[PATCH] Do not add newline at the end of the password
Tobias Girstmair
t-passwd at girst.at
Thu Apr 14 12:48:28 UTC 2022
On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
>SaltStack strips leading/trailing whitespaces from the password [1],
>because pass adds a newline when entering passwords interactively.
>
>Pass is capable of storing multiline passwords which are stored as
>provided. That includes storing binary data as well. If such password
>has leading/traling whitespaces, they get stripped in SaltStack
>and the password becomes invalid.
>
>This change fixes the inconsistency by always storing the passwords
>as provided, with no extra characters added.
>
>To retain good user experience, a newline is printed to stderr after
>printing a password.
this looks like a bad idea to me, sorry to say. the data format
described on passwordstore.org is textual, not binary. also, printing a
newline on stderr unconditionally is a bit unelegant (when stdout was
redirected somewhere, a newline is still printed to the terminal).
two admittedly contrived examples:
printf "fetching password ..." >&2
foo="$(pass show foo)"
printf "done\n" >&2
# note how the status message now has a line break in it. would even
# worse when the program uses printf "\r" for a loading bar.
pass show foo | cat - /etc/hostname
# note that instead of two lines, cat returns both items on a single
# line now.
AFAICT, pass insert -m does not add an extra line terminator. doesn't
this suffice for your usecase?
personally, i base64 encode all binary blobs i store in pass. this has
the added benefit of (1) making it clear that these are bytes and (2) i
can add metadata in the usual http-header-like format below it, still.
More information about the Password-Store
mailing list