From rodrigo at FreeBSD.org  Tue Jun  8 09:12:11 2021
From: rodrigo at FreeBSD.org (Rodrigo Osorio)
Date: Tue, 8 Jun 2021 11:12:11 +0200
Subject: Fix website : installation method for FreeBSD is deprecated
Message-ID: <23e12a31-7cb0-1344-544b-d4944d6688be@FreeBSD.org>

Hi,

Browsing the project website I notice that the installation method for 
FreeBSD you describe
is deprecated, the correct syntax is `pkg install password-store`.

To give you more context, portmaster is a tool from the pkg_add era 
(before 2014). It still
maintained by some enthusiasts, but it's not recommended because 
sometime it breaks packages.
On the other side pkg is the official package tool the project maintains.

Best regards,
-- rodrigo



From Jason at zx2c4.com  Tue Jun  8 12:58:50 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Tue, 8 Jun 2021 14:58:50 +0200
Subject: Fix website : installation method for FreeBSD is deprecated
In-Reply-To: <23e12a31-7cb0-1344-544b-d4944d6688be@FreeBSD.org>
References: <23e12a31-7cb0-1344-544b-d4944d6688be@FreeBSD.org>
Message-ID: <CAHmME9oXr+7HDzQWasEASW9nWwA7XwzsOFzb7Y6jfymk+LwZvw@mail.gmail.com>

Jeepers creepers that text is old! Updated now, thanks.

Jason

From stephane at clerambault.fr  Tue Jun  8 17:52:51 2021
From: stephane at clerambault.fr (=?ISO-8859-1?Q?St=E9phane_Cl=E9rambault?=)
Date: Tue, 08 Jun 2021 19:52:51 +0200
Subject: zsh completion with PASSWORD_STORE_DIR doesn't work well
Message-ID: <3374473.1hFO7MGSUK@ankara>

Hello guys,

Thank you for maintaining this awesome tool !

I encountered a small problem about zsh completion with a custom 
PASSWORD_STORE_DIR.

I wrote this function in my zshrc:
  
  CUSTOM="$HOME/custom"
  
  function rpass () {
    PASSWORD_STORE_DIR=$CUSTOM pass $@
  }

  zstyle ':completion::complete:rpass::' prefix "$CUSTOM"
  compdef _pass rpass

I don't know very well the zsh completion, so maybe I did something wrong. The 
result is, completion works fine if I write `rpass <tab>` but if I write 
`rpass 
show <tab>` it shows the tree in ~/.password-store.

After a debugging session, I found the following line in _pass completion 
file:

  curcontext="${curcontext%:*:*}:pass-$cmd"

When I remove this line, it fixes the problem without any drawbacks (for now). 
I didn't understand what exactly this line do but it seems related to my 
problem.

Do you have any suggestions ?

Thank very much.
Sincerly 
-- 
St?phane Cl?rambault
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20210608/0e98af71/attachment.sig>

From Jason at zx2c4.com  Fri Jun 11 16:22:17 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:22:17 +0200
Subject: [PATCH] Allow alternatives to dmenu for passmenu
In-Reply-To: <20210131080554.dfd6jqzsvrhftzt6@geher-laptop>
References: <20210128190839.117042-1-stefan.kerman.gehr@fau.de>
 <99de9905-3918-c22a-f82a-d1d0a22a2ea0@systemli.org>
 <20210131080554.dfd6jqzsvrhftzt6@geher-laptop>
Message-ID: <CAHmME9rf4qaN2J_TpCBOv5VLnLMK6FFUHLgSXDvVDxEqvz+MSw@mail.gmail.com>

Applied something very similar. Uses `PASSWORD_STORE_MENU_PROGRAM`.

From Jason at zx2c4.com  Fri Jun 11 16:30:29 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:30:29 +0200
Subject: [PATCH] passmenu: add support for wayland
In-Reply-To: <20200730154140.4986-1-sternenseemann@systemli.org>
References: <c6c4f211-6a42-d47b-75ff-b96e98b9477d@systemli.org>
 <20200730154140.4986-1-sternenseemann@systemli.org>
Message-ID: <CAHmME9rHtjFNz0Ub2CZs0acffc0rE9=g=X_wNXqVHBNT+Bt8gQ@mail.gmail.com>

I applied this. But I wonder: should we be using wtype instead at this
point? https://github.com/atx/wtype

If so, would you like to prepare a patch for that?

Jason

From Jason at zx2c4.com  Fri Jun 11 16:33:05 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:33:05 +0200
Subject: [PATCH] Fix issue with special characters on MacOS
In-Reply-To: <765E32E8-C9BA-47A6-A5EA-7F653CC9900E@lenstra.fr>
References: <765E32E8-C9BA-47A6-A5EA-7F653CC9900E@lenstra.fr>
Message-ID: <CAHmME9oQiD+mifPEWs1DFGQAuryqLRtpfz1NaCk_cs6x5HSN5w@mail.gmail.com>

Can you send this to the mailing list normally?

https://github.com/remilapeyre/password-store/commit/3ca96e0e25e592ae7fa3871458df7f6a478e755d

I don't quite see how that test case actually tests the patch, since
you're changing the argument passed to tree, right?

From Jason at zx2c4.com  Fri Jun 11 16:33:46 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:33:46 +0200
Subject: [PATCH] Escape colons in zsh completion to show url ports
In-Reply-To: <20200714043537.sdl4eb4xfx46pzjr@mail.gmail.com>
References: <20200713120023.o4sya3vkjcx2fawf@mail.gmail.com>
 <20200713164858.d5govfcevovnt4ps@gmail.com>
 <20200714043537.sdl4eb4xfx46pzjr@mail.gmail.com>
Message-ID: <CAHmME9oS-1KW-Sf3CCzXD=wAGLDeC=q4dDmNh5KUNeJX8pegSA@mail.gmail.com>

Applied, thanks.

From Jason at zx2c4.com  Fri Jun 11 16:41:03 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:41:03 +0200
Subject: [PATCH] Allow comments in .gpg-id
In-Reply-To: <c1ce8f2e-aded-acf4-e877-e02b38187d9b@gmail.com>
References: <CANSPwhwMETxOh7t6LOUfigm4H4yDPUg5k4SQmXmFgnZz_CmaGg@mail.gmail.com>
 <CANSPwhzS32hyUv8OcZa0dXoO1uH6R5BU96hoqhVNQqBzq8s5Ww@mail.gmail.com>
 <CANSPwhy0itp6eEsOWjSpBt2w8Dxx-FZEWtbq1drt-dd5Mwx++A@mail.gmail.com>
 <c1ce8f2e-aded-acf4-e877-e02b38187d9b@gmail.com>
Message-ID: <CAHmME9q-ySZaC7dK2im26AOwPhjcFooNeQtkcZvmAYK3QShthA@mail.gmail.com>

Applied as https://git.zx2c4.com/password-store/commit/?id=a271b43cbd76cc30406202c49041b552656538bd

Hopefully there aren't legit gpg key IDs with # in them.

From Jason at zx2c4.com  Fri Jun 11 16:44:19 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:44:19 +0200
Subject: [PATCH] Use GPG_OPTS when verifying .gpg-id signature
In-Reply-To: <20200413082940.12839-1-vnctdj@laposte.net>
References: <20200413082940.12839-1-vnctdj@laposte.net>
Message-ID: <CAHmME9qiOgT1fGysTvg1_=Vz4PxQR9fLSWJjspw1Fx_vOg0GXw@mail.gmail.com>

Applied, thanks.

From Jason at zx2c4.com  Fri Jun 11 16:54:06 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 18:54:06 +0200
Subject: [ANNOUNCE] pass 1.7.4 Released
Message-ID: <YMOVLgukcF6TxNBK@zx2c4.com>

Hi folks,

Pass 1.7.4 has been released with a decent amount of bug fixes accumulated
over time, and most importantly, finally has Wayland support.

== Password Store on the Web ==

* Our homepage: https://www.passwordstore.org/
* Man page: https://git.zx2c4.com/password-store/about/
* Git repo: git clone https://git.zx2c4.com/password-store/
* Mailing list: https://lists.zx2c4.com/mailman/listinfo/password-store
* IRC channel: #pass on Libera.Chat

== Downloading v1.7.4 ==

URL:
  https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz

SHA256:
  cfa9faf659f2ed6b38e7a7c3fb43e177d00edbacc6265e6e32215ff40e3793c0

Git tag signed with GPG key:
  AB9942E6D4A4CFC3412620A749FC7012A5DE03AE


Regards,
Jason



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20210611/d1436a97/attachment.sig>

From sternenseemann at systemli.org  Fri Jun 11 17:30:39 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Fri, 11 Jun 2021 19:30:39 +0200
Subject: [PATCH] Allow alternatives to dmenu for passmenu
In-Reply-To: <CAHmME9rf4qaN2J_TpCBOv5VLnLMK6FFUHLgSXDvVDxEqvz+MSw@mail.gmail.com>
References: <20210128190839.117042-1-stefan.kerman.gehr@fau.de>
 <99de9905-3918-c22a-f82a-d1d0a22a2ea0@systemli.org>
 <20210131080554.dfd6jqzsvrhftzt6@geher-laptop>
 <CAHmME9rf4qaN2J_TpCBOv5VLnLMK6FFUHLgSXDvVDxEqvz+MSw@mail.gmail.com>
Message-ID: <aaf3ea72-8df0-af4d-7343-e17af096488a@systemli.org>

On 6/11/21 6:22 PM, Jason A. Donenfeld wrote:
> Applied something very similar. Uses `PASSWORD_STORE_MENU_PROGRAM`.

Doesn't seem to have made it into the repo nor the release?!

From Jason at zx2c4.com  Fri Jun 11 17:46:06 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 11 Jun 2021 19:46:06 +0200
Subject: [PATCH] Allow alternatives to dmenu for passmenu
In-Reply-To: <aaf3ea72-8df0-af4d-7343-e17af096488a@systemli.org>
References: <20210128190839.117042-1-stefan.kerman.gehr@fau.de>
 <99de9905-3918-c22a-f82a-d1d0a22a2ea0@systemli.org>
 <20210131080554.dfd6jqzsvrhftzt6@geher-laptop>
 <CAHmME9rf4qaN2J_TpCBOv5VLnLMK6FFUHLgSXDvVDxEqvz+MSw@mail.gmail.com>
 <aaf3ea72-8df0-af4d-7343-e17af096488a@systemli.org>
Message-ID: <CAHmME9qp=SjMrZb_hOJ8RqbVTCZUg7G56jBgwrthE+MvhP=w2A@mail.gmail.com>

On Fri, Jun 11, 2021 at 7:31 PM sternenseemann
<sternenseemann at systemli.org> wrote:
>
> On 6/11/21 6:22 PM, Jason A. Donenfeld wrote:
> > Applied something very similar. Uses `PASSWORD_STORE_MENU_PROGRAM`.
>
> Doesn't seem to have made it into the repo nor the release?!

Sorry, backed that out at the last moment, seeing the other patches
that aptly pointed out that xdotool needs replacement too. So at that
point are we to just parameterize everything? Might as well write a
new script then, right? So what made it to the release was just the
dmenu-wl/ydotool easy switcheroo. If you have better ideas on how to
handle this, I'm all ears.

Jason

From sternenseemann at systemli.org  Fri Jun 11 18:46:12 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Fri, 11 Jun 2021 20:46:12 +0200
Subject: [PATCH] passmenu: add support for wayland
In-Reply-To: <CAHmME9rHtjFNz0Ub2CZs0acffc0rE9=g=X_wNXqVHBNT+Bt8gQ@mail.gmail.com>
References: <c6c4f211-6a42-d47b-75ff-b96e98b9477d@systemli.org>
 <20200730154140.4986-1-sternenseemann@systemli.org>
 <CAHmME9rHtjFNz0Ub2CZs0acffc0rE9=g=X_wNXqVHBNT+Bt8gQ@mail.gmail.com>
Message-ID: <332bb523-d89e-c3b2-13e9-cb2472fa4580@systemli.org>



On 6/11/21 6:30 PM, Jason A. Donenfeld wrote:
> I applied this. But I wonder: should we be using wtype instead at this
> point? https://github.com/atx/wtype
> 
> If so, would you like to prepare a patch for that?

Sounds like it actually! I have also find a nice way to rework the tool
selection logic (I think at least), so either xdotool, ydotool or wtype
could be used.

However, there is one problem currently: wtype doesn't support reading
text to type from stdin (like we are currently doing). From what I
understand this would mean we'd need to leak passwords to other users
via the process list to some extent, right?

I've opened an [issue] for this, maybe I'll also find the time to
prepare a patch for wtype as well.

When that is resolved and released, I think we could make wtype the
default. It does not support Xwayland at the moment, but this doesn't
seem too terrible these days, and we could preserve the possibility to
use ydotool.

~lukas

[issue]: https://github.com/atx/wtype/issues/23

From sternenseemann at systemli.org  Fri Jun 11 18:55:36 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Fri, 11 Jun 2021 20:55:36 +0200
Subject: [PATCH 1/2] passmenu: allow users to override default tool choices
In-Reply-To: <CAHmME9qp=SjMrZb_hOJ8RqbVTCZUg7G56jBgwrthE+MvhP=w2A@mail.gmail.com>
Message-ID: <20210611185537.3574364-1-sternenseemann@systemli.org>

There are multiple different tools users may want to choose for both the
dmenu-like menu program and the xdotool-like ?type program? (which we
use for --type).

Especially in the case of dmenu, there are many compatible alternatives
like demnu-wl or bemenu.

For the ?type program? there are more or less two alternatives for
wayland we may want to support: ydotool which we currently use, but
employs /dev/uinput, and wtype which has some limitations regarding
Xwayland. Note that as of this commit we would *not* invoke wtype in
a way that works, so wtype support is still pending.
---
 contrib/dmenu/passmenu | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu
index 76d92ab..f0c0d98 100755
--- a/contrib/dmenu/passmenu
+++ b/contrib/dmenu/passmenu
@@ -8,28 +8,33 @@ if [[ $1 == "--type" ]]; then
 	shift
 fi
 
+# decide which fallback programs to use depending on window system
 if [[ -n $WAYLAND_DISPLAY ]]; then
-	dmenu=dmenu-wl
-	xdotool="ydotool type --file -"
+	def_menu_program=dmenu-wl
+	def_type_program="ydotool type --file -"
 elif [[ -n $DISPLAY ]]; then
-	dmenu=dmenu
-	xdotool="xdotool type --clearmodifiers --file -"
+	def_menu_program=dmenu
+	def_type_program="xdotool type --clearmodifiers --file -"
 else
 	echo "Error: No Wayland or X11 display detected" >&2
 	exit 1
 fi
 
+# respect user's choice
+PASSWORD_STORE_MENU_PROGRAM=${PASSWORD_STORE_MENU_PROGRAM:-$def_menu_program}
+PASSWORD_STORE_TYPE_PROGRAM=${PASSWORD_STORE_TYPE_PROGRAM:-$def_type_program}
+
 prefix=${PASSWORD_STORE_DIR-~/.password-store}
 password_files=( "$prefix"/**/*.gpg )
 password_files=( "${password_files[@]#"$prefix"/}" )
 password_files=( "${password_files[@]%.gpg}" )
 
-password=$(printf '%s\n' "${password_files[@]}" | "$dmenu" "$@")
+password=$(printf '%s\n' "${password_files[@]}" | "$PASSWORD_STORE_MENU_PROGRAM" "$@")
 
 [[ -n $password ]] || exit
 
 if [[ $typeit -eq 0 ]]; then
 	pass show -c "$password" 2>/dev/null
 else
-	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | $xdotool
+	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | $PASSWORD_STORE_TYPE_PROGRAM
 fi
-- 
2.31.1


From sternenseemann at systemli.org  Fri Jun 11 18:55:37 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Fri, 11 Jun 2021 20:55:37 +0200
Subject: [PATCH 2/2] passmenu: don't quote PASSWORD_STORE_MENU_PROGRAM
In-Reply-To: <20210611185537.3574364-1-sternenseemann@systemli.org>
References: <20210611185537.3574364-1-sternenseemann@systemli.org>
Message-ID: <20210611185537.3574364-2-sternenseemann@systemli.org>

This mirrors what we are doing for PASSWORD_STORE_TYPE_PROGRAM and
allows passing extra options to the menu program via the environment
variable which seems desireable.

Moreover it is probably unlikely that anyone is installing their menu
programs into paths with spaces (or even uses tools with spaces in
their name?).
---
 contrib/dmenu/passmenu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu
index f0c0d98..431da4a 100755
--- a/contrib/dmenu/passmenu
+++ b/contrib/dmenu/passmenu
@@ -29,7 +29,7 @@ password_files=( "$prefix"/**/*.gpg )
 password_files=( "${password_files[@]#"$prefix"/}" )
 password_files=( "${password_files[@]%.gpg}" )
 
-password=$(printf '%s\n' "${password_files[@]}" | "$PASSWORD_STORE_MENU_PROGRAM" "$@")
+password=$(printf '%s\n' "${password_files[@]}" | $PASSWORD_STORE_MENU_PROGRAM "$@")
 
 [[ -n $password ]] || exit
 
-- 
2.31.1


From sternenseemann at systemli.org  Fri Jun 11 22:26:01 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Sat, 12 Jun 2021 00:26:01 +0200
Subject: [PATCH v2 1/3] passmenu: allow users to override default tool choices
In-Reply-To: <CAHmME9qp=SjMrZb_hOJ8RqbVTCZUg7G56jBgwrthE+MvhP=w2A@mail.gmail.com>
Message-ID: <20210611222603.3583587-1-sternenseemann@systemli.org>

There are multiple different tools users may want to choose for both the
dmenu-like menu program and the xdotool-like ?type program? (which we
use for --type).

Especially in the case of dmenu, there are many compatible alternatives
like demnu-wl or bemenu.

For the ?type program? there are more or less two alternatives for
wayland we may want to support: ydotool which we currently use, but
employs /dev/uinput, and wtype which has some limitations regarding
Xwayland. Note that as of this commit we would *not* invoke wtype in
a way that works, so wtype support is still pending.
---

Added Documentation in the README.md in this patch version.

 contrib/dmenu/README.md |  8 ++++++++
 contrib/dmenu/passmenu  | 17 +++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/contrib/dmenu/README.md b/contrib/dmenu/README.md
index 8a196cb..4b13e5b 100644
--- a/contrib/dmenu/README.md
+++ b/contrib/dmenu/README.md
@@ -12,6 +12,14 @@ need to add an extra udev rule or similar to give certain non-root users permiss
 
     passmenu [--type] [dmenu arguments...]
 
+# Configuration
+
+You can influence the behavior of `passmenu` via the following environment variables:
+
+* `PASSWORD_STORE_MENU_PROGRAM`: A `dmenu`-compatible menu tool
+* `PASSWORD_STORE_TYPE_PROGRAM`: A command that accepts a password via `stdin`
+  and inputs it as if it were the user (used when `--type` is given)
+
 [dmenu]: http://tools.suckless.org/dmenu/
 [xdotool]: http://www.semicomplete.com/projects/xdotool/
 [pass]: http://www.zx2c4.com/projects/password-store/
diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu
index 76d92ab..f0c0d98 100755
--- a/contrib/dmenu/passmenu
+++ b/contrib/dmenu/passmenu
@@ -8,28 +8,33 @@ if [[ $1 == "--type" ]]; then
 	shift
 fi
 
+# decide which fallback programs to use depending on window system
 if [[ -n $WAYLAND_DISPLAY ]]; then
-	dmenu=dmenu-wl
-	xdotool="ydotool type --file -"
+	def_menu_program=dmenu-wl
+	def_type_program="ydotool type --file -"
 elif [[ -n $DISPLAY ]]; then
-	dmenu=dmenu
-	xdotool="xdotool type --clearmodifiers --file -"
+	def_menu_program=dmenu
+	def_type_program="xdotool type --clearmodifiers --file -"
 else
 	echo "Error: No Wayland or X11 display detected" >&2
 	exit 1
 fi
 
+# respect user's choice
+PASSWORD_STORE_MENU_PROGRAM=${PASSWORD_STORE_MENU_PROGRAM:-$def_menu_program}
+PASSWORD_STORE_TYPE_PROGRAM=${PASSWORD_STORE_TYPE_PROGRAM:-$def_type_program}
+
 prefix=${PASSWORD_STORE_DIR-~/.password-store}
 password_files=( "$prefix"/**/*.gpg )
 password_files=( "${password_files[@]#"$prefix"/}" )
 password_files=( "${password_files[@]%.gpg}" )
 
-password=$(printf '%s\n' "${password_files[@]}" | "$dmenu" "$@")
+password=$(printf '%s\n' "${password_files[@]}" | "$PASSWORD_STORE_MENU_PROGRAM" "$@")
 
 [[ -n $password ]] || exit
 
 if [[ $typeit -eq 0 ]]; then
 	pass show -c "$password" 2>/dev/null
 else
-	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | $xdotool
+	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | $PASSWORD_STORE_TYPE_PROGRAM
 fi
-- 
2.31.1


From sternenseemann at systemli.org  Fri Jun 11 22:26:02 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Sat, 12 Jun 2021 00:26:02 +0200
Subject: [PATCH v2 2/3] passmenu: don't quote PASSWORD_STORE_MENU_PROGRAM
In-Reply-To: <20210611222603.3583587-1-sternenseemann@systemli.org>
References: <20210611222603.3583587-1-sternenseemann@systemli.org>
Message-ID: <20210611222603.3583587-2-sternenseemann@systemli.org>

This mirrors what we are doing for PASSWORD_STORE_TYPE_PROGRAM and
allows passing extra options to the menu program via the environment
variable which seems desireable.

Moreover it is probably unlikely that anyone is installing their menu
programs into paths with spaces (or even uses tools with spaces in
their name?).
---

(unchanged)

 contrib/dmenu/passmenu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu
index f0c0d98..431da4a 100755
--- a/contrib/dmenu/passmenu
+++ b/contrib/dmenu/passmenu
@@ -29,7 +29,7 @@ password_files=( "$prefix"/**/*.gpg )
 password_files=( "${password_files[@]#"$prefix"/}" )
 password_files=( "${password_files[@]%.gpg}" )
 
-password=$(printf '%s\n' "${password_files[@]}" | "$PASSWORD_STORE_MENU_PROGRAM" "$@")
+password=$(printf '%s\n' "${password_files[@]}" | $PASSWORD_STORE_MENU_PROGRAM "$@")
 
 [[ -n $password ]] || exit
 
-- 
2.31.1


From sternenseemann at systemli.org  Fri Jun 11 22:26:03 2021
From: sternenseemann at systemli.org (sternenseemann)
Date: Sat, 12 Jun 2021 00:26:03 +0200
Subject: [PATCH v2 3/3] passmenu: default to wtype for --type on wayland
In-Reply-To: <20210611222603.3583587-1-sternenseemann@systemli.org>
References: <20210611222603.3583587-1-sternenseemann@systemli.org>
Message-ID: <20210611222603.3583587-3-sternenseemann@systemli.org>

wtype seems like a more sensible default over ydotool:

* it handles unicode correctly by generating a temporary keyboard layout

* it uses wayland protocols instead of uinput, requiring no extra
  privileges or permissions

It doesn't work properly with Xwayland at the moment though [1],
but this doesn't seem that terrible these days.

[1]: https://github.com/atx/wtype/issues/1
---
 contrib/dmenu/README.md | 7 ++-----
 contrib/dmenu/passmenu  | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/contrib/dmenu/README.md b/contrib/dmenu/README.md
index 4b13e5b..3863cbf 100644
--- a/contrib/dmenu/README.md
+++ b/contrib/dmenu/README.md
@@ -4,9 +4,7 @@ clipboard without having to open up a terminal window if you don't already have
 one open. If `--type` is specified, the password is typed using [xdotool][]
 instead of copied to the clipboard.
 
-On wayland [dmenu-wl][] is used to replace dmenu and [ydotool][] to replace xdotool.
-Note that the latter requires access to the [uinput][] device, so you'll probably
-need to add an extra udev rule or similar to give certain non-root users permission.
+On wayland [dmenu-wl][] is used to replace dmenu and [wtype][] to replace xdotool.
 
 # Usage
 
@@ -24,5 +22,4 @@ You can influence the behavior of `passmenu` via the following environment varia
 [xdotool]: http://www.semicomplete.com/projects/xdotool/
 [pass]: http://www.zx2c4.com/projects/password-store/
 [dmenu-wl]: https://github.com/nyyManni/dmenu-wayland
-[ydotool]: https://github.com/ReimuNotMoe/ydotool
-[uinput]: https://www.kernel.org/doc/html/v4.12/input/uinput.html
+[wtype]: https://github.com/ReimuNotMoe/ydotool
diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu
index 431da4a..878d88a 100755
--- a/contrib/dmenu/passmenu
+++ b/contrib/dmenu/passmenu
@@ -11,7 +11,7 @@ fi
 # decide which fallback programs to use depending on window system
 if [[ -n $WAYLAND_DISPLAY ]]; then
 	def_menu_program=dmenu-wl
-	def_type_program="ydotool type --file -"
+	def_type_program="wtype -"
 elif [[ -n $DISPLAY ]]; then
 	def_menu_program=dmenu
 	def_type_program="xdotool type --clearmodifiers --file -"
-- 
2.31.1


From jan.christian at gruenhage.xyz  Sat Jun 12 07:48:30 2021
From: jan.christian at gruenhage.xyz (=?utf-8?q?Jan_Christian_Gr=C3=BCnhage?=)
Date: Sat, 12 Jun 2021 09:48:30 +0200
Subject: [PATCH] Allow alternatives to dmenu for passmenu
In-Reply-To: <CAHmME9qp=SjMrZb_hOJ8RqbVTCZUg7G56jBgwrthE+MvhP=w2A@mail.gmail.com>
Message-ID: <CC1H34F8LALQ.28MXGH35SJVH0@evil-borg.jcg.re>

> So at that point are we to just parameterize everything? Might as well
> write a new script then, right? [...] If you have better ideas on how
> to handle this, I'm all ears.

As a pass user on sway, I'd like to give my input here: To make sure
that the password stays in the clipboard long enough, the actual copying
should be executed with `swaymsg exec`. To achieve that, pulled the
password listing out of `passmenu` into a separate script called
`passlist`, which I then pipe into a fuzzy finder, and then I pipe the
result of that into `xargs swaymsg exec pass -- -c`.

Splitting up the scripts into smaller scripts which then call each other
instead of having "big" scripts like `passmenu` makes it easier for
users to do customization like I did there. `passmenu` is not really all
that long, but it does a few different things, so for the sake of "doing
one thing and doing it well", smaller scripts might be helpful here.

I'm not especially well versed in shell scripting, so maybe I'm
overlooking something here, but for me, this approach has worked well.
If you want patches for that, I can try to do these refactorings at some
point, but the following weeks will sadly still be quite busy for me, so
I'd have to push that out to July.

JC

From mfeit+passwordstore at notonthe.net  Sat Jun 12 12:59:34 2021
From: mfeit+passwordstore at notonthe.net (Mark Feit)
Date: Sat, 12 Jun 2021 08:59:34 -0400
Subject: OI Safe Importer
Message-ID: <cae427b8-ab70-6e74-a0d4-9144d630b0a7@notonthe.net>

Attached is a Python program that imports CSV files exported by OI Safe 
for the contrib/importers directory.

Enjoy.

--Mark


-------------- next part --------------
#!/usr/bin/env python3
'''

Import an OI Safe-exported CSV to pass

See 'oisafe2pass --help' for usage.

Entry format:

    <password>        Empty if not present
    User:  <user>     Not provided if not present
    Site:  <site>     Not provided if not present
    <notes>           Not provided if not present


Copyright 2021 Mark Feit <mfeit+pass at notonthe.net>. All Rights
Reserved.  This file is licensed under the GPLv2+. Please see COPYING
for more information.

'''

import csv
import argparse
import subprocess
import sys


def run_program(args, stdin=None):
    '''
    Run a program from args, provide stdin
    Returns (status, stdout, stderr)
    '''

    try:
        proc = subprocess.Popen(args,
                                stdin=subprocess.PIPE,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE)
        output, error = proc.communicate(stdin.encode('utf8')
                                         if stdin is not None else '')
        proc.wait()
        return proc.returncode, output, error
    except Exception as ex:
        return 1, None, str(ex)


def import_record(record, dry_run=False, verbose=False):
    '''
    Import a single record as inhaled by the CSV module
    '''

    (category, description, site, user, password, notes, _edited) = record

    path = '/'.join([
        category.replace('/', '_'),
        description.replace('/', '_')
        ])

    if path in [ '', '/' ]:
        print('Skipping record missing path and description', file=sys.stderr)
        return

    lines = [password or '']

    if len(user):
        lines.append('{:6s}{}'.format('User:', user))

    if len(site):
        lines.append('{:6s}{}'.format('Site:', site))

    if notes:
        lines.append('')
        lines.append(notes)

    # This forces a newline at the end
    lines.append('')

    args = ['pass', 'insert', '--multiline', '--force', path]
    content = '\n'.join(lines)

    if dry_run:

        print(' '.join(args))
        print(content)
        print()

    else:

        if verbose:
            print("Inserting {}".format(path))

        status, stdout, stderr = run_program(args, stdin=content)

        if status != 0:
            print('Inserting {} failed:\n{}'.format(path, stderr), file=sys.stderr)
            exit(1)



#
# Main Program
#

parser = argparse.ArgumentParser(description='Import a CSV exported from OI Safe')

parser.add_argument('infile', nargs='?',
                    help='Input file (stdin if not provided)')
parser.add_argument('--dry-run', dest='dry_run', action='store_true', default=False,
                    help='Print commands and content to stdout')
parser.add_argument('--verbose', dest='verbose', action='store_true', default=False,
                    help='Show progress on stdout')

args = parser.parse_args()


try:
    if args.infile is None:
        raise IndexError()
    input_file = open(args.infile, 'r')
except IndexError:
    input_file = sys.stdin

first = True
        
for line in csv.reader(input_file, dialect='excel'):

    if first:
        # First line contains headers
        first = False
        continue

    import_record(line, dry_run=args.dry_run, verbose=args.verbose)

exit(0)

From dcermak at suse.de  Mon Jun 14 21:03:48 2021
From: dcermak at suse.de (Dan =?utf-8?B?xIxlcm3DoWs=?=)
Date: Mon, 14 Jun 2021 23:03:48 +0200
Subject: [PATCH] Remove shebang from fish completion
Message-ID: <877diwcg5n.fsf@cgc-instruments.com>

Afaik fish shell completions don't need a shebang
(plus the script is not executable anyway)


---
 src/completion/pass.fish-completion | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/completion/pass.fish-completion b/src/completion/pass.fish-completion
index 38a4865..0f57dd2 100644
--- a/src/completion/pass.fish-completion
+++ b/src/completion/pass.fish-completion
@@ -1,5 +1,3 @@
-#!/usr/bin/env fish
-
 # Copyright (C) 2012-2014 Dmitry Medvinsky <me at dmedvinsky.name>. All Rights Reserved.
 # This file is licensed under the GPLv2+. Please see COPYING for more information.
 

From listmail at cox.net  Mon Jun 14 21:55:51 2021
From: listmail at cox.net (David A.)
Date: Mon, 14 Jun 2021 14:55:51 -0700
Subject: [PATCH] Remove shebang from fish completion
In-Reply-To: <877diwcg5n.fsf@cgc-instruments.com>
References: <877diwcg5n.fsf@cgc-instruments.com>
Message-ID: <01kfcghs9fvsohc97jep3qjqgqrd2e9ss7@4ax.com>

On Mon, 14 Jun 2021 23:03:48 +0200, Dan ?erm?k <dcermak at suse.de>
wrote:

>Afaik fish shell completions don't need a shebang
>(plus the script is not executable anyway)


Does the shebang potentially tell editors like vim what type of syntax
highlighting to use?


From Jason at zx2c4.com  Mon Jun 14 22:14:05 2021
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Tue, 15 Jun 2021 00:14:05 +0200
Subject: [PATCH] Remove shebang from fish completion
In-Reply-To: <877diwcg5n.fsf@cgc-instruments.com>
References: <877diwcg5n.fsf@cgc-instruments.com>
Message-ID: <CAHmME9rcP7GLy6ro_xumd0X=TfFg8+TP2T0OtbG52T4Hv+P84w@mail.gmail.com>

Applied, thanks.

From aclopte at gmail.com  Mon Jun 14 22:18:02 2021
From: aclopte at gmail.com (Johannes Altmanninger)
Date: Tue, 15 Jun 2021 00:18:02 +0200
Subject: [PATCH] Remove shebang from fish completion
In-Reply-To: <877diwcg5n.fsf@cgc-instruments.com>
References: <877diwcg5n.fsf@cgc-instruments.com>
Message-ID: <20210614221802.4hp2gi2h5y7us2io@gmail.com>

On Mon, Jun 14, 2021 at 11:03:48PM +0200, Dan ?erm?k wrote:
> Afaik fish shell completions don't need a shebang
> (plus the script is not executable anyway)

Yeah, that is the convention - I didn't make this change because it breaks
syntax highlighting in my editor.
This is because my editor recognizes fish filetypes based on
1. file extension (".fish")
   - but "pass.fish-completion" does not follow that convention
2. output of "file --mime"
   - without the shebang, file(1) no longer recognizes that this is a shell script.

Replacing the shebang with a modeline like "# vim: ft=fish" would fix detection
for me. Not sure if that is more future-proof than the shebang - looks like
VSCode can parse emacs modelines but not Vim ones.

Note that most editors (including Vim) don't include fish support by default.

> 
> 
> ---
>  src/completion/pass.fish-completion | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/src/completion/pass.fish-completion b/src/completion/pass.fish-completion
> index 38a4865..0f57dd2 100644
> --- a/src/completion/pass.fish-completion
> +++ b/src/completion/pass.fish-completion
> @@ -1,5 +1,3 @@
> -#!/usr/bin/env fish
> -
>  # Copyright (C) 2012-2014 Dmitry Medvinsky <me at dmedvinsky.name>. All Rights Reserved.
>  # This file is licensed under the GPLv2+. Please see COPYING for more information.
>  

From dcermak at suse.de  Tue Jun 15 06:17:07 2021
From: dcermak at suse.de (Dan =?utf-8?B?xIxlcm3DoWs=?=)
Date: Tue, 15 Jun 2021 08:17:07 +0200
Subject: [PATCH] Remove shebang from fish completion
In-Reply-To: <20210614221802.4hp2gi2h5y7us2io@gmail.com>
References: <877diwcg5n.fsf@cgc-instruments.com>
 <20210614221802.4hp2gi2h5y7us2io@gmail.com>
Message-ID: <87r1h3bqjg.fsf@cgc-instruments.com>

Johannes Altmanninger <aclopte at gmail.com> writes:

> On Mon, Jun 14, 2021 at 11:03:48PM +0200, Dan ?erm?k wrote:
>> Afaik fish shell completions don't need a shebang
>> (plus the script is not executable anyway)
>
> Yeah, that is the convention - I didn't make this change because it breaks
> syntax highlighting in my editor.
> This is because my editor recognizes fish filetypes based on
> 1. file extension (".fish")
>    - but "pass.fish-completion" does not follow that convention
> 2. output of "file --mime"
>    - without the shebang, file(1) no longer recognizes that this is a shell script.

Apologies, I was not aware that this would be a potential fallout. If
the modelines are not really viable alternatives, then my patch can be
reverted, as it does not really fix anything.


Cheers,

Dan

From aclopte at gmail.com  Tue Jun 15 07:30:19 2021
From: aclopte at gmail.com (Johannes Altmanninger)
Date: Tue, 15 Jun 2021 09:30:19 +0200
Subject: [PATCH] Remove shebang from fish completion
In-Reply-To: <87r1h3bqjg.fsf@cgc-instruments.com>
References: <877diwcg5n.fsf@cgc-instruments.com>
 <20210614221802.4hp2gi2h5y7us2io@gmail.com>
 <87r1h3bqjg.fsf@cgc-instruments.com>
Message-ID: <20210615073019.vutof4chgdal36vu@gmail.com>

On Tue, Jun 15, 2021 at 08:17:07AM +0200, Dan ?erm?k wrote:
> Johannes Altmanninger <aclopte at gmail.com> writes:
> 
> > On Mon, Jun 14, 2021 at 11:03:48PM +0200, Dan ?erm?k wrote:
> >> Afaik fish shell completions don't need a shebang
> >> (plus the script is not executable anyway)
> >
> > Yeah, that is the convention - I didn't make this change because it breaks
> > syntax highlighting in my editor.
> > This is because my editor recognizes fish filetypes based on
> > 1. file extension (".fish")
> >    - but "pass.fish-completion" does not follow that convention
> > 2. output of "file --mime"
> >    - without the shebang, file(1) no longer recognizes that this is a shell script.
> 
> Apologies, I was not aware that this would be a potential fallout. If
> the modelines are not really viable alternatives, then my patch can be
> reverted, as it does not really fix anything.

Nah, I think it's fine. Missing syntax highlighting is really minor.
If someone took a look at whether shebang or modelines work better, then we
would have a reason to use either one, but it's hardly worth the time.

From kgsmith at gmail.com  Fri Jun 25 19:47:25 2021
From: kgsmith at gmail.com (Ken Smith)
Date: Fri, 25 Jun 2021 12:47:25 -0700
Subject: Domain punning
Message-ID: <CAFRcMuU6kbb+B2LnBVK_ERPGZkEtF-fcbx0JhEh5f6LaRyNJzA@mail.gmail.com>

Apologies if this has already been answered in another forum but
searching and a rereading of the man page have not turned up a good
answer. What is the best practice around using the same password for
completely separate domains, eg. companya.com and companyb.com merged
and companyb.com asks us to log in using our companya.com credentials.
I tried making a symlink just linking companyb.com -> companya.com and
committing that to the repo but none of my password management tools
(Android Password Store and passff) could find companyb.com in my
password database despite finding companya.com just fine.

Thank you in advance for your guidance.

   Ken S

From kgsmith at gmail.com  Sat Jun 26 17:12:35 2021
From: kgsmith at gmail.com (Ken Smith)
Date: Sat, 26 Jun 2021 10:12:35 -0700
Subject: Domain punning
In-Reply-To: <CACG9B3ES3_xq1GRKdddB9sqDWptPRW2ttbDUgYLk2CG4bCZC8g@mail.gmail.com>
References: <CAFRcMuU6kbb+B2LnBVK_ERPGZkEtF-fcbx0JhEh5f6LaRyNJzA@mail.gmail.com>
 <CACG9B3ES3_xq1GRKdddB9sqDWptPRW2ttbDUgYLk2CG4bCZC8g@mail.gmail.com>
Message-ID: <CAFRcMuVi1407COXZ_Yts45CXW7bUuQhc-zfSAV_wse9J6i04Yw@mail.gmail.com>

I should also mention that the directory symlink also fails with the
command line `pass` so maybe the origin of the behavior rests in that
part of the code.

However, after explaining the conundrum to a friend, I learned that a
file-level symlink works with the command line tool (and therefore
passff) but still fails on Android.

On Fri, Jun 25, 2021 at 4:36 PM Andrew Beyer <beyer.andrew at gmail.com> wrote:
>
> Personally I'd say you're doing the right thing, it's the external tools that are not.
>
> Doesn't provide much help though, short of suggesting maybe file bugs against them.
>
> On Fri, Jun 25, 2021, 13:48 Ken Smith <kgsmith at gmail.com> wrote:
>>
>> Apologies if this has already been answered in another forum but
>> searching and a rereading of the man page have not turned up a good
>> answer. What is the best practice around using the same password for
>> completely separate domains, eg. companya.com and companyb.com merged
>> and companyb.com asks us to log in using our companya.com credentials.
>> I tried making a symlink just linking companyb.com -> companya.com and
>> committing that to the repo but none of my password management tools
>> (Android Password Store and passff) could find companyb.com in my
>> password database despite finding companya.com just fine.
>>
>> Thank you in advance for your guidance.
>>
>>    Ken S

From sam at wlcx.cc  Sat Jun 26 22:57:48 2021
From: sam at wlcx.cc (Sam W)
Date: Sat, 26 Jun 2021 23:57:48 +0100
Subject: [PATCH] Fix unecessary reencryptions on MacOS
Message-ID: <20210626225748.84150-1-sam@wlcx.cc>

POSIX sed doesn't support \+ in BREs which causes the regex that
extracts a file's current keys to return nothing, meaning that files
are unecessarily reencrypted.
This converts the regex in question to use ERE.
---
 src/password-store.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index a0dcf2e..e248a01 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -129,7 +129,7 @@ reencrypt_path() {
 			done
 			gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^sub:[^idr:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
 		fi
-		current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -n 's/^gpg: public key is \([A-F0-9]\+\)$/\1/p' | LC_ALL=C sort -u)"
+		current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -nE 's/^gpg: public key is ([A-F0-9]+)$/\1/p' | LC_ALL=C sort -u)"
 
 		if [[ $gpg_keys != "$current_keys" ]]; then
 			echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
-- 
2.32.0


From arsen at aarsen.me  Sun Jun 27 20:23:59 2021
From: arsen at aarsen.me (=?UTF-8?q?Arsen=20Arsenovi=C4=87?=)
Date: Sun, 27 Jun 2021 22:23:59 +0200
Subject: [PATCH 2/2] generate: add -e, --edit for adding more metadata
In-Reply-To: <20210627202359.1506-1-arsen@aarsen.me>
References: <20210627202359.1506-1-arsen@aarsen.me>
Message-ID: <20210627202359.1506-2-arsen@aarsen.me>

This allows users to, in one command, generate a password and fill out
the rest of the data they want to have in a given password file,
allowing them to reduce the amount of git operations done on the
password file and save some time.
---
 src/password-store.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index d1d8aa6..ab66168 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -295,7 +295,7 @@ cmd_usage() {
 	        overwriting existing password unless forced.
 	    $PROGRAM edit pass-name
 	        Insert a new password or edit an existing password using ${EDITOR:-vi}.
-	    $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name [pass-length]
+	    $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] [--edit,-e] pass-name [pass-length]
 	        Generate a new password of pass-length (or $GENERATED_LENGTH if unspecified) with optionally no symbols.
 	        Optionally put it on the clipboard and clear board after $CLIP_TIME seconds.
 	        Prompt before overwriting existing password unless forced.
@@ -510,8 +510,8 @@ cmd_edit() {
 }
 
 cmd_generate() {
-	local opts qrcode=0 clip=0 force=0 characters="$CHARACTER_SET" inplace=0 pass
-	opts="$($GETOPT -o nqcif -l no-symbols,qrcode,clip,in-place,force -n "$PROGRAM" -- "$@")"
+	local opts qrcode=0 clip=0 force=0 characters="$CHARACTER_SET" inplace=0 pass edit=0
+	opts="$($GETOPT -o nqcife -l no-symbols,qrcode,clip,in-place,force,edit -n "$PROGRAM" -- "$@")"
 	local err=$?
 	eval set -- "$opts"
 	while true; do case $1 in
@@ -520,10 +520,11 @@ cmd_generate() {
 		-c|--clip) clip=1; shift ;;
 		-f|--force) force=1; shift ;;
 		-i|--in-place) inplace=1; shift ;;
+		-e|--edit) edit=1; shift ;;
 		--) shift; break ;;
 	esac done
 
-	[[ $err -ne 0 || ( $# -ne 2 && $# -ne 1 ) || ( $force -eq 1 && $inplace -eq 1 ) || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--qrcode,-q] [--in-place,-i | --force,-f] pass-name [pass-length]"
+	[[ $err -ne 0 || ( $# -ne 2 && $# -ne 1 ) || ( $force -eq 1 && $inplace -eq 1 ) || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--qrcode,-q] [--in-place,-i | --force,-f] [--edit,-e] pass-name [pass-length]"
 	local path="$1"
 	local length="${2:-$GENERATED_LENGTH}"
 	check_sneaky_paths "$path"
@@ -547,6 +548,10 @@ cmd_generate() {
 		$GPG -d "${GPG_OPTS[@]}" "$passfile" | sed 1d >> "$tmp_file"
 	fi
 
+	if [[ $edit -eq 1 ]]; then
+		${EDITOR:-vi} "$tmp_file"
+	fi
+
 	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
 		yesno "GPG encryption failed. Would you like to try again?"
 	done
-- 
2.31.1


From arsen at aarsen.me  Sun Jun 27 20:23:58 2021
From: arsen at aarsen.me (=?UTF-8?q?Arsen=20Arsenovi=C4=87?=)
Date: Sun, 27 Jun 2021 22:23:58 +0200
Subject: [PATCH 1/2] generate: refactor to use temporary file
Message-ID: <20210627202359.1506-1-arsen@aarsen.me>

This allows us to optionally run an editor on the file, and also
simplifies the code a bit.
---
 src/password-store.sh | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index a0dcf2e..d1d8aa6 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -538,17 +538,19 @@ cmd_generate() {
 
 	read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
 	[[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom."
-	if [[ $inplace -eq 0 ]]; then
-		echo "$pass" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
-	else
-		local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--"
-		if { echo "$pass"; $GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +2; } | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then
-			mv "$passfile_temp" "$passfile"
-		else
-			rm -f "$passfile_temp"
-			die "Could not reencrypt new password."
-		fi
+
+	tmpdir # Defines $SECURE_TMPDIR
+	local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt"
+	printf '%s\n' "$pass" > "$tmp_file"
+
+	if ! [[ $inplace -eq 0 ]]; then
+		$GPG -d "${GPG_OPTS[@]}" "$passfile" | sed 1d >> "$tmp_file"
 	fi
+
+	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
+		yesno "GPG encryption failed. Would you like to try again?"
+	done
+
 	local verb="Add"
 	[[ $inplace -eq 1 ]] && verb="Replace"
 	git_add_file "$passfile" "$verb generated password for ${path}."
-- 
2.31.1