is worth, reply-list is the default behavior in Thunderbird. Mailing lists are the perfect place for this feature. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From madduck at madduck.net Thu Nov 28 00:33:18 2019 From: madduck at madduck.net (martin f. krafft) Date: Thu, 28 Nov 2019 12:33:18 +1300 Subject: (fwd) [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20190812052123.21737-1-madduck@madduck.net> Message-ID: <20191127233318.GA34077@lotus.rw.madduck.net> Hello, Wondering if there's anything I can do to further facilitate? acceptance of this patch I sent 3 months ago? Thank you, martin ----- Forwarded message from "martin f. krafft" ----- Date: Mon, 12 Aug 2019 17:21:23 +1200 From: "martin f. krafft" To: password-store at lists.zx2c4.com Cc: "martin f. krafft" Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit Message-Id: <20190812052123.21737-1-madduck at madduck.net> X-Spam: no (crm114:16.49 SA:-102.1) X-Justme: from machine in my domain Enables shell-parsing of $EDITOR when executing its contents on temporary files during `pass edit`. Previously, trying to invoke e.g. vim with a set of commands, such as ``` vim -c 'set nostmp' ``` would result in `pass` calling ``` execve("/usr/bin/vim", ["vim", "-c", "'set", "nostmp'", "/dev/shm/pass.?"...], ? ``` i.e. it would ignore quotes when splitting up the command line. With this patch, the editor is properly called: ``` execve("/usr/bin/vim", ["vim", "-c", "set nostmp", "/dev/shm/pass.?"...], ? ``` Signed-off-by: martin f. krafft --- src/password-store.sh | 2 +- tests/t0201-edit-tests.sh | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100755 tests/t0201-edit-tests.sh diff --git a/src/password-store.sh b/src/password-store.sh index 1d119f2..46425f9 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -497,7 +497,7 @@ cmd_edit() { $GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1 action="Edit" fi - ${EDITOR:-vi} "$tmp_file" + eval ${EDITOR:-vi} "$tmp_file" [[ -f $tmp_file ]] || die "New password not saved." $GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged." while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do diff --git a/tests/t0201-edit-tests.sh b/tests/t0201-edit-tests.sh new file mode 100755 index 0000000..8f32881 --- /dev/null +++ b/tests/t0201-edit-tests.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +test_description='Test edit with spaces in $EDITOR' +cd "$(dirname "$0")" +. ./setup.sh + +test_expect_success 'Test shell-parsing of $EDITOR' ' + "$PASS" init $KEY1 && + "$PASS" generate cred1 90 && + export PASSWORD_WITH_SPACE="Password with space" && + export EDITOR="sed -i -e \"1s,^.*\$,$PASSWORD_WITH_SPACE,\"" && + "$PASS" edit cred1 2> /tmp/cred1 && + "$PASS" show cred1 > /tmp/cred1 && + [[ $("$PASS" show cred1) == "$PASSWORD_WITH_SPACE" ]] +' + +test_done -- @martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net "when a gentoo admin tells me that the KISS principle is good for 'busy sysadmins', and that it's not an evolutionary step backwards, i wonder whether their tape is already running backwards." spamtraps: madduck.bogus at madduck.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1187 bytes Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: From madduck at madduck.net Thu Nov 28 00:34:31 2019 From: madduck at madduck.net (martin f. krafft) Date: Thu, 28 Nov 2019 12:34:31 +1300 Subject: (fwd) [PATCH v2] Unset variables messing with Git use In-Reply-To: <20190813222655.3524-1-madduck@madduck.net> Message-ID: <20191127233431.GB34077@lotus.rw.madduck.net> Hello, Wondering if there's anything I can do to further facilitate acceptance of this patch I sent 3 months ago? Thank you, martin ----- Forwarded message from "martin f. krafft" ----- Date: Wed, 14 Aug 2019 10:26:55 +1200 From: "martin f. krafft" To: password-store at lists.zx2c4.com Cc: "martin f. krafft" Subject: [PATCH v2] Unset variables messing with Git use Message-Id: <20190813222655.3524-1-madduck at madduck.net> X-Spam: no (crm114:17.14 SA:-102.1) X-Justme: from machine in my domain This patch makes sure that variables from the environment cannot override e.g. the Git directory to operate on, as well as other critical parts of Git operations. These variables are: - GIT_DIR - GIT_WORK_TREE - GIT_NAMESPACE - GIT_INDEX_FILE - GIT_INDEX_VERSION - GIT_OBJECT_DIRECTORY - GIT_COMMON_DIR If any of those are set, pass might end up operating on another repository, and things would break. I caught this having GIT_DIR set, but fortunately the other repository had a .gitignore that would have ignored the file: ``` fishbowl~% echo $GIT_DIR /home/madduck/.config/vcsh/repo.d/zsh.git fishbowl~% pass generate test The following paths are ignored by one of your .gitignore files: .password-store/test.gpg Use -f if you really want to add them. The generated password for test is: ? ``` The result was an orphan file `test.gpg` in the password-store root. Signed-off-by: martin f. krafft --- src/password-store.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/password-store.sh b/src/password-store.sh index 1d119f2..ddb30f2 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -20,6 +20,10 @@ GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" +unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE \ + GIT_INDEX_FILE GIT_INDEX_VERSION \ + GIT_OBJECT_DIRECTORY GIT_COMMON_DIR + export GIT_CEILING_DIRECTORIES="$PREFIX/.." # -- @martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net "most people become bankrupt through having invested too heavily in the prose of life. to have ruined one's self over poetry is an honour." -- oscar wilde spamtraps: madduck.bogus at madduck.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1187 bytes Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: From Jason at zx2c4.com Thu Nov 28 12:14:53 2019 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 28 Nov 2019 12:14:53 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20190812052123.21737-1-madduck@madduck.net> References: <20190812052123.21737-1-madduck@madduck.net> Message-ID: Do you have any other examples of EDITOR being eval'd in this manner? From kjetil.homme at redpill-linpro.com Thu Nov 28 13:11:30 2019 From: kjetil.homme at redpill-linpro.com (Kjetil Torgrim Homme) Date: Thu, 28 Nov 2019 13:11:30 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: References: <20190812052123.21737-1-madduck@madduck.net> Message-ID: Den 28.11.2019 12:14, skreiv Jason A. Donenfeld: > Do you have any other examples of EDITOR being eval'd in this manner? > I agree with your skepticism. It is best if pass(1) handles $EDITOR like other scripts, I'm wary of breaking other people's setup. I would write a trivial wrapper ~/bin/vimsecure and use that as my $EDITOR, or even simpler, use EDITOR=vi :) 'shelltemp' 'stmp' boolean (Vi default off, Vim default on) global {not in Vi} -- Kjetil T. Homme Redpill Linpro - Changing the game -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From Jason at zx2c4.com Thu Nov 28 13:52:31 2019 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 28 Nov 2019 13:52:31 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: References: <20190812052123.21737-1-madduck@madduck.net> Message-ID: On Thu, Nov 28, 2019 at 1:12 PM Kjetil Torgrim Homme wrote: > > Den 28.11.2019 12:14, skreiv Jason A. Donenfeld: > > Do you have any other examples of EDITOR being eval'd in this manner? > > > > I agree with your skepticism. It is best if pass(1) handles $EDITOR > like other scripts, I'm wary of breaking other people's setup. I'm not expressing skepticism. I'm genuinely interested to see other examples. From Jason at zx2c4.com Thu Nov 28 13:54:30 2019 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 28 Nov 2019 13:54:30 +0100 Subject: [PATCH] Unset variables messing with Git use In-Reply-To: <20190813095353.328-1-madduck@madduck.net> References: <20190813095353.328-1-madduck@madduck.net> Message-ID: Thanks for the patch. Sorry for the delay. https://git.zx2c4.com/password-store/commit/?id=88936b11aff49e48f79842e4628c55620e0ad736 From madduck at madduck.net Thu Nov 28 19:43:54 2019 From: madduck at madduck.net (martin f. krafft) Date: Fri, 29 Nov 2019 07:43:54 +1300 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: References: <20190812052123.21737-1-madduck@madduck.net> Message-ID: <20191128184354.GB1245347@fishbowl.rw.madduck.net> Regarding the following, written by "Kjetil Torgrim Homme" on 2019-11-28 at 13:11 Uhr +0100: >I would write a trivial wrapper ~/bin/vimsecure and use that as my >$EDITOR, or even simpler, use EDITOR=vi :) Yeah, I can do that instead. I agree that my patch may be too risky. Best, -- @martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net "doesn't he know who i think i am?" -- phil collins spamtraps: madduck.bogus at madduck.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jason at zx2c4.com Thu Nov 28 21:25:45 2019 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 28 Nov 2019 21:25:45 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20191128184354.GB1245347@fishbowl.rw.madduck.net> References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> Message-ID: On Thu, Nov 28, 2019, 19:44 martin f. krafft wrote: > Regarding the following, written by "Kjetil Torgrim Homme" on 2019-11-28 > at 13:11 Uhr +0100: > > I would write a trivial wrapper ~/bin/vimsecure and use that as my > $EDITOR, or even simpler, use EDITOR=vi :) > > Yeah, I can do that instead. I agree that my patch may be too risky. > I *don't* agree that it's too risky. Rather, I'm interested in learning if there's precedent for the change before we make it. Can you research how EDITOR is handled elsewhere, please? Best, > -- > @martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net > > "doesn't he know who i think i am?" > -- phil collins > > spamtraps: madduck.bogus at madduck.net > _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > -------------- next part -------------- An HTML attachment was scrubbed... URL: From madduck at madduck.net Thu Nov 28 21:51:42 2019 From: madduck at madduck.net (martin f. krafft) Date: Fri, 29 Nov 2019 09:51:42 +1300 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> Message-ID: <20191128205142.GA61624@lotus.rw.madduck.net> Regarding the following, written by "Jason A. Donenfeld" on 2019-11-28 at 21:25 Uhr +0100: >I *don't* agree that it's too risky. Rather, I'm >interested in learning if there's precedent for the >change before we make it. Can you research how EDITOR is >handled elsewhere, please? Debian's sensible-editor doesn't use eval. /usr/bin/bashbug doesn't use eval. /usr/bin/git-authors doesn't use eval. That's all I have in /usr/bin here ;) -- @martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net for years, we have thought that a million monkeys typing at a million typewriters would eventually produce the complete works of shakespeare. today, thanks to the internet, we know this is not true. spamtraps: madduck.bogus at madduck.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1187 bytes Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: From t-passwd at girst.at Thu Nov 28 22:00:00 2019 From: t-passwd at girst.at (Tobias Girstmair) Date: Thu, 28 Nov 2019 22:00:00 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20191128205142.GA61624@lotus.rw.madduck.net> References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> <20191128205142.GA61624@lotus.rw.madduck.net> Message-ID: <20191128210000.GA15174@girst.at> On Fri, Nov 29, 2019 at 09:51:42AM +1300, martin f. krafft wrote: >That's all I have in /usr/bin here ;) I've got /usr/bin/i3-sensible-editor and it _does_ eval it (not that i have a strong opinion on this topic): for editor in "$VISUAL" "$EDITOR" nano nvim vim vi emacs pico qe mg jed gedit mcedit gvim; do if command -v "$editor" > /dev/null 2>&1; then exec "$editor" "$@" fi done From lists+pass at simplit.com Thu Nov 28 22:15:24 2019 From: lists+pass at simplit.com (Allan Odgaard) Date: Thu, 28 Nov 2019 22:15:24 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20191128210000.GA15174@girst.at> References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> <20191128205142.GA61624@lotus.rw.madduck.net> <20191128210000.GA15174@girst.at> Message-ID: <587A814D-5410-418D-98B1-31AF9AB2A62A@simplit.com> On 28 Nov 2019, at 22:00, Tobias Girstmair wrote: > On Fri, Nov 29, 2019 at 09:51:42AM +1300, martin f. krafft wrote: >> That's all I have in /usr/bin here ;) > > I've got /usr/bin/i3-sensible-editor and it _does_ eval it (not that i > have a strong opinion on this topic): > > for editor in "$VISUAL" "$EDITOR" nano nvim vim vi emacs pico qe mg > jed gedit mcedit gvim; do > if command -v "$editor" > /dev/null 2>&1; then > exec "$editor" "$@" > fi > done I don?t know what the above is, but that does not use `eval` and it doesn?t even seem to support arguments as part of the `EDITOR` variable (as it uses quotes for the variable expansion, so `command` will see the command with arguments as a single shell word and fail). `crontab` also does not support arguments as part of the `EDITOR` variable, but everything else that I am aware of does. I have not seen anything use `eval` and I think it?s a bad idea because it?s not a specification, it?s just ?run it as a shell line? which can have different meaning depending on the shell. Definitely the proper solution is to have `EDITOR` point to a shell script rather than try to treat the `EDTIOR` variable as an inline shell script. -------------- next part -------------- An HTML attachment was scrubbed... URL: From t-passwd at girst.at Thu Nov 28 22:28:30 2019 From: t-passwd at girst.at (Tobias Girstmair) Date: Thu, 28 Nov 2019 22:28:30 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <587A814D-5410-418D-98B1-31AF9AB2A62A@simplit.com> References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> <20191128205142.GA61624@lotus.rw.madduck.net> <20191128210000.GA15174@girst.at> <587A814D-5410-418D-98B1-31AF9AB2A62A@simplit.com> Message-ID: <20191128212830.GA20973@girst.at> On Thu, Nov 28, 2019 at 10:15:24PM +0100, Allan Odgaard wrote: > I don?t know what the above is, but that does not use `eval` and it apologies for the noise; it does indeed say 'exec' and not 'eval'. as to not make this message a complete waste: I've peeked at github's code search and googled `filetype:sh "eval.editor"`: not many results, apart from some people's dotfiles. i think it is safe to say that nearly nobody evals $EDITOR. From jason.donenfeld at gmail.com Fri Nov 29 13:43:30 2019 From: jason.donenfeld at gmail.com (Jason A. Donenfeld) Date: Fri, 29 Nov 2019 13:43:30 +0100 Subject: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit In-Reply-To: <20191128212830.GA20973@girst.at> References: <20190812052123.21737-1-madduck@madduck.net> <20191128184354.GB1245347@fishbowl.rw.madduck.net> <20191128205142.GA61624@lotus.rw.madduck.net> <20191128210000.GA15174@girst.at> <587A814D-5410-418D-98B1-31AF9AB2A62A@simplit.com> <20191128212830.GA20973@girst.at> Message-ID: On Thu, Nov 28, 2019, 22:28 Tobias Girstmair wrote: > On Thu, Nov 28, 2019 at 10:15:24PM +0100, Allan Odgaard wrote: > > I don?t know what the above is, but that does not use `eval` and it > > apologies for the noise; it does indeed say 'exec' and not 'eval'. > > as to not make this message a complete waste: I've peeked at github's code > search and googled `filetype:sh "eval.editor"`: not many results, apart > from > some people's dotfiles. > > i think it is safe to say that nearly nobody evals $EDITOR. > Cool thanks for researching this. I guess that decides it then! Jason _______________________________________________ > Password-Store mailing list > Password-Store at lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > -------------- next part -------------- An HTML attachment was scrubbed... URL: