Re: [PATCH] feat: support more clippers
hi. for this, and your exa patch, *i* (who have nothing to do with this project, other than being a happy user) would prefer to have command line switches, or some sort of PASS_XCLIP_COMMAND / PASS_LS_COMMAND environmental variables. i can imagine scenarios where something named, e.g., "lemonade", does something other than the desired thing (and, in so doing, might disclose sensitive information). cheers, Greg
Re: How to search by login name?
Philipp, how about something like : pass grep -l minsh...@umich.edu
Re: [RFC PATCH] Add option to print the first line of an entry
Rene, > The idea is to make piping the password as easy as copying it to the > clipboard. IMHO this should be a feature of pass. easy is good! here is how i, at least, use `pass tail` (*): bash wonderful (master): {316} pass tail foo/bar username: every...@example.com bash wonderful (master): {317} on the question of whether this is easier, harder, i am neutral! cheers, Greg (*) once i have it installed, e.g., in /usr/local/lib/password-store/extensions/tail.bash
Re: [RFC PATCH] Add option to print the first line of an entry
Rene, i wonder if it might make sense to do this as a separate extension, a companion, e.g., to pass-extension-tail? cheers, Greg
Re: Pass Generate Hidden
Nathan, > Is there an option (or could there be) for `pass generate ...` to not > print the new password? I always like to test the decoding anyway, > plus it would be more secure. maybe i'm misunderstanding, but i always do `pass generate -c ...`. cheers, Greg
Re: Question: Printing and Clipping Password Info
Mitch, i think you could: pass fubar | \ tee >(awk 'NR > 1 {print}' > /dev/tty) | \ awk 'NR == 1 { print }' | \ xclip -i -selection clipboard (YSMV == your shell may vary). cheers, Greg
Re: pass list
Pierre, > I am willing to write a patch if we find consensus. i'd be a fan. and, if highlighting could somehow also be controlled, that would be great. cheers, Greg
Re: option for no highlighting on output
Oliver, > that would be great. (sorry, i should have said this initially.) if this would be of interest to add to the source, i'd be happy to produce a candidate patch. cheers, Greg
Re: option for no highlighting on output
Oliver, > I like the env var but wouldn’t it also be good to detect if pass is > being piped or outputting to the terminal? That would be a good > default behavior, which you could override with env variable. that would be great. cheers, Greg
Re: option for no highlighting on output
hi. i wonder if i could put in a renewed plug for my own request from a while back? it would be great (for me, anyway) to see this in the main code base. cheers, and thanks for all those secrets, Greg From: Greg Minshall To: password-store@lists.zx2c4.com Subject: option for no highlighting on output Date: Tue, 24 Sep 2019 06:09:22 +0300 hi. i wanted to edit those of my files that matched a certain pattern, and tried: for i in $(pass grep -iw user | grep ':$' | sed s/://); do pass tailedit $i; done but, i got files with names like: tfxPMA-^[[94mbank-hsbc-^[[1mhesab[0m.txt where the characters preceding the initial dash ('-') are to be expected, but the escape sequences ('^[[m' [*]) are pass generating highlighting for display on the terminal. similar to a patch from a few months ago (4 Jun 2019) by Gonzalo Matheu i modified pass to optionally disable such escape sequences. i use the non-null existence of an environmental variable PASSWORD_STORE_NOHIGHLIGHT to activate this behavior. i also unconditionally (laziness?) take the "--color=always" argument off the grep command line, replacing it with ${GREPOPTIONS}. a patch follows. i would, of course, love to see it added to the base package. cheers, Greg [*] here is a sequence of digits, like '94', '1', '0'; note: i've manually substituted the character string '^[' for the actual escapes in the file names --- src/password-store.sh | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 284eabf..b3b5e8b 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -143,6 +143,12 @@ check_sneaky_paths() { done } +high() {# highlight (or not) +if [[ -z ${PASSWORD_STORE_NOHIGHLIGHT} ]]; then +printf "\e[%dm" $* +fi +} + # # END helper functions # @@ -418,14 +424,14 @@ cmd_grep() { [[ $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [GREPOPTIONS] search-string" local passfile grepresults while read -r -d "" passfile; do - grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always "$@")" + grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep ${GREPOPTIONS} "$@")" [[ $? -ne 0 ]] && continue passfile="${passfile%.gpg}" passfile="${passfile#$PREFIX/}" local passfile_dir="${passfile%/*}/" [[ $passfile_dir == "${passfile}/" ]] && passfile_dir="" passfile="${passfile##*/}" - printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile" + printf "%s%s%s%s%s:\n" "$(high 94)" "$passfile_dir" "$(high 1)" "$passfile" "$(high 0)" echo "$grepresults" done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0) } @@ -555,7 +561,7 @@ cmd_generate() { elif [[ $qrcode -eq 1 ]]; then qrcode "$pass" "$path" else - printf "\e[1mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" + printf "%sThe generated password for %s%s%s is:%s\n%s%s%s%s\n" "$(high 1)" "$(high 4)" "$path" "$(high 24)" "$(high 0)" "$(high 1)" "$(high 93)" "$pass" "$(high 0)" fi } -- 2.23.0
option for no highlighting on output
hi. i wanted to edit those of my files that matched a certain pattern, and tried: for i in $(pass grep -iw user | grep ':$' | sed s/://); do pass tailedit $i; done but, i got files with names like: tfxPMA-^[[94mbank-hsbc-^[[1mhesab[0m.txt where the characters preceding the initial dash ('-') are to be expected, but the escape sequences ('^[[m' [*]) are pass generating highlighting for display on the terminal. similar to a patch from a few months ago (4 Jun 2019) by Gonzalo Matheu i modified pass to optionally disable such escape sequences. i use the non-null existence of an environmental variable PASSWORD_STORE_NOHIGHLIGHT to activate this behavior. i also unconditionally (laziness?) take the "--color=always" argument off the grep command line, replacing it with ${GREPOPTIONS}. a patch follows. i would, of course, love to see it added to the base package. cheers, Greg [*] here is a sequence of digits, like '94', '1', '0'; note: i've manually substituted the character string '^[' for the actual escapes in the file names --- src/password-store.sh | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh index 284eabf..b3b5e8b 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -143,6 +143,12 @@ check_sneaky_paths() { done } +high() {# highlight (or not) +if [[ -z ${PASSWORD_STORE_NOHIGHLIGHT} ]]; then +printf "\e[%dm" $* +fi +} + # # END helper functions # @@ -418,14 +424,14 @@ cmd_grep() { [[ $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [GREPOPTIONS] search-string" local passfile grepresults while read -r -d "" passfile; do - grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always "$@")" + grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep ${GREPOPTIONS} "$@")" [[ $? -ne 0 ]] && continue passfile="${passfile%.gpg}" passfile="${passfile#$PREFIX/}" local passfile_dir="${passfile%/*}/" [[ $passfile_dir == "${passfile}/" ]] && passfile_dir="" passfile="${passfile##*/}" - printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile" + printf "%s%s%s%s%s:\n" "$(high 94)" "$passfile_dir" "$(high 1)" "$passfile" "$(high 0)" echo "$grepresults" done < <(find -L "$PREFIX" -path '*/.git' -prune -o -iname '*.gpg' -print0) } @@ -555,7 +561,7 @@ cmd_generate() { elif [[ $qrcode -eq 1 ]]; then qrcode "$pass" "$path" else - printf "\e[1mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" + printf "%sThe generated password for %s%s%s is:%s\n%s%s%s%s\n" "$(high 1)" "$(high 4)" "$path" "$(high 24)" "$(high 0)" "$(high 1)" "$(high 93)" "$pass" "$(high 0)" fi } -- 2.23.0 ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: Security Vulnerability: Faulty GPG Signature Checking
Ben, > No. It only stops people from adding new commits who don't have your > GPG key. thanks (again). one thing is that now "pass insert" requires inputting your gpg key (in order to sign, presumably). so, a very minor annoyance. cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass choose
hi. i put the following very small patch together for pass.bash-completion. it allows one to specify an environmental variable PASSWORD_COMPLETE_ENTRIES, which is shell code that is "eval"d. the default is (we hope) the current behavior. but, i, e.g., have in my .bashrc, the following: export PASSWORD_COMPLETE_ENTRIES='(([[ -n ${COMPREPLY[@]} ]] && echo ${COMPREPLY[@]} | tr " " "\n"; (cd $prefix; find . -name "${cur}*.gpg" -type f | sed "sX./XX" | sed "s/[.]gpg//" ) ) 2>&1 | dmenu -b)' which allows me to do completion via dmenu(1). possibly this would satisfy the "choose". i barely know bash, so can't comment on how this would fit with fish, zsh completion. the only thing i'm a bit worried about is zeroing out "COMPREPLY" -- necessary for the code to work -- at the point i do. it *seems* as if "items" should contain everything one would want to have in "COMPREPLY". cheers, Greg >From f5e4d5d34aec8b3e7ec6127993f87c305daf9f54 Mon Sep 17 00:00:00 2001 From: Greg Minshall Date: Sun, 3 Jun 2018 19:21:55 -0700 Subject: [PATCH] PASSWORD_COMPLETE_ENTRIES (programmable programmable) --- src/completion/pass.bash-completion | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion index 456485b..f3ae5c3 100644 --- a/src/completion/pass.bash-completion +++ b/src/completion/pass.bash-completion @@ -9,9 +9,11 @@ _pass_complete_entries () { prefix="${prefix%/}/" suffix=".gpg" autoexpand=${1:-0} +local complete_entries=${PASSWORD_COMPLETE_ENTRIES:='compgen -f $prefix$cur'} local IFS=$'\n' - local items=($(compgen -f $prefix$cur)) +local items=($(eval ${complete_entries})) +COMPREPLY=()# presumably, items is everything # Remember the value of the first item, to see if it is a directory. If # it is a directory, then don't add a space to the completion -- 2.7.4 ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: question on security
Guthrie, Ben, Kenny, Martin, thanks for all the replies. mass itemized reply (inconsequential). 1. yes, it's Mingshen Sun's ios app i was looking at. 2. i should figure out multiple keys in general, for password-store in particular. (gpg* scares me (**).) that would probably be a win, given my level of paranoia. 3. i don't encrypt e-mails. (more paranoia: it's going to end up as plain text on Bob's computer and i can't really think of a Bob i trust -- including Alice, i.e., me -- not to leak, allow leaking. :) 4. thanks for the (two separate!) pointers to git-remote-gcrypt. i guess too bad it's not yet an option. (nor tomb.) 5. the idea of using a private git repo host makes sense. (i *said* "inconsequential", right? :) again, thanks. cheers, Greg (**) pulpit: i hate that gpg* will leave a decrypted file laying around without warnings, flashing lights, etc. it should at *least* require a single, dedicated "--LEAK" flag, something like that. otherwise, the idiot new user (me) is likely to leak left, right, and center. ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
question on security
hi. thanks very much to the responsible parties for password-store, which i'm happily using on lubuntu. i'm attracted to somehow synchronizing with my iphone. the solution (that i've seen) uses git for synchronizing. this tickles something that's worried me a bit since i started looking at pass, which is, i *worry* that the security of exposing lots of tiny, "known-format" (more or less) files, all encrypted with the same key, may be less secure than exposing one large, known-format, file, encrypted with that same key. (this is my intuition speaking to me and, of course, *my* intuition, especially w.r.t. security, is infallible... :) does anyone have any opinions/numbers/facts? cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass password thru a filter on way to clipboard?
Andrew, > xsel has a timeout option, and xclip has a (more useful for this case, > IMHO) loops option which only allows the data to be pasted N times. nice! thanks! ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: pass password thru a filter on way to clipboard?
hi, Till, yes, i could do the pipeline outside of pass. however, "pass -c" does this nice thing of clearing the selection after N seconds, and i'd like to retain that (without implementing it myself). cheers, Greg ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
pass password thru a filter on way to clipboard?
hi. pass make me very happy -- thanks very much! my basic, silly, use case, is credit card numbers. i like to store them with spaces separating groups of 4 digits ("1234 5678 9012 3456"), but web sites typically want them space-free. so, in *this* case, i'd like to pass them through "sed 's/ //g'" on the way to the clipboard. in general, it might be nice to allow some arbitrary filter to be inserted, maybe where "pass" is set in cmd_show? (where it would apply with or without -c.) (though some more specific thing, like an option to exclude spaces, would likely be more secure, so...) i don't think that can be done as an add-on (without duplicating all of cmd_show, i'd guess). cheers, and again thanks, Greg Minshall ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store