From ngraves at ngraves.fr  Thu Mar  9 15:44:14 2023
From: ngraves at ngraves.fr (Nicolas Graves)
Date: Thu, 09 Mar 2023 16:44:14 +0100
Subject: [PATCH] emacs: Add variable password-store-file-extension.
In-Reply-To: <875ydxngsm.fsf@ngraves.fr>
References: <20221013213107.24749-1-ngraves@ngraves.fr>
 <875ydxngsm.fsf@ngraves.fr>
Message-ID: <87cz5ind4h.fsf@ngraves.fr>


Hey,

Sorry to ask again, I didn't get any answer, this is just a simple patch
adding only one variable, which enables the emacs package to also
support age as well. 

Is there someone responsible for the emacs code with whom I can discuss
this? 

Thanks in advance, 


On 2022-12-27 13:59, Nicolas Graves wrote:

> Hi !
>
> I don't have an answer to this patch, can someone review this?
>
> Thanks in advance,
>
> Nicolas Graves
>
>  
> On 2022-10-13 23:31, Nicolas Graves wrote:
>
>> ---
>>  contrib/emacs/password-store.el | 9 +++++++--
>>  1 file changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el
>> index 6561eb1..72aee3e 100644
>> --- a/contrib/emacs/password-store.el
>> +++ b/contrib/emacs/password-store.el
>> @@ -66,6 +66,9 @@
>>  (defvar password-store-timeout-timer nil
>>    "Timer for clearing clipboard.")
>>  
>> +(defvar password-store-file-extension ".gpg"
>> +  "File extension to expect in the password store.")
>> +
>>  (defun password-store-timeout ()
>>    "Number of seconds to wait before clearing the password.
>>  
>> @@ -187,7 +190,8 @@ Nil arguments are ignored.  Output is discarded."
>>  
>>  (defun password-store--entry-to-file (entry)
>>    "Return file name corresponding to ENTRY."
>> -  (concat (expand-file-name entry (password-store-dir)) ".gpg"))
>> +  (concat (expand-file-name entry (password-store-dir))
>> +          password-store-file-extension))
>>  
>>  (defun password-store--file-to-entry (file)
>>    "Return entry name corresponding to FILE."
>> @@ -218,7 +222,8 @@ ENTRY is the name of a password-store entry."
>>      (if (file-directory-p dir)
>>          (delete-dups
>>           (mapcar 'password-store--file-to-entry
>> -                 (directory-files-recursively dir ".+\\.gpg\\'"))))))
>> +                 (directory-files-recursively
>> +                  dir (concat ".+\\" password-store-file-extension "\\'")))))))
>>  
>>  ;;;###autoload
>>  (defun password-store-edit (entry)

-- 
Best regards,
Nicolas Graves

From jaccarmac at gmail.com  Fri Mar 10 05:56:18 2023
From: jaccarmac at gmail.com (Jacob MacDonald)
Date: Thu, 9 Mar 2023 23:56:18 -0600
Subject: [PATCH] emacs: Add variable password-store-file-extension.
In-Reply-To: <87cz5ind4h.fsf@ngraves.fr>
References: <20221013213107.24749-1-ngraves@ngraves.fr>
 <875ydxngsm.fsf@ngraves.fr> <87cz5ind4h.fsf@ngraves.fr>
Message-ID: <CACy6W0BsBCcZ6FKAuxxrSYxa6Q5iEOx=AGJmwxgCZw4uymOrKg@mail.gmail.com>

Nicolas Graves <ngraves at ngraves.fr> wrote:
> Is there someone responsible for the emacs code with whom I can discuss
> this?

Tino Calancha is active on this list and GitHub. Your messages to the
group may be getting filtered; I had to resurrect this one from my
spam folder.

If this reply doesn't help, you may be able to contact him directly.

Jacob.

From tino.calancha at gmail.com  Fri Mar 10 12:12:58 2023
From: tino.calancha at gmail.com (Tino Calancha)
Date: Fri, 10 Mar 2023 13:12:58 +0100 (CET)
Subject: [PATCH] emacs: Add variable password-store-file-extension.
In-Reply-To: <87cz5ind4h.fsf@ngraves.fr>
References: <20221013213107.24749-1-ngraves@ngraves.fr>
 <875ydxngsm.fsf@ngraves.fr> <87cz5ind4h.fsf@ngraves.fr>
Message-ID: <79c41a6-35fa-94cf-6241-909caad0c99e@gmail.com>



Dear Nicolas,

Thank you for your contribution and your patience while awaiting a
response. I appreciate your effort in submitting the patch.

I reviewed your patch carefully a few days after it was posted, and I
apologize for not providing any feedback earlier.

However, I am not comfortable with accepting this patch. The reason is
that it may give users the false impression that everything will work
seamlessly with the AGE encryption as it does with GPG. It won't.

Indeed, to fully support AGE encryption at the same level as we do
with GPG would require significant upstream work. Currently, Emacs
ships with the epa- libraries, which are tailored to support GPG and
handle transparent encryption/decryption of files.

Until we have equivalent libraries that can handle AGE encryption, I
discourage adding a patch like the one you proposed.

Thank you again for your contribution, and I apologize for not
providing feedback earlier.

Tino



On Thu, 9 Mar 2023, Nicolas Graves wrote:

>
> Hey,
>
> Sorry to ask again, I didn't get any answer, this is just a simple patch
> adding only one variable, which enables the emacs package to also
> support age as well.
>
> Is there someone responsible for the emacs code with whom I can discuss
> this?
>
> Thanks in advance,
>
>
> On 2022-12-27 13:59, Nicolas Graves wrote:
>
>> Hi !
>>
>> I don't have an answer to this patch, can someone review this?
>>
>> Thanks in advance,
>>
>> Nicolas Graves
>>
>>
>> On 2022-10-13 23:31, Nicolas Graves wrote:
>>
>>> ---
>>>  contrib/emacs/password-store.el | 9 +++++++--
>>>  1 file changed, 7 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el
>>> index 6561eb1..72aee3e 100644
>>> --- a/contrib/emacs/password-store.el
>>> +++ b/contrib/emacs/password-store.el
>>> @@ -66,6 +66,9 @@
>>>  (defvar password-store-timeout-timer nil
>>>    "Timer for clearing clipboard.")
>>>
>>> +(defvar password-store-file-extension ".gpg"
>>> +  "File extension to expect in the password store.")
>>> +
>>>  (defun password-store-timeout ()
>>>    "Number of seconds to wait before clearing the password.
>>>
>>> @@ -187,7 +190,8 @@ Nil arguments are ignored.  Output is discarded."
>>>
>>>  (defun password-store--entry-to-file (entry)
>>>    "Return file name corresponding to ENTRY."
>>> -  (concat (expand-file-name entry (password-store-dir)) ".gpg"))
>>> +  (concat (expand-file-name entry (password-store-dir))
>>> +          password-store-file-extension))
>>>
>>>  (defun password-store--file-to-entry (file)
>>>    "Return entry name corresponding to FILE."
>>> @@ -218,7 +222,8 @@ ENTRY is the name of a password-store entry."
>>>      (if (file-directory-p dir)
>>>          (delete-dups
>>>           (mapcar 'password-store--file-to-entry
>>> -                 (directory-files-recursively dir ".+\\.gpg\\'"))))))
>>> +                 (directory-files-recursively
>>> +                  dir (concat ".+\\" password-store-file-extension "\\'")))))))
>>>
>>>  ;;;###autoload
>>>  (defun password-store-edit (entry)
>
> -- 
> Best regards,
> Nicolas Graves
>

From ngraves at ngraves.fr  Wed Mar 15 14:40:56 2023
From: ngraves at ngraves.fr (Nicolas Graves)
Date: Wed, 15 Mar 2023 15:40:56 +0100
Subject: [PATCH] emacs: Add variable password-store-file-extension.
In-Reply-To: <79c41a6-35fa-94cf-6241-909caad0c99e@gmail.com>
References: <20221013213107.24749-1-ngraves@ngraves.fr>
 <875ydxngsm.fsf@ngraves.fr> <87cz5ind4h.fsf@ngraves.fr>
 <79c41a6-35fa-94cf-6241-909caad0c99e@gmail.com>
Message-ID: <87v8j26ps7.fsf@ngraves.fr>

On 2023-03-10 13:12, Tino Calancha wrote:

Hi Tino,

Thanks for your considerate answer.

> Dear Nicolas,
>
> Thank you for your contribution and your patience while awaiting a
> response. I appreciate your effort in submitting the patch.
>
> I reviewed your patch carefully a few days after it was posted, and I
> apologize for not providing any feedback earlier.
>
> However, I am not comfortable with accepting this patch. The reason is
> that it may give users the false impression that everything will work
> seamlessly with the AGE encryption as it does with GPG. It won't.

I fully understand the issue. However, for a simple password store (and
nothing more elaborate), I can get it to work with a few customizations,
and without the need to add a new package. I've seen the repository
https://github.com/anticomputer/passage.el but most of what is done here
is done with this patch.

> Indeed, to fully support AGE encryption at the same level as we do
> with GPG would require significant upstream work. Currently, Emacs
> ships with the epa- libraries, which are tailored to support GPG and
> handle transparent encryption/decryption of files.

I guess what would be needed for this seamless integration is closer to
what is found here : https://github.com/anticomputer/age.el ; but I
haven't needed it to get my password store working with age.

> Until we have equivalent libraries that can handle AGE encryption, I
> discourage adding a patch like the one you proposed.
>
> Thank you again for your contribution, and I apologize for not
> providing feedback earlier.

If the issue is the trust in users' perception and expectations if this
variable has to be defined, would it be possible to consider the patch
with an additional warning with the fact that only gnupg is supported,
or something like that?

Another option would be to try and merge equivalent patches
corresponding to this repo age.el (I haven't looked at it, it's probably
also very light) and file auth-source-pass.el in Emacs source code
before here.

I've also sent a patch in upstream Emacs for the part in
auth-source-pass.el, see here:
https://lists.gnu.org/archive/html/emacs-devel/2023-03/msg00342.html

I've just seen by the way that if this patch gets merged, we could also
not define this variable in password-store.el and use the
auth-source-pass-file-extension since it should be defined in
password-store.el. I'm also forwarding this email to Eli Zaretskii as I
just answered regarding the aforementioned patch on emacs-devel mailing
lists, so that he gets more information.

>
> Tino

-- 
Best regards,
Nicolas Graves

From linus.van.pelt at disroot.org  Sun Mar 19 09:11:22 2023
From: linus.van.pelt at disroot.org (Linus van Pelt)
Date: Sun, 19 Mar 2023 10:11:22 +0100
Subject: No subject
Message-ID: <m2edplkryt.fsf@disroot.org>

Hello,

I noticed a strange problem, maybe on my side only.
When I use "pass -c" the password is copied for the given time and
cleared afterwards from the clipboard. So far perfect behavior.
But if I use a tool to keep my clipboard history, the password is
exposed and won't get deleted. I totally understand that this is my
fault to use such a tool.
The only thing that raised me to wonder if this is ok is if I grab the
password from "KeepassXC" with "command C" the password is not exposed
to the clipboard history tool. It simply doesn't show up as if it never
had been copied at all, but I can paste it for the given time and it
disappears afterwards.

I'm using gnupg and pass installed from homebrew.

pass 1.7.4
gnupg 2.4.0
libgcrypt 1.10.1

KeepassXC 2.7.4

CopyClip 1.9.8 is the clipboard history tool.

Would be great if someone can give me a hint why this is happening.
Simplest solution, get rid of "CopyClip", but sometimes it proved helpful to
grab a older entry.

Thanks in advance
Linus

From dam at cosinux.org  Wed Mar 22 17:03:24 2023
From: dam at cosinux.org (Damien Merenne)
Date: Wed, 22 Mar 2023 18:03:24 +0100
Subject: [PATCH] Die when editing and the editor fails.
Message-ID: <20230322170324.1128012-1-dam@cosinux.org>

This commit makes the pass edit command fail when the invoked
$EDITOR exit with a status different from EXIT_SUCCESS.
---
 src/password-store.sh     | 2 +-
 tests/t0200-edit-tests.sh | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818f..4fdae0a 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -500,7 +500,7 @@ cmd_edit() {
 		$GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1
 		action="Edit"
 	fi
-	${EDITOR:-vi} "$tmp_file"
+	${EDITOR:-vi} "$tmp_file" || die "Editor canceled edit."
 	[[ -f $tmp_file ]] || die "New password not saved."
 	$GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged."
 	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
diff --git a/tests/t0200-edit-tests.sh b/tests/t0200-edit-tests.sh
index d8d7b64..b32c782 100755
--- a/tests/t0200-edit-tests.sh
+++ b/tests/t0200-edit-tests.sh
@@ -14,4 +14,11 @@ test_expect_success 'Test "edit" command' '
 	[[ $("$PASS" show cred1) == "$FAKE_EDITOR_PASSWORD" ]]
 '
 
+test_expect_success 'Test "edit" command when editor fails' '
+	"$PASS" init $KEY1 &&
+	"$PASS" generate cred1 90 &&
+	export EDITOR="false" &&
+	! "$PASS" edit cred1
+'
+
 test_done
-- 
2.34.1


From asmadeus at codewreck.org  Wed Mar 29 21:19:28 2023
From: asmadeus at codewreck.org (Dominique Martinet)
Date: Thu, 30 Mar 2023 06:19:28 +0900
Subject: [PATCH] init: allow using without gpg-id to reencrypt directory
Message-ID: <20230329211928.2311045-1-asmadeus@codewreck.org>

When using gpg groups in .gpg-id (through gpg.conf), it is useful to
periodically re-encrypt the whole password store without changing the
.gpg-id files in it.

The reencrypt_path helper already expands groups and correctly
identifies when group contents changed to only reencrypt on an as-need
basis, but the function is not otherwise exposed (except through two mv
or cp...) so having this functionality in init would be quite useful.
---
Note: didn't adjust tests, it might make sense to modify
t0300-reencryption.sh to modify a group and test that,
but gpg doesn't seem to provide any command to modify config on the fly
(oh, using `PASSWORD_STORE_GPG_OPTS=--group=groupname=member` seems to
properly be additive, but tests setup clears that variable (as it
should!) and the test script helpers will need adjustments so there's a
bit of work required)

I can look at it if really required, otherwise I've tested locally and
it just works as one would expect.


 man/pass.1            | 5 +++--
 src/password-store.sh | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/man/pass.1 b/man/pass.1
index a555dcb26bc6..eccb3b7faa9c 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -58,7 +58,7 @@ password names in
 .SH COMMANDS
 
 .TP
-\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP
+\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] [ \fIgpg-id...\fP ]
 Initialize new password storage and use
 .I gpg-id
 for encryption. Multiple gpg-ids may be specified, in order to encrypt each
@@ -72,7 +72,8 @@ intervention. If \fI--path\fP or \fI-p\fP is specified, along with an argument,
 a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of
 the password store. If only one \fIgpg-id\fP is given, and it is an empty string,
 then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP (or root if
-unspecified) is removed.
+unspecified) is removed. If no \fIgpg-id\fP are given, the directory is reencrypted
+without modifying the \fI.gpg-id\fP file.
 .TP
 \fBls\fP \fIsubfolder\fP
 List names of passwords inside the tree at
diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818fd548a..5415f40faf3a 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -328,7 +328,7 @@ cmd_init() {
 		--) shift; break ;;
 	esac done
 
-	[[ $err -ne 0 || $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
+	[[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..."
 	[[ -n $id_path ]] && check_sneaky_paths "$id_path"
 	[[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory."
 
@@ -343,7 +343,7 @@ cmd_init() {
 			git_commit "Deinitialize ${gpg_id}${id_path:+ ($id_path)}."
 		fi
 		rmdir -p "${gpg_id%/*}" 2>/dev/null
-	else
+	elif [[ $# -ge 1 ]]; then
 		mkdir -v -p "$PREFIX/$id_path"
 		printf "%s\n" "$@" > "$gpg_id"
 		local id_print="$(printf "%s, " "$@")"
-- 
2.39.2