From jorrit at jorrit.de Sun Jun 11 19:24:09 2023 From: jorrit at jorrit.de (=?iso-8859-1?Q?J=F6?= Fahlke) Date: Sun, 11 Jun 2023 21:24:09 +0200 Subject: [PATCH] Fix show -c/-q with large entries Message-ID: Hi, I noticed that for one entry in my pass store `show -c` had stopped working. Apparently I went a bit overboard with supplemental information in that entry and now `show -c` was reporting a SIGPIPE since earlier commands in some internal pipeline were still trying to write while later commands had already extracted the password line and closed the read end. Attached are two patches, one that adds some tests to detect this situation, and one that fixes the actual problem. Although I saw the problem initially with `show -c`, the tests are written for `show -q` since that seems easier to do portably. Note: tested on Linux only since that's all I have access to. Thanks for your work, J?. -- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Test-show-q-with-large-secrets.patch Type: text/x-diff Size: 3040 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Fix-show-q-c-for-long-secrets.patch Type: text/x-diff Size: 2202 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From judd at jpilot.org Mon Jun 12 13:42:41 2023 From: judd at jpilot.org (Judd Montgomery) Date: Mon, 12 Jun 2023 13:42:41 +0000 Subject: [PATCH] Fix show -c/-q with large entries In-Reply-To: References: Message-ID: <56f67a3f-ddfc-59cf-0068-bae05d4d43a7@jpilot.org> On 6/11/23 15:24, J? Fahlke wrote: > Hi, > > I noticed that for one entry in my pass store `show -c` had stopped working. > Apparently I went a bit overboard with supplemental information in that entry > and now `show -c` was reporting a SIGPIPE since earlier commands in some > internal pipeline were still trying to write while later commands had already > extracted the password line and closed the read end. > > Attached are two patches, one that adds some tests to detect this situation, > and one that fixes the actual problem. Although I saw the problem initially > with `show -c`, the tests are written for `show -q` since that seems easier to > do portably. > > Note: tested on Linux only since that's all I have access to. > > Thanks for your work, > J?. > Hi, I submitted a patch for this in Feb.? Unfortunately, I don't think anyone is maintaining this code anymore. https://lists.zx2c4.com/pipermail/password-store/2023-January/004703.html https://lists.zx2c4.com/pipermail/password-store/2023-January/004716.html Judd From thomas at dupond.eu Mon Jun 12 15:49:33 2023 From: thomas at dupond.eu (Thomas Dupond) Date: Mon, 12 Jun 2023 17:49:33 +0200 Subject: [PATCH] Fix show -c/-q with large entries In-Reply-To: <56f67a3f-ddfc-59cf-0068-bae05d4d43a7@jpilot.org> References: <56f67a3f-ddfc-59cf-0068-bae05d4d43a7@jpilot.org> Message-ID: <0b2b7a18-2bd6-9014-f737-39e95e1e929d@dupond.eu> Hi, Le 2023-06-12 ? 15:42, Judd Montgomery a ?crit?: > On 6/11/23 15:24, J? Fahlke wrote: >> Hi, >> >> I noticed that for one entry in my pass store `show -c` had stopped working. >> Apparently I went a bit overboard with supplemental information in that entry >> and now `show -c` was reporting a SIGPIPE since earlier commands in some >> internal pipeline were still trying to write while later commands had already >> extracted the password line and closed the read end. >> >> Attached are two patches, one that adds some tests to detect this situation, >> and one that fixes the actual problem. Although I saw the problem initially >> with `show -c`, the tests are written for `show -q` since that seems easier to >> do portably. >> >> Note: tested on Linux only since that's all I have access to. >> >> Thanks for your work, >> J?. >> > Hi, > > I submitted a patch for this in Feb.? Unfortunately, I don't think > anyone is maintaining this code anymore. > > https://lists.zx2c4.com/pipermail/password-store/2023-January/004703.html > > https://lists.zx2c4.com/pipermail/password-store/2023-January/004716.html I have the same issue, I have saved a master gpg key in my password store and I encounter the SIGPIPE error now. Too bad that this is not maintained anymore. Is there any equivalent to this?? -- Thomas Dupond From axs at sdf.org Mon Jun 12 16:43:29 2023 From: axs at sdf.org (Andrew Stryker) Date: Mon, 12 Jun 2023 09:43:29 -0700 Subject: [PATCH] Fix show -c/-q with large entries In-Reply-To: <0b2b7a18-2bd6-9014-f737-39e95e1e929d@dupond.eu> References: <56f67a3f-ddfc-59cf-0068-bae05d4d43a7@jpilot.org> <0b2b7a18-2bd6-9014-f737-39e95e1e929d@dupond.eu> Message-ID: Thomas Dupond wrote on 2023-Jun-12: > Hi, > > Le 2023-06-12 ? 15:42, Judd Montgomery a ?crit?: > > On 6/11/23 15:24, J? Fahlke wrote: > > > Hi, > > > > > I have the same issue, I have saved a master gpg key in my password store > and I encounter the SIGPIPE error now. > > Too bad that this is not maintained anymore. Is there any equivalent to > this?? That the maintainer is not regularly responding to messages on this list is not new. Jason seems to be quiet for a long time, pays attention, applies patches, and makes a new release. There are a couple of options if this is not meeting your needs: 1. Investigate gopass: https://www.gopass.pw/. Same idea, written in go (not BASH), and targets passwords management within a team environment. 2. Fork the code in a friendly way. You can apply patches, take pull requests, and have all the kinds of fun that comes with maintaining a project. If done right, this would be a great benefit to the community of folks who use pass. There's a lot to be said for having a communmity of folks maintaining a project, rather than one individual. That said, Jason has successfully made good design and code choices over the years. His choices have made the code robust and maintaible. Andrew From thomas at dupond.eu Tue Jun 13 07:54:44 2023 From: thomas at dupond.eu (Thomas Dupond) Date: Tue, 13 Jun 2023 09:54:44 +0200 Subject: [PATCH] Fix show -c/-q with large entries In-Reply-To: References: <56f67a3f-ddfc-59cf-0068-bae05d4d43a7@jpilot.org> <0b2b7a18-2bd6-9014-f737-39e95e1e929d@dupond.eu> Message-ID: Hello Andrew, Le 2023-06-12 ? 18:43, Andrew Stryker a ?crit : > That the maintainer is not regularly responding to messages on this > list is not new. Jason seems to be quiet for a long time, pays > attention, applies patches, and makes a new release. OK I wasn't aware of this, it's good news! > There are a couple of options if this is not meeting your needs: > > 1. Investigate gopass: https://www.gopass.pw/. Same idea, written in > go (not BASH), and targets passwords management within a team > environment. > > 2. Fork the code in a friendly way. You can apply patches, take pull > requests, and have all the kinds of fun that comes with maintaining > a project. If done right, this would be a great benefit to the > community of folks who use pass. There's a lot to be said for having > a communmity of folks maintaining a project, rather than one > individual. That said, Jason has successfully made good design and > code choices over the years. His choices have made the code robust > and maintaible. Thank you for your recommandations :) -- Regards, Thomas From timhaase at gmx.net Thu Jun 22 08:12:43 2023 From: timhaase at gmx.net (Tim Haase) Date: Thu, 22 Jun 2023 10:12:43 +0200 Subject: [PATCH] Ensure binary detached signatures Message-ID: <20230622081243.80192-1-timhaase@gmx.net> When signing .gpg-id files in `pass init`, pass does not ensure binary detached signatures. If the user has a gpg.conf file specifying ASCII armored output as default, pass will create an ASCII armored detached signature (with the .asc file extension). But pass expects binary detached signatures (having the .sig file extension). This breaks the whole signing and verifying process. By using the --no-armor option for gpg explicitly, pass can ensure the creation of a binary detached signature regardless of user configuration. --- src/password-store.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..2cc8782 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -354,7 +354,7 @@ cmd_init() { for key in $PASSWORD_STORE_SIGNING_KEY; do signing_keys+=( --default-key $key ) done - $GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || die "Could not sign .gpg_id." + $GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --no-armor --detach-sign "$gpg_id" || die "Could not sign .gpg_id." key="$($GPG "${GPG_OPTS[@]}" --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')" [[ -n $key ]] || die "Signing of .gpg_id unsuccessful." git_add_file "$gpg_id.sig" "Signing new GPG id with ${key//[$IFS]/,}." -- 2.41.0 From adigitoleo at posteo.net Thu Jun 22 16:45:30 2023 From: adigitoleo at posteo.net (adigitoleo (Leon)) Date: Thu, 22 Jun 2023 16:45:30 +0000 Subject: Reason for using gpg --batch? Message-ID: Hello, In password-store.sh, some option flags are unconditionally added to the gpg invocation. These are --batch and --use-agent. While I understand the use of the latter, I'm not so clear on what the reason is for using --batch. The gpg man page suggests this is intended for pgrogrammatic use of gpg, to avoid blocking or waiting for interactive input. However, pass is a CLI program that quite happily asks for input in many situations. My reason for asking this is because I have recently discovered that gpg can use a 'loopback' mode whereby it accepts the PGP key passphrase on the stdin of the terminal where pass was invoked. This is convenient, because I mainly use pass from interactive terminals, and therefore don't usually want nor need the PGP agent to resort to using a special GUI or ncurses interface just to ask me for the passphrase. It seems to me that the simple answer would be to use `pinentry-mode loopback` in .gnupg/gpg.conf, however the gpg --batch option is not compatible with this setting. For now, I am manually patching the shell script to remove that flag, and have not yet encountered any problems, but would like to know if that has other implications. Cheers, Leon From csanyipal at gmail.com Mon Jun 26 14:28:43 2023 From: csanyipal at gmail.com (Csanyi Pal) Date: Mon, 26 Jun 2023 16:28:43 +0200 Subject: How to migrate pass to other operating system? In-Reply-To: References: Message-ID: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> Hi, I have installed password-store on my Xubuntu operating system. I must to migrate to the other operating system, namely Ubuntu on an other machine. How can I do that? -- Best, Paul Cs?nyi From axs at sdf.org Mon Jun 26 16:36:30 2023 From: axs at sdf.org (Andrew Stryker) Date: Mon, 26 Jun 2023 09:36:30 -0700 Subject: How to migrate pass to other operating system? In-Reply-To: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> References: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> Message-ID: Csanyi Pal wrote on 2023-Jun-26: > Hi, > > I have installed password-store on my Xubuntu operating system. > > I must to migrate to the other operating system, namely Ubuntu on an other > machine. By migrating to another system, I assume that you are referring to the passwords data, not the password-store programs. And I assume that your need is a one-time transfer, not a continuous need to manage data on multiple systems. There are two general approaches: 1. Copy all you data onto a portable drive (e.g., USB "thumb drive"). The default data location is `$HOME/.password-store`. Copy that directory structure to the portable drive and then copy from the portable drive to your new machine. 2. Start an ssh server on your new machine. You will then be able to copy data to your new machine with `scp` or `rsync`. This option is only makes sense if the first approach is not an option for you. The Ubuntu has instructions for starting an ssh service on their webpages. Hope this helps, Andrew From thomas at dupond.eu Mon Jun 26 21:22:52 2023 From: thomas at dupond.eu (Thomas Dupond) Date: Mon, 26 Jun 2023 23:22:52 +0200 Subject: How to migrate pass to other operating system? In-Reply-To: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> References: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> Message-ID: <3696.1687814572@hanoi.home> Hello, Csanyi Pal wrote: > Hi, > > I have installed password-store on my Xubuntu operating system. > > I must to migrate to the other operating system, namely Ubuntu on an > other machine. > > How can I do that? If you have not changed the default directory where pass stores information, then you just have to copy the directory '~/.password-store' to your other machine. To decrypt the key you must also transfer you pgp keyring to your other machine. -- Regards, Thomas From ramses0 at yahoo.com Wed Jun 28 15:22:05 2023 From: ramses0 at yahoo.com (Robert Ames) Date: Wed, 28 Jun 2023 15:22:05 +0000 (UTC) Subject: How to migrate pass to other operating system? In-Reply-To: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> References: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> Message-ID: <1296310050.298966.1687965725509@mail.yahoo.com> Run the following commands on your original system: # review the man pages, see the environment variables that might impact your usage $ man --pager=cat pass | grep PASSWORD_STORE ? # check your local environment for details of anything you might have changed $ env | grep PASSWORD_STORE # get a rough idea of the most important files related to your password store # (assuming default directories, etc) $ du -sh .password-store/ .gnupg/ PasswordStore is "just" files in a directory that are encrypted by gpg: $ gpg --decrypt ~/.password-store/rames/example.com.gpg >>> gpg: encrypted with 4096-bit RSA key, ID XXXXXXXXXXXXXXXXXX, created 20XX-XX-XX >>> ???? "Robert Ames (20XX-ubuntu-XXXXX) " ExamplePassword username: example at example.com ...you should just be able to bundle up the directory and transfer it to your new system: $ tar -czvf password-bundle.tgz ~/.password-store $ tar -czvf gpg-bundle.tgz ~/.gnupg Transfer, untar (must use `tar` / `*.tgz` in order to preserve permissions!? sometimes gpg/ssh are picky about that): ? $ tar -xvf password-bundle.tgz gpg-bundle.tgz ...usually "dotfiles" (files that begin with a '.' period) are hidden from directory listings by default. Verify they were transferred correctly via "ls -a" or "find": $ ls -la ~/.password-store ~/.gnupg $ find ~/.password-store -type f ; find ~/.gnupg -type f Verify you can still use gpg directly to manipulate them (you may need `apt install password-store gpg` or `apt list | grep ^gpg` or similar) $ gpg --decrypt ~/.password-store/rames/example.com.gpg >>> gpg: encrypted with 4096-bit RSA key, ID XXXXXXXXXXXXXXXXXX, created 20XX-XX-XX >>> ???? "Robert Ames (20XX-ubuntu-XXXXX) " ExamplePassword username: example at example.com ...any problems here, you'll need to make sure you figure your gpg-keys out (~/.gnupg). Then you should be able to run `pass ls | grep ...`, `pass show ...` and verify it's working well for you. Also remember to keep track of your `~/.ssh` keys, or be prepared to re-create and re-distribute new ones. Best of luck! --Robert On Tuesday, June 27, 2023 at 05:35:30 PM CDT, Csanyi Pal wrote: Hi, I have installed password-store on my Xubuntu operating system. I must to migrate to the other operating system, namely Ubuntu on an other machine. How can I do that? -- Best, Paul Cs?nyi From csanyipal at gmail.com Wed Jun 28 21:48:46 2023 From: csanyipal at gmail.com (=?UTF-8?B?Q3PDoW55aSBQw6Fs?=) Date: Wed, 28 Jun 2023 23:48:46 +0200 Subject: How to migrate pass to other operating system? In-Reply-To: <1296310050.298966.1687965725509@mail.yahoo.com> References: <51bf59df-980e-4ddb-0e8e-3380bed13584@gmail.com> <1296310050.298966.1687965725509@mail.yahoo.com> Message-ID: <0e53a389-7e4e-f77a-755b-06510d7ed1db@gmail.com> Hi all! Thanks for the help! I did it. Copied ~/.password-store to the new operating system, then did steps described here: https://www.howtogeek.com/816878/how-to-back-up-and-restore-gpg-keys-on-linux/ 2023. 06. 28. 17:22 keltez?ssel, Robert Ames ?rta: > Run the following commands on your original system: > > # review the man pages, see the environment variables that might impact your usage > $ man --pager=cat pass | grep PASSWORD_STORE > > # check your local environment for details of anything you might have changed > $ env | grep PASSWORD_STORE > > # get a rough idea of the most important files related to your password store > # (assuming default directories, etc) > $ du -sh .password-store/ .gnupg/ > > PasswordStore is "just" files in a directory that are encrypted by gpg: > > $ gpg --decrypt ~/.password-store/rames/example.com.gpg >>>> gpg: encrypted with 4096-bit RSA key, ID XXXXXXXXXXXXXXXXXX, created 20XX-XX-XX >>>> ???? "Robert Ames (20XX-ubuntu-XXXXX) " > ExamplePassword > username: example at example.com > > ...you should just be able to bundle up the directory and transfer it to your new system: > > $ tar -czvf password-bundle.tgz ~/.password-store > $ tar -czvf gpg-bundle.tgz ~/.gnupg > > Transfer, untar (must use `tar` / `*.tgz` in order to preserve permissions!? sometimes gpg/ssh are picky about that): > > $ tar -xvf password-bundle.tgz gpg-bundle.tgz > > ...usually "dotfiles" (files that begin with a '.' period) are hidden from directory listings by default. > > Verify they were transferred correctly via "ls -a" or "find": > > $ ls -la ~/.password-store ~/.gnupg > $ find ~/.password-store -type f ; find ~/.gnupg -type f > > Verify you can still use gpg directly to manipulate them (you may need `apt install password-store gpg` or `apt list | grep ^gpg` or similar) > > $ gpg --decrypt ~/.password-store/rames/example.com.gpg >>>> gpg: encrypted with 4096-bit RSA key, ID XXXXXXXXXXXXXXXXXX, created 20XX-XX-XX >>>> ???? "Robert Ames (20XX-ubuntu-XXXXX) " > ExamplePassword > username: example at example.com > > ...any problems here, you'll need to make sure you figure your gpg-keys out (~/.gnupg). > > Then you should be able to run `pass ls | grep ...`, `pass show ...` and verify it's working well for you. > > Also remember to keep track of your `~/.ssh` keys, or be prepared to re-create and re-distribute new ones. > > Best of luck! > > --Robert > > > On Tuesday, June 27, 2023 at 05:35:30 PM CDT, Csanyi Pal wrote: > > > > > > Hi, > > I have installed password-store on my Xubuntu operating system. > > I must to migrate to the other operating system, namely Ubuntu on an > other machine. > > How can I do that? >