Re: [pass] [PATCH] Allow custom subcommands

2016-10-17 Thread Jason A. Donenfeld 
On Fri, Oct 7, 2016 at 11:18 AM, Thorsten Wißmann
 wrote:
> I'd be interested in Jason's opinion on this functionality in general.

Subcommands will be a part of the next pass release.
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-17 Thread Lucas Hoffmann 
> > Quoting Thorsten Wißmann (2016-09-30 11:33:33)
> > > Other command line utilities like git or hledger[2] provide those
> > > custom subcommands, and I'd love to see it in pass as well. I've
> > > implemented that in the attached git formatted patch, but did not know
> > > whether/where/how to add an description for that in the man page.

I came up with another little hack that people can use if they want to
have custom subcommands for pass and don't like wrappers.  You can write
a script as a custom subcommand for git and use it via `pass git ...`!
E.g.

$ printf '#!%s\necho bar' "$SHELL" > ~/bin/git-foo
$ chmod +x ~/bin/git-foo
$ pass git foo

You can use $GIT_WORK_TREE in the script.  Just posting this in case
somebody is interested in the idea.

Lucas


signature.asc
Description: signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands - web of trust

2016-10-07 Thread Sylvain Viart 


Le 07/10/2016 à 09:41, Brian Candler a écrit :
>
> I can't see any way in which adding plugin signatures to pass itself
> is helpful. How are you going to choose which signatures to trust?
> Either pass is hard-coded with a list of trusted plugin authors, or
> you have to add the author keys too. In which case this is no better
> than either of the previous options. 


My message was to introduce signing for trust. It happens effectively
somewhat in .deb packages (it could be other examples of course).

Web of trust, is a way to delegate trust to other people in whom you
trust, as far as I know. It was introduced long time ago in GPG, for
example. You need to meet the person physically to fully trust his/her key.

So by following the links of trusted signatures you may, or may not,
arrive to trust a plugin using your own keyring.

I don't know if it is needed here for pass, but the subject has been
mentioned earlier in the link I posted. May be not on that form, but as
more and more really good plugin arrive it could be interesting to think
about that.

The custom subcommands is really pleasing concept, and I was thinking
loud how, and if, it needs to be achieved by signing custom scripts.

I'm also interested of how a "community trust" of signed keys could
behave, as it's also developed in free money software
.

Regards,
Sylvain.

-- 
Sylvain Viart - DevOps système linux - freelance developer



signature.asc
Description: OpenPGP digital signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-07 Thread Thorsten Wißmann 
Hi Lucas,

On Fri, Oct 07, 2016 at 10:33:33AM +0200, Lucas Hoffmann wrote:
> Currently there is one official "plugin" or "addon" for pass in the
> official repository: passmenu.  But that uses a new script name instead
> of hacking into pass subcommands.
> 
> This might be because it does not benefit the use case of passmenu much
> to exist inside the pass subcommands namespace or it might be to keep
> pass simple.

I guess that is the case because `passmenu` isn't used in the usual pass
workflow, which is in my opinion something like the following sequence
of commands in the shell:

  $ pass my-custom-generate web/some-pass.file # create it
  $ pass edit web/some-pass.file # adjust it a little bit
  $ pass show web/some-pass.file # double check
  $ pass clipwiz web/some-pass.file # paste it to the clipboard

> Attached you can find a script that wraps pass in order to call a
> subcommand script (it does what you describe above, only in an extra
> script).  Maybe if your solution is to intrusive we can add this wrapper
> in the contrib/ subdirecory.  Opinions?

That sounds like a nice workaround for experienced users until pass
officially supports custom subcommands. I'd refrain from adding this to
contrib/ because one has to be careful when using it with the name
"pass".

The first disadvantage of such a wrapper script is, that you can not
call it pass and place it in your $PATH. (Simply because `exec pass`
would call itself). So we have to hard-code the `pass` location, e.g.:

#!/bin/bash
if which "pass-$1" >/dev/null 2>&1; then
  exec "pass-$@"
fi
exec /usr/bin/pass "$@"

Furthermore, the user has to take care that this wrapper script is
placed in a directory mentioned earlier than /usr/bin/ in $PATH.

> Quoting Thorsten Wißmann (2016-09-30 11:33:33)
> > This does not only fit the usual pass workflow (first show a file,
> > then paste it using clipwiz), but one also gets the tab-completion for
> > custom pass scripts for free.
> 
> Some basic level of completion for the wrapper can be achieved in zsh
> with a simple "compdef pass-plugin-wrapper=pass".  Only official
> subcommands and no plugin commands will be completed like this.  But
> passwords will be completed after custom commands.

Yes, sure. If my patch was merged, one would need to extend the
subcommand completion in three completion files (bash, fish, and zsh).

> > Other command line utilities like git or hledger[2] provide those
> > custom subcommands, and I'd love to see it in pass as well. I've
> > implemented that in the attached git formatted patch, but did not know
> > whether/where/how to add an description for that in the man page.
> 
> I was also looking for this functionality before so I hope that we will
> find some solution that makes it into the repository.

I'd be interested in Jason's opinion on this functionality in general.

Cheers,
Thorsten


signature.asc
Description: PGP signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-07 Thread Lucas Hoffmann 
Quoting Thorsten Wißmann (2016-09-30 11:33:33)
> I have a couple of custom pass scripts (e.g. a custom clipboard
> wizard[1], or a custom file generation script). It would fit perfectly
> to the pass workflow if one could call those directly via pass, e.g.
>
> pass clipwiz Business/some-silly-business-site.com
>
> which should call
>
> pass-clipwiz Business/some-silly-business-site.com
>
> if there is an executable pass-clipwiz in the PATH.

Currently there is one official "plugin" or "addon" for pass in the
official repository: passmenu.  But that uses a new script name instead
of hacking into pass subcommands.

This might be because it does not benefit the use case of passmenu much
to exist inside the pass subcommands namespace or it might be to keep
pass simple.

Attached you can find a script that wraps pass in order to call a
subcommand script (it does what you describe above, only in an extra
script).  Maybe if your solution is to intrusive we can add this wrapper
in the contrib/ subdirecory.  Opinions?

> This does not only fit the usual pass workflow (first show a file,
> then paste it using clipwiz), but one also gets the tab-completion for
> custom pass scripts for free.

Some basic level of completion for the wrapper can be achieved in zsh
with a simple "compdef pass-plugin-wrapper=pass".  Only official
subcommands and no plugin commands will be completed like this.  But
passwords will be completed after custom commands.

> Other command line utilities like git or hledger[2] provide those
> custom subcommands, and I'd love to see it in pass as well. I've
> implemented that in the attached git formatted patch, but did not know
> whether/where/how to add an description for that in the man page.

I was also looking for this functionality before so I hope that we will
find some solution that makes it into the repository.

Happy hacking
Lucas
#!/bin/bash
if which "pass-$1" >/dev/null 2>&1; then
  exec "pass-$@"
fi
exec pass "$@"


signature.asc
Description: signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-07 Thread Sylvain Viart 
Hi,

Le 04/10/2016 à 07:40, Brian Candler a écrit :
> On 04/10/2016 05:45, Sylvain Viart wrote:
>> Pass itself could be signed. By the user at init.
> But why? Do you have a version of Linux which only executes signed
> scripts/binaries?
No, just an idea to share about. It could be a bad idea, of course…
And also because web of trust is interesting me. :-)

Not only signed scripts.

> As for the admin being tricked into installing a malicious plugin -
> what's the difference between that and installing a malicious version
> of 'pass' itself?
>
> The only protection for 'pass' is installing it from a trusted
> location, and/or verifying the code by eye. Surely the same applies to
> plugins?

You're right of course.

But what about non-programmer user?
I can't tell them to do that, right.

Some time, (often) I don't have time to review the code myself, I need
to trust the system, and free my mind about this issue. For example
running a GNU/Linux distrib + passwordstore, lets say I'm trusting that,
so I can go.

That was more my point. .deb packages are signed and reviewed by some
volunteer, I don't know if the system is perfect or not, but I'm
trusting it. ;-)

Sylvain.





-- 
Sylvain Viart - DevOps système linux - freelance developer




signature.asc
Description: OpenPGP digital signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-03 Thread Brian Candler 

On 04/10/2016 05:45, Sylvain Viart wrote:

Pass itself could be signed. By the user at init.
But why? Do you have a version of Linux which only executes signed 
scripts/binaries?


As for the admin being tricked into installing a malicious plugin - 
what's the difference between that and installing a malicious version of 
'pass' itself?


The only protection for 'pass' is installing it from a trusted location, 
and/or verifying the code by eye. Surely the same applies to plugins?


Regards,

Brian.
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-03 Thread Sylvain Viart 
Hi Thorsten,

Le 03/10/2016 à 19:30, Thorsten Wißmann a écrit :
>> > Does GPG web of trust sure enough, to allow co-signing script to enable
>> > such signed plugins?
> I don't understand your question. But are you asking how my patch could
> be extended to call only 'signed' extensions?

It was, yes.
I also mention the "web of trust" behavior of GPG, which nice but
complicated, just to see if some reader are involved in such reflexion… ;-)

> If some bad guy has write access to some directory in $PATH and wants to
> take over your password store, then the bad guy can simply add a
> malicious `pass` executable and the user would not notice.

Pass itself could be signed. By the user at init.
I was more thinking, about installing malicious plugin, not having
malicious inside your computer.
I don't think than a password manager can be used on a share system,
with shared memory or process…
It is only designed to work on a personal computer. (I never though
about that before but…)

> I.e. I don't think `pass` should do something like signing of program
> code. It's some separate problem to check if the programs in your $PATH
> are trustworthy or not.

I see your point, you may be right. I just emailed the reference about
signing plugins to let you know.

Not tested your plugin yet…
I like the logic like git or rvm.

Regards,
Sylvain.


-- 
Sylvain Viart - DevOps système linux - freelance developer

___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-03 Thread Thorsten Wißmann 
Hi Sylvain,

On Mon, Oct 03, 2016 at 07:20:47AM +0200, Sylvain Viart wrote:
> Le 30/09/2016 à 11:33, Thorsten Wißmann a écrit :
> > if there is an executable pass-clipwiz in the PATH. This does not only
> > fit the usual pass workflow (first show a file, then paste it using
> > clipwiz), but one also gets the tab-completion for custom pass scripts
> > for free.
> 
> Sounds cool!
> 
> See also:
> 
> [pass] Extending pass with user-defined hooks / add ons
> https://lists.zx2c4.com/pipermail/password-store/2015-August/001659.html

I see, thanks! I think the main decision is whether those extensions
should be part of "the password store" (that approach) or of the system
(my approach).

> Does GPG web of trust sure enough, to allow co-signing script to enable
> such signed plugins?

I don't understand your question. But are you asking how my patch could
be extended to call only 'signed' extensions?

If some bad guy has write access to some directory in $PATH and wants to
take over your password store, then the bad guy can simply add a
malicious `pass` executable and the user would not notice.

I.e. I don't think `pass` should do something like signing of program
code. It's some separate problem to check if the programs in your $PATH
are trustworthy or not.

Cheers,
Thorsten


signature.asc
Description: PGP signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

Re: [pass] [PATCH] Allow custom subcommands

2016-10-02 Thread Sylvain Viart 
Hi Thorsten,

Le 30/09/2016 à 11:33, Thorsten Wißmann a écrit :
> if there is an executable pass-clipwiz in the PATH. This does not only
> fit the usual pass workflow (first show a file, then paste it using
> clipwiz), but one also gets the tab-completion for custom pass scripts
> for free.

Sounds cool!

See also:

[pass] Extending pass with user-defined hooks / add ons
https://lists.zx2c4.com/pipermail/password-store/2015-August/001659.html


Does GPG web of trust sure enough, to allow co-signing script to enable
such signed plugins?


Sylvain.

-- 
Sylvain Viart - DevOps système linux - freelance developer



signature.asc
Description: OpenPGP digital signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

[pass] [PATCH] Allow custom subcommands

2016-09-30 Thread Thorsten Wißmann 
Hi,

I have a couple of custom pass scripts (e.g. a custom clipboard
wizard[1], or a custom file generation script). It would fit perfectly
to the pass workflow if one could call those directly via pass, e.g.

pass clipwiz Business/some-silly-business-site.com

which should call

pass-clipwiz Business/some-silly-business-site.com

if there is an executable pass-clipwiz in the PATH. This does not only
fit the usual pass workflow (first show a file, then paste it using
clipwiz), but one also gets the tab-completion for custom pass scripts
for free.

Other command line utilities like git or hledger[2] provide those custom
subcommands, and I'd love to see it in pass as well. I've implemented
that in the attached git formatted patch, but did not know
whether/where/how to add an description for that in the man page.

Feel free to adjust my little patch as you want.

Thank you very much for pass,
Cheers,
Thorsten


[1] http://thorsten-wissmann.de/p/3e7fa904a600c2505b33eda1d4850492
[2] http://hledger.org/manual.html
From 9b96e033a5a6e9e585dc3e1b1057e02a518b3818 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Wi=C3=9Fmann?= 
Date: Mon, 26 Sep 2016 11:17:37 +0200
Subject: [PATCH] Allow custom subcommands

If called with a subcommand 'cmd', call 'pass-cmd' if such a program is
found in $PATH.
---
 src/password-store.sh | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 63be840..b21250b 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -592,6 +592,13 @@ case "$1" in
 	rename|mv) shift;		cmd_copy_move "move" "$@" ;;
 	copy|cp) shift;			cmd_copy_move "copy" "$@" ;;
 	git) shift;			cmd_git "$@" ;;
-	*) COMMAND="show";		cmd_show "$@" ;;
+	*)
+		if which "pass-$1" 2>/dev/null 1>/dev/null ; then
+			shift
+			exec pass-"$COMMAND" "$@"
+		else
+			COMMAND="show";		cmd_show "$@"
+		fi
+		;;
 esac
 exit 0
-- 
2.10.0



signature.asc
Description: PGP signature
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store