Quoting Jason A. Donenfeld (2016-02-05 20:09:35) > The whole motivation for pass was not to have anything that needs an > API or an interface to work with. The interface is the filesystem. > Each password is in a file. Files can be dealt with through the gpg > tools. Scripts are to just use the ordinary filesystem APIs to do what > they need to do. pass itself is one such script that uses those > filesystem APIs for the purpose of having a nice terminal frontend. > > Maybe pass has become too complicated since this original mission, and > now some sort of abstracted generic monstrosity is needed. If this is > the case, what a shame.
I understand and support the desire to keep pass simple. But at least in one point pass has some "internal logic" or an "interface" (but then again I would use gpg, cd, ls and friends manually otherwise). This even results in a small "bug": pass assumes that password files have a gpg extension. Other files are not used by `pass show`. That is the internal assumtion/restriction/interface. The bug is that files without a gpg extension are listed in the tree (plain `pass show`) but can (obviously) not be shown directly (`pass show makefile` says "Error: makefile is not in the password store." even though "makefile" is returned by the completion and listed in the tree). > But with that said, I wouldn't oppose making changes so that pass's > output is more easily scriptable. For example, testing [[ -t 0 ]] and > outputting different things might be worthwhile. I previously wrote that > I do not want to change the output of existing commands for this so I > propose a new sub command: "script-interface". More accurate would be: I do not urge to change the existing output formats if people are opposed to it. So yes I like this idea as well. Allan and Dashamir have also proposed the use of options instead of further commands. > What do your scripts need to do? Maybe folks on the list can help you > find the most direct solution for your scripting needs? The main reason I started this was actually a generalisation of a previous attempt to make pass more scriptable, for which I still hope to recive some feedback by the way ;). The previous patch was a change of the output format of `pass grep`. It is here: http://lists.zx2c4.com/pipermail/password-store/2015-August/001696.html). The scripts I use in conjunction with pass are attached. I use them to auto generate a netrc file to be used with fetchmail.
GPGFILES := $(sort $(shell find . -iname '*.gpg'))
netrc: $(GPGFILES)
@for file in $(GPGFILES:./%.gpg=%); do \
pass show $$file | bin/entry.awk; \
done > $@
@chmod 600 $@
#!/usr/bin/awk -f
# This awk script can parse the contents of a single password file and prints
# a corresponding netrc entry to stdout. The first line has to be the
# password. The other lines can contain arbitrary key value pairs (delimited
# by spaces and at least one colon or equal sign). The keys that will be used
# for the netrc entry are:
# * one of "smtp", "pop", "imap", which should be the domain
# * one of "smtpuser", "popuser", "imapuser" as a username for the
# coresponding entry
# * one of "username" or "user" as fallback username and for other entries
function create_entry(type) {
# Print a netrc entry to stdout, using the specified type as a protocoll
# name. The public array data will be used. There should be an entry at
# type in data. It should contain an url. There should be an entry
# type"user" or "username" or "user" in data. It will be the login for the
# netrc entry.
print "machine " data[type]
if (type "user" in data) {
print "login " data[type "user"]
} else if ("username" in data) {
print "login " data["username"]
} else {
print "login " data["user"]
}
print "password " password
if (type == "ftp" && "macdef_name" in data && "macdef_code" in data) {
print "macdef " data["macdef_name"]
print data["macdef_code"]
}
print ""
}
BEGIN {
# the field seperator is very similar to the yaml dictionary syntax for key
# value lines
FS = "[[:space:]]*[:=][[:space:]]+"
}
# the first line of a pass(1) file contains the password itself
FNR == 1 {
password = $0
next
}
# all lines after the password should contain additional data in a suitable
# key: value syntax
{ data[$1] = $2 }
END {
if (data["netrc"] == "true") {
if ("ftp" in data) { create_entry("ftp") }
if ("imap" in data) { create_entry("imap") }
if ("pop" in data) { create_entry("pop") }
if ("smtp" in data) { create_entry("smtp") }
}
}
signature.asc
Description: signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
