path: root/src/password-store.sh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Unset variables messing with Git useHEADmasterMartin F. Krafft2019-11-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes sure that variables from the environment cannot override e.g. the Git directory to operate on, as well as other critical parts of Git operations. These variables are: - GIT_DIR - GIT_WORK_TREE - GIT_NAMESPACE - GIT_INDEX_FILE - GIT_INDEX_VERSION - GIT_OBJECT_DIRECTORY - GIT_COMMON_DIR If any of those are set, pass might end up operating on another repository, and things would break. I caught this having GIT_DIR set, but fortunately the other repository had a .gitignore that would have ignored the file: ``` fishbowl~% echo $GIT_DIR /home/madduck/.config/vcsh/repo.d/zsh.git fishbowl~% pass generate test The following paths are ignored by one of your .gitignore files: .password-store/test.gpg Use -f if you really want to add them. The generated password for test is: … ``` The result was an orphan file `test.gpg` in the password-store root. Signed-off-by: Martin F. Krafft <madduck@madduck.net>
* Account for missing [:graph:] on Busybox by using [:alnum:][:punct:]Daniel Janus2019-07-171-1/+1
| | | | | | | | | Some implementations of tr (notably the ones in Busybox and Toybox) do not support the [:graph:] character class, but they do support [:punct:] and [:alnum:]. This makes pass generate sane passwords in such environments. Discussed-on: https://lists.zx2c4.com/pipermail/password-store/2019-July/003702.html
* Exclude invalid, disabled and revoked subkeys from subkey selectionAaron Jones2019-06-161-1/+1
| | | | | | | | | | | | | | When rotating encryption subkeys, and revoking the old one, `pass init keyid` would re-encrypt your stored credentials to the (now revoked) old subkey(s) in addition to the new one too. It would also mistakenly encrypt to keys that have been disabled, and keys that were never validly signed by their master (certify) key. Fix all of these cases. It was decided NOT to also exclude expired subkeys. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
* clip: Add support for wl-clipboardBrett Cornwall2019-02-271-5/+21
* Do not reencrypt symbolic linksAldis Berjoza2018-08-091-0/+1
* version: bump1.7.3Jason A. Donenfeld2018-08-031-1/+1
* show: do not store binary data in bash varsJason A. Donenfeld2018-08-011-7/+7
| | | | Instead we're forced to base64 it, like we do with the clipboard.
* Do not set foreground color for generated passwordLukas Fleischer2018-07-261-1/+1
| | | | | | | | | | | | Since commit 63ef32a (generate: use nice ansi colors instead., 2014-05-08), generated passwords are highlighted to make them distinguishable from the Git output. However, setting the foreground color to white makes the password hardly readable when a "black on white" color scheme is used. Drop the hardcoded foreground color and use the bold attribute only instead. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* Do not put passwords in herestringsJason A. Donenfeld2018-06-251-3/+3
| | | | Bash sometimes writes these into temporary files, which isn't okay.
* version: bump1.7.2Jason A. Donenfeld2018-06-141-1/+1
* show: buffer output before displaying, in case decryption failsJason A. Donenfeld2018-06-141-2/+4
| | | | | For the line-choosing case, this is actually a big deal since we weren't passing the error code back to the user either.
* Close stdout for background task that restores clipboardAllan Odgaard2018-06-141-1/+1
| | | | | | | While we do not expect any output on stdout from the background task, keeping the file handle open means that anyone calling `pass` and waiting for stdout to be closed, will have to wait (by default) for 45 seconds.
* Don't trap INT or TERM; they are redundant and can break `pass edit`.Nick Kousu2018-06-141-2/+2
| | | | | | | | | | | Some EDITORs, notably Linux vi(1), which is the fallback default in pass, apparently send INT when they exit, and when pass is run under bash (which is also its default)--if you have /dev/shm/ available--bash catches this and cleans up your edited password file *before* it can be reencrypted and saved. This only happens with `pass edit`; none of the other commands combine tmpdir and $EDITOR.
* Add tests and documentation of passing options to grep(1)Norbert Buchmueller2018-06-141-2/+2
* Ensure signature regexes are anchoredJason A. Donenfeld2018-06-141-4/+4
| | | | | | Fixes CVE-2018-12356. Reported-by: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
* grep: allow grep options and argumentsSitaram Chamarty2018-05-241-3/+3
| | | | | | | | | Allow grep options and arguments. Typical uses may be, for instance, wanting to ignore case ('-i'), print a few lines of context around the matched line, multiple patterns with '-e', etc. (background: grep is deprecating GREP_OPTIONS, so eventually that will stop working).
* generate: disallow zero length generated passwordsJason A. Donenfeld2018-02-081-1/+2
* generate: in-place should work when file is emptyJason A. Donenfeld2018-02-011-1/+1
* Quote array specifierJason A. Donenfeld2017-12-181-1/+1
| | | | | | Otherwise this expands to a filename if one exists. Suggested-by: izaberina@gmail.com
* protect dirname calls from pass-names that look like command-line optionsStacey Sheldon2017-10-131-6/+6
| | | | | | | | | | | | | | | | | | | | With the $path variable being passed directly to dirname, any pass-names provided by the user that happened to look like options to dirname would be processed as options rather than as the path to be split. This results in a real mess when you happen to run one of: pass edit --help pass generate --help pass insert --help then in the cmd_foo() function, you have: mkdir -p -v "$PREFIX/$(dirname --help)" which (due to the -p option to mkdir) results in the creation of an entire directory hierarchy made up of the slash-separated help text from dirname.
* Bump version1.7.1Jason A. Donenfeld2017-04-131-1/+1
* init: match only the public keyJason A. Donenfeld2017-04-131-1/+1
* Use $GPG variableJason A. Donenfeld2017-03-281-3/+3
* Fix compatibility with GnuPG 2.2.19Andreas Stieger2017-03-201-1/+1
| | | | | | | | | | | GnuPG 2.2.19 added a warning when no command was given. * src/password-store.sh (reencrypt_path): Add --decrypt to --list-only * tests/t0300-reencryption.sh (gpg_keys_from_encrypted_file): same https://bugs.gnupg.org/gnupg/msg9873 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=810adfd47801fc01e45fb71af9f05c91f7890cdb https://bugzilla.suse.com/show_bug.cgi?id=1028867
* Bump version1.7Jason A. Donenfeld2017-02-261-1/+1
* CopyrightJason A. Donenfeld2017-02-251-1/+1
* StyleJason A. Donenfeld2017-02-251-2/+2
* git: use inner-most directoryJason A. Donenfeld2017-02-251-20/+44
* clip: sleep may require argv[0] to be sleepJason A. Donenfeld2017-02-251-1/+1
* Support git worktree.Kevin Lyda2017-02-251-6/+6
| | | | | Git worktree works with the normal .git directory instead being a .git file with a reference to the primary git repository.
* Don’t reencrypt data not managed by pass.Sebastian Reuße2017-02-251-2/+2
| | | | | | | | | | | | | | | When keeping the password-store under git, it can make sense using a git extension such as git-annex instead of the native git object store to store the encrypted files. Inter alia, this allows one to selectively expire old copies of the encrypted data, while otherwise, one would need to recreate the complete repository when a key should no longer have access to some of the data. Since using the git-annex object store means that *.gpg files (and directories named *.gpg) are kept under .git/… (non-writable), the reencryption logic used by pass currently fails. To remedy this, we now ignore everything kept under .git when looking for files to reencrypt or when grepping.
* show,generate: support qrcodesJason A. Donenfeld2017-01-011-15/+40
* extensions: introduce system extensionsJason A. Donenfeld2016-12-211-5/+14
* extensions: make opt-inJason A. Donenfeld2016-12-211-10/+14
* Add signaturesJason A. Donenfeld2016-12-211-0/+24
* Add extensionsJason A. Donenfeld2016-12-201-1/+14
* generate: use /dev/urandom directlyJason A. Donenfeld2016-12-201-5/+7
| | | | | | Passing to tr using the "pick and discard" technique is more straight- forwardly correct and less error-prone. It also allows users to select their own character sets to be passed to tr.
* Make gpg errors fatalJason A. Donenfeld2016-02-061-5/+5
* Revert "show: allow passing prefix to clip"Jason A. Donenfeld2016-02-061-9/+5
| | | | | | This reverts commit fcb92ed69fc191e39379bad715371d8c28410885. Needs more discussion.
* init: put path in commit messageJason A. Donenfeld2016-02-061-4/+4
* show: allow passing prefix to clipJason A. Donenfeld2016-02-061-5/+9
* show: better clip error messageJason A. Donenfeld2016-02-051-3/+3
* show: allow selecting which clip lineJason A. Donenfeld2016-02-051-6/+7
* generate: have a default length of 25Jason A. Donenfeld2016-02-051-4/+5
| | | | | | | | | | | | | Folks are lazy and don't want to type very much, so they'd like to have a default password length to generate that can be configured via environment variables per usual. I'm making the default 25. If the user forbids the use of symbols, pwgen will use a-zA-Z0-9, ensuring that at least one A-Z and at least one 0-9 is used. We want to have a password of at least 128-bits, so factoring in the issue with "at least one of this character type", 25 gets us there squarely. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix up moving ambiguity tooJason A. Donenfeld2016-02-051-5/+6
* Insert and edit work on files, so don't let the arguments be directoriesJason A. Donenfeld2016-02-051-2/+2
* Handle removal of directories and passwords with the same nameJason A. Donenfeld2016-02-051-5/+4
* Use 6 Xs for mktempJason A. Donenfeld2015-05-111-1/+1
* Fix .gpg strippingJason A. Donenfeld2015-05-111-2/+2
* add support for passing arbitrary options to all invocations of GPGDavid Adam2015-05-111-4/+4
| | | | | | Uses the PASSWORD_STORE_GPG_OPTS environment variable. Can be used to (e.g.) change the keyrings or trust model used.