Age | Commit message (Collapse) | Author |
|
Per a report from Lakshay Garg <lakshayg@outlook.in>, the use of $TMPDIR
in the Vim plugin's pattern match does not work on macOS X, due to the
dynamic and symbolically-linked temporary dir structure this system
uses. Lakshay's email to me, which includes a full explanation, is
reproduced with his permission below.
This change is reflected in upstream v2.2.2:
<https://sanctum.geek.nz/cgit/vim-redact-pass.git/commit/?h=v2.2.2>
>Date: Sat, 13 Feb 2021 23:59:22 -0800
>From: Lakshay Garg <lakshayg@outlook.in>
>To: tom@sanctum.geek.nz
>Subject: [PATCH] vim: fix redact_pass.vim for macOS
>
>Hi Tom
>
>Thanks for maintaining redact_pass.vim. I came across an issue in the
>plugin a few months ago and submitted a patch for it to the
>password-store mailing list but did not get any responses. It seems
>like since only you have been maintaining that file, I might have
>better luck sending the patch to you.
>
>---
>
>Problem: redact_pass.vim did not work on macOS machines
>Fix: add resolve($TMPDIR) to the autcmd pattern list
>
>Explanation
>===========
>
>pass creates files under /private/var/<some-stuff> on macOS.
>redact_pass.vim uses the following pattern to detect when to
>enable the plugin:
>
>```
>$TMPDIR/pass.?*/?*.txt
>```
>
>This pattern expands to "/var/<some-stuff>//pass.?*/?*.txt"
>on my macbook and has two problems:
>
>1. The double forward slash in the expanded pattern (after <some-stuff>)
>2. pass uses /private/var but the pattern looks for /var
>
>Turns out, /var on macos is just a symlink to /private/var.
>The autocmd fails to trigger because it is trying to match
>the pattern: "/var/<some-stuff>//pass.?*/?*.txt"
>to filename: "/private/var/<some-stuff>/pass.<random-chars>/<random-chars>.txt"
>
>The simplest fix is to make $TMPDIR point to "/private/var/..."
>which is achieved by calling resolve on $TMPDIR prior to running
>the autocmd. This also handles the double forward-slash.
>
>Thanks again
>Lakshay
|
|
Works around issues with some popular colorschemes in v8.1. Problem
reported and fix suggested by Jeff Weston.
|
|
Use the autocmd pattern to match the password filename rather than doing
it manually within the called function.
|
|
Per debugging from Enno Nagel <enno.nagel+vim@gmail.com>, it's become
apparent to me that to have any degree of confidence that none of these
options have actually got any plaintext password data in them, we need
to disable the options globally when a password file is edited.
In particular, in the case of the 'viminfo' global option, it's not
possible to disable it per path, and not terribly meaningful either;
things like the last seach pattern or the contents of registers, i.e.
global state of the editor, are recorded. There's no sensible approach I
can see except to actually switch the feature off entirely by blanking
it.
I've therefore completely rewritten this, to make as thorough a check as
possible that the Vim user is editing a pass(1) file by calling `pass
edit`, and then to disable the "leaky" options globally, with an
explicit warning so that the user can see it's been done.
This plugin is also available as Vim script #5707:
<https://www.vim.org/scripts/script.php?script_id=5707>
Its homepage is here:
<https://sanctum.geek.nz/cgit/vim-redact-pass.git/about/>
|