[PATCH] Do not add newline at the end of the password
Daniel Mach
daniel.mach at suse.com
Thu Apr 14 11:26:47 UTC 2022
SaltStack strips leading/trailing whitespaces from the password [1],
because pass adds a newline when entering passwords interactively.
Pass is capable of storing multiline passwords which are stored as
provided. That includes storing binary data as well. If such password
has leading/traling whitespaces, they get stripped in SaltStack
and the password becomes invalid.
This change fixes the inconsistency by always storing the passwords
as provided, with no extra characters added.
To retain good user experience, a newline is printed to stderr after
printing a password.
[1] https://github.com/saltstack/salt/commit/2584df93e074155062bd934f23bb244613e20dd3
---
src/password-store.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818f..48b3a79 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -385,7 +385,8 @@ cmd_show() {
if [[ -f $passfile ]]; then
if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $?
- echo "$pass" | $BASE64 -d
+ echo -n "$pass" | $BASE64 -d
+ echo >&2
else
[[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number."
pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $?
@@ -468,7 +469,7 @@ cmd_insert() {
read -r -p "Retype password for $path: " -s password_again || exit 1
echo
if [[ $password == "$password_again" ]]; then
- echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
+ echo -n "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
break
else
die "Error: the entered passwords do not match."
@@ -477,7 +478,7 @@ cmd_insert() {
else
local password
read -r -p "Enter password for $path: " -e password
- echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
+ echo -n "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
fi
git_add_file "$passfile" "Add given password for $path to store."
}
--
2.35.1
More information about the Password-Store
mailing list