30481649a8
= Features = - passmenu now takes --type as its first argument, which will type the password instead of copying it to the clipboard. = Bug Fixes = - OSX now properly unmounts temporary mounts and ejects ramdisks. - All BSDs now have cleaner temporary files. - Temporary files for pass edit now end in .txt so vim does the right Thing. - When edit fails, prompt for retrying instead of going into crazy loop. - Keepassx2pass conversion script now handles empty strings. Approved by: swills (mentor)
405 lines
14 KiB
Diff
405 lines
14 KiB
Diff
diff --git a/README b/README
|
|
index 1cc01b9..1a7555b 100644
|
|
--- a/README
|
|
+++ b/README
|
|
@@ -17,8 +17,6 @@ Depends on:
|
|
http://www.gnu.org/software/bash/
|
|
- GnuPG2
|
|
http://www.gnupg.org/
|
|
-- git
|
|
- http://www.git-scm.com/
|
|
- xclip
|
|
http://sourceforge.net/projects/xclip/
|
|
- pwgen
|
|
diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el
|
|
index cdecad4..052eda7 100644
|
|
--- a/contrib/emacs/password-store.el
|
|
+++ b/contrib/emacs/password-store.el
|
|
@@ -112,10 +112,6 @@ outputs error message on failure."
|
|
entry
|
|
new-entry))
|
|
|
|
-(defun password-store--run-git (&rest args)
|
|
- (apply 'password-store--run "git"
|
|
- args))
|
|
-
|
|
(defun password-store--run-version ()
|
|
(password-store--run "version"))
|
|
|
|
diff --git a/man/pass.1 b/man/pass.1
|
|
index 8ac8ecf..b340a95 100644
|
|
--- a/man/pass.1
|
|
+++ b/man/pass.1
|
|
@@ -33,13 +33,6 @@ or
|
|
depending on the type of specifier in ARGS. Otherwise COMMAND must be one of
|
|
the valid commands listed below.
|
|
|
|
-Several of the commands below rely on or provide additional functionality if
|
|
-the password store directory is also a git repository. If the password store
|
|
-directory is a git repository, all password store modification commands will
|
|
-cause a corresponding git commit. See the \fIEXTENDED GIT EXAMPLE\fP section
|
|
-for a detailed description using \fBinit\fP and
|
|
-.BR git (1).
|
|
-
|
|
The \fBinit\fP command must be run before other commands in order to initialize
|
|
the password store with the correct gpg key id. Passwords are encrypting using
|
|
the gpg key set with \fBinit\fP.
|
|
@@ -144,16 +137,6 @@ silently overwrite \fInew-path\fP if it exists. If \fInew-path\fP ends in a
|
|
trailing \fI/\fP, it is always treated as a directory. Passwords are selectively
|
|
reencrypted to the corresponding keys of their new destination.
|
|
.TP
|
|
-\fBgit\fP \fIgit-command-args\fP...
|
|
-If the password store is a git repository, pass \fIgit-command-args\fP as arguments to
|
|
-.BR git (1)
|
|
-using the password store as the git repository. If \fIgit-command-args\fP is \fBinit\fP,
|
|
-in addition to initializing the git repository, add the current contents of the password
|
|
-store to the repository in an initial commit. If the git config key \fIpass.signcommits\fP
|
|
-is set to \fItrue\fP, then all commits will be signed using \fIuser.signingkey\fP or the
|
|
-default git signing key. This config key may be turned on using:
|
|
-.B `pass git config --bool --add pass.signcommits true`
|
|
-.TP
|
|
\fBhelp\fP
|
|
Show usage message.
|
|
.TP
|
|
@@ -278,99 +261,6 @@ rm: remove regular file \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz
|
|
.br
|
|
removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019]
|
|
|
|
-.SH EXTENDED GIT EXAMPLE
|
|
-Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass git push\fP; consult
|
|
-.BR git-push (1)
|
|
-for more information.
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass init Jason@zx2c4.com
|
|
-.br
|
|
-mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019]
|
|
-.br
|
|
-Password store initialized for Jason@zx2c4.com.
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass git init
|
|
-.br
|
|
-Initialized empty Git repository in /home/zx2c4/.password-store/.git/
|
|
-.br
|
|
-[master (root-commit) 998c8fd] Added current contents of password store.
|
|
-.br
|
|
- 1 file changed, 1 insertion(+)
|
|
-.br
|
|
- create mode 100644 .gpg-id
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass generate Amazon/amazonemail@email.com 21
|
|
-.br
|
|
-mkdir: created directory \[u2018]/home/zx2c4/.password-store/Amazon\[u2019]
|
|
-.br
|
|
-[master 30fdc1e] Added generated password for Amazon/amazonemail@email.com to store.
|
|
-.br
|
|
-1 file changed, 0 insertions(+), 0 deletions(-)
|
|
-.br
|
|
-create mode 100644 Amazon/amazonemail@email.com.gpg
|
|
-.br
|
|
-The generated password to Amazon/amazonemail@email.com is:
|
|
-.br
|
|
-<5m,_BrZY`antNDxKN<0A
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass git push -u --all
|
|
-.br
|
|
-Counting objects: 4, done.
|
|
-.br
|
|
-Delta compression using up to 2 threads.
|
|
-.br
|
|
-Compressing objects: 100% (3/3), done.
|
|
-.br
|
|
-Writing objects: 100% (4/4), 921 bytes, done.
|
|
-.br
|
|
-Total 4 (delta 0), reused 0 (delta 0)
|
|
-.br
|
|
-To kexec.com:pass-store
|
|
-.br
|
|
-* [new branch] master -> master
|
|
-.br
|
|
-Branch master set up to track remote branch master from origin.
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass insert Amazon/otheraccount@email.com
|
|
-.br
|
|
-Enter password for Amazon/otheraccount@email.com: som3r3a11yb1gp4ssw0rd!!88**
|
|
-.br
|
|
-[master b9b6746] Added given password for Amazon/otheraccount@email.com to store.
|
|
-.br
|
|
-1 file changed, 0 insertions(+), 0 deletions(-)
|
|
-.br
|
|
-create mode 100644 Amazon/otheraccount@email.com.gpg
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass rm Amazon/amazonemail@email.com
|
|
-.br
|
|
-rm: remove regular file \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail@email.com.gpg\[u2019]? y
|
|
-.br
|
|
-removed \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail@email.com.gpg\[u2019]
|
|
-.br
|
|
-rm 'Amazon/amazonemail@email.com.gpg'
|
|
-.br
|
|
-[master 288b379] Removed Amazon/amazonemail@email.com from store.
|
|
-.br
|
|
-1 file changed, 0 insertions(+), 0 deletions(-)
|
|
-.br
|
|
-delete mode 100644 Amazon/amazonemail@email.com.gpg
|
|
-
|
|
-.B zx2c4@laptop ~ $ pass git push
|
|
-.br
|
|
-Counting objects: 9, done.
|
|
-.br
|
|
-Delta compression using up to 2 threads.
|
|
-.br
|
|
-Compressing objects: 100% (5/5), done.
|
|
-.br
|
|
-Writing objects: 100% (7/7), 1.25 KiB, done.
|
|
-.br
|
|
-Total 7 (delta 0), reused 0 (delta 0)
|
|
-.br
|
|
-To kexec.com:pass-store
|
|
-
|
|
.SH FILES
|
|
|
|
.TP
|
|
@@ -394,11 +284,6 @@ Overrides the default gpg key identification set by \fBinit\fP. Keys must not
|
|
contain spaces and thus use of the hexidecimal key signature is recommended.
|
|
Multiple keys may be specified separated by spaces.
|
|
.TP
|
|
-.I PASSWORD_STORE_GIT
|
|
-Overrides the default root of the git repository, which is helpful if
|
|
-\fIPASSWORD_STORE_DIR\fP is temporarily set to a sub-directory of the default
|
|
-password store.
|
|
-.TP
|
|
.I PASSWORD_STORE_X_SELECTION
|
|
Overrides the selection passed to \fBxclip\fP, by default \fIclipboard\fP. See
|
|
.BR xclip (1)
|
|
@@ -416,7 +301,6 @@ The location of the text editor used by \fBedit\fP.
|
|
.SH SEE ALSO
|
|
.BR gpg2 (1),
|
|
.BR pwgen (1),
|
|
-.BR git (1),
|
|
.BR xclip (1).
|
|
|
|
.SH AUTHOR
|
|
diff --git a/src/completion/pass.bash-completion b/src/completion/pass.bash-completion
|
|
index ea31fbf..f7e207b 100644
|
|
--- a/src/completion/pass.bash-completion
|
|
+++ b/src/completion/pass.bash-completion
|
|
@@ -62,7 +62,7 @@ _pass()
|
|
{
|
|
COMPREPLY=()
|
|
local cur="${COMP_WORDS[COMP_CWORD]}"
|
|
- local commands="init ls find grep show insert generate edit rm mv cp git help version"
|
|
+ local commands="init ls find grep show insert generate edit rm mv cp help version"
|
|
if [[ $COMP_CWORD -gt 1 ]]; then
|
|
local lastarg="${COMP_WORDS[$COMP_CWORD-1]}"
|
|
case "${COMP_WORDS[1]}" in
|
|
@@ -97,9 +97,6 @@ _pass()
|
|
COMPREPLY+=($(compgen -W "-r --recursive -f --force" -- ${cur}))
|
|
_pass_complete_entries
|
|
;;
|
|
- git)
|
|
- COMPREPLY+=($(compgen -W "init push pull config log reflog rebase" -- ${cur}))
|
|
- ;;
|
|
esac
|
|
else
|
|
COMPREPLY+=($(compgen -W "${commands}" -- ${cur}))
|
|
diff --git a/src/completion/pass.fish-completion b/src/completion/pass.fish-completion
|
|
index c32a42c..598b55e 100644
|
|
--- a/src/completion/pass.fish-completion
|
|
+++ b/src/completion/pass.fish-completion
|
|
@@ -105,14 +105,5 @@ complete -c $PROG -f -A -n '__fish_pass_needs_command' -a "(__fish_pass_print_en
|
|
complete -c $PROG -f -A -n '__fish_pass_uses_command -c' -a "(__fish_pass_print_entries)"
|
|
complete -c $PROG -f -A -n '__fish_pass_uses_command --clip' -a "(__fish_pass_print_entries)"
|
|
|
|
-complete -c $PROG -f -A -n '__fish_pass_needs_command' -a git -d 'Command: execute a git command'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'init' -d 'Initialize git repository'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'status' -d 'Show status of the repo'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'add' -d 'Add changes to the index'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'commit' -d 'Commit changes to the repo'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'push' -d 'Push changes to remote repo'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'pull' -d 'Pull changes from remote repo'
|
|
-complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'log' -d 'View changelog'
|
|
-
|
|
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a find -d 'Command: find a password file or directory matching pattern'
|
|
complete -c $PROG -f -A -n '__fish_pass_needs_command' -a grep -d 'Command: search inside of decrypted password files for matching pattern'
|
|
diff --git a/src/completion/pass.zsh-completion b/src/completion/pass.zsh-completion
|
|
index b658398..b0695e6 100644
|
|
--- a/src/completion/pass.zsh-completion
|
|
+++ b/src/completion/pass.zsh-completion
|
|
@@ -63,18 +63,6 @@ _pass () {
|
|
"--recursive[recursively delete]"
|
|
_pass_complete_entries_with_subdirs
|
|
;;
|
|
- git)
|
|
- local -a subcommands
|
|
- subcommands=(
|
|
- "init:Initialize git repository"
|
|
- "push:Push to remote repository"
|
|
- "pull:Pull from remote repository"
|
|
- "config:Show git config"
|
|
- "log:Show git log"
|
|
- "reflog:Show git reflog"
|
|
- )
|
|
- _describe -t commands 'pass git' subcommands
|
|
- ;;
|
|
show|*)
|
|
_pass_cmd_show
|
|
;;
|
|
@@ -93,7 +81,6 @@ _pass () {
|
|
"mv:Rename the password"
|
|
"cp:Copy the password"
|
|
"rm:Remove the password"
|
|
- "git:Call git on the password store"
|
|
"version:Output version information"
|
|
"help:Output help message"
|
|
)
|
|
@@ -114,7 +101,7 @@ _pass_cmd_show () {
|
|
_pass_complete_entries_helper () {
|
|
local IFS=$'\n'
|
|
local prefix="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
|
|
- _values -C 'passwords' $(find -L "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print | sed -e "s#${prefix}/\{0,1\}##" -e 's#\.gpg##' | sort)
|
|
+ _values -C 'passwords' $(find -L "$prefix" -name .gpg-id -prune -o $@ -print | sed -e "s#${prefix}/\{0,1\}##" -e 's#\.gpg##' | sort)
|
|
}
|
|
|
|
_pass_complete_entries_with_subdirs () {
|
|
diff --git a/src/password-store.sh b/src/password-store.sh
|
|
index cfc25cc..72a0ed6 100755
|
|
--- a/src/password-store.sh
|
|
+++ b/src/password-store.sh
|
|
@@ -15,25 +15,10 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
|
|
X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
|
|
CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
|
|
|
|
-export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
|
|
-export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
|
|
-
|
|
#
|
|
# BEGIN helper functions
|
|
#
|
|
|
|
-git_add_file() {
|
|
- [[ -d $GIT_DIR ]] || return
|
|
- git add "$1" || return
|
|
- [[ -n $(git status --porcelain "$1") ]] || return
|
|
- git_commit "$2"
|
|
-}
|
|
-git_commit() {
|
|
- local sign=""
|
|
- [[ -d $GIT_DIR ]] || return
|
|
- [[ $(git config --bool --get pass.signcommits) == "true" ]] && sign="-S"
|
|
- git commit $sign -m "$1"
|
|
-}
|
|
yesno() {
|
|
[[ -t 0 ]] || return 0
|
|
local response
|
|
@@ -254,9 +239,6 @@ cmd_usage() {
|
|
Renames or moves old-path to new-path, optionally forcefully, selectively reencrypting.
|
|
$PROGRAM cp [--force,-f] old-path new-path
|
|
Copies old-path to new-path, optionally forcefully, selectively reencrypting.
|
|
- $PROGRAM git git-command-args...
|
|
- If the password store is a git repository, execute a git command
|
|
- specified by git-command-args.
|
|
$PROGRAM help
|
|
Show this text.
|
|
$PROGRAM version
|
|
@@ -285,22 +267,16 @@ cmd_init() {
|
|
if [[ $# -eq 1 && -z $1 ]]; then
|
|
[[ ! -f "$gpg_id" ]] && die "Error: $gpg_id does not exist and so cannot be removed."
|
|
rm -v -f "$gpg_id" || exit 1
|
|
- if [[ -d $GIT_DIR ]]; then
|
|
- git rm -qr "$gpg_id"
|
|
- git_commit "Deinitialize ${gpg_id}."
|
|
- fi
|
|
rmdir -p "${gpg_id%/*}" 2>/dev/null
|
|
else
|
|
mkdir -v -p "$PREFIX/$id_path"
|
|
printf "%s\n" "$@" > "$gpg_id"
|
|
local id_print="$(printf "%s, " "$@")"
|
|
echo "Password store initialized for ${id_print%, }"
|
|
- git_add_file "$gpg_id" "Set GPG id to ${id_print%, }."
|
|
fi
|
|
|
|
agent_check
|
|
reencrypt_path "$PREFIX/$id_path"
|
|
- git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }."
|
|
}
|
|
|
|
cmd_show() {
|
|
@@ -408,7 +384,6 @@ cmd_insert() {
|
|
read -r -p "Enter password for $path: " -e password
|
|
$GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password"
|
|
fi
|
|
- git_add_file "$passfile" "Add given password for $path to store."
|
|
}
|
|
|
|
cmd_edit() {
|
|
@@ -434,7 +409,6 @@ cmd_edit() {
|
|
while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
|
|
yesno "GPG encryption failed. Would you like to try again?"
|
|
done
|
|
- git_add_file "$passfile" "$action password for $path using ${EDITOR:-vi}."
|
|
}
|
|
|
|
cmd_generate() {
|
|
@@ -476,7 +450,6 @@ cmd_generate() {
|
|
fi
|
|
local verb="Add"
|
|
[[ $inplace -eq 1 ]] && verb="Replace"
|
|
- git_add_file "$passfile" "$verb generated password for ${path}."
|
|
|
|
if [[ $clip -eq 0 ]]; then
|
|
printf "\e[1m\e[37mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass"
|
|
@@ -508,10 +481,6 @@ cmd_delete() {
|
|
[[ $force -eq 1 ]] || yesno "Are you sure you would like to delete $path?"
|
|
|
|
rm $recursive -f -v "$passfile"
|
|
- if [[ -d $GIT_DIR && ! -e $passfile ]]; then
|
|
- git rm -qr "$passfile"
|
|
- git_commit "Remove $path from store."
|
|
- fi
|
|
rmdir -p "${passfile%/*}" 2>/dev/null
|
|
}
|
|
|
|
@@ -548,33 +517,10 @@ cmd_copy_move() {
|
|
mv $interactive -v "$old_path" "$new_path" || exit 1
|
|
[[ -e "$new_path" ]] && reencrypt_path "$new_path"
|
|
|
|
- if [[ -d $GIT_DIR && ! -e $old_path ]]; then
|
|
- git rm -qr "$old_path"
|
|
- git_add_file "$new_path" "Rename ${1} to ${2}."
|
|
- fi
|
|
rmdir -p "$old_dir" 2>/dev/null
|
|
else
|
|
cp $interactive -r -v "$old_path" "$new_path" || exit 1
|
|
[[ -e "$new_path" ]] && reencrypt_path "$new_path"
|
|
- git_add_file "$new_path" "Copy ${1} to ${2}."
|
|
- fi
|
|
-}
|
|
-
|
|
-cmd_git() {
|
|
- if [[ $1 == "init" ]]; then
|
|
- git "$@" || exit 1
|
|
- git_add_file "$PREFIX" "Add current contents of password store."
|
|
-
|
|
- echo '*.gpg diff=gpg' > "$PREFIX/.gitattributes"
|
|
- git_add_file .gitattributes "Configure git repository for gpg file diff."
|
|
- git config --local diff.gpg.binary true
|
|
- git config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}"
|
|
- elif [[ -d $GIT_DIR ]]; then
|
|
- tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files.
|
|
- export TMPDIR="$SECURE_TMPDIR"
|
|
- git "$@"
|
|
- else
|
|
- die "Error: the password store is not a git repository. Try \"$PROGRAM git init\"."
|
|
fi
|
|
}
|
|
|
|
@@ -598,7 +544,6 @@ case "$1" in
|
|
delete|rm|remove) shift; cmd_delete "$@" ;;
|
|
rename|mv) shift; cmd_copy_move "move" "$@" ;;
|
|
copy|cp) shift; cmd_copy_move "copy" "$@" ;;
|
|
- git) shift; cmd_git "$@" ;;
|
|
*) COMMAND="show"; cmd_show "$@" ;;
|
|
esac
|
|
exit 0
|