1) Detect gpgtools in it's non-standard directory [upstream wontfix]
2) Add shredding for tmp files in /dev/shm as they could be swapped
3) Add shredding and ramdisk tmpdir for OSX
4) Detect OSX's shred command, srm.
5) Remove .gpg file extensions for PassFF in OSX (set final regex
match to 0 or 1 times)
---
src/password-store.sh | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 47f7ffa..8f67f00 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -10,7 +10,13 @@ GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none"
"--no-encrypt-to" )
GPG="gpg"
export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}"
which gpg2 &>/dev/null && GPG="gpg2"
-[[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch"
"--use-agent" )
+
+# Check if gpgtools is installed under OSX
+#
http://support.gpgtools.org/discussions/problems/9091-usrbingpgconf#comment_27431107
+# https://gpgtools.lighthouseapp.com/projects/66001/tickets/114
+[[ -f /usr/local/MacGPG2/bin/gpg2 ]] &&
GPG="/usr/local/MacGPG2/bin/gpg2"
+
+[[ -n $GPG_AGENT_INFO || "$GPG" != "gpg" ]] && GPG_OPTS+=( "--batch"
"--use-agent" )
PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
@@ -161,9 +167,23 @@ tmpdir() {
if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
SECURE_TMPDIR="$(mktemp -d "/dev/shm/$template")"
remove_tmpfile() {
+ find "$SECURE_TMPDIR" -type f -exec $SHRED {} +
rm -rf "$SECURE_TMPDIR"
}
trap remove_tmpfile INT TERM EXIT
+ elif [[ "$OSTYPE" == "darwin"* && -n "$(which hdiutil)" && -n
"$(which diskutil)" ]]; then
+ NUMSECTORS=2000 # a sector is 512 bytes
+ DeviceName=$(hdiutil attach -nomount ram://$NUMSECTORS)
+ diskutil quiet eraseVolume HFS+ osxshm $DeviceName
+ diskutil quiet disableJournal $DeviceName
+ SECURE_TMPDIR="$(mktemp -d "/Volumes/osxshm/$template")"
+ remove_tmpfile() {
+ $SHRED -r $SECURE_TMPDIR
+ umount /Volumes/osxshm
+ diskutil quiet secureErase 2 $DeviceName
+ diskutil quiet eject $DeviceName
+ }
+ trap remove_tmpfile INT TERM EXIT
else
[[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF
Your system does not have /dev/shm, which means that it may
@@ -183,7 +203,11 @@ tmpdir() {
}
GETOPT="getopt"
-SHRED="shred -f -z"
+if [[ "$OSTYPE" == "darwin"* && -n "$(which srm)" ]]; then
+ SHRED="srm -f -z"
+else
+ SHRED="shred -f -z"
+fi
source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr
'[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE
@@ -322,7 +346,7 @@ cmd_show() {
else
echo "${path%\/}"
fi
- tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed
's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' # remove .gpg at end
of line, but keep colors
+ tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed
's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)\{0,1\}/\1\2/g' # remove .gpg
at end of line, but keep colors
elif [[ -z $path ]]; then
die "Error: password store is empty. Try \"pass init\"."
else
@@ -334,7 +358,7 @@ cmd_find() {
[[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..."
IFS="," eval 'echo "Search Terms: $*"'
local terms="*$(printf '%s*|*' "$@")"
- tree -C -l --noreport -P "${terms%|*}" --prune --matchdirs
--ignore-case "$PREFIX" | tail -n +2 | sed
's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g'
+ tree -C -l --noreport -P "${terms%|*}" --prune --matchdirs
--ignore-case "$PREFIX" | tail -n +2 | sed
's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)\{0,1\}/\1\2/g' # remove .gpg
at end of line, but keep colors
}
cmd_grep() {
--
2.3.4
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
