summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Strip comments in gpg-id filesRichard Towers2021-06-111-0/+2
|
* Escape colons in zsh completion to show url portsGuido Cella2021-06-111-1/+1
| | | | | | zsh completion cuts filenames after colons, for example port numbers. This is fixed by escaping colons. This will also escape backslashes after the first.
* fish-completion: don't print full path when PASSWORD_STORE_DIR is setJohannes Altmanninger2021-05-181-4/+4
| | | | | | | "__fish_pass_print" enumerates all files in the password store and uses sed to strip their common prefix - the password store directory. If $PASSWORD_STORE_DIR had a trailing slash, sed would fail to remove the prefix. Fix this by canonicalizing $PASSWORD_STORE_DIR.
* fish-completion: reuse "git" and "grep" completionsJohannes Altmanninger2020-06-251-8/+12
| | | | | This makes fish complete commands starting with "pass git" as if they were starting with "git".
* fish-completion: don't erase existing completions for passJohannes Altmanninger2020-06-251-1/+0
| | | | fish only loads pass.fish once, so there is no point to erasing them.
* fish-completion: force some variables to be script-localJohannes Altmanninger2020-06-251-2/+2
| | | | | | | Unfortunately, a command "set x" without explicit scope overwrites the variable "x" in the innermost scope it is defined in, if any. This can cause problems if the user defines the variable "x" as global or universal variable (which is visible in all fishes). Make sure to define a local variable so we use that.
* fish-completion: support completions for wrapper commandsJohannes Altmanninger2020-06-251-5/+1
| | | | | | | | | | | | | | | | There is no point to checking the command name, fish already does that. Additionally fish knows about commands that "wrap" pass; those commands should inherit pass's completions. This commit enables fish>=3.1.0 to provide proper completions for this function: alias p="PASSWORD_STORE_DIR=$HOME/.my-passwords pass" or, equivalently, function p --wraps "PASSWORD_STORE_DIR=$HOME/.my-passwords pass" PASSWORD_STORE_DIR=$HOME/.my-passwords pass $argv end
* fish-completion: remove obsolete flagJohannes Altmanninger2020-06-251-57/+57
| | | | | The -A/--authoritative flag no longer has an effect since fish 2.5 which was released in 2017.
* fish-completion: avoid printing errors with an empty password storeJohannes Altmanninger2020-06-251-1/+2
| | | | | | | Reproduce by typing "pass <TAB>" in a shell launched like: HOME=`mktemp -d` fish Fish prints an error on failing globs - except when used in one of the commands "set", "for" or "count". Also quotes are unnecessary here.
* platform/darwin: don't invoke brew for the default prefixFilippo Valsorda2020-04-191-1/+1
| | | | | | | | "brew --prefix gnu-getopt" takes 2.125s on my very default setup (I don't even want to know why), dominating the pass wall time. If the default brew prefix is in use, just detect the getopt binary with a cheap "test -x" instead.
* platform/darwin: drop using "display" to show QR codesFilippo Valsorda2020-04-191-4/+0
| | | | | | | | This doesn't detect if XQuartz is installed and running, so it's broken in most setups, the experience is poor regardless, since it's not displayed inline in the terminal, but leaves a window that requires closing, and anyway the the utf8 mode works perfectly on both iTerm2 and Terminal.app.
* Unset variables messing with Git useMartin F. Krafft2019-11-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes sure that variables from the environment cannot override e.g. the Git directory to operate on, as well as other critical parts of Git operations. These variables are: - GIT_DIR - GIT_WORK_TREE - GIT_NAMESPACE - GIT_INDEX_FILE - GIT_INDEX_VERSION - GIT_OBJECT_DIRECTORY - GIT_COMMON_DIR If any of those are set, pass might end up operating on another repository, and things would break. I caught this having GIT_DIR set, but fortunately the other repository had a .gitignore that would have ignored the file: ``` fishbowl~% echo $GIT_DIR /home/madduck/.config/vcsh/repo.d/zsh.git fishbowl~% pass generate test The following paths are ignored by one of your .gitignore files: .password-store/test.gpg Use -f if you really want to add them. The generated password for test is: … ``` The result was an orphan file `test.gpg` in the password-store root. Signed-off-by: Martin F. Krafft <madduck@madduck.net>
* Account for missing [:graph:] on Busybox by using [:alnum:][:punct:]Daniel Janus2019-07-171-1/+1
| | | | | | | | | Some implementations of tr (notably the ones in Busybox and Toybox) do not support the [:graph:] character class, but they do support [:punct:] and [:alnum:]. This makes pass generate sane passwords in such environments. Discussed-on: https://lists.zx2c4.com/pipermail/password-store/2019-July/003702.html
* Exclude invalid, disabled and revoked subkeys from subkey selectionAaron Jones2019-06-161-1/+1
| | | | | | | | | | | | | | When rotating encryption subkeys, and revoking the old one, `pass init keyid` would re-encrypt your stored credentials to the (now revoked) old subkey(s) in addition to the new one too. It would also mistakenly encrypt to keys that have been disabled, and keys that were never validly signed by their master (certify) key. Fix all of these cases. It was decided NOT to also exclude expired subkeys. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
* clip: Add support for wl-clipboardBrett Cornwall2019-02-271-5/+21
|
* bash-completion: detect whether to use gpg/gpg2 binary for complete keysElan Ruusamäe2018-10-191-1/+4
| | | | Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
* bash_completion: do not leak variables to globals scopeElan Ruusamäe2018-10-191-6/+6
| | | | Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
* Do not reencrypt symbolic linksAldis Berjoza2018-08-091-0/+1
|
* version: bump1.7.3Jason A. Donenfeld2018-08-031-1/+1
|
* show: do not store binary data in bash varsJason A. Donenfeld2018-08-015-15/+18
| | | | Instead we're forced to base64 it, like we do with the clipboard.
* Add custom bash completion for extensionsLars Flitter2018-07-261-1/+12
| | | | | Bash completion now allows usage of extension commands. (see pass.bash-completion for details)
* Do not set foreground color for generated passwordLukas Fleischer2018-07-261-1/+1
| | | | | | | | | | | | Since commit 63ef32a (generate: use nice ansi colors instead., 2014-05-08), generated passwords are highlighted to make them distinguishable from the Git output. However, setting the foreground color to white makes the password hardly readable when a "black on white" color scheme is used. Drop the hardcoded foreground color and use the bold attribute only instead. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* Do not put passwords in herestringsJason A. Donenfeld2018-06-251-3/+3
| | | | Bash sometimes writes these into temporary files, which isn't okay.
* version: bump1.7.2Jason A. Donenfeld2018-06-141-1/+1
|
* show: buffer output before displaying, in case decryption failsJason A. Donenfeld2018-06-141-2/+4
| | | | | For the line-choosing case, this is actually a big deal since we weren't passing the error code back to the user either.
* Close stdout for background task that restores clipboardAllan Odgaard2018-06-143-3/+3
| | | | | | | While we do not expect any output on stdout from the background task, keeping the file handle open means that anyone calling `pass` and waiting for stdout to be closed, will have to wait (by default) for 45 seconds.
* Don't trap INT or TERM; they are redundant and can break `pass edit`.Nick Kousu2018-06-141-2/+2
| | | | | | | | | | | Some EDITORs, notably Linux vi(1), which is the fallback default in pass, apparently send INT when they exit, and when pass is run under bash (which is also its default)--if you have /dev/shm/ available--bash catches this and cleans up your edited password file *before* it can be reencrypted and saved. This only happens with `pass edit`; none of the other commands combine tmpdir and $EDITOR.
* Add tests and documentation of passing options to grep(1)Norbert Buchmueller2018-06-141-2/+2
|
* Ensure signature regexes are anchoredJason A. Donenfeld2018-06-141-4/+4
| | | | | | Fixes CVE-2018-12356. Reported-by: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
* grep: allow grep options and argumentsSitaram Chamarty2018-05-241-3/+3
| | | | | | | | | Allow grep options and arguments. Typical uses may be, for instance, wanting to ignore case ('-i'), print a few lines of context around the matched line, multiple patterns with '-e', etc. (background: grep is deprecating GREP_OPTIONS, so eventually that will stop working).
* fish: reduce completion runtimesMathis Antony2018-02-191-14/+13
| | | | | | | Fish completion spends most of the time in calls to `sed` in for loops over entries and directories. This patch removes the repeated calls to `sed`. Signed-off-by: Mathis Antony <sveitser@gmail.com>
* generate: disallow zero length generated passwordsJason A. Donenfeld2018-02-081-1/+2
|
* generate: in-place should work when file is emptyJason A. Donenfeld2018-02-011-1/+1
|
* Quote array specifierJason A. Donenfeld2017-12-181-1/+1
| | | | | | Otherwise this expands to a filename if one exists. Suggested-by: izaberina@gmail.com
* protect dirname calls from pass-names that look like command-line optionsStacey Sheldon2017-10-131-6/+6
| | | | | | | | | | | | | | | | | | | | With the $path variable being passed directly to dirname, any pass-names provided by the user that happened to look like options to dirname would be processed as options rather than as the path to be split. This results in a real mess when you happen to run one of: pass edit --help pass generate --help pass insert --help then in the cmd_foo() function, you have: mkdir -p -v "$PREFIX/$(dirname --help)" which (due to the -p option to mkdir) results in the creation of an entire directory hierarchy made up of the slash-separated help text from dirname.
* Bump version1.7.1Jason A. Donenfeld2017-04-131-1/+1
|
* init: match only the public keyJason A. Donenfeld2017-04-131-1/+1
|
* Use $GPG variableJason A. Donenfeld2017-03-281-3/+3
|
* Fix compatibility with GnuPG 2.2.19Andreas Stieger2017-03-201-1/+1
| | | | | | | | | | | GnuPG 2.2.19 added a warning when no command was given. * src/password-store.sh (reencrypt_path): Add --decrypt to --list-only * tests/t0300-reencryption.sh (gpg_keys_from_encrypted_file): same https://bugs.gnupg.org/gnupg/msg9873 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=810adfd47801fc01e45fb71af9f05c91f7890cdb https://bugzilla.suse.com/show_bug.cgi?id=1028867
* Bump version1.7Jason A. Donenfeld2017-02-261-1/+1
|
* CopyrightJason A. Donenfeld2017-02-251-1/+1
|
* StyleJason A. Donenfeld2017-02-251-2/+2
|
* git: use inner-most directoryJason A. Donenfeld2017-02-251-20/+44
|
* clip: sleep may require argv[0] to be sleepJason A. Donenfeld2017-02-251-1/+1
|
* Support git worktree.Kevin Lyda2017-02-251-6/+6
| | | | | Git worktree works with the normal .git directory instead being a .git file with a reference to the primary git repository.
* Don’t reencrypt data not managed by pass.Sebastian Reuße2017-02-251-2/+2
| | | | | | | | | | | | | | | When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping.
* show,generate: support qrcodesJason A. Donenfeld2017-01-012-15/+52
|
* extensions: introduce system extensionsJason A. Donenfeld2016-12-211-5/+14
|
* extensions: make opt-inJason A. Donenfeld2016-12-211-10/+14
|
* Add signaturesJason A. Donenfeld2016-12-211-0/+24
|