From akiva at sixthirteen.co Mon Jan 3 19:26:55 2022 From: akiva at sixthirteen.co (Akiva Levy) Date: Mon, 3 Jan 2022 11:26:55 -0800 Subject: GPG sub-keys Message-ID: I keep my master secret key offline and issue each of my devices a unique sub-key. I have tried using these device sub-key IDs when initialising a new password store (ie. `pass init 0x123... 0x456...`), but it seems sub-keys aren't working as I only get `decryption failed: No secret key` errors. To verify, I have tried using my e-mail address and temporarily using my offline master key ID with GPG and that does work. Is there a way to solve this problem for my use-case? Cheers, Akiva Levy https://sixthirteen.co F05B 121F 6E07 3216 BE35 E425 5524 34F0 F754 BE67 From gregoire at fripost.org Tue Jan 4 10:20:41 2022 From: gregoire at fripost.org (=?utf-8?B?R3LDqWdvaXJlIETDqXRyZXog4qCs4qCG?=) Date: Tue, 4 Jan 2022 11:20:41 +0100 Subject: GPG sub-keys In-Reply-To: References: Message-ID: On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote: > I keep my master secret key offline and issue each of my devices a > unique sub-key. I have tried using these device sub-key IDs when > initialising a new password store (ie. `pass init 0x123... 0x456...`), > but it seems sub-keys aren't working as I only get `decryption > failed: No secret key` errors. To verify, I have tried using my e-mail > address and temporarily using my offline master key ID with GPG and > that does work. Is there a way to solve this problem for my use-case? If I remember correctly you need to add ! to force gnupg to use specific subkeys. E.g. `pass init 1234! abcd!`. Cheers, /? From jan.christian at gruenhage.xyz Tue Jan 4 12:04:20 2022 From: jan.christian at gruenhage.xyz (=?utf-8?q?Jan_Christian_Gr=C3=BCnhage?=) Date: Tue, 04 Jan 2022 13:04:20 +0100 Subject: GPG sub-keys In-Reply-To: References: Message-ID: > Is there a way to solve this problem for my use-case? Can you clarify what your use-case is exactly? Do you intend to have different privileges on different sub-keys, or are they all treated the same? Because if they're all to be treated the same, you can just use the primary key ID and pass should still just use the encryption sub-keys available for that PGP key. -- JC From wiktor at metacode.biz Tue Jan 4 12:29:48 2022 From: wiktor at metacode.biz (Wiktor Kwapisiewicz) Date: Tue, 4 Jan 2022 13:29:48 +0100 Subject: GPG sub-keys In-Reply-To: References: Message-ID: On 4.01.2022 13:04, Jan Christian Gr?nhage wrote: > Because if they're all to be treated the same, you can just use > the primary key ID and pass should still just use the encryption > sub-keys available for that PGP key. Nope, GnuPG will use just one single valid, most recent encryption subkey and completely disregard all others. For the record this part is actually not specified in the OpenPGP spec and other implementations (such as Sequoia PGP or OpenKeychain) do it differently, and - in my opinion - better: they encrypt to all valid encryption subkeys. GnuPG actually makes it worse because using subkey fingerprint will not use that fingerprint but rather use the following logic: - if the fingerprint is for subkey look go to primary key, - if you want encryption subkey from primary find the most recent encryption subkey. The workaround is, as Gr?goire mentioned, to append "!" to the fingerprint. That will force it to use that exact specific key. Kind regards, Wiktor From kenny.evitt at gmail.com Tue Jan 4 22:39:40 2022 From: kenny.evitt at gmail.com (Kenny Evitt) Date: Tue, 4 Jan 2022 17:39:40 -0500 Subject: Problems in the macOS Terminal app with `pass show -c some/password`? In-Reply-To: References: Message-ID: Thanks for the suggestions "yanchenko.igor" and Oliver! Perhaps most importantly, as a general update, I haven't observed the original behavior at all in the past few days. I didn't see anything informative in the log file from running `script` as suggested. The `TERM` variable seems fine too: ``` $ echo "$TERM" xterm-256color ``` I haven't set it anywhere and its value is, AFAIK, the initial system default. I'm only using the macOS Terminal app as-is; neither tmux nor anything similar. Thanks again for your help! If I learn anything more that might be pertinent (and potentially helpful for others), I'll reply to this thread. On Thu, Dec 30, 2021 at 12:45 AM yanchenko.igor at gmail.com wrote: > > I suggest to record your terminal using script: > > script logfile.txt > pass show -c some/password > exit > > And then check the logfile.txt, which might give you some ideas. > > > On Thu, Dec 30, 2021 at 1:57 AM Kenny Evitt wrote: > > > > I installed `pass` via Homebrew ? version `v1.7.4`. > > > > I'm setting-up a new Mac (macOS 12.0.1) and I've noticed a weird > > problem with the (macOS included) Terminal app whenever I use the > > `pass show -c ...` command. > > > > It _seems_ like maybe the 'clip' program that's being used doesn't > > work well with the (new?) version of the Terminal app ? or something > > along those lines. > > > > After I run `show -c` commands (which works), the "Copied ... to > > clipboard" messages 'clobbers' the shell prompt and then further input > > doesn't _visibly_ work ? I can type and maybe (?) run commands, but > > the command seems to be 'erased' after I run it (i.e. hit Enter) and > > no output is visible in the shell. I'd _guess_ somehow the same 'line' > > of the shell output/history is being repeatedly overwritten. > > > > Any ideas? From akiva at sixthirteen.co Wed Jan 5 03:03:53 2022 From: akiva at sixthirteen.co (Akiva Levy) Date: Tue, 4 Jan 2022 19:03:53 -0800 Subject: GPG sub-keys In-Reply-To: References: Message-ID: Thanks, Gr?goire. That solved it! Akiva Levy https://sixthirteen.co F05B 121F 6E07 3216 BE35 E425 5524 34F0 F754 BE67 On Tue, 4 Jan 2022 at 02:20, Gr?goire D?trez ?? wrote: > > On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote: > > I keep my master secret key offline and issue each of my devices a > > unique sub-key. I have tried using these device sub-key IDs when > > initialising a new password store (ie. `pass init 0x123... 0x456...`), > > but it seems sub-keys aren't working as I only get `decryption > > failed: No secret key` errors. To verify, I have tried using my e-mail > > address and temporarily using my offline master key ID with GPG and > > that does work. Is there a way to solve this problem for my use-case? > > If I remember correctly you need to add ! to force gnupg to use specific > subkeys. E.g. `pass init 1234! abcd!`. > Cheers, > > /? From marius at gnu.org Sun Jan 16 16:50:28 2022 From: marius at gnu.org (Marius Bakke) Date: Sun, 16 Jan 2022 17:50:28 +0100 Subject: [PATCH] Ensure compatibility with tree 2.0. Message-ID: <20220116165028.22811-1-marius@gnu.org> Tree 2.0 and later will unconditionally ignore all options and write JSON data on file descriptor 3 when available, which causes problems for the test harness and other scripts that use FD 3. Work around by always redirecting descriptor 3 to a temporary fd when invoking 'tree'. --- src/password-store.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (previous email sent from the wrong address, trying again ...) diff --git a/src/password-store.sh b/src/password-store.sh index aef8d72..a6d8469 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -402,7 +402,13 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + # 'tree' 2.0 and later writes JSON output on fd3 when present, + # so allocate a temporary fd and redirect file descriptor 3 to + # ensure we get the stdout in case fd 3 happens to exist. + tree -N -C -l --noreport "$PREFIX/$path" {tmp_fd}>&3- \ + | tail -n +2 \ + | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' \ + # remove .gpg at end of line, but keep colors elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else @@ -414,7 +420,10 @@ cmd_find() { [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." IFS="," eval 'echo "Search Terms: $*"' local terms="*$(printf '%s*|*' "$@")" - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs \ + --ignore-case "$PREFIX" {tmp_fd}>&3- \ + | tail -n +2 \ + | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' } cmd_grep() { -- 2.34.0 From aclopte at gmail.com Sun Jan 16 17:46:49 2022 From: aclopte at gmail.com (Johannes Altmanninger) Date: Sun, 16 Jan 2022 18:46:49 +0100 Subject: [PATCH] Ensure compatibility with tree 2.0. In-Reply-To: <20220116165028.22811-1-marius@gnu.org> References: <20220116165028.22811-1-marius@gnu.org> Message-ID: <20220116174649.ohp2pqc47rcsumnb@gmail.com> On Sun, Jan 16, 2022 at 05:50:28PM +0100, Marius Bakke wrote: > Tree 2.0 and later will unconditionally ignore all options and write > JSON data on file descriptor 3 when available, which causes problems > for the test harness and other scripts that use FD 3. Work around by > always redirecting descriptor 3 to a temporary fd when invoking 'tree'. > --- > src/password-store.sh | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > (previous email sent from the wrong address, trying again ...) > > diff --git a/src/password-store.sh b/src/password-store.sh > index aef8d72..a6d8469 100755 > --- a/src/password-store.sh > +++ b/src/password-store.sh > @@ -402,7 +402,13 @@ cmd_show() { > else > echo "${path%\/}" > fi > - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors > + # 'tree' 2.0 and later writes JSON output on fd3 when present, > + # so allocate a temporary fd and redirect file descriptor 3 to > + # ensure we get the stdout in case fd 3 happens to exist. > + tree -N -C -l --noreport "$PREFIX/$path" {tmp_fd}>&3- \ Looks good. I wonder if there is a difference between {varname}>&3- and 3>&- I wasn't familiar with Bash's {varname}>&3- syntax. It looked tricky at first; I guess it's just a contraction of {varname}>&3 3>&- Looks like the {varname} bit allows to keep a FD open across commands; but in this case it's closed immediately, so I don't know if it makes a difference. > + | tail -n +2 \ > + | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' \ > + # remove .gpg at end of line, but keep colors I'd write it with trailing pipes (also helps the comment) tree -N -C -l --noreport "$PREFIX/$path" {tmp_fd}>&3- | tail -n +2 | # remove .gpg at end of line, but keep colors sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' > elif [[ -z $path ]]; then > die "Error: password store is empty. Try \"pass init\"." > else > @@ -414,7 +420,10 @@ cmd_find() { > [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." > IFS="," eval 'echo "Search Terms: $*"' > local terms="*$(printf '%s*|*' "$@")" > - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' > + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs \ > + --ignore-case "$PREFIX" {tmp_fd}>&3- \ > + | tail -n +2 \ > + | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' > } > > cmd_grep() { > -- > 2.34.0 > From marius at gnu.org Sun Jan 16 18:21:47 2022 From: marius at gnu.org (Marius Bakke) Date: Sun, 16 Jan 2022 19:21:47 +0100 Subject: [PATCH v2] Ensure compatibility with tree 2.0. In-Reply-To: <20220116174649.ohp2pqc47rcsumnb@gmail.com> References: <20220116174649.ohp2pqc47rcsumnb@gmail.com> Message-ID: <20220116182147.16341-1-marius@gnu.org> Tree 2.0 and later will unconditionally ignore all options and write JSON data on file descriptor 3 when available, which causes problems for the test harness and other scripts that use FD 3. Work around by always redirecting descriptor 3 to a temporary fd when invoking 'tree'. --- src/password-store.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- Changes in v2: * Always allocate FD 3 before redirecting. * Changed to "trailing pipes" style. diff --git a/src/password-store.sh b/src/password-store.sh index aef8d72..1a78cd4 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -402,7 +402,13 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + # 'tree' 2.0 and later writes JSON output on fd3 when present, + # so allocate a temporary fd and redirect file descriptor 3 to + # ensure we get the stdout in case fd 3 happens to exist. + tree -N -C -l --noreport "$PREFIX/$path" 3>/dev/null {tmp_fd}>&3- | + tail -n +2 | + # remove .gpg at end of line, but keep colors + sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else @@ -414,7 +420,10 @@ cmd_find() { [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." IFS="," eval 'echo "Search Terms: $*"' local terms="*$(printf '%s*|*' "$@")" - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs \ + --ignore-case "$PREFIX" 3>/dev/null {tmp_fd}>&3- | + tail -n +2 | + sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' } cmd_grep() { -- 2.34.0 From marius at gnu.org Sun Jan 16 18:44:16 2022 From: marius at gnu.org (Marius Bakke) Date: Sun, 16 Jan 2022 19:44:16 +0100 Subject: [PATCH] Ensure compatibility with tree 2.0. In-Reply-To: <20220116174649.ohp2pqc47rcsumnb@gmail.com> References: <20220116165028.22811-1-marius@gnu.org> <20220116174649.ohp2pqc47rcsumnb@gmail.com> Message-ID: <8735ln8qrj.fsf@gnu.org> Johannes Altmanninger skriver: > On Sun, Jan 16, 2022 at 05:50:28PM +0100, Marius Bakke wrote: >> diff --git a/src/password-store.sh b/src/password-store.sh >> index aef8d72..a6d8469 100755 >> --- a/src/password-store.sh >> +++ b/src/password-store.sh >> @@ -402,7 +402,13 @@ cmd_show() { >> else >> echo "${path%\/}" >> fi >> - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors >> + # 'tree' 2.0 and later writes JSON output on fd3 when present, >> + # so allocate a temporary fd and redirect file descriptor 3 to >> + # ensure we get the stdout in case fd 3 happens to exist. >> + tree -N -C -l --noreport "$PREFIX/$path" {tmp_fd}>&3- \ > > Looks good. I wonder if there is a difference between {varname}>&3- and 3>&- > I wasn't familiar with Bash's {varname}>&3- syntax. It looked tricky at > first; I guess it's just a contraction of {varname}>&3 3>&- Actually 3>&- alone seems to work fine, and is nicer than the redirect hack IMO. I was worried it would close FD3 for subsequent processes, but it appears FD 3 is only made invisible for that one command. v3 incoming, thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From marius at gnu.org Sun Jan 16 18:57:01 2022 From: marius at gnu.org (Marius Bakke) Date: Sun, 16 Jan 2022 19:57:01 +0100 Subject: [PATCH v3] Ensure compatibility with tree 2.0. In-Reply-To: <20220116174649.ohp2pqc47rcsumnb@gmail.com> References: <20220116174649.ohp2pqc47rcsumnb@gmail.com> Message-ID: <20220116185701.3867-1-marius@gnu.org> Tree 2.0 and later will unconditionally ignore all options and write JSON data on file descriptor 3 when available, which causes problems for the test harness and other scripts that use FD 3. Work around by closing descriptor 3 for the 'tree' command. --- src/password-store.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- Changes in v3: * Close descriptor 3 for 'tree' instead of redirecting to temporary fd. diff --git a/src/password-store.sh b/src/password-store.sh index aef8d72..17d09cf 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -402,7 +402,12 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + # 'tree' 2.0 and later writes JSON output on descriptor 3 when + # present, so move it temporarily in case it happens to be set. + tree -N -C -l --noreport "$PREFIX/$path" 3>&- | + tail -n +2 | + # remove .gpg at end of line, but keep colors + sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else @@ -414,7 +419,10 @@ cmd_find() { [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." IFS="," eval 'echo "Search Terms: $*"' local terms="*$(printf '%s*|*' "$@")" - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs \ + --ignore-case "$PREFIX" 3>&- | + tail -n +2 | + sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' } cmd_grep() { -- 2.34.0 From Jason at zx2c4.com Sun Jan 16 21:03:54 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Sun, 16 Jan 2022 22:03:54 +0100 Subject: [PATCH v3] Ensure compatibility with tree 2.0. In-Reply-To: <20220116185701.3867-1-marius@gnu.org> References: <20220116174649.ohp2pqc47rcsumnb@gmail.com> <20220116185701.3867-1-marius@gnu.org> Message-ID: Wow, that's some weird behavior. I just poked at the source and indeed it seems unconditional. Thanks for writing in about this. Can you resubmit this, but without changing the formatting / line length, and without adding that comment? `git blame` is fine for the rationale. Just a good ol `3>&-` will do the trick. Thanks, Jason From marius at gnu.org Mon Jan 17 16:54:32 2022 From: marius at gnu.org (Marius Bakke) Date: Mon, 17 Jan 2022 17:54:32 +0100 Subject: [PATCH v4] Ensure compatibility with tree 2.0. In-Reply-To: References: Message-ID: <20220117165432.28972-1-marius@gnu.org> Tree 2.0 and later will unconditionally ignore all options and write JSON data on file descriptor 3 when available, which causes problems for the test harness and other scripts that use FD 3. Work around by closing descriptor 3 for the 'tree' command. --- * Changes in v4: - Removed line breaks. Thanks for the feedback, everyone. --- src/password-store.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index aef8d72..22e818f 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -402,7 +402,7 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else @@ -414,7 +414,7 @@ cmd_find() { [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." IFS="," eval 'echo "Search Terms: $*"' local terms="*$(printf '%s*|*' "$@")" - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' } cmd_grep() { -- 2.34.0 From Jason at zx2c4.com Mon Jan 17 16:55:34 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Mon, 17 Jan 2022 17:55:34 +0100 Subject: [PATCH v4] Ensure compatibility with tree 2.0. In-Reply-To: <20220117165432.28972-1-marius@gnu.org> References: <20220117165432.28972-1-marius@gnu.org> Message-ID: Applied, thanks. From superbear2013 at gmail.com Thu Jan 20 17:37:39 2022 From: superbear2013 at gmail.com (superbear2013 at gmail.com) Date: Fri, 21 Jan 2022 01:37:39 +0800 Subject: [PATCH] Check if support compopt command. Message-ID: <20220120173739.2698-1-superbear2013@gmail.com> From: superbear Fix pass -c W-bash: compopt: command not found. --- src/completion/pass.bash-completion | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion index 2d23cbf..a6b22a1 100644 --- a/src/completion/pass.bash-completion +++ b/src/completion/pass.bash-completion @@ -54,7 +54,7 @@ _pass_complete_entries () { # The only time we want to add a space to the end is if there is only # one match, and it is not a directory if [[ $i -gt 1 || ( $i -eq 1 && -d $firstitem ) ]]; then - compopt -o nospace + type compopt &>/dev/null && compopt -o nospace fi } @@ -91,7 +91,7 @@ _pass() init) if [[ $lastarg == "-p" || $lastarg == "--path" ]]; then _pass_complete_folders - compopt -o nospace + type compopt &>/dev/null && compopt -o nospace else COMPREPLY+=($(compgen -W "-p --path" -- ${cur})) _pass_complete_keys -- 2.24.3 (Apple Git-128) From radon.neon at gmail.com Sat Jan 29 04:56:48 2022 From: radon.neon at gmail.com (Radon Rosborough) Date: Fri, 28 Jan 2022 20:56:48 -0800 Subject: pass ln: for symlinks Message-ID: Hi friends, I've used Pass for several years and I've always wanted a 'pass ln' command, for creating symlinks within the password store. This is useful when the same website uses multiple separate domains, which should be treated interchangeably for the sake of password management. (Example: stackoverflow.com, stackexchange.com, askubuntu.com, etc.) My current workflow is to go into ~/.password-store and create symlinks manually, e.g. 'ln -s stackoverflow.com ~/.password-store/askubuntu.com'. Once symlinks are created, they work exactly as expected for autocompletion, both at the command line and in all the clients I use, including Browserpass and the Android app. The only inconvenience is I have to create the symlink and make a commit manually. My proposed new subcommand would go like 'pass ln [--force,-f] old-path new-path', and it would have just about the same semantics as 'pass mv' or 'pass cp', except that it would make sure to always create relative symlinks to avoid accidentally depending on the location of the user's home directory or anything like that. The advantage would be correct autocompletion while making the symlink, and integration with Git like for the other Pass subcommands. I see that an idea like (or the same as) this was first brought up in 2015 and briefly discussed, but never implemented [1], and in 2020 a patch was submitted but apparently never merged [2]. I'd be happy to spend some time seeing this feature through to its finish, including adding tests and completion scripts if desired. Would such a contribution be accepted? If so, I'll follow up with a patch for feedback. Best regards, Radon Rosborough https://github.com/raxod502 P.S. My email configuration filters out mailing lists, so I'd love it if you could cc me on replies to this thread. [1]: https://lists.zx2c4.com/pipermail/password-store/2015-August/001687.html [2]: https://lists.zx2c4.com/pipermail/password-store/2020-January/003879.html