m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-10-19bash_completion: do not leak variables to globals scopeElan Ruusamäe
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
2018-08-09Do not reencrypt symbolic linksAldis Berjoza
2018-08-03version: bumpJason A. Donenfeld
2018-08-01show: do not store binary data in bash varsJason A. Donenfeld
Instead we're forced to base64 it, like we do with the clipboard.
2018-07-26Add custom bash completion for extensionsLars Flitter
Bash completion now allows usage of extension commands. (see pass.bash-completion for details)
2018-07-26Do not set foreground color for generated passwordLukas Fleischer
Since commit 63ef32a (generate: use nice ansi colors instead., 2014-05-08), generated passwords are highlighted to make them distinguishable from the Git output. However, setting the foreground color to white makes the password hardly readable when a "black on white" color scheme is used. Drop the hardcoded foreground color and use the bold attribute only instead. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2018-06-25Do not put passwords in herestringsJason A. Donenfeld
Bash sometimes writes these into temporary files, which isn't okay.
2018-06-24Simplify filename matching in redact_pass.vimTom Ryder
Use the autocmd pattern to match the password filename rather than doing it manually within the called function.
2018-06-14version: bumpJason A. Donenfeld
2018-06-14show: buffer output before displaying, in case decryption failsJason A. Donenfeld
For the line-choosing case, this is actually a big deal since we weren't passing the error code back to the user either.
2018-06-14Close stdout for background task that restores clipboardAllan Odgaard
While we do not expect any output on stdout from the background task, keeping the file handle open means that anyone calling `pass` and waiting for stdout to be closed, will have to wait (by default) for 45 seconds.
2018-06-14Don't trap INT or TERM; they are redundant and can break `pass edit`.Nick Kousu
Some EDITORs, notably Linux vi(1), which is the fallback default in pass, apparently send INT when they exit, and when pass is run under bash (which is also its default)--if you have /dev/shm/ available--bash catches this and cleans up your edited password file *before* it can be reencrypted and saved. This only happens with `pass edit`; none of the other commands combine tmpdir and $EDITOR.
2018-06-14tests: fix compatibility with GnuPG 2.2.5Clément Lassieur
2018-06-14Add tests and documentation of passing options to grep(1)Norbert Buchmueller
2018-06-14Ensure signature regexes are anchoredJason A. Donenfeld
Fixes CVE-2018-12356. Reported-by: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
2018-06-10Replace noplaintext.vim as redact_pass.vim pluginTom Ryder
Per debugging from Enno Nagel <enno.nagel+vim@gmail.com>, it's become apparent to me that to have any degree of confidence that none of these options have actually got any plaintext password data in them, we need to disable the options globally when a password file is edited. In particular, in the case of the 'viminfo' global option, it's not possible to disable it per path, and not terribly meaningful either; things like the last seach pattern or the contents of registers, i.e. global state of the editor, are recorded. There's no sensible approach I can see except to actually switch the feature off entirely by blanking it. I've therefore completely rewritten this, to make as thorough a check as possible that the Vim user is editing a pass(1) file by calling `pass edit`, and then to disable the "leaky" options globally, with an explicit warning so that the user can see it's been done. This plugin is also available as Vim script #5707: <https://www.vim.org/scripts/script.php?script_id=5707> Its homepage is here: <https://sanctum.geek.nz/cgit/vim-redact-pass.git/about/>
2018-05-24grep: allow grep options and argumentsSitaram Chamarty
Allow grep options and arguments. Typical uses may be, for instance, wanting to ignore case ('-i'), print a few lines of context around the matched line, multiple patterns with '-e', etc. (background: grep is deprecating GREP_OPTIONS, so eventually that will stop working).
2018-02-19fish: reduce completion runtimesMathis Antony
Fish completion spends most of the time in calls to `sed` in for loops over entries and directories. This patch removes the repeated calls to `sed`. Signed-off-by: Mathis Antony <sveitser@gmail.com>
2018-02-08generate: disallow zero length generated passwordsJason A. Donenfeld
2018-02-01generate: in-place should work when file is emptyJason A. Donenfeld
2017-12-18Quote array specifierJason A. Donenfeld
Otherwise this expands to a filename if one exists. Suggested-by: izaberina@gmail.com
2017-10-13protect dirname calls from pass-names that look like command-line optionsStacey Sheldon
With the $path variable being passed directly to dirname, any pass-names provided by the user that happened to look like options to dirname would be processed as options rather than as the path to be split. This results in a real mess when you happen to run one of: pass edit --help pass generate --help pass insert --help then in the cmd_foo() function, you have: mkdir -p -v "$PREFIX/$(dirname --help)" which (due to the -p option to mkdir) results in the creation of an entire directory hierarchy made up of the slash-separated help text from dirname.
2017-09-15passmenu: Don't eat whitespace at beginning/end of passwordDaniel Lublin
If IFS (Input Field Separator) is not emptied, read will actually strip spaces and tabs at the beginning/end end of the "line".
2017-08-29emacs: Release version 1.0.1 of Emacs packageSvend Sorensen
2017-08-29emacs: --run-async: Quote shell argumentsDamien Cassou
This is important for filenames with special characters such as spaces and parenthesis.
2017-08-29emacs: Update author's email addressSvend Sorensen
2017-08-29emacs: Fix package-lint violationsSvend Sorensen
2017-07-26emacs: Release version 1.0.0 of Emacs packageSvend Sorensen
2017-07-26emacs: Use with-editor to wrap "pass edit"Svend Sorensen
Instead of editing the password file directly using Emacs, "pass edit" is run. This allows password-store's git change tracking to work. This adds a dependency on the with-editor Emacs package.
2017-04-13Bump versionJason A. Donenfeld
2017-04-13init: match only the public keyJason A. Donenfeld
2017-03-28Use $GPG variableJason A. Donenfeld
2017-03-20Fix compatibility with GnuPG 2.2.19Andreas Stieger
GnuPG 2.2.19 added a warning when no command was given. * src/password-store.sh (reencrypt_path): Add --decrypt to --list-only * tests/t0300-reencryption.sh (gpg_keys_from_encrypted_file): same https://bugs.gnupg.org/gnupg/msg9873 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=810adfd47801fc01e45fb71af9f05c91f7890cdb https://bugzilla.suse.com/show_bug.cgi?id=1028867
2017-03-01tests: fix on OSX by not using the tr hackJason A. Donenfeld
2017-02-26Bump versionJason A. Donenfeld
2017-02-26Modernize makefileJason A. Donenfeld
2017-02-25CopyrightJason A. Donenfeld
2017-02-25StyleJason A. Donenfeld
2017-02-25git: use inner-most directoryJason A. Donenfeld
2017-02-25clip: sleep may require argv[0] to be sleepJason A. Donenfeld
2017-02-25man: document system extensionsJason A. Donenfeld
2017-02-25pwsafe2pass: add importerSam Mason
2017-02-25Support git worktree.Kevin Lyda
Git worktree works with the normal .git directory instead being a .git file with a reference to the primary git repository.
2017-02-25keepassx2pass: port to python3Fabio Zanini
2017-02-25man: fix typosJustin Gassner
2017-02-25Don’t reencrypt data not managed by pass.Sebastian Reuße
When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping.
2017-02-25tests: fix for recent changesJason A. Donenfeld
2017-02-25keepasss2csv2pass: improve and make more flexibleNathan Sommer
- Code is now PEP 8 compliant - Uses argparse module for command line arguments - Prints what it will do and prompts for confirmation before proceeding - Does not put URL and notes fields in the entry unless they are present in the CSV file - Adds a "user" field in the entry - There are now command line arguments for the following: - Exclude specific groups from being imported - Convert groups and names to lowercase - Use the name of the KeePass entry rather than the username as the pass entry name
2017-01-01show,generate: support qrcodesJason A. Donenfeld
2016-12-21makefile: proper use of DESTPATHJason A. Donenfeld