summaryrefslogtreecommitdiff
path: root/src/password-store.sh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Don't trap INT or TERM; they are redundant and can break `pass edit`.Nick Kousu2018-06-141-2/+2
| | | | | | | | | | | Some EDITORs, notably Linux vi(1), which is the fallback default in pass, apparently send INT when they exit, and when pass is run under bash (which is also its default)--if you have /dev/shm/ available--bash catches this and cleans up your edited password file *before* it can be reencrypted and saved. This only happens with `pass edit`; none of the other commands combine tmpdir and $EDITOR.
* Add tests and documentation of passing options to grep(1)Norbert Buchmueller2018-06-141-2/+2
|
* Ensure signature regexes are anchoredJason A. Donenfeld2018-06-141-4/+4
| | | | | | Fixes CVE-2018-12356. Reported-by: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
* grep: allow grep options and argumentsSitaram Chamarty2018-05-241-3/+3
| | | | | | | | | Allow grep options and arguments. Typical uses may be, for instance, wanting to ignore case ('-i'), print a few lines of context around the matched line, multiple patterns with '-e', etc. (background: grep is deprecating GREP_OPTIONS, so eventually that will stop working).
* generate: disallow zero length generated passwordsJason A. Donenfeld2018-02-081-1/+2
|
* generate: in-place should work when file is emptyJason A. Donenfeld2018-02-011-1/+1
|
* Quote array specifierJason A. Donenfeld2017-12-181-1/+1
| | | | | | Otherwise this expands to a filename if one exists. Suggested-by: izaberina@gmail.com
* protect dirname calls from pass-names that look like command-line optionsStacey Sheldon2017-10-131-6/+6
| | | | | | | | | | | | | | | | | | | | With the $path variable being passed directly to dirname, any pass-names provided by the user that happened to look like options to dirname would be processed as options rather than as the path to be split. This results in a real mess when you happen to run one of: pass edit --help pass generate --help pass insert --help then in the cmd_foo() function, you have: mkdir -p -v "$PREFIX/$(dirname --help)" which (due to the -p option to mkdir) results in the creation of an entire directory hierarchy made up of the slash-separated help text from dirname.
* Bump version1.7.1Jason A. Donenfeld2017-04-131-1/+1
|
* init: match only the public keyJason A. Donenfeld2017-04-131-1/+1
|
* Use $GPG variableJason A. Donenfeld2017-03-281-3/+3
|
* Fix compatibility with GnuPG 2.2.19Andreas Stieger2017-03-201-1/+1
| | | | | | | | | | | GnuPG 2.2.19 added a warning when no command was given. * src/password-store.sh (reencrypt_path): Add --decrypt to --list-only * tests/t0300-reencryption.sh (gpg_keys_from_encrypted_file): same https://bugs.gnupg.org/gnupg/msg9873 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=810adfd47801fc01e45fb71af9f05c91f7890cdb https://bugzilla.suse.com/show_bug.cgi?id=1028867
* Bump version1.7Jason A. Donenfeld2017-02-261-1/+1
|
* CopyrightJason A. Donenfeld2017-02-251-1/+1
|
* StyleJason A. Donenfeld2017-02-251-2/+2
|
* git: use inner-most directoryJason A. Donenfeld2017-02-251-20/+44
|
* clip: sleep may require argv[0] to be sleepJason A. Donenfeld2017-02-251-1/+1
|
* Support git worktree.Kevin Lyda2017-02-251-6/+6
| | | | | Git worktree works with the normal .git directory instead being a .git file with a reference to the primary git repository.
* Don’t reencrypt data not managed by pass.Sebastian Reuße2017-02-251-2/+2
| | | | | | | | | | | | | | | When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping.
* show,generate: support qrcodesJason A. Donenfeld2017-01-011-15/+40
|
* extensions: introduce system extensionsJason A. Donenfeld2016-12-211-5/+14
|
* extensions: make opt-inJason A. Donenfeld2016-12-211-10/+14
|
* Add signaturesJason A. Donenfeld2016-12-211-0/+24
|
* Add extensionsJason A. Donenfeld2016-12-201-1/+14
|
* generate: use /dev/urandom directlyJason A. Donenfeld2016-12-201-5/+7
| | | | | | Passing to tr using the "pick and discard" technique is more straight- forwardly correct and less error-prone. It also allows users to select their own character sets to be passed to tr.
* Make gpg errors fatalJason A. Donenfeld2016-02-061-5/+5
|
* Revert "show: allow passing prefix to clip"Jason A. Donenfeld2016-02-061-9/+5
| | | | | | This reverts commit fcb92ed69fc191e39379bad715371d8c28410885. Needs more discussion.
* init: put path in commit messageJason A. Donenfeld2016-02-061-4/+4
|
* show: allow passing prefix to clipJason A. Donenfeld2016-02-061-5/+9
|
* show: better clip error messageJason A. Donenfeld2016-02-051-3/+3
|
* show: allow selecting which clip lineJason A. Donenfeld2016-02-051-6/+7
|
* generate: have a default length of 25Jason A. Donenfeld2016-02-051-4/+5
| | | | | | | | | | | | | Folks are lazy and don't want to type very much, so they'd like to have a default password length to generate that can be configured via environment variables per usual. I'm making the default 25. If the user forbids the use of symbols, pwgen will use a-zA-Z0-9, ensuring that at least one A-Z and at least one 0-9 is used. We want to have a password of at least 128-bits, so factoring in the issue with "at least one of this character type", 25 gets us there squarely. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix up moving ambiguity tooJason A. Donenfeld2016-02-051-5/+6
|
* Insert and edit work on files, so don't let the arguments be directoriesJason A. Donenfeld2016-02-051-2/+2
|
* Handle removal of directories and passwords with the same nameJason A. Donenfeld2016-02-051-5/+4
|
* Use 6 Xs for mktempJason A. Donenfeld2015-05-111-1/+1
|
* Fix .gpg strippingJason A. Donenfeld2015-05-111-2/+2
|
* add support for passing arbitrary options to all invocations of GPGDavid Adam2015-05-111-4/+4
| | | | | | Uses the PASSWORD_STORE_GPG_OPTS environment variable. Can be used to (e.g.) change the keyrings or trust model used.
* Exit 1 when gpg fails in multiline too.Anne Jan Brouwer2015-05-111-1/+1
| | | | Multiline insert errors gave a exit code of 0, now correctly propagated.
* Suppress output when original file does not existJason A. Donenfeld2015-02-111-1/+1
|
* Bump version1.6.5Jason A. Donenfeld2015-01-281-1/+1
|
* cygwin + gpg4win: convert paths to windows paths when calling gpg4win binary ↵Lenz Weber2015-01-281-1/+1
| | | | instead of cygwin's gpg binary
* Use more stable with-colons outputJason A. Donenfeld2015-01-281-1/+1
|
* Revert "Only examine subkeys that are capable of encrypting."Jason A. Donenfeld2015-01-281-1/+1
| | | | | | | This reverts commit ec8140b0f1a422aad16d41d0c322f3a6ceef74fe. The needed option is only available on GnuPG 2.1, and we need to support GnuPG 2.0 too.
* Bump version1.6.4Jason A. Donenfeld2015-01-281-1/+1
|
* Strip ".gpg" from symlinks as wellTheo Chatzimichos2015-01-271-2/+2
| | | | | | | | | | | | | | | Symlinks inside password-store make sense when using passff in firefox, and have the same LDAP password in different websites. In order to have passff working correctly then, we need to strip the .gpg extension from symlinks as well. Example output of `pass find site1` or `pass | grep site1` before this commit: site1.job.com.gpg -> site2.job.com and after: site1.job.com -> site2.job.com
* clip: Show an error message if xclip returns a non-zero exit codeWieland Hoffmann2015-01-191-3/+2
| | | | | | | | | | | xclip will return a non-zero exit code if $DISPLAY is not set, which might happen, for example, if you're running pass in a tmux session remotely or something like that. xclip itself will also show an error message ("Can't open display") which provides enough context to figure out what the problem is. There might be other reasons for xclip to return a non-zero exit code, but the man page doesn't list them.
* Correct path for top level grepJason A. Donenfeld2015-01-191-2/+3
|
* Do not use hidden recipientsJason A. Donenfeld2015-01-131-1/+1
|
* Only examine subkeys that are capable of encrypting.Jason A. Donenfeld2015-01-121-1/+1
|