From daniel at barreto.tech Fri Nov 4 09:22:27 2022 From: daniel at barreto.tech (Daniel Barreto) Date: Fri, 4 Nov 2022 10:22:27 +0100 (CET) Subject: [PATCH] Bug: Correctly set PASSWORD_STORE_DIR while running pass commands Message-ID: <715457439.97992.1667553747598@privateemail.com> Hello, I noticed that since the introduction of auth-source-pass as a dependency (3a108277637fad89869d904eea963aeb8f45b20d), the password-store-dir function returns the value of auth-source-pass-filename which is a custom var. The problem is that, if one customizes this value, it is only taken into account by commands run inside auth-source-pass and not commands run by password-store--run-1. This patch temporarily sets "PASSWORD_STORE_DIR" to the value of whatever (password-store-dir) returns, so that the password-store-gpg process picks it up correctly. --- contrib/emacs/password-store.el | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el index 6561eb1..697a1c0 100644 --- a/contrib/emacs/password-store.el +++ b/contrib/emacs/password-store.el @@ -78,7 +78,9 @@ Kept for backward compatibility with other libraries." Nil arguments are ignored. Calls CALLBACK with the output on success, or outputs error message on failure." - (let ((output "")) + (let ((output "") + (process-environment (cl-copy-list process-environment))) + (setenv "PASSWORD_STORE_DIR" (expand-file-name (password-store-dir))) (make-process :name "password-store-gpg" :command (cons password-store-executable (delq nil args)) base-commit: dddca73694d1ecc2381cde6c02a9d1466cf0ab41 -- 2.38.1 From wuzhenyu at ustc.edu Sat Nov 5 15:50:11 2022 From: wuzhenyu at ustc.edu (Wu Zhenyu) Date: Sat, 5 Nov 2022 23:50:11 +0800 Subject: [PATCH] Change tree to an optional depend and add support for exa Message-ID: <20221105153557.1325221-1-wuzhenyu@ustc.edu> --- src/password-store.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..cd844f8 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -378,7 +378,7 @@ cmd_show() { [[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-number]] [--qrcode[=line-number],-q[line-number]] [pass-name]" - local pass + local pass tree local path="$1" local passfile="$PREFIX/$path.gpg" check_sneaky_paths "$path" @@ -402,7 +402,14 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + if command -v exa &> /dev/null; then + tree="exa --color=always --icons --tree" + elif command -v tree &> /dev/null; then + tree="tree -N -C -l --noreport" + else + die "Error: please install exa/tree firstly!" + fi + $tree "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else -- 2.38.1 From wuzhenyu at ustc.edu Sat Nov 5 15:53:22 2022 From: wuzhenyu at ustc.edu (Wu Zhenyu) Date: Sat, 5 Nov 2022 23:53:22 +0800 Subject: [PATCH] Change tree to an optional depend and add support for exa Message-ID: <20221105155322.diapaa32xwht4jxh@desktop> --- src/password-store.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..cd844f8 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -378,7 +378,7 @@ cmd_show() { [[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-number]] [--qrcode[=line-number],-q[line-number]] [pass-name]" - local pass + local pass tree local path="$1" local passfile="$PREFIX/$path.gpg" check_sneaky_paths "$path" @@ -402,7 +402,14 @@ cmd_show() { else echo "${path%\/}" fi - tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors + if command -v exa &> /dev/null; then + tree="exa --color=always --icons --tree" + elif command -v tree &> /dev/null; then + tree="tree -N -C -l --noreport" + else + die "Error: please install exa/tree firstly!" + fi + $tree "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else -- 2.38.1 From wuzhenyu at ustc.edu Sat Nov 5 16:28:22 2022 From: wuzhenyu at ustc.edu (Wu Zhenyu) Date: Sun, 6 Nov 2022 00:28:22 +0800 Subject: No subject Message-ID: <20221105162822.el7ifldntkotq35g@desktop> From: Wu Zhenyu To: password-store at lists.zx2c4.com Cc: Wu Zhenyu Subject: [PATCH] support more clippers Date: Sun, 6 Nov 2022 00:28:02 +0800 Message-Id: <20221105162801.1471986-1-wuzhenyu at ustc.edu> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Change xclip to an optional depend Refer --- src/password-store.sh | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..0af39d5 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -163,12 +163,35 @@ clip() { paste_cmd+=( --primary ) fi local display_name="$WAYLAND_DISPLAY" - elif [[ -n $DISPLAY ]] && command -v xclip &> /dev/null; then - local copy_cmd=( xclip -selection "$X_SELECTION" ) - local paste_cmd=( xclip -o -selection "$X_SELECTION" ) + elif [[ -n $DISPLAY ]]; then + if command -v xsel &> /dev/null; then + local copy_cmd=( xsel -i "--$X_SELECTION" ) + local paste_cmd=( xsel -o "--$X_SELECTION" ) + elif command -v xclip &> /dev/null; then + local copy_cmd=( xclip -selection "$X_SELECTION" ) + local paste_cmd=( xclip -o -selection "$X_SELECTION" ) + fi local display_name="$DISPLAY" + elif command -v pbcopy &> /dev/null; then + local copy_cmd=( pbcopy ) + local paste_cmd=( pbpaste ) + elif command -v lemonade &> /dev/null; then + local copy_cmd=( lemonade copy ) + local paste_cmd=( lemonade paste ) + elif command -v doitclient &> /dev/null; then + local copy_cmd=( doitclient wclip ) + local paste_cmd=( doitclient wclip -r ) + elif command -v win32yank &> /dev/null; then + local copy_cmd=( win32yank -i --crlf ) + local paste_cmd=( win32yank -o --lf ) + elif command -v termux-clipboard-set &> /dev/null; then + local copy_cmd=( termux-clipboard-set ) + local paste_cmd=( termux-clipboard-get ) + elif command -v tmux &> /dev/null; then + local copy_cmd=( tmux load-buffer - ) + local paste_cmd=(tmux save-buffer - ) else - die "Error: No X11 or Wayland display and clipper detected" + die "Error: No any clipper detected" fi local sleep_argv0="password store sleep on display $display_name" -- 2.38.1 From prmarino1 at gmail.com Tue Nov 8 20:31:09 2022 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Tue, 8 Nov 2022 15:31:09 -0500 Subject: dbus integration? Message-ID: I'm doing some work with a tool that was designed to work with gnome keyring and I would like to use pass instead for a number of reasons too long to get into. it turns out that it is actually using the org.fredesktop Secret Service API via dbus. I was wondering if anyone was working on a service which could proxy this API to pass or if a tool already exists? From mem at fallback.netnod.se Wed Nov 9 08:45:14 2022 From: mem at fallback.netnod.se (Magnus Sandberg) Date: Wed, 9 Nov 2022 09:45:14 +0100 Subject: dbus integration? In-Reply-To: References: Message-ID: <369b10c0-1e69-755c-cd8e-a8032f6ee542@fallback.netnod.se> Hi Paul Robert, First of all, I'm not a real developer. I think that a lot of what's needed exists "out there". For instance when I'm running my Xfce, the gpg-agent uses the classic passphrase popup when I have to unlock some password. And the Firefox plugin (works other other browsers too) is a bit of what you looking for, I guess. https://github.com/passff/passff https://github.com/passff/passff-host So maybe the dbus stuff is missing but the concept exists in different shapes and forms. Regards, // mem Den 2022-11-08 kl. 21:31, skrev Paul Robert Marino: > I'm doing some work with a tool that was designed to work with gnome > keyring and I would like to use pass instead for a number of reasons > too long to get into. > it turns out that it is actually using the org.fredesktop Secret > Service API via dbus. I was wondering if anyone was working on a > service which could proxy this API to pass or if a tool already > exists? From mailinglists-pass at qwertyuiop.de Wed Nov 9 14:21:51 2022 From: mailinglists-pass at qwertyuiop.de (Alexander Gehrke) Date: Wed, 9 Nov 2022 15:21:51 +0100 Subject: dbus integration? In-Reply-To: References: Message-ID: <20221109142151.uieqpf6jsdvstnc6@flipper.wg> > it turns out that it is actually using the org.fredesktop Secret > Service API via dbus. I was wondering if anyone was working on a > service which could proxy this API to pass or if a tool already > exists? I know of two projects that implement that API with pass as backend: - https://github.com/mdellweg/pass_secret_service (Python) - https://github.com/nullobsi/pass-secrets (C++) I only looked into it once for some application I ended up not using for unrelated reasons, so I can't say how well they work. From prmarino1 at gmail.com Wed Nov 9 15:25:06 2022 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Wed, 9 Nov 2022 10:25:06 -0500 Subject: dbus integration? In-Reply-To: <20221109142151.uieqpf6jsdvstnc6@flipper.wg> References: <20221109142151.uieqpf6jsdvstnc6@flipper.wg> Message-ID: Thanks everyone especially you Alexander For clarification im working on getting this https://github.com/openstandia/aws-cli-oidc to work on WSL2 I figured out the dbus component and ive instituted a policy to use Pass under WSL2 and Linux for my users as the standard approved local password vault including instructions on how to make compliant GPG keys. I've also created scripts for my users that right now use AWS-vault https://github.com/99designs/aws-vault for static credentials i've documented the process for getting the dbus component to work under WSL2 and once I figure out the component to get it integrated with Pass I plan to contribute the scripts and documentation to that project. The alternative I've been considering is to use pass to store a password for gnome-keyring though honestly i wish the tool just used the kernel keyring because the secrets its storing are ephemeral. On Wed, Nov 9, 2022 at 9:23 AM Alexander Gehrke wrote: > > > it turns out that it is actually using the org.fredesktop Secret > > Service API via dbus. I was wondering if anyone was working on a > > service which could proxy this API to pass or if a tool already > > exists? > > I know of two projects that implement that API with pass as backend: > > - https://github.com/mdellweg/pass_secret_service (Python) > - https://github.com/nullobsi/pass-secrets (C++) > > I only looked into it once for some application I ended up not using for > unrelated reasons, so I can't say how well they work. From ramses0 at yahoo.com Wed Nov 9 21:49:59 2022 From: ramses0 at yahoo.com (Robert Ames) Date: Wed, 9 Nov 2022 21:49:59 +0000 (UTC) Subject: dbus integration? In-Reply-To: <20221109142151.uieqpf6jsdvstnc6@flipper.wg> References: <20221109142151.uieqpf6jsdvstnc6@flipper.wg> Message-ID: <2122867231.1652542.1668030600001@mail.yahoo.com> This package may also help: https://www.funtoo.org/Funtoo:Keychain https://github.com/funtoo/keychain ...it keeps your keychains / agents unlocked... although upon further reading I'm thinking I'm misreading the question. --Robert On Wednesday, November 9, 2022 at 08:48:40 AM CST, Alexander Gehrke wrote: > it turns out that it is actually using the org.fredesktop Secret > Service API via dbus. I was wondering if anyone was working on a > service which could proxy this API to pass or if a tool already > exists? I know of two projects that implement that API with pass as backend: - https://github.com/mdellweg/pass_secret_service (Python) - https://github.com/nullobsi/pass-secrets (C++) I only looked into it once for some application I ended up not using for unrelated reasons, so I can't say how well they work. From bjoern at reldeif.de Thu Nov 17 15:21:22 2022 From: bjoern at reldeif.de (=?UTF-8?q?Bj=C3=B6rn=20Fiedler?=) Date: Thu, 17 Nov 2022 16:21:22 +0100 Subject: [PATCH] pass git understands -p/--path option Message-ID: <20221117152122.1427701-1-bjoern@reldeif.de> This commit allows to use -p/--path for `pass git` the same way as `pass init` accepts it. --- man/pass.1 | 4 +++- src/password-store.sh | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/man/pass.1 b/man/pass.1 index a555dcb..09ada0c 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -164,7 +164,7 @@ silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a trailing \fI/\fP, it is always treated as a directory. Passwords are selectively reencrypted to the corresponding keys of their new destination. .TP -\fBgit\fP \fIgit-command-args\fP... +\fBgit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgit-command-args\fP... If the password store is a git repository, pass \fIgit-command-args\fP as arguments to .BR git (1) using the password store as the git repository. If \fIgit-command-args\fP is \fBinit\fP, @@ -173,6 +173,8 @@ store to the repository in an initial commit. If the git config key \fIpass.sign is set to \fItrue\fP, then all commits will be signed using \fIuser.signingkey\fP or the default git signing key. This config key may be turned on using: .B `pass git config --bool --add pass.signcommits true` +If \fI--path\fP or \fI-p\fP is specified, the git command is executed in that specific +sub folder of the password store. .TP \fBhelp\fP Show usage message. diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..2acacef 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -650,6 +650,19 @@ cmd_copy_move() { } cmd_git() { + local opts id_path="" + opts="$($GETOPT -o p: -l path: -n "$PROGRAM git" -- "$@")" + local err=$? + eval set -- "$opts" + while true; do case $1 in + -p|--path) id_path="$2"; shift 2 ;; + --) shift; break ;; + esac done + + [[ -n $id_path ]] && check_sneaky_paths "$id_path" + [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory." + + local PREFIX="$PREFIX/$id_path" set_git "$PREFIX/" if [[ $1 == "init" ]]; then INNER_GIT_DIR="$PREFIX" -- 2.37.2 From astrian at fastmail.com Mon Nov 21 03:31:30 2022 From: astrian at fastmail.com (Astrian Zheng) Date: Mon, 21 Nov 2022 14:31:30 +1100 Subject: A New Pass Companion Alfred Workflow Message-ID: <47132A96-F0B8-4981-A503-C99A15BA8950@fastmail.com> Hello everyone, I swapped from 1Password to Pass and made a new Alfred Workflow to fill in the username and password automatically. I think the existing Alfred Workflows are not maintained actively, so I made my own and am emailing you this new Workflow. Here is the address to the workflow?s repository: https://github.com/Astrian/AlfredPass. PR and recommendations are welcome! :-D Thanks! Astrian Zheng From z at zagdul.de Tue Nov 22 07:26:57 2022 From: z at zagdul.de (Zack) Date: Tue, 22 Nov 2022 08:26:57 +0100 Subject: A New Pass Companion Alfred Workflow In-Reply-To: <47132A96-F0B8-4981-A503-C99A15BA8950@fastmail.com> References: <47132A96-F0B8-4981-A503-C99A15BA8950@fastmail.com> Message-ID: Hi Astrian, I did implement one alfred-workflow myself - maybe we could benefit from each other: https://github.com/sboesebeck/AlfredPass My workflow is heavily depending on my index plugin for pass, that speeds up searches significantly: https://github.com/sboesebeck/pass-index Hope it?ll help anyone. Best, Stephan On 21 Nov 2022, at 4:31, Astrian Zheng wrote: > Hello everyone, > > I swapped from 1Password to Pass and made a new Alfred Workflow to fill in the username and password automatically. I think the existing Alfred Workflows are not maintained actively, so I made my own and am emailing you this new Workflow. > > Here is the address to the workflow?s repository: https://github.com/Astrian/AlfredPass. > > PR and recommendations are welcome! :-D > > Thanks! > > Astrian Zheng From astrian at fastmail.com Tue Nov 22 08:26:38 2022 From: astrian at fastmail.com (Astrian Zheng) Date: Tue, 22 Nov 2022 19:26:38 +1100 Subject: A New Pass Companion Alfred Workflow In-Reply-To: References: <47132A96-F0B8-4981-A503-C99A15BA8950@fastmail.com> Message-ID: Hello Zack: Surprisingly your project has the same name as mine! ? I used AppleScript to fill in the credentials automatically, without extra plugins and not limited to the environment of browsers (showcase video: https://www.youtube.com/watch?v=YA6dJ1dstRM). May you can have a try in your own workflow! By the way, I am just swapped and not so clear that how others use Pass regularly, so I am afraid that my workflow may be too focused on me. So maybe I need some advice to improve the feature of the workflow. Thanks! Astrian Zheng Use PGP encryption with me! My PGP key fingerprint: 30C8?C598?F461?FEE0?BFA0??2B6A?A991?CE2A?3F3B?64AF You can also use the QR code to confirm the signature: https://cloud.local.astrian.moe/s/ckP2DaByPSDZfCs p.s. Sorry for the duplicated email. The mailing list rejected my email twice for the huge GIF and rejected my HTML email. On 22 Nov 2022, at 18:26, Zack wrote: > Hi Astrian, > > I did implement one alfred-workflow myself - maybe we could benefit from each other: https://github.com/sboesebeck/AlfredPass > > My workflow is heavily depending on my index plugin for pass, that speeds up searches significantly: https://github.com/sboesebeck/pass-index > > Hope it?ll help anyone. > > Best, > > Stephan > > On 21 Nov 2022, at 4:31, Astrian Zheng wrote: > >> Hello everyone, >> >> I swapped from 1Password to Pass and made a new Alfred Workflow to fill in the username and password automatically. I think the existing Alfred Workflows are not maintained actively, so I made my own and am emailing you this new Workflow. >> >> Here is the address to the workflow?s repository: https://github.com/Astrian/AlfredPass. >> >> PR and recommendations are welcome! :-D >> >> Thanks! >> >> Astrian Zheng -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 862 bytes Desc: OpenPGP digital signature URL: From simon.blum at posteo.org Wed Nov 30 22:32:14 2022 From: simon.blum at posteo.org (simon.blum at posteo.org) Date: Wed, 30 Nov 2022 22:32:14 +0000 Subject: [PATCH] Small fixes in bash and zsh completion Message-ID: <20221130223214.24740-1-simon.blum@posteo.org> From: Simon Blum Bash completion didn't list -c and --clip after "pass " which is inconsistent with "pass show ". Zsh completion did not ignore .gitattribute and .gitignore files in password-store. --- src/completion/pass.bash-completion | 1 + src/completion/pass.zsh-completion | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion index 2d23cbf..5e4d987 100644 --- a/src/completion/pass.bash-completion +++ b/src/completion/pass.bash-completion @@ -137,6 +137,7 @@ _pass() fi else COMPREPLY+=($(compgen -W "${commands}" -- ${cur})) + COMPREPLY+=($(compgen -W "-c --clip" -- ${cur})) _pass_complete_entries 1 fi } diff --git a/src/completion/pass.zsh-completion b/src/completion/pass.zsh-completion index d911e12..1273ab6 100644 --- a/src/completion/pass.zsh-completion +++ b/src/completion/pass.zsh-completion @@ -124,7 +124,7 @@ _pass_complete_entries_helper () { local IFS=$'\n' local prefix zstyle -s ":completion:${curcontext}:" prefix prefix || prefix="${PASSWORD_STORE_DIR:-$HOME/.password-store}" - _values -C 'passwords' ${$(find -L "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print 2>/dev/null | sed -e "s#${prefix}/\{0,1\}##" -e 's#\.gpg##' -e 's#\\#\\\\#g' -e 's#:#\\:#g' | sort):-""} + _values -C 'passwords' ${$(find -L "$prefix" \( -name ".git*" -o -name .gpg-id \) -prune -o $@ -print 2>/dev/null | sed -e "s#${prefix}/\{0,1\}##" -e 's#\.gpg##' -e 's#\\#\\\\#g' -e 's#:#\\:#g' | sort):-""} } _pass_complete_entries_with_subdirs () { -- 2.38.1