On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
SaltStack strips leading/trailing whitespaces from the password [1],
because pass adds a newline when entering passwords interactively.
Pass is capable of storing multiline passwords which are stored as
provided. That includes storing binary data as well. If such password
has leading/traling whitespaces, they get stripped in SaltStack
and the password becomes invalid.
This change fixes the inconsistency by always storing the passwords
as provided, with no extra characters added.
To retain good user experience, a newline is printed to stderr after
printing a password.
this looks like a bad idea to me, sorry to say. the data format
described on passwordstore.org is textual, not binary. also, printing a
newline on stderr unconditionally is a bit unelegant (when stdout was
redirected somewhere, a newline is still printed to the terminal).
two admittedly contrived examples:
printf "fetching password ..." >&2
foo="$(pass show foo)"
printf "done\n" >&2
# note how the status message now has a line break in it. would even
# worse when the program uses printf "\r" for a loading bar.
pass show foo | cat - /etc/hostname
# note that instead of two lines, cat returns both items on a single
# line now.
AFAICT, pass insert -m does not add an extra line terminator. doesn't
this suffice for your usecase?
personally, i base64 encode all binary blobs i store in pass. this has
the added benefit of (1) making it clear that these are bytes and (2) i
can add metadata in the usual http-header-like format below it, still.
