summaryrefslogtreecommitdiff
path: root/tests/gnupg/private-keys-v1.d (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-06-11version: bump1.7.4Jason A. Donenfeld1-1/+1
2021-06-11Ignore non-printable characters in calls to treeRémi Lapeyre2-2/+7
In MacOS Catalina, pass fails on accents with 'sed: RE error: illegal byte sequence'.
2021-06-11Use GPG_OPTS when verifying .gpg-id signaturevnctdj1-1/+1
I use a pass-specific gpg home directory. I tell pass about it by using PASSWORD_STORE_GPG_OPTS="--homedir dir". I also tell pass to sign files with PASSWORD_STORE_SIGNING_KEY. However "pass init" returns "Signing of .gpg_id unsuccessful." because we forgot to hand it GPG_OPTS. This patch fixes that oversight.
2021-06-11Strip comments in gpg-id filesRichard Towers1-0/+2
2021-06-11Escape colons in zsh completion to show url portsGuido Cella1-1/+1
zsh completion cuts filenames after colons, for example port numbers. This is fixed by escaping colons. This will also escape backslashes after the first.
2021-06-11passmenu: add support for waylandsternenseemann2-3/+20
Use a similar detection mechanism to pass itself. On wayland use: * dmenu-wl instead of dmenu, an (almost) drop-in replacement * ydotool instead of xdotool, a uinput-based replacement for xdotool. It is not as feature-complete, but probably the simplest (or only?) way to add the --type functionality to passmenu on wayland.
2021-05-18fish-completion: don't print full path when PASSWORD_STORE_DIR is setJohannes Altmanninger1-4/+4
"__fish_pass_print" enumerates all files in the password store and uses sed to strip their common prefix - the password store directory. If $PASSWORD_STORE_DIR had a trailing slash, sed would fail to remove the prefix. Fix this by canonicalizing $PASSWORD_STORE_DIR.
2021-02-16Add path to accommodate macOS' dynamic $TMPDIRTom Ryder1-0/+6
Per a report from Lakshay Garg <lakshayg@outlook.in>, the use of $TMPDIR in the Vim plugin's pattern match does not work on macOS X, due to the dynamic and symbolically-linked temporary dir structure this system uses. Lakshay's email to me, which includes a full explanation, is reproduced with his permission below. This change is reflected in upstream v2.2.2: <https://sanctum.geek.nz/cgit/vim-redact-pass.git/commit/?h=v2.2.2> >Date: Sat, 13 Feb 2021 23:59:22 -0800 >From: Lakshay Garg <lakshayg@outlook.in> >To: tom@sanctum.geek.nz >Subject: [PATCH] vim: fix redact_pass.vim for macOS > >Hi Tom > >Thanks for maintaining redact_pass.vim. I came across an issue in the >plugin a few months ago and submitted a patch for it to the >password-store mailing list but did not get any responses. It seems >like since only you have been maintaining that file, I might have >better luck sending the patch to you. > >--- > >Problem: redact_pass.vim did not work on macOS machines >Fix: add resolve($TMPDIR) to the autcmd pattern list > >Explanation >=========== > >pass creates files under /private/var/<some-stuff> on macOS. >redact_pass.vim uses the following pattern to detect when to >enable the plugin: > >``` >$TMPDIR/pass.?*/?*.txt >``` > >This pattern expands to "/var/<some-stuff>//pass.?*/?*.txt" >on my macbook and has two problems: > >1. The double forward slash in the expanded pattern (after <some-stuff>) >2. pass uses /private/var but the pattern looks for /var > >Turns out, /var on macos is just a symlink to /private/var. >The autocmd fails to trigger because it is trying to match >the pattern: "/var/<some-stuff>//pass.?*/?*.txt" >to filename: "/private/var/<some-stuff>/pass.<random-chars>/<random-chars>.txt" > >The simplest fix is to make $TMPDIR point to "/private/var/..." >which is achieved by calling resolve on $TMPDIR prior to running >the autocmd. This also handles the double forward-slash. > >Thanks again >Lakshay
2020-10-15Add a :redraw to redact_pass.vim before diag printTom Ryder1-0/+1
Works around issues with some popular colorschemes in v8.1. Problem reported and fix suggested by Jeff Weston.
2020-06-25fish-completion: reuse "git" and "grep" completionsJohannes Altmanninger1-8/+12
This makes fish complete commands starting with "pass git" as if they were starting with "git".
2020-06-25fish-completion: don't erase existing completions for passJohannes Altmanninger1-1/+0
fish only loads pass.fish once, so there is no point to erasing them.
2020-06-25fish-completion: force some variables to be script-localJohannes Altmanninger1-2/+2
Unfortunately, a command "set x" without explicit scope overwrites the variable "x" in the innermost scope it is defined in, if any. This can cause problems if the user defines the variable "x" as global or universal variable (which is visible in all fishes). Make sure to define a local variable so we use that.
2020-06-25fish-completion: support completions for wrapper commandsJohannes Altmanninger1-5/+1
There is no point to checking the command name, fish already does that. Additionally fish knows about commands that "wrap" pass; those commands should inherit pass's completions. This commit enables fish>=3.1.0 to provide proper completions for this function: alias p="PASSWORD_STORE_DIR=$HOME/.my-passwords pass" or, equivalently, function p --wraps "PASSWORD_STORE_DIR=$HOME/.my-passwords pass" PASSWORD_STORE_DIR=$HOME/.my-passwords pass $argv end
2020-06-25fish-completion: remove obsolete flagJohannes Altmanninger1-57/+57
The -A/--authoritative flag no longer has an effect since fish 2.5 which was released in 2017.
2020-06-25fish-completion: avoid printing errors with an empty password storeJohannes Altmanninger1-1/+2
Reproduce by typing "pass <TAB>" in a shell launched like: HOME=`mktemp -d` fish Fish prints an error on failing globs - except when used in one of the commands "set", "for" or "count". Also quotes are unnecessary here.
2020-04-19platform/darwin: don't invoke brew for the default prefixFilippo Valsorda1-1/+1
"brew --prefix gnu-getopt" takes 2.125s on my very default setup (I don't even want to know why), dominating the pass wall time. If the default brew prefix is in use, just detect the getopt binary with a cheap "test -x" instead.
2020-04-19platform/darwin: drop using "display" to show QR codesFilippo Valsorda1-4/+0
This doesn't detect if XQuartz is installed and running, so it's broken in most setups, the experience is poor regardless, since it's not displayed inline in the terminal, but leaves a window that requires closing, and anyway the the utf8 mode works perfectly on both iTerm2 and Terminal.app.
2020-03-28emacs: Drop dependency on f libraryPhilip K3-9/+11
The "f" library is a rather thin translation layer for already existing Emacs functions. Most functions directly map to an already existing function (eg. "f-no-ext" and "file-name-sans-extension"). For this reason, removing "f" comes at no cost while reducing the number of dependencies one has to count on and the user has to install. Co-authored-by: Tino Calancha <tino.calancha@gmail.com>
2019-11-28Unset variables messing with Git useMartin F. Krafft1-0/+1
This patch makes sure that variables from the environment cannot override e.g. the Git directory to operate on, as well as other critical parts of Git operations. These variables are: - GIT_DIR - GIT_WORK_TREE - GIT_NAMESPACE - GIT_INDEX_FILE - GIT_INDEX_VERSION - GIT_OBJECT_DIRECTORY - GIT_COMMON_DIR If any of those are set, pass might end up operating on another repository, and things would break. I caught this having GIT_DIR set, but fortunately the other repository had a .gitignore that would have ignored the file: ``` fishbowl~% echo $GIT_DIR /home/madduck/.config/vcsh/repo.d/zsh.git fishbowl~% pass generate test The following paths are ignored by one of your .gitignore files: .password-store/test.gpg Use -f if you really want to add them. The generated password for test is: … ``` The result was an orphan file `test.gpg` in the password-store root. Signed-off-by: Martin F. Krafft <madduck@madduck.net>
2019-09-29emacs: Update docstring of password-store-clearTino Calancha2-2/+14
Clarify that the optional argument is only used in the `message' call. Bump version to v2.1.3. * contrib/emacs/password-store.el (password-store-clear): Update docstring. * contrib/emacs/CHANGELOG.md: Document this change.
2019-09-16emacs: Make parameter optional in password-store-clearSergey Trofimov2-2/+7
This change preserves backward compatibility with previous version of the function. Bump version to v2.1.2. * contrib/emacs/password-store.el (password-store-clear): Make argument FIELD optional. * contrib/emacs/CHANGELOG.md: Announce this change.
2019-08-29emacs: Check that auth-source-pass-filename is bound before use itTino Calancha2-2/+6
For auth-source-pass versions < 5.0.0, auth-source-pass-filename is not defined; thus, we must check that this variable exists before use it. * contrib/emacs/password-store.el (password-store-dir): Call bound-and-true-p on auth-source-pass-filename.
2019-08-29Support extractions of secret fields other than passwordTino Calancha4-44/+109
Allow users to retrieve any secret field stored in the files. Use auth-source-pass to retrieve the secret fields. Bump version to v2.1.0. * contrib/emacs/Cask: Replace dependency on `s' library with auth-source-pass dependency. * contrib/emacs/password-store.el (password-store-url-field): New option. (password-store-dir): Use `auth-source-pass-filename'. (password-store-read-field, password-store-get-field) (password-store-copy-field, password-store-parse-entry): New functions. (password-store-read-field): Use password-store-parse-entry. (password-store--save-field-in-kill-ring): New function extracted from `password-store-get'. (password-store-url): Use `password-store-get-field' and `password-store-url-field'. * contrib/emacs/README.md: Update documentation. * contrib/emacs/CHANGELOG.md: Announce changes.
2019-08-27emacs: Improve password-store-insert message on success/failureTino Calancha2-6/+14
Before, the following message was shown: "Enter contents of ENTRY and press Ctrl+D when finished:\n\n" Since the command is not interactive, it is better to show users specific messages on success/failure. * contrib/emacs/password-store.el (password-store-insert): Improve message shown on success/failure.
2019-08-26Re add password-store-timeout for backward compatibilityTino Calancha2-1/+13
Some libraries rely on this function, e.g. password-store-otp library. * contrib/emacs/password-store.el (password-store-timeout): Re include this function; now it just returns password-store-time-before-clipboard-restore.
2019-08-26emacs: Prefer to use Emacs builtin customization machineryTino Calancha2-11/+23
Using a customizable variable is the preferred way to set a parameter within Emacs; replace password-store-timeout with the new option password-store-time-before-clipboard-restore. The default value for this variable uses the environment var PASSWORD_STORE_CLIP_TIME when set; this is the same behavior as before. Add Maintainer header. * contrib/emacs/password-store.el (password-store-password-length): Increased default value from 8 to 25, i.e. same default as in the shell script. (password-store-time-before-clipboard-restore): New option. (password-store-timeout): Delete it. Use the new option instead; all callers updated. * contrib/emacs/CHANGELOG.md: Announce the features.
2019-08-04emacs: require matching password for completionibizaman1-8/+10
2019-07-17Account for missing [:graph:] on Busybox by using [:alnum:][:punct:]Daniel Janus1-1/+1
Some implementations of tr (notably the ones in Busybox and Toybox) do not support the [:graph:] character class, but they do support [:punct:] and [:alnum:]. This makes pass generate sane passwords in such environments. Discussed-on: https://lists.zx2c4.com/pipermail/password-store/2019-July/003702.html
2019-06-16Exclude invalid, disabled and revoked subkeys from subkey selectionAaron Jones1-1/+1
When rotating encryption subkeys, and revoking the old one, `pass init keyid` would re-encrypt your stored credentials to the (now revoked) old subkey(s) in addition to the new one too. It would also mistakenly encrypt to keys that have been disabled, and keys that were never validly signed by their master (certify) key. Fix all of these cases. It was decided NOT to also exclude expired subkeys. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
2019-06-10emacs: Delete duplicate entries from password-store-listTino Calancha1-4/+5
Emacs backup files add a duplicate entry, that is, if you have the two files, foo.bar and foo.bar~, then you'd get two entries for `foo'. * password-store.el (password-store-list): Delete duplicate entries. Bump version to 2.0.2. Update Copyright notice.
2019-04-25emacs: Drop nil command argumentsSvend Sorensen1-3/+3
Drop nil arguments in `password-store--run` and `password-store--run-1`. This fixes an error running `password-store-generate`.
2019-04-05emacs: Release version 2.0.0 of Emacs packageSvend Sorensen1-1/+1
2019-04-05emacs: Supprt asynchronous pass operations which return output.Ian Eure1-30/+53
When using EXWM, if `password-store-get` is called and a pinentry program needs to be executed, Emacs deadlocks. This happens becuase Emacs blocks waiting for output from `gpg(1)`, which is blocked waiting for output from the pinentry-program, which is blocked waiting for Emacs to manage its window. This updates `password-store-copy` to work asynchronously. This should be fine, since its primary purpose is side-effecting, and it doesn’t matter when its evaluation completes. The ability to call `password-store-get` asynchronously with a callback has also been added to support this usecase. A new function has been added for general cases of async `pass` commands where the output is needed, `password-store--run-1`. While there is an existing `password-store--run-async`, it discards output -- it’s only used for `pass edit`, where it’s not needed. The body of `password-store--run` has been replacing it with one that uses `--run-1` and a wait loop which blocks until it’s complete. Supporting all this necessitated moving the file to lexical binding and dropping Emacs 24 support. The latter requirement could be worked around if there are concerns around it. **SECURITY INTERLUDE** I was unbelievably distressed to discover that the implementation of `password-store--run` redirects the decrypted file contents to disk, reads that into a buffer, then removes the file. This approach is preposterous and may warrant a CVE, as it exposes users to numerous conditions where their cleartext passwords could be recovered: - If the user hits C-g, the Emacs function may not get to the point of removing the file, leaving the password on disk. - It’s not a safe assumption that `make-temp-file` is secure, and even if it were, the time windows in play are likely to be very large, opening race conditions where the file contents can be read by an attacker before the file is removed. - Even if the file is removed, it could be recovered by examining the contents of deleted inodes. Information this sensitive should NEVER be persisted in cleartext in non-volatile storage. You may as well write it on a post-it and stick it on your monitor. re NicolasPetton/pass#25
2019-02-27clip: Add support for wl-clipboardBrett Cornwall3-6/+29
2018-10-31emacs: Fix typo in password-store-url function doc stringSvend Sorensen2-3/+7
"http://" was repeated, fix the second instance to read "https://".
2018-10-19bash-completion: detect whether to use gpg/gpg2 binary for complete keysElan Ruusamäe1-1/+4
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
2018-10-19bash_completion: do not leak variables to globals scopeElan Ruusamäe1-6/+6
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
2018-08-09Do not reencrypt symbolic linksAldis Berjoza2-0/+10
2018-08-03version: bump1.7.3Jason A. Donenfeld1-1/+1
2018-08-01show: do not store binary data in bash varsJason A. Donenfeld5-15/+18
Instead we're forced to base64 it, like we do with the clipboard.
2018-07-26Add custom bash completion for extensionsLars Flitter1-1/+12
Bash completion now allows usage of extension commands. (see pass.bash-completion for details)
2018-07-26Do not set foreground color for generated passwordLukas Fleischer1-1/+1
Since commit 63ef32a (generate: use nice ansi colors instead., 2014-05-08), generated passwords are highlighted to make them distinguishable from the Git output. However, setting the foreground color to white makes the password hardly readable when a "black on white" color scheme is used. Drop the hardcoded foreground color and use the bold attribute only instead. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2018-06-25Do not put passwords in herestringsJason A. Donenfeld1-3/+3
Bash sometimes writes these into temporary files, which isn't okay.
2018-06-24Simplify filename matching in redact_pass.vimTom Ryder2-40/+11
Use the autocmd pattern to match the password filename rather than doing it manually within the called function.
2018-06-14version: bump1.7.2Jason A. Donenfeld1-1/+1
2018-06-14show: buffer output before displaying, in case decryption failsJason A. Donenfeld1-2/+4
For the line-choosing case, this is actually a big deal since we weren't passing the error code back to the user either.
2018-06-14Close stdout for background task that restores clipboardAllan Odgaard3-3/+3
While we do not expect any output on stdout from the background task, keeping the file handle open means that anyone calling `pass` and waiting for stdout to be closed, will have to wait (by default) for 45 seconds.
2018-06-14Don't trap INT or TERM; they are redundant and can break `pass edit`.Nick Kousu1-2/+2
Some EDITORs, notably Linux vi(1), which is the fallback default in pass, apparently send INT when they exit, and when pass is run under bash (which is also its default)--if you have /dev/shm/ available--bash catches this and cleans up your edited password file *before* it can be reencrypted and saved. This only happens with `pass edit`; none of the other commands combine tmpdir and $EDITOR.
2018-06-14tests: fix compatibility with GnuPG 2.2.5Clément Lassieur1-1/+1
2018-06-14Add tests and documentation of passing options to grep(1)Norbert Buchmueller3-5/+18