[PATCH] Do not add newline at the end of the password

Johannes Altmanninger aclopte at gmail.com
Thu Apr 14 11:50:57 UTC 2022 

On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
> SaltStack strips leading/trailing whitespaces from the password [1],
> because pass adds a newline when entering passwords interactively.

SaltStack is removing too much. They should use the equivalent of
pass_show_output.removesuffix("\n").

> 
> Pass is capable of storing multiline passwords which are stored as
> provided. That includes storing binary data as well. If such password
> has leading/traling whitespaces, they get stripped in SaltStack
> and the password becomes invalid.
> 
> This change fixes the inconsistency by always storing the passwords
> as provided, with no extra characters added.
> 
> To retain good user experience, a newline is printed to stderr after
> printing a password.
> 
> [1] https://github.com/saltstack/salt/commit/2584df93e074155062bd934f23bb244613e20dd3
> ---
>  src/password-store.sh | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/src/password-store.sh b/src/password-store.sh
> index 22e818f..48b3a79 100755
> --- a/src/password-store.sh
> +++ b/src/password-store.sh
> @@ -385,7 +385,8 @@ cmd_show() {
>  	if [[ -f $passfile ]]; then
>  		if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
>  			pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $?
> -			echo "$pass" | $BASE64 -d
> +			echo -n "$pass" | $BASE64 -d
> +			echo >&2
>  		else
>  			[[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number."
>  			pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $?
> @@ -468,7 +469,7 @@ cmd_insert() {
>  			read -r -p "Retype password for $path: " -s password_again || exit 1
>  			echo
>  			if [[ $password == "$password_again" ]]; then
> -				echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
> +				echo -n "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
>  				break
>  			else
>  				die "Error: the entered passwords do not match."
> @@ -477,7 +478,7 @@ cmd_insert() {
>  	else
>  		local password
>  		read -r -p "Enter password for $path: " -e password
> -		echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
> +		echo -n "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."
>  	fi
>  	git_add_file "$passfile" "Add given password for $path to store."
>  }
> -- 
> 2.35.1
>

More information about the Password-Store mailing list