Age | Commit message (Collapse) | Author |
|
|
|
Emacs backup files add a duplicate entry, that is, if you have the two files,
foo.bar and foo.bar~, then you'd get two entries for `foo'.
* password-store.el (password-store-list): Delete duplicate entries. Bump
version to 2.0.2. Update Copyright notice.
|
|
Drop nil arguments in `password-store--run` and `password-store--run-1`. This
fixes an error running `password-store-generate`.
|
|
|
|
When using EXWM, if `password-store-get` is called and a pinentry
program needs to be executed, Emacs deadlocks. This happens becuase
Emacs blocks waiting for output from `gpg(1)`, which is blocked
waiting for output from the pinentry-program, which is blocked waiting
for Emacs to manage its window.
This updates `password-store-copy` to work asynchronously. This
should be fine, since its primary purpose is side-effecting, and it
doesn’t matter when its evaluation completes. The ability to call
`password-store-get` asynchronously with a callback has also been
added to support this usecase.
A new function has been added for general cases of async `pass`
commands where the output is needed, `password-store--run-1`. While
there is an existing `password-store--run-async`, it discards output
-- it’s only used for `pass edit`, where it’s not needed. The body of
`password-store--run` has been replacing it with one that uses
`--run-1` and a wait loop which blocks until it’s complete.
Supporting all this necessitated moving the file to lexical binding
and dropping Emacs 24 support. The latter requirement could be worked
around if there are concerns around it.
**SECURITY INTERLUDE**
I was unbelievably distressed to discover that the implementation of
`password-store--run` redirects the decrypted file contents to disk,
reads that into a buffer, then removes the file. This approach is
preposterous and may warrant a CVE, as it exposes users to numerous
conditions where their cleartext passwords could be recovered:
- If the user hits C-g, the Emacs function may not get to the point
of removing the file, leaving the password on disk.
- It’s not a safe assumption that `make-temp-file` is secure, and
even if it were, the time windows in play are likely to be very
large, opening race conditions where the file contents can be read
by an attacker before the file is removed.
- Even if the file is removed, it could be recovered by examining the
contents of deleted inodes.
Information this sensitive should NEVER be persisted in cleartext in
non-volatile storage. You may as well write it on a post-it and stick
it on your monitor.
re NicolasPetton/pass#25
|
|
"http://" was repeated, fix the second instance to read "https://".
|
|
|
|
This is important for filenames with special characters such as spaces
and parenthesis.
|
|
|
|
|
|
|
|
Instead of editing the password file directly using Emacs, "pass edit" is
run. This allows password-store's git change tracking to work.
This adds a dependency on the with-editor Emacs package.
|
|
Use a defvar for the timeout timer in order to have better control and
not starting multiple timers when calling password-store-copy.
|
|
The output of pass may contain "%", which will cause `message` to throw
the error: "Not enough arguments for format string".
For example, `pass rename foo bar` outputs:
[master c33f7a9] Rename foo to bar.
1 file changed, 0 insertions(+), 0 deletions(-)
rename foo.gpg => bar.gpg (100%)
|
|
|
|
|
|
Use delq instead of -reject from the dash package.
|
|
|
|
This fixes a problem where gnupg-agent messages would get mixed with the
password content.
|
|
Quote shell arguments for insert so that it handles passwords and entry
names that contain special characters.
|
|
Timeout password after PASSWORD_STORE_CLIP_TIME seconds, if set.
Otherwise timeout after 45 seconds. These are the setting used by pass.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Optional force does not make sense for non-interactive remove function.
|
|
|
|
|
|
|
|
|
|
|