Age | Commit message (Collapse) | Author |
|
Based-on-work-by: Matthieu Weber <mweber@free.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
This relies on a patched version of tree to work, unfortunately.
Hopefully upstream will accept our patch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Matthew writes:
If the initial decrypt fails then the rest of the line shouldn't
continue, as it won't be a properly decrypted password being
re-encrypted and written over the existing passfile.
One solution to this would be to enable pipefail (set -o pipefail) -
either just before, or at the start of this script. This would
cause the failure of any of the commands in a pipe to set the return
status of the whole pipeline to non-zero (the last failed command's
return code is used).
We take his suggestion with this patch. While we're at it, we take a
little bit extra care (though not too much extra care) to select a more
random intermediate password, in case folks have a strange habit of
using a dot-new extension on files.
Suggested-by: Matthew Richardson <m.richardson@ed.ac.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
Suggested-by: Tom Vincent <pass@tlvince.com>
|
|
Suggested-by: Matthew Richardson <m.richardson@ed.ac.uk>
|
|
|
|
|
|
Suggested-by: Matthieu Weber <mweber@free.fr>
|
|
|
|
|
|
|
|
|
|
|
|
mktemp expects all options before a template. This prevented the
temporary file for "pass edit" mode from being created in /dev/shm.
|
|
|
|
Some users want to use a different clipboard for pass.
Suggested-by: nand <nand@nand.wakku.to>
|
|
|
|
We now make sure a previous pass clip restore finishes immediately when
copying another password to the clipboard.
This is currently only implemented on Linux.
|
|
|
|
|
|
|
|
The .gpg-id file may now have multiple keys in it, one per line.
If a .gpg-id file exists inside a subdirectory, passwords inside that
directory are encrypted to that/those ids.
The init command has learned a -p/--path option for writing such a sub
directory .gpg-id and now can take several arguments for ids.
|
|
|
|
According to a forthcoming paper by Alfredo Pironti, OpenPGP compression
can reveal entropy levels. We thus disable compression.
Existing password stores can be reencrypted without compression using
the "--reencrypt" flag for "init".
Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
Make show/ls/list follow links by passing -l to tree.
|
|
|
|
The `read` builtin accepts backslash notation for common non-printing
characters by default, like `\t` and `\n`. This requires that any
literal backslashes must also be escaped as `\\`.
Given that `gpg -e` does not interpret input, the `read` invocations are
changed to do the same.
Also, the right hand side of an `==` comparison within `[[ ]]` must be
quoted in order to suppress pattern metacharacter expansion. Quoting the
bash manual:
When the == and != operators are used, the string to the right of
the operator is considered a pattern and matched according to the
rules described below under Pattern Matching.
|
|
|
|
|
|
Reported-by: Paul Wise <pabs@debian.org>
|
|
|
|
|
|
|
|
|
|
|