Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
The infloop has been observed in calls to `pasword-store--run'
for pass v1.7.4 in a Windows/WSL2 enviroment.
When this happens, the sentinel in `password-store--run-1'
doesn't call the callback.
* contrib/emacs/password-store.el (password-store--run-1):
Prefer `process-status' over the string comparison to check the
process status.
Problem reported by Kai Tetzlaff <pwstore@tetzco.de>:
https://lists.zx2c4.com/pipermail/password-store/2022-February/004583.html
|
|
Tree 2.0 and later will unconditionally ignore all options and write
JSON data on file descriptor 3 when available, which causes problems
for the test harness and other scripts that use FD 3. Work around by
closing descriptor 3 for the 'tree' command.
|
|
POSIX sed doesn't support \+ in BREs which causes the regex that
extracts a file's current keys to return nothing, meaning that files
are unecessarily reencrypted.
This converts the regex in question to use ERE.
|
|
The `.extensions` directory can contain extensions code, for example as
git submodules, that have `.gpg` files as part of their code but that
are not files encrypted with the PGP keys of our password store.
One example is `pass-tomb`, that contains `.gpg` files in `tests/gnupg`,
but there are more, like `pass-update`, `pass-otp`, etc.
However those `.gpg` files in the `.extensions` directory are currently
processed by the `grep` and `reencrypt` functions of `pass`.
At best this can cause errors to be shown to the user when
grepping/reencrypting, and at worst it can cause files in the
`.extensions` directory to be decrypted and returned as part of a
search, or reencrypted with the incorrect PGP keys.
This patch tries to mitigate that issue by removing the `*/.extensions`
directories from the list of processed `.gpg` files for the
grep/reencrypt functions.
However this patch is not perfect as it does not take into account the
fact that the `.extensions` directory can be renamed to something else
using `PASSWORD_STORE_EXTENSIONS_DIR`. But knowing if this
`PASSWORD_STORE_EXTENSIONS_DIR` is inside the `PREFIX` or not and
formatting the path exclusion for `find` accordingly could require a
fair bit of additional logic that I am not sure how you want to
implement.
|
|
|
|
The 'which' command is an external command that must be called each and
every time pass is used. 'which' is also not mentioned in the README as
one of the dependencies that might be needed to run pass.
Instead of 'which', we can use the POSIX compatible and shell built-in
'command -v'. It saves pass from making an external call and is,
arguably, more reliable than using 'which' as mentioned in the following
link.
|
|
In the strange case that the user is jumping back and forth from X11 to
Wayland and viceversa, xclip might be installed but wl-clip might not,
and in such combination user might end up with the -c opion not working.
|
|
Afaik fish shell completions don't need a shebang
(plus the script is not executable anyway)
|
|
|
|
In MacOS Catalina, pass fails on accents with 'sed: RE error: illegal
byte sequence'.
|
|
I use a pass-specific gpg home directory. I tell pass about it by using
PASSWORD_STORE_GPG_OPTS="--homedir dir".
I also tell pass to sign files with PASSWORD_STORE_SIGNING_KEY.
However "pass init" returns "Signing of .gpg_id unsuccessful." because
we forgot to hand it GPG_OPTS. This patch fixes that oversight.
|
|
|
|
zsh completion cuts filenames after colons, for example port numbers.
This is fixed by escaping colons.
This will also escape backslashes after the first.
|
|
Use a similar detection mechanism to pass itself.
On wayland use:
* dmenu-wl instead of dmenu, an (almost) drop-in replacement
* ydotool instead of xdotool, a uinput-based replacement for
xdotool. It is not as feature-complete, but probably the
simplest (or only?) way to add the --type functionality to
passmenu on wayland.
|
|
"__fish_pass_print" enumerates all files in the password store and
uses sed to strip their common prefix - the password store directory.
If $PASSWORD_STORE_DIR had a trailing slash, sed would fail to remove
the prefix. Fix this by canonicalizing $PASSWORD_STORE_DIR.
|
|
Per a report from Lakshay Garg <lakshayg@outlook.in>, the use of $TMPDIR
in the Vim plugin's pattern match does not work on macOS X, due to the
dynamic and symbolically-linked temporary dir structure this system
uses. Lakshay's email to me, which includes a full explanation, is
reproduced with his permission below.
This change is reflected in upstream v2.2.2:
<https://sanctum.geek.nz/cgit/vim-redact-pass.git/commit/?h=v2.2.2>
>Date: Sat, 13 Feb 2021 23:59:22 -0800
>From: Lakshay Garg <lakshayg@outlook.in>
>To: tom@sanctum.geek.nz
>Subject: [PATCH] vim: fix redact_pass.vim for macOS
>
>Hi Tom
>
>Thanks for maintaining redact_pass.vim. I came across an issue in the
>plugin a few months ago and submitted a patch for it to the
>password-store mailing list but did not get any responses. It seems
>like since only you have been maintaining that file, I might have
>better luck sending the patch to you.
>
>---
>
>Problem: redact_pass.vim did not work on macOS machines
>Fix: add resolve($TMPDIR) to the autcmd pattern list
>
>Explanation
>===========
>
>pass creates files under /private/var/<some-stuff> on macOS.
>redact_pass.vim uses the following pattern to detect when to
>enable the plugin:
>
>```
>$TMPDIR/pass.?*/?*.txt
>```
>
>This pattern expands to "/var/<some-stuff>//pass.?*/?*.txt"
>on my macbook and has two problems:
>
>1. The double forward slash in the expanded pattern (after <some-stuff>)
>2. pass uses /private/var but the pattern looks for /var
>
>Turns out, /var on macos is just a symlink to /private/var.
>The autocmd fails to trigger because it is trying to match
>the pattern: "/var/<some-stuff>//pass.?*/?*.txt"
>to filename: "/private/var/<some-stuff>/pass.<random-chars>/<random-chars>.txt"
>
>The simplest fix is to make $TMPDIR point to "/private/var/..."
>which is achieved by calling resolve on $TMPDIR prior to running
>the autocmd. This also handles the double forward-slash.
>
>Thanks again
>Lakshay
|
|
Works around issues with some popular colorschemes in v8.1. Problem
reported and fix suggested by Jeff Weston.
|
|
This makes fish complete commands starting with "pass git" as if they were
starting with "git".
|
|
fish only loads pass.fish once, so there is no point to erasing them.
|
|
Unfortunately, a command "set x" without explicit scope overwrites the variable
"x" in the innermost scope it is defined in, if any. This can cause problems
if the user defines the variable "x" as global or universal variable (which is
visible in all fishes). Make sure to define a local variable so we use that.
|
|
There is no point to checking the command name, fish already does that.
Additionally fish knows about commands that "wrap" pass; those commands
should inherit pass's completions.
This commit enables fish>=3.1.0 to provide proper completions for this function:
alias p="PASSWORD_STORE_DIR=$HOME/.my-passwords pass"
or, equivalently,
function p --wraps "PASSWORD_STORE_DIR=$HOME/.my-passwords pass"
PASSWORD_STORE_DIR=$HOME/.my-passwords pass $argv
end
|
|
The -A/--authoritative flag no longer has an effect since fish 2.5 which
was released in 2017.
|
|
Reproduce by typing "pass <TAB>" in a shell launched like: HOME=`mktemp -d` fish
Fish prints an error on failing globs - except when used in one of the commands
"set", "for" or "count". Also quotes are unnecessary here.
|
|
"brew --prefix gnu-getopt" takes 2.125s on my very default setup (I
don't even want to know why), dominating the pass wall time.
If the default brew prefix is in use, just detect the getopt binary with
a cheap "test -x" instead.
|
|
This doesn't detect if XQuartz is installed and running, so it's broken
in most setups, the experience is poor regardless, since it's not
displayed inline in the terminal, but leaves a window that requires
closing, and anyway the the utf8 mode works perfectly on both iTerm2 and
Terminal.app.
|
|
The "f" library is a rather thin translation layer for already
existing Emacs functions. Most functions directly map to an already
existing function (eg. "f-no-ext" and "file-name-sans-extension"). For
this reason, removing "f" comes at no cost while reducing the number
of dependencies one has to count on and the user has to install.
Co-authored-by: Tino Calancha <tino.calancha@gmail.com>
|
|
This patch makes sure that variables from the environment cannot
override e.g. the Git directory to operate on, as well as other critical
parts of Git operations. These variables are:
- GIT_DIR
- GIT_WORK_TREE
- GIT_NAMESPACE
- GIT_INDEX_FILE
- GIT_INDEX_VERSION
- GIT_OBJECT_DIRECTORY
- GIT_COMMON_DIR
If any of those are set, pass might end up operating on another
repository, and things would break.
I caught this having GIT_DIR set, but fortunately the other repository
had a .gitignore that would have ignored the file:
```
fishbowl~% echo $GIT_DIR
/home/madduck/.config/vcsh/repo.d/zsh.git
fishbowl~% pass generate test
The following paths are ignored by one of your .gitignore files:
.password-store/test.gpg
Use -f if you really want to add them.
The generated password for test is:
…
```
The result was an orphan file `test.gpg` in the password-store root.
Signed-off-by: Martin F. Krafft <madduck@madduck.net>
|
|
Clarify that the optional argument is only used in the `message' call.
Bump version to v2.1.3.
* contrib/emacs/password-store.el (password-store-clear): Update docstring.
* contrib/emacs/CHANGELOG.md: Document this change.
|
|
This change preserves backward compatibility with previous
version of the function.
Bump version to v2.1.2.
* contrib/emacs/password-store.el (password-store-clear):
Make argument FIELD optional.
* contrib/emacs/CHANGELOG.md: Announce this change.
|
|
For auth-source-pass versions < 5.0.0, auth-source-pass-filename
is not defined; thus, we must check that this variable exists before
use it.
* contrib/emacs/password-store.el (password-store-dir): Call
bound-and-true-p on auth-source-pass-filename.
|
|
Allow users to retrieve any secret field stored in the files.
Use auth-source-pass to retrieve the secret fields.
Bump version to v2.1.0.
* contrib/emacs/Cask: Replace dependency on `s' library
with auth-source-pass dependency.
* contrib/emacs/password-store.el
(password-store-url-field): New option.
(password-store-dir): Use `auth-source-pass-filename'.
(password-store-read-field, password-store-get-field)
(password-store-copy-field, password-store-parse-entry): New functions.
(password-store-read-field): Use password-store-parse-entry.
(password-store--save-field-in-kill-ring): New function extracted from
`password-store-get'.
(password-store-url): Use `password-store-get-field' and
`password-store-url-field'.
* contrib/emacs/README.md: Update documentation.
* contrib/emacs/CHANGELOG.md: Announce changes.
|
|
Before, the following message was shown:
"Enter contents of ENTRY and press Ctrl+D when finished:\n\n"
Since the command is not interactive, it is better to show users
specific messages on success/failure.
* contrib/emacs/password-store.el (password-store-insert):
Improve message shown on success/failure.
|
|
Some libraries rely on this function, e.g. password-store-otp library.
* contrib/emacs/password-store.el (password-store-timeout):
Re include this function; now it just returns
password-store-time-before-clipboard-restore.
|
|
Using a customizable variable is the preferred way to set
a parameter within Emacs; replace password-store-timeout with
the new option password-store-time-before-clipboard-restore.
The default value for this variable uses the environment var
PASSWORD_STORE_CLIP_TIME when set; this is the same behavior
as before.
Add Maintainer header.
* contrib/emacs/password-store.el (password-store-password-length):
Increased default value from 8 to 25, i.e. same default as
in the shell script.
(password-store-time-before-clipboard-restore): New option.
(password-store-timeout): Delete it.
Use the new option instead; all callers updated.
* contrib/emacs/CHANGELOG.md: Announce the features.
|
|
|
|
Some implementations of tr (notably the ones in Busybox and Toybox) do
not support the [:graph:] character class, but they do support
[:punct:] and [:alnum:]. This makes pass generate sane passwords
in such environments.
Discussed-on: https://lists.zx2c4.com/pipermail/password-store/2019-July/003702.html
|
|
When rotating encryption subkeys, and revoking the old one,
`pass init keyid` would re-encrypt your stored credentials to the
(now revoked) old subkey(s) in addition to the new one too.
It would also mistakenly encrypt to keys that have been disabled,
and keys that were never validly signed by their master (certify) key.
Fix all of these cases. It was decided NOT to also exclude expired
subkeys.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
|
|
Emacs backup files add a duplicate entry, that is, if you have the two files,
foo.bar and foo.bar~, then you'd get two entries for `foo'.
* password-store.el (password-store-list): Delete duplicate entries. Bump
version to 2.0.2. Update Copyright notice.
|
|
Drop nil arguments in `password-store--run` and `password-store--run-1`. This
fixes an error running `password-store-generate`.
|
|
|
|
When using EXWM, if `password-store-get` is called and a pinentry
program needs to be executed, Emacs deadlocks. This happens becuase
Emacs blocks waiting for output from `gpg(1)`, which is blocked
waiting for output from the pinentry-program, which is blocked waiting
for Emacs to manage its window.
This updates `password-store-copy` to work asynchronously. This
should be fine, since its primary purpose is side-effecting, and it
doesn’t matter when its evaluation completes. The ability to call
`password-store-get` asynchronously with a callback has also been
added to support this usecase.
A new function has been added for general cases of async `pass`
commands where the output is needed, `password-store--run-1`. While
there is an existing `password-store--run-async`, it discards output
-- it’s only used for `pass edit`, where it’s not needed. The body of
`password-store--run` has been replacing it with one that uses
`--run-1` and a wait loop which blocks until it’s complete.
Supporting all this necessitated moving the file to lexical binding
and dropping Emacs 24 support. The latter requirement could be worked
around if there are concerns around it.
**SECURITY INTERLUDE**
I was unbelievably distressed to discover that the implementation of
`password-store--run` redirects the decrypted file contents to disk,
reads that into a buffer, then removes the file. This approach is
preposterous and may warrant a CVE, as it exposes users to numerous
conditions where their cleartext passwords could be recovered:
- If the user hits C-g, the Emacs function may not get to the point
of removing the file, leaving the password on disk.
- It’s not a safe assumption that `make-temp-file` is secure, and
even if it were, the time windows in play are likely to be very
large, opening race conditions where the file contents can be read
by an attacker before the file is removed.
- Even if the file is removed, it could be recovered by examining the
contents of deleted inodes.
Information this sensitive should NEVER be persisted in cleartext in
non-volatile storage. You may as well write it on a post-it and stick
it on your monitor.
re NicolasPetton/pass#25
|
|
|
|
"http://" was repeated, fix the second instance to read "https://".
|
|
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
|
|
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
|
|
|
|
|