Re: [PATCH] feat: support more clippers
hi. for this, and your exa patch, *i* (who have nothing to do with this project, other than being a happy user) would prefer to have command line switches, or some sort of PASS_XCLIP_COMMAND / PASS_LS_COMMAND environmental variables. i can imagine scenarios where something named, e.g., "lemonade", does something other than the desired thing (and, in so doing, might disclose sensitive information). cheers, Greg
Re: How to search by login name?
Philipp, how about something like : pass grep -l minsh...@umich.edu
Re: [RFC PATCH] Add option to print the first line of an entry
Rene,
> The idea is to make piping the password as easy as copying it to the
> clipboard. IMHO this should be a feature of pass.
easy is good! here is how i, at least, use `pass tail` (*):
bash wonderful (master): {316} pass tail foo/bar
username: every...@example.com
bash wonderful (master): {317}
on the question of whether this is easier, harder, i am neutral!
cheers, Greg
(*) once i have it installed, e.g., in
/usr/local/lib/password-store/extensions/tail.bash
Re: [RFC PATCH] Add option to print the first line of an entry
Rene, i wonder if it might make sense to do this as a separate extension, a companion, e.g., to pass-extension-tail? cheers, Greg
Re: Pass Generate Hidden
Nathan, > Is there an option (or could there be) for `pass generate ...` to not > print the new password? I always like to test the decoding anyway, > plus it would be more secure. maybe i'm misunderstanding, but i always do `pass generate -c ...`. cheers, Greg
Re: Question: Printing and Clipping Password Info
Mitch,
i think you could:
pass fubar | \
tee >(awk 'NR > 1 {print}' > /dev/tty) | \
awk 'NR == 1 { print }' | \
xclip -i -selection clipboard
(YSMV == your shell may vary).
cheers, Greg
Re: pass list
Pierre, > I am willing to write a patch if we find consensus. i'd be a fan. and, if highlighting could somehow also be controlled, that would be great. cheers, Greg
Re: option for no highlighting on output
Oliver, > that would be great. (sorry, i should have said this initially.) if this would be of interest to add to the source, i'd be happy to produce a candidate patch. cheers, Greg
Re: option for no highlighting on output
Oliver, > I like the env var but wouldn’t it also be good to detect if pass is > being piped or outputting to the terminal? That would be a good > default behavior, which you could override with env variable. that would be great. cheers, Greg
Re: option for no highlighting on output
hi. i wonder if i could put in a renewed plug for my own request from a
while back? it would be great (for me, anyway) to see this in the main
code base.
cheers, and thanks for all those secrets, Greg
From: Greg Minshall
To: password-store@lists.zx2c4.com
Subject: option for no highlighting on output
Date: Tue, 24 Sep 2019 06:09:22 +0300
hi. i wanted to edit those of my files that matched a certain pattern,
and tried:
for i in $(pass grep -iw user | grep ':$' | sed s/://); do pass tailedit $i;
done
but, i got files with names like:
tfxPMA-^[[94mbank-hsbc-^[[1mhesab[0m.txt
where the characters preceding the initial dash ('-') are to be
expected, but the escape sequences ('^[[m' [*]) are pass generating
highlighting for display on the terminal.
similar to a patch from a few months ago (4 Jun 2019) by Gonzalo Matheu
i modified pass to optionally disable such escape sequences.
i use the non-null existence of an environmental variable
PASSWORD_STORE_NOHIGHLIGHT to activate this behavior. i also
unconditionally (laziness?) take the "--color=always" argument off the
grep command line, replacing it with ${GREPOPTIONS}.
a patch follows. i would, of course, love to see it added to the base
package.
cheers, Greg
[*] here is a sequence of digits, like '94', '1', '0'; note: i've
manually substituted the character string '^[' for the actual escapes in
the file names
---
src/password-store.sh | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 284eabf..b3b5e8b 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -143,6 +143,12 @@ check_sneaky_paths() {
done
}
+high() {# highlight (or not)
+if [[ -z ${PASSWORD_STORE_NOHIGHLIGHT} ]]; then
+printf "\e[%dm" $*
+fi
+}
+
#
# END helper functions
#
@@ -418,14 +424,14 @@ cmd_grep() {
[[ $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [GREPOPTIONS]
search-string"
local passfile grepresults
while read -r -d "" passfile; do
- grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep
--color=always "$@")"
+ grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep
${GREPOPTIONS} "$@")"
[[ $? -ne 0 ]] && continue
passfile="${passfile%.gpg}"
passfile="${passfile#$PREFIX/}"
local passfile_dir="${passfile%/*}/"
[[ $passfile_dir == "${passfile}/" ]] && passfile_dir=""
passfile="${passfile##*/}"
- printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
+ printf "%s%s%s%s%s:\n" "$(high 94)" "$passfile_dir" "$(high 1)"
"$passfile" "$(high 0)"
echo "$grepresults"
done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg'
-print0)
}
@@ -555,7 +561,7 @@ cmd_generate() {
elif [[ $qrcode -eq 1 ]]; then
qrcode "$pass" "$path"
else
- printf "\e[1mThe generated password for \e[4m%s\e[24m
is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass"
+ printf "%sThe generated password for %s%s%s is:%s\n%s%s%s%s\n"
"$(high 1)" "$(high 4)" "$path" "$(high 24)" "$(high 0)" "$(high 1)" "$(high
93)" "$pass" "$(high 0)"
fi
}
--
2.23.0
option for no highlighting on output
hi. i wanted to edit those of my files that matched a certain pattern,
and tried:
for i in $(pass grep -iw user | grep ':$' | sed s/://); do pass tailedit $i;
done
but, i got files with names like:
tfxPMA-^[[94mbank-hsbc-^[[1mhesab[0m.txt
where the characters preceding the initial dash ('-') are to be
expected, but the escape sequences ('^[[m' [*]) are pass generating
highlighting for display on the terminal.
similar to a patch from a few months ago (4 Jun 2019) by Gonzalo Matheu
i modified pass to optionally disable such escape sequences.
i use the non-null existence of an environmental variable
PASSWORD_STORE_NOHIGHLIGHT to activate this behavior. i also
unconditionally (laziness?) take the "--color=always" argument off the
grep command line, replacing it with ${GREPOPTIONS}.
a patch follows. i would, of course, love to see it added to the base
package.
cheers, Greg
[*] here is a sequence of digits, like '94', '1', '0'; note: i've
manually substituted the character string '^[' for the actual escapes in
the file names
---
src/password-store.sh | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 284eabf..b3b5e8b 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -143,6 +143,12 @@ check_sneaky_paths() {
done
}
+high() {# highlight (or not)
+if [[ -z ${PASSWORD_STORE_NOHIGHLIGHT} ]]; then
+printf "\e[%dm" $*
+fi
+}
+
#
# END helper functions
#
@@ -418,14 +424,14 @@ cmd_grep() {
[[ $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [GREPOPTIONS]
search-string"
local passfile grepresults
while read -r -d "" passfile; do
- grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep
--color=always "$@")"
+ grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep
${GREPOPTIONS} "$@")"
[[ $? -ne 0 ]] && continue
passfile="${passfile%.gpg}"
passfile="${passfile#$PREFIX/}"
local passfile_dir="${passfile%/*}/"
[[ $passfile_dir == "${passfile}/" ]] && passfile_dir=""
passfile="${passfile##*/}"
- printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile"
+ printf "%s%s%s%s%s:\n" "$(high 94)" "$passfile_dir" "$(high 1)"
"$passfile" "$(high 0)"
echo "$grepresults"
done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg'
-print0)
}
@@ -555,7 +561,7 @@ cmd_generate() {
elif [[ $qrcode -eq 1 ]]; then
qrcode "$pass" "$path"
else
- printf "\e[1mThe generated password for \e[4m%s\e[24m
is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass"
+ printf "%sThe generated password for %s%s%s is:%s\n%s%s%s%s\n"
"$(high 1)" "$(high 4)" "$path" "$(high 24)" "$(high 0)" "$(high 1)" "$(high
93)" "$pass" "$(high 0)"
fi
}
--
2.23.0
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
Re: Security Vulnerability: Faulty GPG Signature Checking
Ben, > No. It only stops people from adding new commits who don't have your > GPG key. thanks (again). one thing is that now "pass insert" requires inputting your gpg key (in order to sign, presumably). so, a very minor annoyance. cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass choose
hi. i put the following very small patch together for
pass.bash-completion. it allows one to specify an environmental
variable PASSWORD_COMPLETE_ENTRIES, which is shell code that is "eval"d.
the default is (we hope) the current behavior. but, i, e.g., have in my
.bashrc, the following:
export PASSWORD_COMPLETE_ENTRIES='(([[ -n ${COMPREPLY[@]} ]] && echo
${COMPREPLY[@]} | tr " " "\n";
(cd $prefix; find . -name "${cur}*.gpg" -type f |
sed "sX./XX" |
sed "s/[.]gpg//" )
) 2>&1 | dmenu -b)'
which allows me to do completion via dmenu(1). possibly this would
satisfy the "choose".
i barely know bash, so can't comment on how this would fit with fish,
zsh completion.
the only thing i'm a bit worried about is zeroing out "COMPREPLY" --
necessary for the code to work -- at the point i do. it *seems* as if
"items" should contain everything one would want to have in "COMPREPLY".
cheers, Greg
>From f5e4d5d34aec8b3e7ec6127993f87c305daf9f54 Mon Sep 17 00:00:00 2001
From: Greg Minshall
Date: Sun, 3 Jun 2018 19:21:55 -0700
Subject: [PATCH] PASSWORD_COMPLETE_ENTRIES (programmable programmable)
---
src/completion/pass.bash-completion | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion
index 456485b..f3ae5c3 100644
--- a/src/completion/pass.bash-completion
+++ b/src/completion/pass.bash-completion
@@ -9,9 +9,11 @@ _pass_complete_entries () {
prefix="${prefix%/}/"
suffix=".gpg"
autoexpand=${1:-0}
+local complete_entries=${PASSWORD_COMPLETE_ENTRIES:='compgen -f $prefix$cur'}
local IFS=$'\n'
- local items=($(compgen -f $prefix$cur))
+local items=($(eval ${complete_entries}))
+COMPREPLY=()# presumably, items is everything
# Remember the value of the first item, to see if it is a directory. If
# it is a directory, then don't add a space to the completion
--
2.7.4
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
Re: question on security
Guthrie, Ben, Kenny, Martin, thanks for all the replies. mass itemized reply (inconsequential). 1. yes, it's Mingshen Sun's ios app i was looking at. 2. i should figure out multiple keys in general, for password-store in particular. (gpg* scares me (**).) that would probably be a win, given my level of paranoia. 3. i don't encrypt e-mails. (more paranoia: it's going to end up as plain text on Bob's computer and i can't really think of a Bob i trust -- including Alice, i.e., me -- not to leak, allow leaking. :) 4. thanks for the (two separate!) pointers to git-remote-gcrypt. i guess too bad it's not yet an option. (nor tomb.) 5. the idea of using a private git repo host makes sense. (i *said* "inconsequential", right? :) again, thanks. cheers, Greg (**) pulpit: i hate that gpg* will leave a decrypted file laying around without warnings, flashing lights, etc. it should at *least* require a single, dedicated "--LEAK" flag, something like that. otherwise, the idiot new user (me) is likely to leak left, right, and center. ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
question on security
hi. thanks very much to the responsible parties for password-store, which i'm happily using on lubuntu. i'm attracted to somehow synchronizing with my iphone. the solution (that i've seen) uses git for synchronizing. this tickles something that's worried me a bit since i started looking at pass, which is, i *worry* that the security of exposing lots of tiny, "known-format" (more or less) files, all encrypted with the same key, may be less secure than exposing one large, known-format, file, encrypted with that same key. (this is my intuition speaking to me and, of course, *my* intuition, especially w.r.t. security, is infallible... :) does anyone have any opinions/numbers/facts? cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass password thru a filter on way to clipboard?
Andrew, > xsel has a timeout option, and xclip has a (more useful for this case, > IMHO) loops option which only allows the data to be pasted N times. nice! thanks! ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass password thru a filter on way to clipboard?
hi, Till, yes, i could do the pipeline outside of pass. however, "pass -c" does this nice thing of clearing the selection after N seconds, and i'd like to retain that (without implementing it myself). cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
pass password thru a filter on way to clipboard?
hi. pass make me very happy -- thanks very much!
my basic, silly, use case, is credit card numbers. i like to store them
with spaces separating groups of 4 digits ("1234 5678 9012 3456"), but
web sites typically want them space-free. so, in *this* case, i'd like
to pass them through "sed 's/ //g'" on the way to the clipboard.
in general, it might be nice to allow some arbitrary filter to be
inserted, maybe where "pass" is set in cmd_show? (where it would apply
with or without -c.) (though some more specific thing, like an option
to exclude spaces, would likely be more secure, so...)
i don't think that can be done as an add-on (without duplicating all of
cmd_show, i'd guess).
cheers, and again thanks, Greg Minshall
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
