From abe at deuxchevaux.org Thu Apr 13 18:39:26 2023 From: abe at deuxchevaux.org (Axel Beckert) Date: Thu, 13 Apr 2023 20:39:26 +0200 Subject: [PATCH] Support encrypting for PGP keys without subkeys Message-ID: <20230413183926.z6n3eqcooje5rdyz@sym.noone.org> Hi, I'm trying to setup pass as team password storage shared and synced via git. When adding the keys of other team members via "pass init", I ran into the problem that "pass init" did add the additional key id to .gpg-id, but did not reencrypt all the files for the new key. It all boiled down to that the variable gpg_keys is only filled with keys which have subkeys. But one team member has a older PGP key without a subkey. While it might be no more good practice to generate PGP keys without subkey, it's still a personal user decision or possibly historic circumstance. So IMHO pass should also work with such keys. So I came up with the attached patch which does not only filter the list of target keys for subkeys but also for public keys. The remainder seems to still work as intended: Having two keys with subkeys and one without, there are not five key ids (pub and sub) in gpg_keys but still only the expected three. Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe at noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Support-encrypting-for-PGP-keys-without-subkeys.patch Type: text/x-diff Size: 1332 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From quoiceehoh-20180826 at yxejamir.net Fri Apr 14 07:54:49 2023 From: quoiceehoh-20180826 at yxejamir.net (Amir Yalon) Date: Fri, 14 Apr 2023 10:54:49 +0300 Subject: [PATCH] Support encrypting for PGP keys without subkeys In-Reply-To: <20230413183926.z6n3eqcooje5rdyz@sym.noone.org> References: <20230413183926.z6n3eqcooje5rdyz@sym.noone.org> Message-ID: <061e8ab5-a583-4be3-b8d3-f0370ab97be4@app.fastmail.com> The patch looks correct. It adds `pub` records, but not all of them, since field 12 (key capabilities) is filtered to include only keys with `e` (the encrypt capability). It is interesting to note that the filter on field 12 seems sufficient, which makes the filter on field 1 (type of record) redundant (though good for clarity of intent). On Thu, 13 Apr 2023, at 21:39, Axel Beckert wrote: > So I came up with the attached patch which does not only filter the > list of target keys for subkeys but also for public keys. The > remainder seems to still work as intended: Having two keys with > subkeys and one without, there are not five key ids (pub and sub) in > gpg_keys but still only the expected three. From fakefakefans at gmail.com Sun Apr 16 18:18:57 2023 From: fakefakefans at gmail.com (Erich Ericson) Date: Sun, 16 Apr 2023 20:18:57 +0200 Subject: [PATCH] contrib/importers/keepass2csv2pass.py: remove deprecated 'U' open mode Message-ID: Hi password-store@, while importing keepass2 csv exports into pass on a recent Fedora Workstation release using Python 3.11, I noticed that the script crashed due to the open mode string being unparseable. Turns out Universal newline mode is already the default since python 3.0 and that option has been long deprecated and removed in Python 3.11 in favor of the 'newline' kwarg. So remove the invalid open mode char as Python 3.0 is already the requirement for running this script. Cheers, DaErich >From 9283c28383af16189bea93a1b4de413ffe6b243e Mon Sep 17 00:00:00 2001 From: Erich Ericson Date: Sun, 16 Apr 2023 18:38:45 +0200 Subject: [PATCH] contrib/importers/keepass2csv2pass.py: remove deprecated 'U' open mode It is deprecated since at least python 3.10 and has been removed in python 3.11 causing this script to fail on rolling release distros Signed-off-by: Erich Ericson --- contrib/importers/keepass2csv2pass.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/importers/keepass2csv2pass.py b/contrib/importers/keepass2csv2pass.py index c3bd288..b61fc04 100755 --- a/contrib/importers/keepass2csv2pass.py +++ b/contrib/importers/keepass2csv2pass.py @@ -83,7 +83,7 @@ def insert_file_contents(filename, preparation_args): entries = [] - with open(filename, 'rU') as csv_in: + with open(filename, 'r') as csv_in: next(csv_in) csv_out = (line for line in csv.reader(csv_in, dialect='excel')) for row in csv_out: -- 2.39.2 From abe at deuxchevaux.org Tue Apr 18 13:32:40 2023 From: abe at deuxchevaux.org (Axel Beckert) Date: Tue, 18 Apr 2023 15:32:40 +0200 Subject: [PATCH] Support encrypting for PGP keys without subkeys In-Reply-To: <061e8ab5-a583-4be3-b8d3-f0370ab97be4@app.fastmail.com> References: <20230413183926.z6n3eqcooje5rdyz@sym.noone.org> <061e8ab5-a583-4be3-b8d3-f0370ab97be4@app.fastmail.com> Message-ID: <20230418133239.lg3fbvlgrasrdbts@sym.noone.org> Hi, I wrote: > But one team member has a older PGP key without a subkey. [?] > While it might be no more good practice to generate PGP keys without > subkey, it's still a personal user decision or possibly historic > circumstance. That team member solved the situation in a much more easy way that I had in mind: He simply added a subkey to that existing (so far subkey-less) key. This kinda took out the (not explicitly mentioned) urgency of that matter for me. (When I wrote that mail, I expected that he needs to generate a new key and gather most of the signatures on his old key again.) > So IMHO pass should also work with such keys. Nevertheless I still think that pass should work with such keys. On Fri, Apr 14, 2023 at 10:54:49AM +0300, Amir Yalon wrote: > It adds `pub` records, but not all of them, since field 12 (key > capabilities) is filtered to include only keys with `e` (the encrypt > capability). Yes, on purpose. It's the same for the subkeys, too. With keys just meant for signing you can't encrypt passwords. :-D > It is interesting to note that the filter on field 12 seems > sufficient, which makes the filter on field 1 (type of record) > redundant (though good for clarity of intent). Indeed interesting. I wonder if just using that field would cause rather more or rather less trouble for potential future key types. I haven't really thought about this when I wrote the patch, but to stay on the safe side, I on purpose only extended the filter minimally so it worked with that key without subkeys. Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe at noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From mekeor at posteo.de Tue Apr 25 23:19:05 2023 From: mekeor at posteo.de (Mekeor Melire) Date: Tue, 25 Apr 2023 23:19:05 +0000 Subject: [PATCH] emacs: Drop dependency on s library Message-ID: <20230425231905.32488-1-mekeor@posteo.de> The "f" library provides functions for string manipulations. We can safely remove it since we are not using it. --- contrib/emacs/CHANGELOG.md | 4 ++++ contrib/emacs/password-store.el | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/emacs/CHANGELOG.md b/contrib/emacs/CHANGELOG.md index b51ed6f..cd6a581 100644 --- a/contrib/emacs/CHANGELOG.md +++ b/contrib/emacs/CHANGELOG.md @@ -1,3 +1,7 @@ +# 2.3.1 + +* (bug) Drop dependency on s library. + # 2.3.0 * (bug) Drop auth-source-pass dependency. diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el index 2d545e2..7a4d17a 100644 --- a/contrib/emacs/password-store.el +++ b/contrib/emacs/password-store.el @@ -6,7 +6,7 @@ ;; Maintainer: Tino Calancha ;; Version: 2.3.0 ;; URL: https://www.passwordstore.org/ -;; Package-Requires: ((emacs "26") (s "1.9.0") (with-editor "2.5.11")) +;; Package-Requires: ((emacs "26") (with-editor "2.5.11")) ;; Keywords: tools pass password password-store ;; This file is not part of GNU Emacs. base-commit: 26d2dae04bb76a87be6960861c10432820cd5d55 -- 2.39.2