From trice at posteo.net Sun Sep 4 02:17:44 2022 From: trice at posteo.net (Tim Rice) Date: Sun, 4 Sep 2022 02:17:44 +0000 Subject: Keep commit message header short In-Reply-To: References: Message-ID: Hi, Was this email overlooked? Was it submitted in the wrong place? Even if you won't adopt the proposed patch, we would be interested to know the argument for preferring arbitrarily long commit messages. ~ Tim On Thu, Aug 25, 2022 at 06:34:48AM +0000, Tim Rice wrote: >Hey there, > >Thanks for your work on pass. I both enjoy it personally, and it is also a central part of our organization's workflow. > >We noticed that as .gpg-id grows, the automated recrypt commit message gets longer without bound. > >An example line from git log (identities masked to protect my coworkers): > >* 1ea2589 (2022-05-06) Timothy Rice Reencrypt password store using new GPG id XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXX at XXXXXXXXXXX.XXX, XXXXXXXX at XXXXX.XXX, XXXX.XXX at XXXX.XXX.XX, XXXXXX.XXX at XXXXX.XXX, X.XXXXXXX at XX.XXX.XX, XXXXXXXXX at XXXXX.XXX, XXXXXXX.XXXXX at XXXXXX.XXX, XXX.XXXXX at XXXXX.XXX, XXXXX.XXXXXX at XXXX.XXX.XX. > >In case you have automatic word wrapping your email, note that this is all on the very first line of the commit message. It is all one line when unwrapped, as in git log and the like. > >Since we have such a number of people using this password store, it is routine to need to recrypt it as staff turn over. People come and people go, but the commit message never gets shorter. We now have many commits with such long lines. > >I believe people can already use Git to assess which version of gpg-id was active when the commit was made. Commands like `git diff`, `git blame` and `git show` will allow people to view how gpg-id changes over time without it needing to appear in every recrypt commit message. > >I couldn't find any past mention of this in the mailing list archive. Sorry if it was already discussed before and I overlooked it. > >Please find attached a patch which changes the commit message to keep it short and sweet. > >An alternative solution would be to move the extra long parts of the commit message onto a lower line, so that only people using --pretty=full or so would see it. > >Please let me know what you think :) > > >Kind regards, > > >Tim >diff --git i/src/password-store.sh w/src/password-store.sh >index 22e818f..b19ae38 100755 >--- i/src/password-store.sh >+++ w/src/password-store.sh >@@ -362,7 +362,7 @@ cmd_init() { > fi > > reencrypt_path "$PREFIX/$id_path" >- git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." >+ git_add_file "$PREFIX/$id_path" "Reencrypt password store using latest .gpg-id" > } > > cmd_show() { From trice at posteo.net Sun Sep 4 03:03:25 2022 From: trice at posteo.net (Tim Rice) Date: Sun, 4 Sep 2022 03:03:25 +0000 Subject: Keep commit message header short In-Reply-To: References: Message-ID: Hey reed, >I could see the extra information being useful, so I personally like your >alternative solution: > >> An alternative solution would be to move the extra long parts of the >commit message onto a lower line, so that only people using --pretty=full >or so would see it. No worries, I can look at making a patch which will do this. Thanks for the feedback. ~ Tim From aclopte at gmail.com Sun Sep 4 06:18:14 2022 From: aclopte at gmail.com (Johannes Altmanninger) Date: Sun, 4 Sep 2022 08:18:14 +0200 Subject: Keep commit message header short In-Reply-To: References: Message-ID: On Thu, Aug 25, 2022 at 06:34:48AM +0000, Tim Rice wrote: > Hey there, > > Thanks for your work on pass. I both enjoy it personally, and it is also a central part of our organization's workflow. > > We noticed that as .gpg-id grows, the automated recrypt commit message gets longer without bound. > > An example line from git log (identities masked to protect my coworkers): > > * 1ea2589 (2022-05-06) Timothy Rice Reencrypt password store using new GPG id XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXX at XXXXXXXXXXX.XXX, XXXXXXXX at XXXXX.XXX, XXXX.XXX at XXXX.XXX.XX, XXXXXX.XXX at XXXXX.XXX, X.XXXXXXX at XX.XXX.XX, XXXXXXXXX at XXXXX.XXX, XXXXXXX.XXXXX at XXXXXX.XXX, XXX.XXXXX at XXXXX.XXX, XXXXX.XXXXXX at XXXX.XXX.XX. > > In case you have automatic word wrapping your email, note that this is all on the very first line of the commit message. It is all one line when unwrapped, as in git log and the like. > > Since we have such a number of people using this password store, it is routine to need to recrypt it as staff turn over. People come and people go, but the commit message never gets shorter. We now have many commits with such long lines. > > I believe people can already use Git to assess which version of gpg-id was active when the commit was made. Commands like `git diff`, `git blame` and `git show` will allow people to view how gpg-id changes over time without it needing to appear in every recrypt commit message. > > I couldn't find any past mention of this in the mailing list archive. Sorry if it was already discussed before and I overlooked it. > > Please find attached a patch which changes the commit message to keep it short and sweet. > > An alternative solution would be to move the extra long parts of the commit message onto a lower line, so that only people using --pretty=full or so would see it. > > Please let me know what you think :) > > > Kind regards, > > > Tim > diff --git i/src/password-store.sh w/src/password-store.sh > index 22e818f..b19ae38 100755 > --- i/src/password-store.sh > +++ w/src/password-store.sh > @@ -362,7 +362,7 @@ cmd_init() { > fi > > reencrypt_path "$PREFIX/$id_path" > - git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." > + git_add_file "$PREFIX/$id_path" "Reencrypt password store using latest .gpg-id" > } above we have a similar line: git_add_file "$gpg_id" "Set GPG id to ${id_print%, }${id_path:+ ($id_path)}." I think it has the same problem? Looks reasonable overall. The gpg-id information is in Git anyway. > > cmd_show() { From aclopte at gmail.com Sun Sep 4 06:19:41 2022 From: aclopte at gmail.com (Johannes Altmanninger) Date: Sun, 4 Sep 2022 08:19:41 +0200 Subject: Keep commit message header short In-Reply-To: References: Message-ID: On Sun, Sep 04, 2022 at 02:17:44AM +0000, Tim Rice wrote: > Hi, > > Was this email overlooked? FWIW it landed in my spam folder > Was it submitted in the wrong place? > > Even if you won't adopt the proposed patch, we would be interested to know the argument for preferring arbitrarily long commit messages. > > ~ Tim > > > On Thu, Aug 25, 2022 at 06:34:48AM +0000, Tim Rice wrote: > > Hey there, > > > > Thanks for your work on pass. I both enjoy it personally, and it is also a central part of our organization's workflow. > > > > We noticed that as .gpg-id grows, the automated recrypt commit message gets longer without bound. > > > > An example line from git log (identities masked to protect my coworkers): > > > > * 1ea2589 (2022-05-06) Timothy Rice Reencrypt password store using new GPG id XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXX at XXXXXXXXXXX.XXX, XXXXXXXX at XXXXX.XXX, XXXX.XXX at XXXX.XXX.XX, XXXXXX.XXX at XXXXX.XXX, X.XXXXXXX at XX.XXX.XX, XXXXXXXXX at XXXXX.XXX, XXXXXXX.XXXXX at XXXXXX.XXX, XXX.XXXXX at XXXXX.XXX, XXXXX.XXXXXX at XXXX.XXX.XX. > > > > In case you have automatic word wrapping your email, note that this is all on the very first line of the commit message. It is all one line when unwrapped, as in git log and the like. > > > > Since we have such a number of people using this password store, it is routine to need to recrypt it as staff turn over. People come and people go, but the commit message never gets shorter. We now have many commits with such long lines. > > > > I believe people can already use Git to assess which version of gpg-id was active when the commit was made. Commands like `git diff`, `git blame` and `git show` will allow people to view how gpg-id changes over time without it needing to appear in every recrypt commit message. > > > > I couldn't find any past mention of this in the mailing list archive. Sorry if it was already discussed before and I overlooked it. > > > > Please find attached a patch which changes the commit message to keep it short and sweet. > > > > An alternative solution would be to move the extra long parts of the commit message onto a lower line, so that only people using --pretty=full or so would see it. > > > > Please let me know what you think :) > > > > > > Kind regards, > > > > > > Tim > > > diff --git i/src/password-store.sh w/src/password-store.sh > > index 22e818f..b19ae38 100755 > > --- i/src/password-store.sh > > +++ w/src/password-store.sh > > @@ -362,7 +362,7 @@ cmd_init() { > > fi > > > > reencrypt_path "$PREFIX/$id_path" > > - git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." > > + git_add_file "$PREFIX/$id_path" "Reencrypt password store using latest .gpg-id" > > } > > > > cmd_show() { > From tino.calancha at gmail.com Tue Sep 6 19:30:21 2022 From: tino.calancha at gmail.com (Tino Calancha) Date: Tue, 6 Sep 2022 21:30:21 +0200 (CEST) Subject: [PATCH] Emacs - Interactive function for generating w/o symbols In-Reply-To: <87zgfpjvey.fsf@lauretta.mail-host-address-is-not-set> References: <874jy2ci6i.fsf@lauretta.mail-host-address-is-not-set> <87zgfpjvey.fsf@lauretta.mail-host-address-is-not-set> Message-ID: On Sat, 27 Aug 2022, Aner Zakobar wrote: > I am not sure adding a variable would be good is because this > isn't some configuration that one would like to set ahead of time, > rather, a choice to make when generating each password individually. > > In my use case, for instance, I would much rather generate with > symbols. The problem is, certain websites do not allow entering special > characters as their passwords (I know, right??) > > So what I'll do is generate non-symbol passwords only for relevant > websites. By default, I will generate with symbols, and otherwise, I > will generate without. > > Adding a variable would make sense if this is a one-time choice, but I > think it's a choice to make with each password. I see your point, and I agree this might come in handy in the situation that you have described. I have added your command. Apart of this, I am worry that these two generate commands allow the overwrite of a stored password. Maybe we should consider in the future adding an option password-store-force or the like, default to nil, to prevent accidental overwrites. Patches are welcome. Tino From justus at sequoia-pgp.org Thu Sep 22 09:57:33 2022 From: justus at sequoia-pgp.org (Justus Winter) Date: Thu, 22 Sep 2022 11:57:33 +0200 Subject: [PATCH] tests: Replace short OpenPGP keyids with fingerprints Message-ID: <20220922095733.3574736-1-justus@sequoia-pgp.org> Short 32-bit OpenPGP key ids are easily spoofed, so their use is strongly discouraged. The test suite uses short key ids to refer to test keys. This prevents the OpenPGP implementations from rejecting short key ids, and is a bad example for other developers to follow. This patch replaces all short key ids with fingerprints. --- tests/gnupg/gpg.conf | 7 ++++--- tests/setup.sh | 10 +++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/tests/gnupg/gpg.conf b/tests/gnupg/gpg.conf index 60ece49..0646926 100644 --- a/tests/gnupg/gpg.conf +++ b/tests/gnupg/gpg.conf @@ -1,3 +1,4 @@ -group group1 = E4691410 D774A374 -group group2 = E4691410 -group big group = CF90C77B D774A374 EB7D54A8 E4691410 39E5020C +group group1 = 9378267629F989A0E96677B7976DD3D6E4691410 70BD448330ACF0653645B8F2B4DDBFF0D774A374 +group group2 = 9378267629F989A0E96677B7976DD3D6E4691410 +group big group = D4C78DB7920E1E27F5416B81CC9DB947CF90C77B 70BD448330ACF0653645B8F2B4DDBFF0D774A374 62EBE74BE834C2EC71E6414595C4B715EB7D54A8 9378267629F989A0E96677B7976DD3D6E4691410 4D2AFBDE67C60F5999D143AFA6E073D439E5020C + diff --git a/tests/setup.sh b/tests/setup.sh index 20dd7ea..058ce0a 100644 --- a/tests/setup.sh +++ b/tests/setup.sh @@ -57,8 +57,8 @@ command -v gpg2 &>/dev/null && GPG="gpg2" # We don't want any currently running agent to conflict. unset GPG_AGENT_INFO -KEY1="CF90C77B" # pass test key 1 -KEY2="D774A374" # pass test key 2 -KEY3="EB7D54A8" # pass test key 3 -KEY4="E4691410" # pass test key 4 -KEY5="39E5020C" # pass test key 5 +KEY1="D4C78DB7920E1E27F5416B81CC9DB947CF90C77B" # pass test key 1 +KEY2="70BD448330ACF0653645B8F2B4DDBFF0D774A374" # pass test key 2 +KEY3="62EBE74BE834C2EC71E6414595C4B715EB7D54A8" # pass test key 3 +KEY4="9378267629F989A0E96677B7976DD3D6E4691410" # pass test key 4 +KEY5="4D2AFBDE67C60F5999D143AFA6E073D439E5020C" # pass test key 5 -- 2.30.2 From Jason at zx2c4.com Thu Sep 22 10:27:09 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 22 Sep 2022 12:27:09 +0200 Subject: [PATCH] tests: Replace short OpenPGP keyids with fingerprints In-Reply-To: <20220922095733.3574736-1-justus@sequoia-pgp.org> References: <20220922095733.3574736-1-justus@sequoia-pgp.org> Message-ID: Good thinking. Patch applied. I suppose you're considering swapping out gpg with sequoia and hoping pass still works? Jason From justus at sequoia-pgp.org Thu Sep 22 11:34:46 2022 From: justus at sequoia-pgp.org (Justus Winter) Date: Thu, 22 Sep 2022 13:34:46 +0200 Subject: [PATCH] tests: Replace short OpenPGP keyids with fingerprints In-Reply-To: References: <20220922095733.3574736-1-justus@sequoia-pgp.org> Message-ID: <87k05v3and.fsf@europ.lan> "Jason A. Donenfeld" writes: > Good thinking. Patch applied. Thanks! > I suppose you're considering swapping out gpg with sequoia and hoping > pass still works? Indeed, I'm working on a re-implementation of the gpg interface. As part of that work, I'm using downstream test suites to verify my implementation and to exercise various corners of the argument space. https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg I'm happy to report that with the patch applied, the pass test suite passes with my implementation. That doesn't mean that it is recommended to use it now, this is still early work. Best, Justus -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 519 bytes Desc: not available URL: From Jason at zx2c4.com Thu Sep 22 11:37:38 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 22 Sep 2022 13:37:38 +0200 Subject: [PATCH] tests: Replace short OpenPGP keyids with fingerprints In-Reply-To: <87k05v3and.fsf@europ.lan> References: <20220922095733.3574736-1-justus@sequoia-pgp.org> <87k05v3and.fsf@europ.lan> Message-ID: On Thu, Sep 22, 2022 at 1:34 PM Justus Winter wrote: > Indeed, I'm working on a re-implementation of the gpg interface. As > part of that work, I'm using downstream test suites to verify my > implementation and to exercise various corners of the argument space. That's terrific. I generally dislike pgp, but it's not going away soon, and the gpg codebase is pretty gnarly, so a nice drop-in replacement would be a big step forward for folks still using it. From shea at shealevy.com Fri Sep 23 20:53:53 2022 From: shea at shealevy.com (Shea Levy) Date: Fri, 23 Sep 2022 16:53:53 -0400 Subject: [PATCH] clip(): Explicitly set mime-type with wl-copy. Message-ID: <20220923205353.156955-1-shea@shealevy.com> This avoids the need for wl-copy to infer the mime-type, in theory could prevent accidental overlap with a different mime-type, and works around a current bug in autodetection[1]. [1]: https://github.com/bugaevc/wl-clipboard/issues/148 --- src/password-store.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..63d553c 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -156,7 +156,7 @@ check_sneaky_paths() { clip() { if [[ -n $WAYLAND_DISPLAY ]] && command -v wl-copy &> /dev/null; then - local copy_cmd=( wl-copy ) + local copy_cmd=( wl-copy --type 'text/plain;charset=utf-8' ) local paste_cmd=( wl-paste -n ) if [[ $X_SELECTION == primary ]]; then copy_cmd+=( --primary ) -- 2.36.2