From tino.calancha at gmail.com Sun Mar 6 22:34:11 2022 From: tino.calancha at gmail.com (Tino Calancha) Date: Sun, 6 Mar 2022 23:34:11 +0100 (CET) Subject: [PATCH] emacs: fix infloop in password-store--run In-Reply-To: <87czj6wtff.fsf@tetzco.de> References: <87y21wg2b1.fsf@tetzco.de> <87k0dgfzrc.fsf@tetzco.de> <96d8ea36-81b4-9027-ea6b-6cc6765f5356@gmail.com> <87czj6wtff.fsf@tetzco.de> Message-ID: <61cd7744-d0aa-70df-ad6-b2e32d43beb@gmail.com> On Mon, 28 Feb 2022, Kai Tetzlaff wrote: > Tino Calancha writes: > > Hi Tino, > >> Could you check if you still see the issue with the following patch? > > no, I didn't. Your patch seems to solve the issue, too. Thank you Kai; I have pushed the fix to the master branch. Cheers, Tino From dunn.alex at gmail.com Thu Mar 10 00:37:57 2022 From: dunn.alex at gmail.com (Alex Dunn) Date: Wed, 9 Mar 2022 16:37:57 -0800 Subject: [patch] smarter 1password 1pif parsing Message-ID: Tweak to 1pif parsing: webform entries won't necessarily have the secureContents field, so be more careful to avoid unsafe navigation errors. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-1password2pass-make-1pif-parsing-more-robust.patch Type: application/octet-stream Size: 946 bytes Desc: not available URL: From radon.neon at gmail.com Sun Mar 13 05:23:16 2022 From: radon.neon at gmail.com (Radon Rosborough) Date: Sat, 12 Mar 2022 21:23:16 -0800 Subject: New extension: pass ln, for symlinks Message-ID: Hi friends, As promised in February [1] [2], I created a Pass extension that makes it more convenient to manage symbolic links within the password store (use case: websites that have more than one domain name using the same login credentials). The project is available on GitHub [3], where you can download releases packaged for Ubuntu/Debian, Red Hat/Fedora, Arch Linux, and Homebrew, or install from source. Any feedback or bug reports would be greatly appreciated [4]. Best regards, Radon Rosborough [1]: https://lists.zx2c4.com/pipermail/password-store/2022-January/004572.html [2]: https://lists.zx2c4.com/pipermail/password-store/2022-February/004581.html [3]: https://github.com/raxod502/pass-ln [4]: https://github.com/raxod502/pass-ln/issues From lionel at vanbemten.com Sun Mar 13 08:14:19 2022 From: lionel at vanbemten.com (lionel at vanbemten.com) Date: Sun, 13 Mar 2022 09:14:19 +0100 Subject: New extension: pass ln, for symlinks In-Reply-To: References: Message-ID: Hi, Accidentally I wrote exactly the same yesterday. Sorry I was not aware of your previous message as I only joined the mailing list this week. See patch attached. A couple of things you might want to take over: * -f/--force * Follow links in "generate" and "edit" commands so that they can be used indifferently on the actual password or its alias. * A few test cases. Kr Lionel On 13/03/2022 06:23, Radon Rosborough wrote: > Hi friends, > > As promised in February [1] [2], I created a Pass extension that makes > it more convenient to manage symbolic links within the password store > (use case: websites that have more than one domain name using the same > login credentials). The project is available on GitHub [3], where you > can download releases packaged for Ubuntu/Debian, Red Hat/Fedora, Arch > Linux, and Homebrew, or install from source. > > Any feedback or bug reports would be greatly appreciated [4]. > > Best regards, > Radon Rosborough > > [1]: > https://lists.zx2c4.com/pipermail/password-store/2022-January/004572.html > [2]: > https://lists.zx2c4.com/pipermail/password-store/2022-February/004581.html > [3]: https://github.com/raxod502/pass-ln > [4]: https://github.com/raxod502/pass-ln/issues -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-command-to-create-symlinks-between-passwords.patch Type: text/x-diff Size: 8698 bytes Desc: not available URL: From radon.neon at gmail.com Sun Mar 13 22:40:05 2022 From: radon.neon at gmail.com (Radon Rosborough) Date: Sun, 13 Mar 2022 15:40:05 -0700 Subject: New extension: pass ln, for symlinks In-Reply-To: References: Message-ID: > See patch attached Thanks for sharing - I do think this would be better implemented as an upstream patch, but I asked previously if such a patch would be merged, and received no confirmation on this for about a month, which is why I proceeded with an external plugin. If one of the maintainers does decide to merge this, I might advise first looking at my work as well, since it handles some edge cases that should be considered, particularly with regard to distinguishing between file and directory links. From george at shapeshed.com Wed Mar 16 11:24:56 2022 From: george at shapeshed.com (George Ornbo) Date: Wed, 16 Mar 2022 11:24:56 +0000 Subject: Switch passmenu to bemenu on Wayland Message-ID: The `passmenu` script was extended to offer Wayland support using the dmenu-wayland[1] project. This project is not actively maintained. bemenu[2] is actively maintained and widely used on Wayland, particularly in the sway community. This patch is a proposal two switch Wayland support for passmenu to use bemenu rather than dmenu-wayland due to it being better maintained and more widely supported. [1]: https://github.com/nyyManni/dmenu-wayland [2]: https://github.com/Cloudef/bemenu -- George Ornbo http://shapeshed.com -------------- next part -------------- From ba4ea546a871392b9e1b736b5db93d174000c45c Mon Sep 17 00:00:00 2001 From: George Ornbo Date: Wed, 16 Mar 2022 11:10:20 +0000 Subject: [PATCH] Switch passmenu Wayland support to use bemenu Wayland support for the passmenu script was added via the dmenu-wayland[1] project. This is unmaintained and not widely used. This patch switches Wayland support for the passmenu script to use the more widely used bemenu[2] project. [1]: https://github.com/nyyManni/dmenu-wayland [2]: https://github.com/Cloudef/bemenu --- contrib/dmenu/passmenu | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/dmenu/passmenu b/contrib/dmenu/passmenu index 76d92ab..69966b2 100755 --- a/contrib/dmenu/passmenu +++ b/contrib/dmenu/passmenu @@ -9,7 +9,8 @@ if [[ $1 == "--type" ]]; then fi if [[ -n $WAYLAND_DISPLAY ]]; then - dmenu=dmenu-wl + LD_LIBRARY_PATH=/usr/local/lib + dmenu="bemenu" xdotool="ydotool type --file -" elif [[ -n $DISPLAY ]]; then dmenu=dmenu -- 2.35.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From m.eliachevitch at posteo.de Wed Mar 16 14:07:13 2022 From: m.eliachevitch at posteo.de (Michael Eliachevitch) Date: Wed, 16 Mar 2022 14:07:13 +0000 Subject: password-store.el for emacs doesn't inhibit backup-files Message-ID: <874k3yhtiw.fsf@posteo.de> Hello all, I found that when I edit passwords in emacs via `password-store-edit`, emacs creates backup-files with plain-text passwords, which in my personal configuration (via no-littering.el) are stored persitently in my home directory. As I understand, the above emacs commands just runs `pass edit` in a subprocess, so that the password is edited in /dev/shm as a text-file in the normal `text-mode`. When using emacs directly to open gpg files to edit their plain-text content, emacs does the right thing and encrypts the backups, but that's not the case for editing plain-text-files. Also, the absense of a special emacs-mode for editing passwords make it a bit more tricky to disable backups for password-files. E.g. the emacs backup documentation [1] give the following example for disabling backups for a specific major mode: (add-hook 'rmail-mode-hook (lambda () (setq-local make-backup-files nil))) It would be nice to somehow also set `make-backup-files` to nil for password-files. Ideally, that could be should be in the password-store package to have security by default. The solution that I found for me was to edit `backup-enable-predicate` (which takes a file path) to disable backups for files in `/dev/shm`: (defun my-backup-enable-predicate (name) (and (normal-backup-enable-predicate name) (not (s-starts-with-p "/dev/shm" fpath)))) (setq backup-enable-predicate #'my-backup-enable-predicate) This works for me but isn't an ideal solution. password-store.el might an an advice to `backup-enable-predicate` to extend it, though modifying a user-option doesn't seem ideal to me. I found that the `pass` emacs-package [2], which wraps and extends password-store.el, does open the GPG file directly with a special major-mode when using its `pass-view` command, which prevents the issue. But I think there should be a solution that really works with `pass edit`, even when invoked from the CLI. Of course it will only ever work if the user also loads password-store.el in their emacs initialization, but it's better than nothing. Any suggestions how this could be done within password-store.el? Or is just something wrong with my config? Should we maybe document this behavior somewhere to raise awareness? Maybe that's something that should be fixed from emacs-side, e.g. by not having backups by default for `/dev/shm`? Cheers, Michael Eliachevitch [1]: https://www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html [2]: https://github.com/NicolasPetton/pass -- Michael Eliachevitch Public PGP Key: https://keyoxide.org/hkp/546908c782383ad0e7d894ec1b8f95c8125dce31 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 519 bytes Desc: not available URL: From reto at labrat.space Fri Mar 18 00:06:34 2022 From: reto at labrat.space (Reto) Date: Fri, 18 Mar 2022 01:06:34 +0100 Subject: Switch passmenu to bemenu on Wayland In-Reply-To: References: Message-ID: <20220318000634.zvvbnofba6c2sodb@feather> On Wed, Mar 16, 2022 at 11:24:56AM +0000, George Ornbo wrote: > if [[ -n $WAYLAND_DISPLAY ]]; then > - dmenu=dmenu-wl > + LD_LIBRARY_PATH=/usr/local/lib Why on earth are you setting LD_LIBRARY_PATH to /usr/local? That certainly shouldn't be done on a script that should run mostly portable between distros. > + dmenu="bemenu" > xdotool="ydotool type --file -" > elif [[ -n $DISPLAY ]]; then > dmenu=dmenu /usr/local is at least on my distro meant for self compiled programs, anything OS level goes into /usr/lib. Chances are that you're messing with gpg as well, considering that you overwrite the lookup for everything else as well. From jlm at jlm.name Sat Mar 19 22:57:25 2022 From: jlm at jlm.name (Jeff Mendoza) Date: Sat, 19 Mar 2022 15:57:25 -0700 Subject: [PATCH] Add importer script for chrome csv. Message-ID: <20220319225725.32155-1-jlm@jlm.name> --- contrib/importers/chromecsv2pass.sh | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100755 contrib/importers/chromecsv2pass.sh diff --git a/contrib/importers/chromecsv2pass.sh b/contrib/importers/chromecsv2pass.sh new file mode 100755 index 0000000..872fdaa --- /dev/null +++ b/contrib/importers/chromecsv2pass.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# Copyright (C) 2022 Jeff Mendoza . All Rights Reserved. +# Copyright (C) 2013 Tom Hendrikx . All Rights Reserved. +# This file is licensed under the GPLv2+. Please see COPYING for more information. + +# Expect first argument to be a csv file with colums: +# 'name,url,username,password'. Creates entries with name from 'name' +# column. If that already exists: creates $name/2, $name/3, and so on. +# Puts 'password' in first line with no prefix. Puts 'username' in +# second line with 'login: ' prefix if that exists. Ignores 'url' +# column. Skips any entry with empty 'name' or 'password'. The gpg key +# must be unlocked for this to work. + +set -e + +export=$1 + +IFS="," # comma +cat "$export" | while read name url username password; do + [[ "$name" == "name" ]] && continue + [[ -z "$name" ]] && continue + [[ -z "$password" ]] && continue + + entry="$password\n" + [[ -n "$username" ]] && entry="${entry}login: $username\n" + + echo Adding entry for "$name": + rv=0 + pass ls "$name" > /dev/null 2>&1 || rv=$? + if (( rv == 2 )); then + echo "Please unlock the key" + exit 1 + fi + num=1 + ogname="$name" + while (( rv == 0 )); do + (( num += 1 )) + name="${ogname}/${num}" + pass ls "$name" > /dev/null 2>&1 || rv=$? + done + echo -ne "$entry" | pass insert --multiline "$name" + echo "Added!" +done -- 2.30.2 From grmat at sub.red Tue Mar 29 17:05:08 2022 From: grmat at sub.red (=?UTF-8?q?Matthias=20Gro=C3=9F?=) Date: Tue, 29 Mar 2022 19:05:08 +0200 Subject: [PATCH] clip: add option PASSWORD_STORE_PASTE_ONCE Message-ID: <20220329170508.13441-1-grmat@sub.red> If this environment variable is set to "true", the clipboard is cleared immediately after pasting. --- I've send this in before but the first try was a bit chaotic and I never got feedback. I still consider it a useful feature and rebased it onto master. However, if silence meant "no", sorry for the noise. man/pass.1 | 4 ++++ src/password-store.sh | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/man/pass.1 b/man/pass.1 index a555dcb..5930cdd 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -429,6 +429,10 @@ for more info. Specifies the number of seconds to wait before restoring the clipboard, by default \fI45\fP seconds. .TP +.I PASSWORD_STORE_PASTE_ONCE +If this variable is set to \fItrue\fP, the clipboard is cleared immediately after the copied +password has been pasted. +.TP .I PASSWORD_STORE_UMASK Sets the umask of all files modified by pass, by default \fI077\fP. .TP diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..ab13a78 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -16,6 +16,7 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" EXTENSIONS="${PASSWORD_STORE_EXTENSIONS_DIR:-$PREFIX/.extensions}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" +PASTE_ONCE="${PASSWORD_STORE_PASTE_ONCE:-false}" GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" @@ -162,11 +163,17 @@ clip() { copy_cmd+=( --primary ) paste_cmd+=( --primary ) fi + if [[ $PASTE_ONCE == true ]]; then + copy_cmd+=( --paste-once ) + fi local display_name="$WAYLAND_DISPLAY" elif [[ -n $DISPLAY ]] && command -v xclip &> /dev/null; then local copy_cmd=( xclip -selection "$X_SELECTION" ) local paste_cmd=( xclip -o -selection "$X_SELECTION" ) local display_name="$DISPLAY" + if [[ $PASTE_ONCE == true ]]; then + copy_cmd+=( -loops 1 ) + fi else die "Error: No X11 or Wayland display and clipper detected" fi -- 2.35.1