From a87fe1a4-9565-4625-b062-f7e1f655be57 at anonaddy.me Wed Sep 20 05:48:28 2023 From: a87fe1a4-9565-4625-b062-f7e1f655be57 at anonaddy.me (a87fe1a4-9565-4625-b062-f7e1f655be57 at anonaddy.me) Date: Wed, 20 Sep 2023 05:48:28 +0000 Subject: [PATCH] contrib/importers/keepass2csv2pass.py: remove deprecated 'U' open mode Message-ID: Having also encountered this issue recently, I was about to submit a patch myself until I saw this. I'm bumping this thread so that it has a chance of being looked at again and perhaps accepted. From a0ddca20-0666-4cad-b8a8-da73c13955da at simplelogin.com Wed Sep 20 06:37:07 2023 From: a0ddca20-0666-4cad-b8a8-da73c13955da at simplelogin.com (a0ddca20-0666-4cad-b8a8-da73c13955da at simplelogin.com) Date: Wed, 20 Sep 2023 06:37:07 +0000 Subject: [PATCH] contrib/importers/keepass2csv2pass.py: remove deprecated 'U' open mode In-Reply-To: References: Message-ID: <169519183620.7.15527181862385078575.183228724@simplelogin.com> Looks like the guy posting this forgot to quote the original email. So I searched for it and found the original email archived at https://lists.zx2c4.com/pipermail/password-store/2023-April/004749.html > Having also encountered this issue recently, I was about to submit a patch myself until I saw this. I'm bumping this thread so that it has a chance of being looked at again and perhaps accepted. From alx at kernel.org Sun Sep 24 13:22:25 2023 From: alx at kernel.org (Alejandro Colomar) Date: Sun, 24 Sep 2023 15:22:25 +0200 Subject: Using find(1) instead of tree(1) Message-ID: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> Hi, I would like to be able to filter the results of pass using standard Unix tools. The reason is I have a rather large password database (and it's only going to increase): $ pass show | wc -l 552 I don't have 552 passwords, but I use pass(1) also as a bookmark for websites. $ pass show www/foss/kernel/bugzilla/ www/foss/kernel/bugzilla ??? alx ??? ??? id ??? ??? pass ??? url For example, for the kernel bugzilla, you can see that I not only store the password, but I also store the username (id), and the url. $ pass show www/foss/kernel/bugzilla/url https://bugzilla.kernel.org/ $ pass show www/foss/kernel/bugzilla/alx/id alx at kernel.org The problem comes when I need to search for something I don't remember: Let's say I want to see everything I have for "kernel", but don't remember where kernel is: $ pass find kernel Search Terms: kernel ??? www ??? foss ??? kernel Okay, so I want to search "www/foss/kernel"; but I have to type it! It would be preferable to have some '--find' ('-f') that worked like this: (The name --find would be because it would use find(1) underneath.) $ pass find --find kernel www/foss/kernel/ (Notice the trailing slash (which find(1) doesn't add). It's useful to know it's a dir.) Then I would just pass that to my next command: $ pass find --find kernel \ | xargs pass show --find www/foss/kernel/ www/foss/kernel/smtp/ www/foss/kernel/smtp/pass www/foss/kernel/bugzilla/ www/foss/kernel/bugzilla/url www/foss/kernel/bugzilla/alx/ www/foss/kernel/bugzilla/alx/id www/foss/kernel/bugzilla/alx/pass And then I can just grep from there what I need (say the bugzilla password): $ pass find --find kernel \ | xargs pass show --find \ | grep 'bugzilla.*/pass' www/foss/kernel/bugzilla/alx/pass And finally show the pass: $ pass find --find kernel \ | xargs pass show --find \ | grep 'bugzilla.*/pass' \ | xargs pass show pw Would you want this feature? If you agree, I'll start writing it, and will ask if I have any doubts. Thanks, Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From alx at kernel.org Sun Sep 24 21:08:51 2023 From: alx at kernel.org (Alejandro Colomar) Date: Sun, 24 Sep 2023 23:08:51 +0200 Subject: [PATCH] man: New sentence, new line Message-ID: <20230924210850.22122-1-alx@kernel.org> Manual pages *must* use either 2 spaces between sentences, or a newline. Using only 1 space will fool the formatter to think that the '.' is not a sentence terminator (it could be for example an abbreviation, as in Jason A. Donenfeld). Let's use a newline, as is recommended by man-pages(7). $ MANWIDTH=72 man man-pages \ | sed -n '/Use semantic newlines/,/^$/p'; Use semantic newlines In the source of a manual page, new sentences should be started on new lines, long sentences should be split into lines at clause breaks (commas, semicolons, colons, and so on), and long clauses should be split at phrase boundaries. This convention, sometimes known as "semantic newlines", makes it easier to see the effect of patches, which often operate at the level of in? dividual sentences, clauses, or phrases. Signed-off-by: Alejandro Colomar --- man/pass.1 | 169 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 113 insertions(+), 56 deletions(-) diff --git a/man/pass.1 b/man/pass.1 index a555dcb..7d5cffa 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -30,25 +30,31 @@ .SH DESCRIPTION .B show or .BR ls , -depending on the type of specifier in ARGS. Alternatively, if \fIPASSWORD_STORE_ENABLE_EXTENSIONS\fP +depending on the type of specifier in ARGS. +Alternatively, if \fIPASSWORD_STORE_ENABLE_EXTENSIONS\fP is set to "true", and the file \fI.extensions/COMMAND.bash\fP exists inside the password store and is executable, then it is sourced into the environment, -passing any arguments and environment variables. Extensions existing in a +passing any arguments and environment variables. +Extensions existing in a system-wide directory, only installable by the administrator, are always enabled. Otherwise COMMAND must be one of the valid commands listed below. Several of the commands below rely on or provide additional functionality if -the password store directory is also a git repository. If the password store +the password store directory is also a git repository. +If the password store directory is a git repository, all password store modification commands will -cause a corresponding git commit. Sub-directories may be separate nested git +cause a corresponding git commit. +Sub-directories may be separate nested git repositories, and pass will use the inner-most directory relative to the -current password. See the \fIEXTENDED GIT EXAMPLE\fP section for a detailed +current password. +See the \fIEXTENDED GIT EXAMPLE\fP section for a detailed description using \fBinit\fP and .BR git (1). The \fBinit\fP command must be run before other commands in order to initialize -the password store with the correct gpg key id. Passwords are encrypted using +the password store with the correct gpg key id. +Passwords are encrypted using the gpg key set with \fBinit\fP. There is a corresponding bash completion script for use with tab completing @@ -61,16 +67,21 @@ .SH COMMANDS \fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP Initialize new password storage and use .I gpg-id -for encryption. Multiple gpg-ids may be specified, in order to encrypt each -password with multiple ids. This command must be run first before a password -store can be used. If the specified \fIgpg-id\fP is different from the key +for encryption. +Multiple gpg-ids may be specified, in order to encrypt each +password with multiple ids. +This command must be run first before a password +store can be used. +If the specified \fIgpg-id\fP is different from the key used in any existing files, these files will be reencrypted to use the new id. Note that use of .BR gpg-agent (1) is recommended so that the batch decryption does not require as much user -intervention. If \fI--path\fP or \fI-p\fP is specified, along with an argument, +intervention. +If \fI--path\fP or \fI-p\fP is specified, along with an argument, a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of -the password store. If only one \fIgpg-id\fP is given, and it is an empty string, +the password store. +If only one \fIgpg-id\fP is given, and it is an empty string, then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP (or root if unspecified) is removed. .TP @@ -79,56 +90,73 @@ .SH COMMANDS .I subfolder by using the .BR tree (1) -program. This command is alternatively named \fBlist\fP. +program. +This command is alternatively named \fBlist\fP. .TP \fBgrep\fP [\fIGREPOPTIONS\fP] \fIsearch-string\fP Searches inside each decrypted password file for \fIsearch-string\fP, and displays line -containing matched string along with filename. Uses +containing matched string along with filename. +Uses .BR grep (1) -for matching. \fIGREPOPTIONS\fP are passed to +for matching. +\fIGREPOPTIONS\fP are passed to .BR grep (1) -as-is. (Note: the \fIGREP_OPTIONS\fP environment variable functions as well.) +as-is. +(Note: the \fIGREP_OPTIONS\fP environment variable functions as well.) .TP \fBfind\fP \fIpass-names\fP... List names of passwords inside the tree that match \fIpass-names\fP by using the .BR tree (1) -program. This command is alternatively named \fBsearch\fP. +program. +This command is alternatively named \fBsearch\fP. .TP \fBshow\fP [ \fI--clip\fP[=\fIline-number\fP], \fI-c\fP[\fIline-number\fP] ] [ \fI--qrcode\fP[=\fIline-number\fP], \fI-q\fP[\fIline-number\fP] ] \fIpass-name\fP -Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP +Decrypt and print a password named \fIpass-name\fP. +If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy the first (or otherwise specified) line to the clipboard using .BR xclip (1) or .BR wl-clipboard(1) -and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP +and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. +If \fI--qrcode\fP or \fI-q\fP is specified, do not print the password but instead display a QR code using .BR qrencode (1) either to the terminal or graphically if supported. .TP \fBinsert\fP [ \fI--echo\fP, \fI-e\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP -Insert a new password into the password store called \fIpass-name\fP. This will -read the new password from standard in. If \fI--echo\fP or \fI-e\fP is \fInot\fP specified, +Insert a new password into the password store called \fIpass-name\fP. +This will +read the new password from standard in. +If \fI--echo\fP or \fI-e\fP is \fInot\fP specified, disable keyboard echo when the password is entered and confirm the password by asking -for it twice. If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until -EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read. Prompt -before overwriting an existing password, unless \fI--force\fP or \fI-f\fP is specified. This +for it twice. +If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until +EOF or Ctrl+D is reached. +Otherwise, only a single line from standard in is read. +Prompt +before overwriting an existing password, unless \fI--force\fP or \fI-f\fP is specified. +This command is alternatively named \fBadd\fP. .TP \fBedit\fP \fIpass-name\fP Insert a new password or edit an existing password using the default text editor specified by the environment variable \fIEDITOR\fP or using .BR vi (1) -as a fallback. This mode makes use of temporary files for editing, but care is taken to +as a fallback. +This mode makes use of temporary files for editing, but care is taken to ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writing to -difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to +difficult-to-erase disk sectors. +If \fI/dev/shm\fP is not accessible, fallback to the ordinary \fITMPDIR\fP location, and print a warning. .TP \fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name [pass-length]\fP Generate a new password using \fB/dev/urandom\fP of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) and insert into -\fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP is specified, do not use -any non-alphanumeric characters in the generated password. The character sets used +\fIpass-name\fP. +If \fI--no-symbols\fP or \fI-n\fP is specified, do not use +any non-alphanumeric characters in the generated password. +The character sets used in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\fP and \fIPASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS\fP environment variables, described below. If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy @@ -136,42 +164,59 @@ .SH COMMANDS .BR xclip (1) or .BR wl-clipboard(1) -and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP +and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. +If \fI--qrcode\fP or \fI-q\fP is specified, do not print the password but instead display a QR code using .BR qrencode (1) -either to the terminal or graphically if supported. Prompt before overwriting an existing password, -unless \fI--force\fP or \fI-f\fP is specified. If \fI--in-place\fP or \fI-i\fP is +either to the terminal or graphically if supported. +Prompt before overwriting an existing password, +unless \fI--force\fP or \fI-f\fP is specified. +If \fI--in-place\fP or \fI-i\fP is specified, do not interactively prompt, and only replace the first line of the password file with the new generated password, keeping the remainder of the file intact. .TP \fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP -Remove the password named \fIpass-name\fP from the password store. This command is -alternatively named \fBremove\fP or \fBdelete\fP. If \fI--recursive\fP or \fI-r\fP -is specified, delete pass-name recursively if it is a directory. If \fI--force\fP +Remove the password named \fIpass-name\fP from the password store. +This command is +alternatively named \fBremove\fP or \fBdelete\fP. +If \fI--recursive\fP or \fI-r\fP +is specified, delete pass-name recursively if it is a directory. +If \fI--force\fP or \fI-f\fP is specified, do not interactively prompt before removal. .TP \fBmv\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP -Renames the password or directory named \fIold-path\fP to \fInew-path\fP. This -command is alternatively named \fBrename\fP. If \fI--force\fP is specified, -silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a -trailing \fI/\fP, it is always treated as a directory. Passwords are selectively +Renames the password or directory named \fIold-path\fP to \fInew-path\fP. +This +command is alternatively named \fBrename\fP. +If \fI--force\fP is specified, +silently overwrite \fInew-path\fP if it exists. +If \fInew-path\fP ends in a +trailing \fI/\fP, it is always treated as a directory. +Passwords are selectively reencrypted to the corresponding keys of their new destination. .TP \fBcp\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP -Copies the password or directory named \fIold-path\fP to \fInew-path\fP. This -command is alternatively named \fBcopy\fP. If \fI--force\fP is specified, -silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a -trailing \fI/\fP, it is always treated as a directory. Passwords are selectively +Copies the password or directory named \fIold-path\fP to \fInew-path\fP. +This +command is alternatively named \fBcopy\fP. +If \fI--force\fP is specified, +silently overwrite \fInew-path\fP if it exists. +If \fInew-path\fP ends in a +trailing \fI/\fP, it is always treated as a directory. +Passwords are selectively reencrypted to the corresponding keys of their new destination. .TP \fBgit\fP \fIgit-command-args\fP... If the password store is a git repository, pass \fIgit-command-args\fP as arguments to .BR git (1) -using the password store as the git repository. If \fIgit-command-args\fP is \fBinit\fP, +using the password store as the git repository. +If \fIgit-command-args\fP is \fBinit\fP, in addition to initializing the git repository, add the current contents of the password -store to the repository in an initial commit. If the git config key \fIpass.signcommits\fP +store to the repository in an initial commit. +If the git config key \fIpass.signcommits\fP is set to \fItrue\fP, then all commits will be signed using \fIuser.signingkey\fP or the -default git signing key. This config key may be turned on using: +default git signing key. +This config key may be turned on using: .B `pass git config --bool --add pass.signcommits true` .TP \fBhelp\fP @@ -246,7 +291,8 @@ .SH SIMPLE EXAMPLES Copy existing password to clipboard .B zx2c4 at laptop ~ $ pass -c Email/zx2c4.com .br -Copied Email/jason at zx2c4.com to clipboard. Will clear in 45 seconds. +Copied Email/jason at zx2c4.com to clipboard. +Will clear in 45 seconds. .TP Add password to store .B zx2c4 at laptop ~ $ pass insert Business/cheese-whiz-factory @@ -289,7 +335,8 @@ .SH SIMPLE EXAMPLES Generate new password and copy it to the clipboard .B zx2c4 at laptop ~ $ pass generate -c Email/jasondonenfeld.com 19 .br -Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. +Copied Email/jasondonenfeld.com to clipboard. +Will clear in 45 seconds. .TP Remove password from store .B zx2c4 at laptop ~ $ pass remove Business/cheese-whiz-factory @@ -299,7 +346,8 @@ .SH SIMPLE EXAMPLES removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019] .SH EXTENDED GIT EXAMPLE -Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass git push\fP; consult +Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. +Make note of the arguments to the first call of \fBpass git push\fP; consult .BR git-push (1) for more information. @@ -399,9 +447,11 @@ .SH FILES .TP .B ~/.password-store/.gpg-id Contains the default gpg key identification used for encryption and decryption. -Multiple gpg keys may be specified in this file, one per line. If this file +Multiple gpg keys may be specified in this file, one per line. +If this file exists in any sub directories, passwords inside those sub directories are -encrypted using those keys. This should be set using the \fBinit\fP command. +encrypted using those keys. +This should be set using the \fBinit\fP command. .TP .B ~/.password-store/.extensions The directory containing extension files. @@ -413,7 +463,8 @@ .SH ENVIRONMENT VARIABLES Overrides the default password storage directory. .TP .I PASSWORD_STORE_KEY -Overrides the default gpg key identification set by \fBinit\fP. Keys must not +Overrides the default gpg key identification set by \fBinit\fP. +Keys must not contain spaces and thus use of the hexadecimal key signature is recommended. Multiple keys may be specified separated by spaces. .TP @@ -421,7 +472,8 @@ .SH ENVIRONMENT VARIABLES Additional options to be passed to all invocations of GPG. .TP .I PASSWORD_STORE_X_SELECTION -Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. See +Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. +See .BR xclip (1) for more info. .TP @@ -437,15 +489,19 @@ .SH ENVIRONMENT VARIABLES is unspecified. .TP .I PASSWORD_STORE_CHARACTER_SET -The character set to be used in password generation for \fBgenerate\fP. This value -is to be interpreted by \fBtr\fP. See +The character set to be used in password generation for \fBgenerate\fP. +This value +is to be interpreted by \fBtr\fP. +See .BR tr (1) for more info. .TP .I PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS The character set to be used in no-symbol password generation for \fBgenerate\fP, -when \fI--no-symbols\fP, \fI-n\fP is specified. This value is to be interpreted -by \fBtr\fP. See +when \fI--no-symbols\fP, \fI-n\fP is specified. +This value is to be interpreted +by \fBtr\fP. +See .BR tr (1) for more info. .TP @@ -459,7 +515,8 @@ .SH ENVIRONMENT VARIABLES .I PASSWORD_STORE_SIGNING_KEY If this environment variable is set, then all \fB.gpg-id\fP files and non-system extension files must be signed using a detached signature using the GPG key specified by the full 40 character -upper-case fingerprint in this variable. If multiple fingerprints are specified, each +upper-case fingerprint in this variable. +If multiple fingerprints are specified, each separated by a whitespace character, then signatures must match at least one. The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date. .TP -- 2.40.1 From alx at kernel.org Sun Sep 24 21:32:22 2023 From: alx at kernel.org (Alejandro Colomar) Date: Sun, 24 Sep 2023 23:32:22 +0200 Subject: [PATCH] man: Escape ASCII 0x2D ('-') Message-ID: <20230924213222.22428-1-alx@kernel.org> When a hyphen-minus should be formatted as ASCII 0x2D, it should be written escaped. Otherwise, depending on the system, the output will be a hyphen, and cannot be used straight from pasting into the command line. Signed-off-by: Alejandro Colomar --- man/pass.1 | 150 ++++++++++++++++++++++++++--------------------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/man/pass.1 b/man/pass.1 index 7d5cffa..8868b78 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -1,7 +1,7 @@ .TH PASS 1 "2014 March 18" ZX2C4 "Password Store" .SH NAME -pass - stores, retrieves, generates, and synchronizes passwords securely +pass \- stores, retrieves, generates, and synchronizes passwords securely .SH SYNOPSIS .B pass @@ -19,7 +19,7 @@ .SH DESCRIPTION is a very simple password store that keeps passwords inside .BR gpg2 (1) encrypted files inside a simple directory tree residing at -.IR ~/.password-store . +.IR ~/.password\-store . The .B pass utility provides a series of commands for manipulating the password store, @@ -64,25 +64,25 @@ .SH DESCRIPTION .SH COMMANDS .TP -\fBinit\fP [ \fI--path=sub-folder\fP, \fI-p sub-folder\fP ] \fIgpg-id...\fP +\fBinit\fP [ \fI\-\-path=sub-folder\fP, \fI\-p sub-folder\fP ] \fIgpg\-id...\fP Initialize new password storage and use -.I gpg-id +.I gpg\-id for encryption. -Multiple gpg-ids may be specified, in order to encrypt each +Multiple gpg\-ids may be specified, in order to encrypt each password with multiple ids. This command must be run first before a password store can be used. -If the specified \fIgpg-id\fP is different from the key +If the specified \fIgpg\-id\fP is different from the key used in any existing files, these files will be reencrypted to use the new id. Note that use of -.BR gpg-agent (1) +.BR gpg\-agent (1) is recommended so that the batch decryption does not require as much user intervention. -If \fI--path\fP or \fI-p\fP is specified, along with an argument, -a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of +If \fI\-\-path\fP or \fI\-p\fP is specified, along with an argument, +a specific gpg\-id or set of gpg\-ids is assigned for that specific sub folder of the password store. -If only one \fIgpg-id\fP is given, and it is an empty string, -then the current \fI.gpg-id\fP file for the specified \fIsub-folder\fP (or root if +If only one \fIgpg\-id\fP is given, and it is an empty string, +then the current \fI.gpg\-id\fP file for the specified \fIsub-folder\fP (or root if unspecified) is removed. .TP \fBls\fP \fIsubfolder\fP @@ -110,32 +110,32 @@ .SH COMMANDS program. This command is alternatively named \fBsearch\fP. .TP -\fBshow\fP [ \fI--clip\fP[=\fIline-number\fP], \fI-c\fP[\fIline-number\fP] ] [ \fI--qrcode\fP[=\fIline-number\fP], \fI-q\fP[\fIline-number\fP] ] \fIpass-name\fP +\fBshow\fP [ \fI\-\-clip\fP[=\fIline-number\fP], \fI\-c\fP[\fIline-number\fP] ] [ \fI\-\-qrcode\fP[=\fIline-number\fP], \fI\-q\fP[\fIline-number\fP] ] \fIpass-name\fP Decrypt and print a password named \fIpass-name\fP. -If \fI--clip\fP or \fI-c\fP +If \fI\-\-clip\fP or \fI\-c\fP is specified, do not print the password but instead copy the first (or otherwise specified) line to the clipboard using .BR xclip (1) or -.BR wl-clipboard(1) +.BR wl\-clipboard(1) and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. -If \fI--qrcode\fP -or \fI-q\fP is specified, do not print the password but instead display a QR code using +If \fI\-\-qrcode\fP +or \fI\-q\fP is specified, do not print the password but instead display a QR code using .BR qrencode (1) either to the terminal or graphically if supported. .TP -\fBinsert\fP [ \fI--echo\fP, \fI-e\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP +\fBinsert\fP [ \fI\-\-echo\fP, \fI\-e\fP | \fI\-\-multiline\fP, \fI\-m\fP ] [ \fI\-\-force\fP, \fI\-f\fP ] \fIpass-name\fP Insert a new password into the password store called \fIpass-name\fP. This will read the new password from standard in. -If \fI--echo\fP or \fI-e\fP is \fInot\fP specified, +If \fI\-\-echo\fP or \fI\-e\fP is \fInot\fP specified, disable keyboard echo when the password is entered and confirm the password by asking for it twice. -If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until +If \fI\-\-multiline\fP or \fI\-m\fP is specified, lines will be read until EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read. Prompt -before overwriting an existing password, unless \fI--force\fP or \fI-f\fP is specified. +before overwriting an existing password, unless \fI\-\-force\fP or \fI\-f\fP is specified. This command is alternatively named \fBadd\fP. .TP @@ -150,56 +150,56 @@ .SH COMMANDS If \fI/dev/shm\fP is not accessible, fallback to the ordinary \fITMPDIR\fP location, and print a warning. .TP -\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name [pass-length]\fP +\fBgenerate\fP [ \fI\-\-no\-symbols\fP, \fI\-n\fP ] [ \fI\-\-clip\fP, \fI\-c\fP ] [ \fI\-\-in\-place\fP, \fI\-i\fP | \fI\-\-force\fP, \fI\-f\fP ] \fIpass-name [pass-length]\fP Generate a new password using \fB/dev/urandom\fP of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) and insert into \fIpass-name\fP. -If \fI--no-symbols\fP or \fI-n\fP is specified, do not use +If \fI\-\-no\-symbols\fP or \fI\-n\fP is specified, do not use any non-alphanumeric characters in the generated password. The character sets used in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\fP and \fIPASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS\fP environment variables, described below. -If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy +If \fI\-\-clip\fP or \fI\-c\fP is specified, do not print the password but instead copy it to the clipboard using .BR xclip (1) or -.BR wl-clipboard(1) +.BR wl\-clipboard(1) and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. -If \fI--qrcode\fP -or \fI-q\fP is specified, do not print the password but instead display a QR code using +If \fI\-\-qrcode\fP +or \fI\-q\fP is specified, do not print the password but instead display a QR code using .BR qrencode (1) either to the terminal or graphically if supported. Prompt before overwriting an existing password, -unless \fI--force\fP or \fI-f\fP is specified. -If \fI--in-place\fP or \fI-i\fP is +unless \fI\-\-force\fP or \fI\-f\fP is specified. +If \fI\-\-in\-place\fP or \fI\-i\fP is specified, do not interactively prompt, and only replace the first line of the password file with the new generated password, keeping the remainder of the file intact. .TP -\fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP +\fBrm\fP [ \fI\-\-recursive\fP, \fI\-r\fP ] [ \fI\-\-force\fP, \fI\-f\fP ] \fIpass-name\fP Remove the password named \fIpass-name\fP from the password store. This command is alternatively named \fBremove\fP or \fBdelete\fP. -If \fI--recursive\fP or \fI-r\fP +If \fI\-\-recursive\fP or \fI\-r\fP is specified, delete pass-name recursively if it is a directory. -If \fI--force\fP -or \fI-f\fP is specified, do not interactively prompt before removal. +If \fI\-\-force\fP +or \fI\-f\fP is specified, do not interactively prompt before removal. .TP -\fBmv\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP +\fBmv\fP [ \fI\-\-force\fP, \fI\-f\fP ] \fIold-path\fP \fInew-path\fP Renames the password or directory named \fIold-path\fP to \fInew-path\fP. This command is alternatively named \fBrename\fP. -If \fI--force\fP is specified, +If \fI\-\-force\fP is specified, silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a trailing \fI/\fP, it is always treated as a directory. Passwords are selectively reencrypted to the corresponding keys of their new destination. .TP -\fBcp\fP [ \fI--force\fP, \fI-f\fP ] \fIold-path\fP \fInew-path\fP +\fBcp\fP [ \fI\-\-force\fP, \fI\-f\fP ] \fIold-path\fP \fInew-path\fP Copies the password or directory named \fIold-path\fP to \fInew-path\fP. This command is alternatively named \fBcopy\fP. -If \fI--force\fP is specified, +If \fI\-\-force\fP is specified, silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a trailing \fI/\fP, it is always treated as a directory. @@ -217,7 +217,7 @@ .SH COMMANDS is set to \fItrue\fP, then all commits will be signed using \fIuser.signingkey\fP or the default git signing key. This config key may be turned on using: -.B `pass git config --bool --add pass.signcommits true` +.B `pass git config \-\-bool \-\-add pass.signcommits true` .TP \fBhelp\fP Show usage message. @@ -231,7 +231,7 @@ .SH SIMPLE EXAMPLES Initialize password store .B zx2c4 at laptop ~ $ pass init Jason at zx2c4.com .br -mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019] +mkdir: created directory \[u2018]/home/zx2c4/.password\-store\[u2019] .br Password store initialized for Jason at zx2c4.com. .TP @@ -242,9 +242,9 @@ .SH SIMPLE EXAMPLES .br \[u251C]\[u2500]\[u2500] Business .br -\[u2502] \[u251C]\[u2500]\[u2500] some-silly-business-site.com +\[u2502] \[u251C]\[u2500]\[u2500] some\-silly\-business\-site.com .br -\[u2502] \[u2514]\[u2500]\[u2500] another-business-site.net +\[u2502] \[u2514]\[u2500]\[u2500] another\-business\-site.net .br \[u251C]\[u2500]\[u2500] Email .br @@ -271,7 +271,7 @@ .SH SIMPLE EXAMPLES .br \[u251C]\[u2500]\[u2500] Business .br -\[u2502] \[u251C]\[u2500]\[u2500] some-silly-business-site.com +\[u2502] \[u251C]\[u2500]\[u2500] some\-silly\-business\-site.com .br \[u2514]\[u2500]\[u2500] Email .br @@ -289,20 +289,20 @@ .SH SIMPLE EXAMPLES sup3rh4x3rizmynam3 .TP Copy existing password to clipboard -.B zx2c4 at laptop ~ $ pass -c Email/zx2c4.com +.B zx2c4 at laptop ~ $ pass \-c Email/zx2c4.com .br Copied Email/jason at zx2c4.com to clipboard. Will clear in 45 seconds. .TP Add password to store -.B zx2c4 at laptop ~ $ pass insert Business/cheese-whiz-factory +.B zx2c4 at laptop ~ $ pass insert Business/cheese\-whiz\-factory .br -Enter password for Business/cheese-whiz-factory: omg so much cheese what am i gonna do +Enter password for Business/cheese\-whiz\-factory: omg so much cheese what am i gonna do .TP Add multiline password to store -.B zx2c4 at laptop ~ $ pass insert -m Business/cheese-whiz-factory +.B zx2c4 at laptop ~ $ pass insert \-m Business/cheese\-whiz\-factory .br -Enter contents of Business/cheese-whiz-factory and press Ctrl+D when finished: +Enter contents of Business/cheese\-whiz\-factory and press Ctrl+D when finished: .br .br @@ -323,59 +323,59 @@ .SH SIMPLE EXAMPLES .br The generated password to Email/jasondonenfeld.com is: .br -$(-QF&Q=IN2nFBx +$(\-QF&Q=IN2nFBx .TP Generate new alphanumeric password -.B zx2c4 at laptop ~ $ pass generate -n Email/jasondonenfeld.com 12 +.B zx2c4 at laptop ~ $ pass generate \-n Email/jasondonenfeld.com 12 .br The generated password to Email/jasondonenfeld.com is: .br YqFsMkBeO6di .TP Generate new password and copy it to the clipboard -.B zx2c4 at laptop ~ $ pass generate -c Email/jasondonenfeld.com 19 +.B zx2c4 at laptop ~ $ pass generate \-c Email/jasondonenfeld.com 19 .br Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. .TP Remove password from store -.B zx2c4 at laptop ~ $ pass remove Business/cheese-whiz-factory +.B zx2c4 at laptop ~ $ pass remove Business/cheese\-whiz\-factory .br -rm: remove regular file \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019]? y +rm: remove regular file \[u2018]/home/zx2c4/.password\-store/Business/cheese\-whiz\-factory.gpg\[u2019]? y .br -removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019] +removed \[u2018]/home/zx2c4/.password\-store/Business/cheese\-whiz\-factory.gpg\[u2019] .SH EXTENDED GIT EXAMPLE Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass git push\fP; consult -.BR git-push (1) +.BR git\-push (1) for more information. .B zx2c4 at laptop ~ $ pass init Jason at zx2c4.com .br -mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019] +mkdir: created directory \[u2018]/home/zx2c4/.password\-store\[u2019] .br Password store initialized for Jason at zx2c4.com. .B zx2c4 at laptop ~ $ pass git init .br -Initialized empty Git repository in /home/zx2c4/.password-store/.git/ +Initialized empty Git repository in /home/zx2c4/.password\-store/.git/ .br -[master (root-commit) 998c8fd] Added current contents of password store. +[master (root\-commit) 998c8fd] Added current contents of password store. .br 1 file changed, 1 insertion(+) .br - create mode 100644 .gpg-id + create mode 100644 .gpg\-id -.B zx2c4 at laptop ~ $ pass git remote add origin kexec.com:pass-store +.B zx2c4 at laptop ~ $ pass git remote add origin kexec.com:pass\-store .B zx2c4 at laptop ~ $ pass generate Amazon/amazonemail at email.com 21 .br -mkdir: created directory \[u2018]/home/zx2c4/.password-store/Amazon\[u2019] +mkdir: created directory \[u2018]/home/zx2c4/.password\-store/Amazon\[u2019] .br [master 30fdc1e] Added generated password for Amazon/amazonemail at email.com to store. .br -1 file changed, 0 insertions(+), 0 deletions(-) +1 file changed, 0 insertions(+), 0 deletions(\-) .br create mode 100644 Amazon/amazonemail at email.com.gpg .br @@ -383,7 +383,7 @@ .SH EXTENDED GIT EXAMPLE .br <5m,_BrZY`antNDxKN<0A -.B zx2c4 at laptop ~ $ pass git push -u --all +.B zx2c4 at laptop ~ $ pass git push \-u \-\-all .br Counting objects: 4, done. .br @@ -395,9 +395,9 @@ .SH EXTENDED GIT EXAMPLE .br Total 4 (delta 0), reused 0 (delta 0) .br -To kexec.com:pass-store +To kexec.com:pass\-store .br -* [new branch] master -> master +* [new branch] master \-> master .br Branch master set up to track remote branch master from origin. @@ -407,21 +407,21 @@ .SH EXTENDED GIT EXAMPLE .br [master b9b6746] Added given password for Amazon/otheraccount at email.com to store. .br -1 file changed, 0 insertions(+), 0 deletions(-) +1 file changed, 0 insertions(+), 0 deletions(\-) .br create mode 100644 Amazon/otheraccount at email.com.gpg .B zx2c4 at laptop ~ $ pass rm Amazon/amazonemail at email.com .br -rm: remove regular file \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail at email.com.gpg\[u2019]? y +rm: remove regular file \[u2018]/home/zx2c4/.password\-store/Amazon/amazonemail at email.com.gpg\[u2019]? y .br -removed \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail at email.com.gpg\[u2019] +removed \[u2018]/home/zx2c4/.password\-store/Amazon/amazonemail at email.com.gpg\[u2019] .br rm 'Amazon/amazonemail at email.com.gpg' .br [master 288b379] Removed Amazon/amazonemail at email.com from store. .br -1 file changed, 0 insertions(+), 0 deletions(-) +1 file changed, 0 insertions(+), 0 deletions(\-) .br delete mode 100644 Amazon/amazonemail at email.com.gpg @@ -437,15 +437,15 @@ .SH EXTENDED GIT EXAMPLE .br Total 7 (delta 0), reused 0 (delta 0) .br -To kexec.com:pass-store +To kexec.com:pass\-store .SH FILES .TP -.B ~/.password-store +.B ~/.password\-store The default password storage directory. .TP -.B ~/.password-store/.gpg-id +.B ~/.password\-store/.gpg\-id Contains the default gpg key identification used for encryption and decryption. Multiple gpg keys may be specified in this file, one per line. If this file @@ -453,7 +453,7 @@ .SH FILES encrypted using those keys. This should be set using the \fBinit\fP command. .TP -.B ~/.password-store/.extensions +.B ~/.password\-store/.extensions The directory containing extension files. .SH ENVIRONMENT VARIABLES @@ -498,7 +498,7 @@ .SH ENVIRONMENT VARIABLES .TP .I PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS The character set to be used in no-symbol password generation for \fBgenerate\fP, -when \fI--no-symbols\fP, \fI-n\fP is specified. +when \fI\-\-no\-symbols\fP, \fI\-n\fP is specified. This value is to be interpreted by \fBtr\fP. See @@ -513,12 +513,12 @@ .SH ENVIRONMENT VARIABLES \fIPASSWORD_STORE_DIR/.extensions\fP. .TP .I PASSWORD_STORE_SIGNING_KEY -If this environment variable is set, then all \fB.gpg-id\fP files and non-system extension files +If this environment variable is set, then all \fB.gpg\-id\fP files and non-system extension files must be signed using a detached signature using the GPG key specified by the full 40 character upper-case fingerprint in this variable. If multiple fingerprints are specified, each separated by a whitespace character, then signatures must match at least one. -The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date. +The \fBinit\fP command will keep signatures of \fB.gpg\-id\fP files up to date. .TP .I EDITOR The location of the text editor used by \fBedit\fP. @@ -527,7 +527,7 @@ .SH SEE ALSO .BR tr (1), .BR git (1), .BR xclip (1), -.BR wl-clipboard (1), +.BR wl\-clipboard (1), .BR qrencode (1). .SH AUTHOR -- 2.40.1 From alx at kernel.org Sun Sep 24 21:44:14 2023 From: alx at kernel.org (Alejandro Colomar) Date: Sun, 24 Sep 2023 23:44:14 +0200 Subject: [PATCH] pass find: Add --find flag In-Reply-To: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> References: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> Message-ID: <20230924214414.23019-1-alx@kernel.org> This flag modifies the command to use find(1) instead of tree(1). A few tweaks are performed to the result of find: (1) Add a trailing slash to directories. This is a useful way to distinguish files from dirs at first glance. In the tree(1) version, it colors differently (as tree(1) does by default), so it seems consistent to distinguish them. (2) Remove the location of the password-store prefix from the path. (3) Remove the .gpg suffix from files (as is historic behavior of pass(1)). Examples of use: $ pass find --find bugzilla Search Terms: bugzilla www/foss/kernel/bugzilla/ www/foss/mozilla/bugzilla/ www/foss/gentoo/bugzilla/ www/foss/gnu/gcc/bugzilla/ $ pass find --find kernel Search Terms: kernel www/foss/kernel/ Those tweaks to the output of find(1) make the output directly usable in a subsequent invocation of pass(1): $ pass find --find kernel \ | tail -n -1 \ | xargs pass show; www/foss/kernel ??? bugzilla ??? ??? alx.manpages ??? ??? ??? id ??? ??? ??? pass ??? ??? url ??? smtp ??? pass The tail(1) above is to hide the search terms. Signed-off-by: Alejandro Colomar --- man/pass.1 | 16 +++++++++++++++- src/password-store.sh | 18 +++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/man/pass.1 b/man/pass.1 index 8868b78..b9764c5 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -104,11 +104,25 @@ .SH COMMANDS as-is. (Note: the \fIGREP_OPTIONS\fP environment variable functions as well.) .TP -\fBfind\fP \fIpass-names\fP... +\fBfind\fP [ \fI\-\-find\fP ] \fIpass-names\fP... List names of passwords inside the tree that match \fIpass-names\fP by using the .BR tree (1) program. This command is alternatively named \fBsearch\fP. +If the +.I \-\-find +flag is used, +.BR find (1) +is used instead; +this is useful to be able to reuse the output as an input to +.IR "pass ls" . +Here's an example: +.IP +.in +4n +.EX +$ pass find \-\-find foo | tail \-n \-1 | xargs pass ls +.EE +.in .TP \fBshow\fP [ \fI\-\-clip\fP[=\fIline-number\fP], \fI\-c\fP[\fIline-number\fP] ] [ \fI\-\-qrcode\fP[=\fIline-number\fP], \fI\-q\fP[\fIline-number\fP] ] \fIpass-name\fP Decrypt and print a password named \fIpass-name\fP. diff --git a/src/password-store.sh b/src/password-store.sh index 22e818f..bf0e446 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -411,10 +411,26 @@ cmd_show() { } cmd_find() { + local opts find=0 + opts="$($GETOPT -o "" -l find -n "$PROGRAM" -- "$@")" + local err=$? + eval set -- "$opts" + while true; do case $1 in + --find) find=1; shift ;; + --) shift; break ;; + esac done + [[ $# -eq 0 ]] && die "Usage: $PROGRAM $COMMAND pass-names..." IFS="," eval 'echo "Search Terms: $*"' local terms="*$(printf '%s*|*' "$@")" - tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + + if [[ $find -eq 1 ]]; then + local n="$(echo "$PREFIX" | wc -c)" + + find -L "$PREFIX" -iname "${terms%|*}" | sed 's,$,/,' | sed "s/^.\{$n\}//" | sed 's,\.gpg/$,,' + else + tree -N -C -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' + fi } cmd_grep() { -- 2.40.1 From alx at kernel.org Sun Sep 24 22:47:29 2023 From: alx at kernel.org (Alejandro Colomar) Date: Mon, 25 Sep 2023 00:47:29 +0200 Subject: [PATCH 2/2] pass ls: Add --find flag In-Reply-To: <20230924214414.23019-1-alx@kernel.org> References: <20230924214414.23019-1-alx@kernel.org> Message-ID: <20230924224728.25542-1-alx@kernel.org> Similarly to `pass find --find`, this flag changes the `pass ls` command to use find(1) instead of tree(1). With this flag, the output is directly usable in a subsequent call to `pass show`. Examples of use: $ pass find --find kernel \ | tail -n -1 \ | xargs ./password-store.sh ls --find; www/foss/kernel/ www/foss/kernel/smtp/ www/foss/kernel/smtp/pass www/foss/kernel/bugzilla/ www/foss/kernel/bugzilla/url www/foss/kernel/bugzilla/alx/ www/foss/kernel/bugzilla/alx/id www/foss/kernel/bugzilla/alx/pass $ pass find --find kernel \ | tail -n -1 \ | xargs pass ls --find \ | tail -n1 \ | xargs pass show; pw Signed-off-by: Alejandro Colomar --- And here's a patch for pass ls. These patches apply on top of the formatting fixes for the manual page that I sent earlier. Cheers, Alex man/pass.1 | 15 +++++++++++++++ src/password-store.sh | 20 ++++++++++++++------ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/man/pass.1 b/man/pass.1 index b9764c5..2f4d858 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -92,6 +92,21 @@ .SH COMMANDS .BR tree (1) program. This command is alternatively named \fBlist\fP. +If the +.I \-\-find +flag is used, +.BR find (1) +is used instead; +this is useful to be able to reuse the output as an input to +.IR "pass show" . +Here's an example: +.IP +.in +4n +.EX +$ pass ls \-\-find foo/bar/ | tail \-n1 | xargs pass show +.EE +.in +.TP .TP \fBgrep\fP [\fIGREPOPTIONS\fP] \fIsearch-string\fP Searches inside each decrypted password file for \fIsearch-string\fP, and displays line diff --git a/src/password-store.sh b/src/password-store.sh index bf0e446..966c245 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -366,11 +366,12 @@ cmd_init() { } cmd_show() { - local opts selected_line clip=0 qrcode=0 - opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")" + local opts selected_line clip=0 find=0 qrcode=0 + opts="$($GETOPT -o q::c:: -l qrcode::,clip::,find -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in + --find) find=1; shift ;; -q|--qrcode) qrcode=1; selected_line="${2:-1}"; shift 2 ;; -c|--clip) clip=1; selected_line="${2:-1}"; shift 2 ;; --) shift; break ;; @@ -397,12 +398,19 @@ cmd_show() { fi fi elif [[ -d $PREFIX/$path ]]; then - if [[ -z $path ]]; then - echo "Password Store" + if [[ $find -eq 1 ]]; then + local n="$(echo "$PREFIX" | wc -c)" + + find -L "$PREFIX/$path" | sed '/[^\/]$/s,$,/,' | sed "s/^.\{$n\}//" | sed 's,\.gpg/$,,' else - echo "${path%\/}" + if [[ -z $path ]]; then + echo "Password Store" + else + echo "${path%\/}" + fi + + tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors fi - tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors elif [[ -z $path ]]; then die "Error: password store is empty. Try \"pass init\"." else -- 2.40.1 From alx at kernel.org Sun Sep 24 22:57:54 2023 From: alx at kernel.org (Alejandro Colomar) Date: Mon, 25 Sep 2023 00:57:54 +0200 Subject: [PATCH 2/2] pass ls: Add --find flag In-Reply-To: <20230924224728.25542-1-alx@kernel.org> References: <20230924214414.23019-1-alx@kernel.org> <20230924224728.25542-1-alx@kernel.org> Message-ID: On Mon, Sep 25, 2023 at 12:47:29AM +0200, Alejandro Colomar wrote: > Similarly to `pass find --find`, this flag changes the `pass ls` command > to use find(1) instead of tree(1). > > With this flag, the output is directly usable in a subsequent call to > `pass show`. > > Examples of use: > > $ pass find --find kernel \ > | tail -n -1 \ > | xargs ./password-store.sh ls --find; > www/foss/kernel/ > www/foss/kernel/smtp/ > www/foss/kernel/smtp/pass > www/foss/kernel/bugzilla/ > www/foss/kernel/bugzilla/url > www/foss/kernel/bugzilla/alx/ > www/foss/kernel/bugzilla/alx/id > www/foss/kernel/bugzilla/alx/pass > > $ pass find --find kernel \ > | tail -n -1 \ > | xargs pass ls --find \ > | tail -n1 \ > | xargs pass show; > pw > > Signed-off-by: Alejandro Colomar > --- > > And here's a patch for pass ls. These patches apply on top of the > formatting fixes for the manual page that I sent earlier. > > Cheers, > Alex > > man/pass.1 | 15 +++++++++++++++ > src/password-store.sh | 20 ++++++++++++++------ > 2 files changed, 29 insertions(+), 6 deletions(-) > > diff --git a/man/pass.1 b/man/pass.1 > index b9764c5..2f4d858 100644 > --- a/man/pass.1 > +++ b/man/pass.1 > @@ -92,6 +92,21 @@ .SH COMMANDS > .BR tree (1) > program. > This command is alternatively named \fBlist\fP. > +If the > +.I \-\-find > +flag is used, > +.BR find (1) > +is used instead; > +this is useful to be able to reuse the output as an input to > +.IR "pass show" . > +Here's an example: > +.IP > +.in +4n > +.EX > +$ pass ls \-\-find foo/bar/ | tail \-n1 | xargs pass show > +.EE > +.in > +.TP Oops, I accidentally duplicated the .TP. > .TP > \fBgrep\fP [\fIGREPOPTIONS\fP] \fIsearch-string\fP > Searches inside each decrypted password file for \fIsearch-string\fP, and displays line > diff --git a/src/password-store.sh b/src/password-store.sh > index bf0e446..966c245 100755 > --- a/src/password-store.sh > +++ b/src/password-store.sh > @@ -366,11 +366,12 @@ cmd_init() { > } > > cmd_show() { > - local opts selected_line clip=0 qrcode=0 > - opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")" > + local opts selected_line clip=0 find=0 qrcode=0 > + opts="$($GETOPT -o q::c:: -l qrcode::,clip::,find -n "$PROGRAM" -- "$@")" > local err=$? > eval set -- "$opts" > while true; do case $1 in > + --find) find=1; shift ;; > -q|--qrcode) qrcode=1; selected_line="${2:-1}"; shift 2 ;; > -c|--clip) clip=1; selected_line="${2:-1}"; shift 2 ;; > --) shift; break ;; > @@ -397,12 +398,19 @@ cmd_show() { > fi > fi > elif [[ -d $PREFIX/$path ]]; then > - if [[ -z $path ]]; then > - echo "Password Store" > + if [[ $find -eq 1 ]]; then > + local n="$(echo "$PREFIX" | wc -c)" > + > + find -L "$PREFIX/$path" | sed '/[^\/]$/s,$,/,' | sed "s/^.\{$n\}//" | sed 's,\.gpg/$,,' > else > - echo "${path%\/}" > + if [[ -z $path ]]; then > + echo "Password Store" > + else > + echo "${path%\/}" > + fi > + > + tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors > fi > - tree -N -C -l --noreport "$PREFIX/$path" 3>&- | tail -n +2 | sed -E 's/\.gpg(\x1B\[[0-9]+m)?( ->|$)/\1\2/g' # remove .gpg at end of line, but keep colors > elif [[ -z $path ]]; then > die "Error: password store is empty. Try \"pass init\"." > else > -- > 2.40.1 > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From t-passwd at girst.at Mon Sep 25 05:57:35 2023 From: t-passwd at girst.at (Tobias Girstmair) Date: Mon, 25 Sep 2023 07:57:35 +0200 Subject: [PATCH] pass find: Add --find flag In-Reply-To: <20230924214414.23019-1-alx@kernel.org> References: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> <20230924214414.23019-1-alx@kernel.org> Message-ID: On Sun, Sep 24, 2023 at 11:44:14PM +0200, Alejandro Colomar wrote: >The tail(1) above is to hide the search terms. maybe the "Search Terms: $*" output should just be skipped in --find mode. From stefan.kerman.gehr at fau.de Mon Sep 25 07:44:34 2023 From: stefan.kerman.gehr at fau.de (Stefan Gehr) Date: Mon, 25 Sep 2023 09:44:34 +0200 Subject: Using find(1) instead of tree(1) In-Reply-To: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> References: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> Message-ID: Hi, > I don't have 552 passwords, but I use pass(1) also as a bookmark for > websites. > > $ pass show www/foss/kernel/bugzilla/ > www/foss/kernel/bugzilla > ??? alx > ??? ??? id > ??? ??? pass > ??? url > > For example, for the kernel bugzilla, you can see that I not only store > the password, but I also store the username (id), and the url. > > $ pass show www/foss/kernel/bugzilla/url > https://bugzilla.kernel.org/ > > $ pass show www/foss/kernel/bugzilla/alx/id > alx at kernel.org Is there any good reason for doing it this way? Most people would put everything in one file, encoded via `key: value` pairs. $ pass show bugzilla.kernel.org correcthorsebatterystaple login: alx at kernel.org url: https://bugzilla.kernel.org/ You could then `grep`/`sed` the relevant information out of the file. Best regards, Stefan On 2023-09-24T15:22:25+0200, Alejandro Colomar wrote: > Hi, > > I would like to be able to filter the results of pass using standard > Unix tools. The reason is I have a rather large password database (and > it's only going to increase): > > $ pass show | wc -l > 552 > > I don't have 552 passwords, but I use pass(1) also as a bookmark for > websites. > > $ pass show www/foss/kernel/bugzilla/ > www/foss/kernel/bugzilla > ??? alx > ??? ??? id > ??? ??? pass > ??? url > > For example, for the kernel bugzilla, you can see that I not only store > the password, but I also store the username (id), and the url. > > $ pass show www/foss/kernel/bugzilla/url > https://bugzilla.kernel.org/ > > $ pass show www/foss/kernel/bugzilla/alx/id > alx at kernel.org > > > The problem comes when I need to search for something I don't remember: > Let's say I want to see everything I have for "kernel", but don't > remember where kernel is: > > $ pass find kernel > Search Terms: kernel > ??? www > ??? foss > ??? kernel > > Okay, so I want to search "www/foss/kernel"; but I have to type it! It > would be preferable to have some '--find' ('-f') that worked like this: > (The name --find would be because it would use find(1) underneath.) > > $ pass find --find kernel > www/foss/kernel/ > > (Notice the trailing slash (which find(1) doesn't add). It's useful to > know it's a dir.) > > Then I would just pass that to my next command: > > $ pass find --find kernel \ > | xargs pass show --find > www/foss/kernel/ > www/foss/kernel/smtp/ > www/foss/kernel/smtp/pass > www/foss/kernel/bugzilla/ > www/foss/kernel/bugzilla/url > www/foss/kernel/bugzilla/alx/ > www/foss/kernel/bugzilla/alx/id > www/foss/kernel/bugzilla/alx/pass > > And then I can just grep from there what I need (say the bugzilla > password): > > $ pass find --find kernel \ > | xargs pass show --find \ > | grep 'bugzilla.*/pass' > www/foss/kernel/bugzilla/alx/pass > > And finally show the pass: > > $ pass find --find kernel \ > | xargs pass show --find \ > | grep 'bugzilla.*/pass' \ > | xargs pass show > pw > > > Would you want this feature? If you agree, I'll start writing it, and > will ask if I have any doubts. > > Thanks, > Alex From alx at kernel.org Mon Sep 25 10:52:52 2023 From: alx at kernel.org (Alejandro Colomar) Date: Mon, 25 Sep 2023 12:52:52 +0200 Subject: [PATCH] pass find: Add --find flag In-Reply-To: References: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> <20230924214414.23019-1-alx@kernel.org> Message-ID: On Mon, Sep 25, 2023 at 07:55:15AM +0200, Tobias Girstmair wrote: > On Sun, Sep 24, 2023 at 11:44:14PM +0200, Alejandro Colomar wrote: > > The tail(1) above is to hide the search terms. > > maybe it would be better to put this line in the else (tree) part of the > conditional. > > IFS="," eval 'echo "Search Terms: $*"' > it serves no use with machine readable output Sure. Thanks, Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From alx at kernel.org Mon Sep 25 10:53:24 2023 From: alx at kernel.org (Alejandro Colomar) Date: Mon, 25 Sep 2023 12:53:24 +0200 Subject: [PATCH] pass find: Add --find flag In-Reply-To: References: <2wdvnucnrypxxzatk6xxc36k44rn3kh4lmv2kpxla7vyn5cgv3@tb233sdkoh4l> <20230924214414.23019-1-alx@kernel.org> Message-ID: On Mon, Sep 25, 2023 at 07:57:35AM +0200, Tobias Girstmair wrote: > On Sun, Sep 24, 2023 at 11:44:14PM +0200, Alejandro Colomar wrote: > > The tail(1) above is to hide the search terms. > > maybe the "Search Terms: $*" output should just be skipped in --find mode. > And also yes. Thanks, Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: