diff --git README README index 47ed64b..6ebfd68 100644 --- README +++ README @@ -17,10 +17,6 @@ Depends on: http://www.gnu.org/software/bash/ - GnuPG2 http://www.gnupg.org/ -- git - http://www.git-scm.com/ -- xclip - http://sourceforge.net/projects/xclip/ - pwgen http://sourceforge.net/projects/pwgen/ - tree diff --git contrib/pass.bash-completion contrib/pass.bash-completion index d0ef012..66e8866 100644 --- contrib/pass.bash-completion +++ contrib/pass.bash-completion @@ -48,7 +48,7 @@ _pass() { COMPREPLY=() local cur="${COMP_WORDS[COMP_CWORD]}" - local commands="init ls show insert generate edit rm git help version" + local commands="init ls show insert generate edit rm help version" if [[ $COMP_CWORD -gt 1 ]]; then case "${COMP_WORDS[1]}" in init) @@ -59,7 +59,6 @@ _pass() _pass_complete_entries ;; show|-*) - COMPREPLY+=($(compgen -W "-c --clip" -- ${cur})) _pass_complete_entries 1 ;; insert) @@ -67,16 +66,13 @@ _pass() _pass_complete_entries ;; generate) - COMPREPLY+=($(compgen -W "-n --no-symbols -c --clip -f --force" -- ${cur})) + COMPREPLY+=($(compgen -W "-n --no-symbols -f --force" -- ${cur})) _pass_complete_entries ;; rm|remove|delete) COMPREPLY+=($(compgen -W "-r --recursive -f --force" -- ${cur})) _pass_complete_entries ;; - git) - COMPREPLY+=($(compgen -W "init push pull config log reflog" -- ${cur})) - ;; esac else COMPREPLY+=($(compgen -W "${commands}" -- ${cur})) diff --git contrib/pass.fish-completion contrib/pass.fish-completion index 9130d1f..366ed5e 100644 --- contrib/pass.fish-completion +++ contrib/pass.fish-completion @@ -76,7 +76,6 @@ complete -c $PROG -f -A -n '__fish_pass_uses_command insert' -a "(__fish_pass_pr complete -c $PROG -f -A -n '__fish_pass_needs_command' -a generate -d 'Command: generate new password' complete -c $PROG -f -A -n '__fish_pass_uses_command generate' -s n -l no-symbols -d 'Do not use special symbols' -complete -c $PROG -f -A -n '__fish_pass_uses_command generate' -s c -l clip -d 'Put the password in clipboard' complete -c $PROG -f -A -n '__fish_pass_uses_command generate' -s f -l force -d 'Do not prompt before overwritting' complete -c $PROG -f -A -n '__fish_pass_uses_command generate' -a "(__fish_pass_print_entry_dirs)" @@ -89,16 +88,7 @@ complete -c $PROG -f -A -n '__fish_pass_needs_command' -a edit -d 'Command: edit complete -c $PROG -f -A -n '__fish_pass_uses_command edit' -a "(__fish_pass_print_entries)" complete -c $PROG -f -A -n '__fish_pass_needs_command' -a show -d 'Command: show existing password' -complete -c $PROG -f -A -n '__fish_pass_uses_command show' -s c -l clip -d 'Put password in clipboard' complete -c $PROG -f -A -n '__fish_pass_uses_command show' -a "(__fish_pass_print_entries)" # When no command is given, `show` is defaulted. -complete -c $PROG -f -A -n '__fish_pass_needs_command' -s c -l clip -d 'Put password in clipboard' complete -c $PROG -f -A -n '__fish_pass_needs_command' -a "(__fish_pass_print_entries)" complete -c $PROG -f -A -n '__fish_pass_uses_command -c' -a "(__fish_pass_print_entries)" -complete -c $PROG -f -A -n '__fish_pass_uses_command --clip' -a "(__fish_pass_print_entries)" - -complete -c $PROG -f -A -n '__fish_pass_needs_command' -a git -d 'Command: execute a git command' -complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'init' -d 'Initialize git repository' -complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'push' -d 'Push changes to remote repo' -complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'pull' -d 'Pull changes from remote repo' -complete -c $PROG -f -A -n '__fish_pass_uses_command git' -a 'log' -d 'View changelog' diff --git contrib/pass.zsh-completion contrib/pass.zsh-completion index 848bc67..e8f0ebe 100644 --- contrib/pass.zsh-completion +++ contrib/pass.zsh-completion @@ -39,8 +39,6 @@ _pass () { _arguments : \ "-n[don't include symbols in password]" \ "--no-symbols[don't include symbols in password]" \ - "-c[copy password to the clipboard]" \ - "--clip[copy password to the clipboard]" _pass_complete_entries_with_subdirs ;; rm) @@ -51,18 +49,6 @@ _pass () { "--recursive[recursively delete]" _pass_complete_entries_with_subdirs ;; - git) - local -a subcommands - subcommands=( - "init:Initialize git repository" - "push:Push to remote repository" - "pull:Pull from remote repository" - "config:Show git config" - "log:Show git log" - "reflog:Show git reflog" - ) - _describe -t commands 'pass git' subcommands - ;; show|*) _pass_cmd_show ;; @@ -77,7 +63,6 @@ _pass () { "generate:Generate a new password using pwgen" "edit:Edit a password with \$EDITOR" "rm:Remove the password" - "git:Call git on the password store" "version:Output version information" "help:Output help message" ) @@ -90,15 +75,12 @@ _pass () { } _pass_cmd_show () { - _arguments : \ - "-c[put it on the clipboard]" \ - "--clip[put it on the clipboard]" _pass_complete_entries } _pass_complete_entries_helper () { local IFS=$'\n' local prefix="${PASSWORD_STORE_DIR:-$HOME/.password-store}" - _values -C 'passwords' $(find "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print | sed -e "s#${prefix}.##" -e 's#\.gpg##' | sort) + _values -C 'passwords' $(find "$prefix" -name .gpg-id -prune -o $@ -print | sed -e "s#${prefix}.##" -e 's#\.gpg##' | sort) } _pass_complete_entries_with_subdirs () { diff --git man/pass.1 man/pass.1 index efb5d9b..1e273ea 100644 --- man/pass.1 +++ man/pass.1 @@ -33,13 +33,6 @@ or depending on the type of specifier in ARGS. Otherwise COMMAND must be one of the valid commands listed below. -Several of the commands below rely on or provide additional functionality if -the password store directory is also a git repository. If the password store -directory is a git repository, all password store modification commands will -cause a corresponding git commit. See the \fIEXTENDED GIT EXAMPLE\fP section -for a detailed description using \fBinit\fP and -.BR git (1). - The \fBinit\fP command must be run before other commands in order to initialize the password store with the correct gpg key id. Passwords are encrypting using the gpg key set with \fBinit\fP. @@ -68,12 +61,8 @@ by using the .BR tree (1) program. This command is alternatively named \fBlist\fP. .TP -\fBshow\fP [ \fI--clip\fP, \fI-c\fP ] \fIpass-name\fP -Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP -is specified, do not print the password but instead copy the first line to the -clipboard using -.BR xclip (1) -and then restore the clipboard after 45 seconds. +\fBshow\fP \fIpass-name\fP +Decrypt and print a password named \fIpass-name\fP. .TP \fBinsert\fP [ \fI--echo\fP, \fI-e\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP Insert a new password into the password store called \fIpass-name\fP. This will @@ -92,15 +81,12 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to the ordinary \fITMPDIR\fP location, and print a warning. .TP -\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name pass-length\fP +\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name pass-length\fP Generate a new password using .BR pwgen (1) of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP is specified, do not use any non-alphanumeric characters in the generated password. -If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy -it to the clipboard using -.BR xclip (1) -and then restore the clipboard after 45 seconds. Prompt before overwriting an existing password, +Prompt before overwriting an existing password, unless \fI--force\fP or \fI-f\fP is specified. .TP \fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP @@ -109,13 +95,6 @@ alternatively named \fBremove\fP or \fBdelete\fP. If \fI--recursive\fP or \fI-r\ is specified, delete pass-name recursively if it is a directory. If \fI--force\fP or \fI-f\fP is specified, do not interactively prompt before removal. .TP -\fBgit\fP \fIgit-command-args\fP... -If the password store is a git repository, pass \fIgit-command-args\fP as arguments to -.BR git (1) -using the password store as the git repository. If \fIgit-command-args\fP is \fBinit\fP, -in addition to initializing the git repository, add the current contents of the password -store to the repository in an initial commit. -.TP \fBhelp\fP Show usage message. .TP @@ -166,11 +145,6 @@ Show existing password .br sup3rh4x3rizmynam3 .TP -Copy existing password to clipboard -.B zx2c4@laptop ~ $ pass -c Email/zx2c4.com -.br -Copied Email/jason@zx2c4.com to clipboard. Will clear in 45 seconds. -.TP Add password to store .B zx2c4@laptop ~ $ pass insert Business/cheese-whiz-factory .br @@ -209,10 +183,8 @@ The generated password to Email/jasondonenfeld.com is: .br YqFsMkBeO6di .TP -Generate new password and copy it to the clipboard -.B zx2c4@laptop ~ $ pass -c generate Email/jasondonenfeld.com 19 -.br -Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. +Generate new password +.B zx2c4@laptop ~ $ pass generate Email/jasondonenfeld.com 19 .TP Remove password from store .B zx2c4@laptop ~ $ pass remove Business/cheese-whiz-factory @@ -221,99 +193,6 @@ rm: remove regular file \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz .br removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019] -.SH EXTENDED GIT EXAMPLE -Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass git push\fP; consult -.BR git-push (1) -for more information. - -.B zx2c4@laptop ~ $ pass init Jason@zx2c4.com -.br -mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019] -.br -Password store initialized for Jason@zx2c4.com. - -.B zx2c4@laptop ~ $ pass git init -.br -Initialized empty Git repository in /home/zx2c4/.password-store/.git/ -.br -[master (root-commit) 998c8fd] Added current contents of password store. -.br - 1 file changed, 1 insertion(+) -.br - create mode 100644 .gpg-id - -.B zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store - -.B zx2c4@laptop ~ $ pass generate Amazon/amazonemail@email.com 21 -.br -mkdir: created directory \[u2018]/home/zx2c4/.password-store/Amazon\[u2019] -.br -[master 30fdc1e] Added generated password for Amazon/amazonemail@email.com to store. -.br -1 file changed, 0 insertions(+), 0 deletions(-) -.br -create mode 100644 Amazon/amazonemail@email.com.gpg -.br -The generated password to Amazon/amazonemail@email.com is: -.br -<5m,_BrZY`antNDxKN<0A - -.B zx2c4@laptop ~ $ pass git push -u --all -.br -Counting objects: 4, done. -.br -Delta compression using up to 2 threads. -.br -Compressing objects: 100% (3/3), done. -.br -Writing objects: 100% (4/4), 921 bytes, done. -.br -Total 4 (delta 0), reused 0 (delta 0) -.br -To kexec.com:pass-store -.br -* [new branch] master -> master -.br -Branch master set up to track remote branch master from origin. - -.B zx2c4@laptop ~ $ pass insert Amazon/otheraccount@email.com -.br -Enter password for Amazon/otheraccount@email.com: som3r3a11yb1gp4ssw0rd!!88** -.br -[master b9b6746] Added given password for Amazon/otheraccount@email.com to store. -.br -1 file changed, 0 insertions(+), 0 deletions(-) -.br -create mode 100644 Amazon/otheraccount@email.com.gpg - -.B zx2c4@laptop ~ $ pass rm Amazon/amazonemail@email.com -.br -rm: remove regular file \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail@email.com.gpg\[u2019]? y -.br -removed \[u2018]/home/zx2c4/.password-store/Amazon/amazonemail@email.com.gpg\[u2019] -.br -rm 'Amazon/amazonemail@email.com.gpg' -.br -[master 288b379] Removed Amazon/amazonemail@email.com from store. -.br -1 file changed, 0 insertions(+), 0 deletions(-) -.br -delete mode 100644 Amazon/amazonemail@email.com.gpg - -.B zx2c4@laptop ~ $ pass git push -.br -Counting objects: 9, done. -.br -Delta compression using up to 2 threads. -.br -Compressing objects: 100% (5/5), done. -.br -Writing objects: 100% (7/7), 1.25 KiB, done. -.br -Total 7 (delta 0), reused 0 (delta 0) -.br -To kexec.com:pass-store - .SH FILES .TP @@ -333,19 +212,12 @@ Overrides the default password storage directory. .I PASSWORD_STORE_KEY Overrides the default gpg key identification set by \fBinit\fP. .TP -.I PASSWORD_STORE_GIT -Overrides the default root of the git repository, which is helpful if -\fIPASSWORD_STORE_DIR\fP is temporarily set to a sub-directory of the default -password store. -.TP .I EDITOR The location of the text editor used by \fBedit\fP. .SH SEE ALSO .BR gpg2 (1), .BR pwgen (1), -.BR git (1), -.BR xclip (1). .SH AUTHOR .B pass diff --git src/password-store.sh src/password-store.sh index 26a4bd0..e669e08 100755 --- src/password-store.sh +++ src/password-store.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/local/bin/bash # Copyright (C) 2012 Jason A. Donenfeld . All Rights Reserved. # This file is licensed under the GPLv2+. Please see COPYING for more information. @@ -7,12 +7,8 @@ umask 077 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" ID="$PREFIX/.gpg-id" -GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git" GPG_OPTS="--quiet --yes --batch" -export GIT_DIR -export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}" - version() { cat <<_EOF |-----------------------| @@ -35,24 +31,21 @@ Usage: Optionally reencrypt existing passwords using new gpg-id. $program [ls] [subfolder] List passwords. - $program [show] [--clip,-c] pass-name - Show existing password and optionally put it on the clipboard. - If put on the clipboard, it will be cleared in 45 seconds. + $program [show] pass-name + Show existing password $program insert [--echo,-e | --multiline,-m] [--force,-f] pass-name Insert new password. Optionally, the console can be enabled echo the password back. Or, optionally, it may be multiline. Prompt + Insert new password. Optionally, the console can be enabled to not + echo the password back. Or, optionally, it may be multiline. Prompt before overwriting existing password unless forced. $program edit pass-name Insert a new password or edit an existing password using ${EDITOR:-vi}. - $program generate [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length + $program generate [--no-symbols,-n] [--force,-f] pass-name pass-length Generate a new password of pass-length with optionally no symbols. - Optionally put it on the clipboard and clear board after 45 seconds. Prompt before overwriting existing password unless forced. $program rm [--recursive,-r] [--force,-f] pass-name Remove existing password or directory, optionally forcefully. - $program git git-command-args... - If the password store is a git repository, execute a git command - specified by git-command-args. $program help Show this text. $program version @@ -63,16 +56,10 @@ _EOF } is_command() { case "$1" in - init|ls|list|show|insert|edit|generate|remove|rm|delete|git|help|--help|version|--version) return 0 ;; + init|ls|list|show|insert|edit|generate|remove|rm|delete|help|--help|version|--version) return 0 ;; *) return 1 ;; esac } -git_add_file() { - [[ -d $GIT_DIR ]] || return - git add "$1" || return - [[ -n $(git status --porcelain "$1") ]] || return - git commit -m "$2" -} yesno() { read -p "$1 [y/N] " response [[ $response == "y" || $response == "Y" ]] || exit 1 @@ -80,48 +67,21 @@ yesno() { # # BEGIN Platform definable # -clip() { - # This base64 business is a disgusting hack to deal with newline inconsistancies - # in shell. There must be a better way to deal with this, but because I'm a dolt, - # we're going with this for now. - - before="$(xclip -o -selection clipboard | base64)" - echo -n "$1" | xclip -selection clipboard - ( - sleep 45 - now="$(xclip -o -selection clipboard | base64)" - if [[ $now != $(echo -n "$1" | base64) ]]; then - before="$now" - fi - - # It might be nice to programatically check to see if klipper exists, - # as well as checking for other common clipboard managers. But for now, - # this works fine -- if qdbus isn't there or if klipper isn't running, - # this essentially becomes a no-op. - # - # Clipboard managers frequently write their history out in plaintext, - # so we axe it here: - qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null - - echo "$before" | base64 -d | xclip -selection clipboard - ) & disown - echo "Copied $2 to clipboard. Will clear in 45 seconds." -} tmpdir() { - if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then - tmp_dir="$(TMPDIR=/dev/shm mktemp -t "$template" -d)" + ramdisk="/var/tmp/password-store.ramdisk" + if [[ -d $ramdisk && -d $ramdisk && -d $ramdisk ]]; then + tmp_dir="$(TMPDIR=$ramdisk mktemp -t "$template" -d)" else - yesno "$(echo "Your system does not have /dev/shm, which means that it may" - echo "be difficult to entirely erase the temporary non-encrypted" - echo "password file after editing. Are you sure you would like to" - echo -n "continue?")" + yesno "$(echo "A ramdisk does not exist at $ramdisk, which means that it may" + echo "be difficult to entirely erase the temporary non-encrypted" + echo "password file after editing. Are you sure you would like to" + echo -n "continue?")" + tmp_dir="$(mktemp -t "$template" -d)" fi - } -GETOPT="getopt" -# source /path/to/platform-defined-functions +GETOPT="/usr/local/bin/getopt" # # END Platform definable # @@ -155,14 +115,12 @@ case "$command" in mkdir -v -p "$PREFIX" echo "$gpg_id" > "$ID" echo "Password store initialized for $gpg_id." - git_add_file "$ID" "Set GPG id to $gpg_id." if [[ $reencrypt -eq 1 ]]; then find "$PREFIX" -iname '*.gpg' | while read passfile; do gpg2 -d $GPG_OPTS "$passfile" | gpg2 -e -r "$gpg_id" -o "$passfile.new" $GPG_OPTS && mv -v "$passfile.new" "$passfile" done - git_add_file "$PREFIX" "Reencrypted entire store using new GPG id $gpg_id." fi exit 0 ;; @@ -191,18 +149,8 @@ fi case "$command" in show|ls|list) - clip=0 - - opts="$($GETOPT -o c -l clip -n "$program" -- "$@")" - err=$? - eval set -- "$opts" - while true; do case $1 in - -c|--clip) clip=1; shift ;; - --) shift; break ;; - esac done - if [[ $err -ne 0 ]]; then - echo "Usage: $program $command [--clip,-c] [pass-name]" + echo "Usage: $program $command [pass-name]" exit 1 fi @@ -220,13 +168,8 @@ case "$command" in echo "$path is not in the password store." exit 1 fi - if [[ $clip -eq 0 ]]; then - exec gpg2 -d $GPG_OPTS "$passfile" - else - pass="$(gpg2 -d $GPG_OPTS "$passfile" | head -n 1)" - [[ -n $pass ]] || exit 1 - clip "$pass" "$path" - fi + + gpg2 -d $GPG_OPTS "$passfile" fi ;; insert) @@ -276,7 +219,6 @@ case "$command" in read -r -p "Enter password for $path: " -e password gpg2 -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" fi - git_add_file "$passfile" "Added given password for $path to store." ;; edit) if [[ $# -ne 1 ]]; then @@ -304,25 +246,22 @@ case "$command" in echo "GPG encryption failed. Retrying." sleep 1 done - git_add_file "$passfile" "$action password for $path using ${EDITOR:-vi}." ;; generate) - clip=0 force=0 symbols="-y" - opts="$($GETOPT -o ncf -l no-symbols,clip,force -n "$program" -- "$@")" + opts="$($GETOPT -o ncf -l no-symbols,force -n "$program" -- "$@")" err=$? eval set -- "$opts" while true; do case $1 in -n|--no-symbols) symbols=""; shift ;; - -c|--clip) clip=1; shift ;; -f|--force) force=1; shift ;; --) shift; break ;; esac done if [[ $err -ne 0 || $# -ne 2 ]]; then - echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length" + echo "Usage: $program $command [--no-symbols,-n] [--force,-f] pass-name pass-length" exit 1 fi path="$1" @@ -339,14 +278,9 @@ case "$command" in pass="$(pwgen -s $symbols $length 1)" [[ -n $pass ]] || exit 1 gpg2 -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" - git_add_file "$passfile" "Added generated password for $path to store." - if [[ $clip -eq 0 ]]; then - echo "The generated password to $path is:" - echo "$pass" - else - clip "$pass" "$path" - fi + echo "The generated password to $path is:" + echo "$pass" ;; delete|rm|remove) recursive="" @@ -378,21 +312,6 @@ case "$command" in [[ $force -eq 1 ]] || yesno "Are you sure you would like to delete $path?" rm $recursive -f -v "$passfile" - if [[ -d $GIT_DIR && ! -e $passfile ]]; then - git rm -qr "$passfile" - git commit -m "Removed $path from store." - fi - ;; - git) - if [[ $1 == "init" ]]; then - git "$@" || exit 1 - git_add_file "$PREFIX" "Added current contents of password store." - elif [[ -d $GIT_DIR ]]; then - exec git "$@" - else - echo "Error: the password store is not a git repository." - exit 1 - fi ;; *) usage