password-store: Update security/password-store to 1.7.1 pkgsrc changes: - Rename `xclip' PKG_OPTION to `x11' (and add a PKG_OPTIONS_LEGACY_OPTS accordingly) and also depends on converters/base64 (needed by the `--clip' option, like xclip) and qrencode (needed by the `--qrcode' option). - Add support for `test' target and adjust the part of the test suite for gnupg>=2.2.5 via patches/patch-tests_t0300-reencryption.sh. - sysutils/pwgen is no more needed, remove it from DEPENDS (now `tr -dc '' < /dev/urandom' is used instead) - Add patches/patch-contrib_dmenu_passmenu to fix `passmenu --type' (at least xdotool-2.20110530.1 does not support any `--file' option used by passmenu) - Adjust PAX invokations in `do-install' target to ignore possible `*.orig' and `.gitignore' files. Changes 1.7.1 ----- == Bug Fixes == * Fix test suite on OS X * Add compatibility with GnuPG 2.2.19 * Uniformly use the $GPG variable * Do the correct thing with subkeys when reencrypting 1.7 --- == New Features == * Extensions: pass can now load user-defined extensions from a system directory or a user directory. There's already a nice ecosystem of extensions being built, even at this early stage. See the pass man page for more information. * Signatures: there is now an option to enforce signatures of the .gpg-id file and extensions using an environment variable. * QRCodes: generate and show have now learned the --qrcode/-q switch. Note to package maintainers: this adds a dependency on the popular qrencode package. * Password generation: rather than use pwgen, we now use /dev/urandom more directly, which results in more assured password security, as well as customizable character sets, via an environment variable. See the pass man page for more information on this customization. Package maintainers: you may now drop the dependency on pwgen. * Importers: there now are several more importers. More and more folks are moving to pass! * Selectable clipping: you can now specify which line you wish to copy to the clipboard or display with a qrcode when using -c or -q. * Git discovery: The PASSWORD_STORE_GIT environment variable has been removed, and instead pass will automatically choose the git repository closest to the file being modified (but not out of the actual password store itself). This should help people who like to nest git repos for different organizations. * Bug fixes: too many to count. == Note To Distros == * Drop the dependency of pwgen. * Add the dependency of qrencode. * The Makefile now does the right thing with DESTDIR, so you might want to double check that your package recipe does the right thing. * The semantics for auto-detection of bash completion has changed, with new environment variables for such things. See INSTALL for details. Index: Makefile =================================================================== RCS file: /cvsroot/pkgsrc/security/password-store/Makefile,v retrieving revision 1.5 diff -u -p -r1.5 Makefile --- Makefile 3 Sep 2017 08:53:14 -0000 1.5 +++ Makefile 26 Apr 2018 11:26:49 -0000 @@ -1,6 +1,6 @@ # $NetBSD: Makefile,v 1.5 2017/09/03 08:53:14 wiz Exp $ -DISTNAME= password-store-1.6.5 +DISTNAME= password-store-1.7.1 CATEGORIES= security MASTER_SITES= http://git.zx2c4.com/password-store/snapshot/ EXTRACT_SUFX= .tar.xz @@ -16,7 +16,6 @@ USE_TOOLS+= gmake pax bash:run DEPENDS+= getopt>=1.1.6:../../misc/getopt DEPENDS+= gnupg2>=2.0.26:../../security/gnupg2 -DEPENDS+= pwgen>=2.06:../../sysutils/pwgen DEPENDS+= tree>=1.7.0:../../sysutils/tree EGDIR= share/examples/password-store @@ -24,6 +23,7 @@ INSTALLATION_DIRS+= bin ${PKGMANDIR}/man INSTALLATION_DIRS+= ${EGDIR}/contrib ${EGDIR}/completion REPLACE_BASH+= src/password-store.sh +REPLACE_BASH+= tests/*.sh SUBST_CLASSES+= fixsh SUBST_STAGE.fixsh= post-patch @@ -32,6 +32,8 @@ SUBST_FILES.fixsh= src/password-store.sh SUBST_SED.fixsh+= -e 's,GETOPT="getopt",GETOPT="${PREFIX}/bin/getopt",' SUBST_SED.fixsh+= -e "s,SHRED=\"shred -f -z\",SHRED=\"${RM} -f -P\"," +TEST_TARGET= test + .include "options.mk" do-install: @@ -41,9 +43,11 @@ do-install: ${DESTDIR}${PREFIX}/${EGDIR} ${INSTALL_MAN} ${WRKSRC}/man/pass.1 \ ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/pass.1 - cd ${WRKSRC}/contrib && \ - ${PAX} -wr * ${DESTDIR}${PREFIX}/${EGDIR}/contrib - cd ${WRKSRC}/src/completion && \ - ${PAX} -wr * ${DESTDIR}${PREFIX}/${EGDIR}/completion + cd ${WRKSRC}/contrib && \ + ${PAX} -wr * -s',.*\.orig$$,,' -s',.*\.gitignore$$,,' \ + ${DESTDIR}${PREFIX}/${EGDIR}/contrib + cd ${WRKSRC}/src/completion && \ + ${PAX} -wr * -s',.*\.orig$$,,' -s',.*\.gitignore$$,,' \ + ${DESTDIR}${PREFIX}/${EGDIR}/completion .include "../../mk/bsd.pkg.mk" Index: PLIST =================================================================== RCS file: /cvsroot/pkgsrc/security/password-store/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- PLIST 15 Feb 2015 18:58:40 -0000 1.2 +++ PLIST 26 Apr 2018 11:26:49 -0000 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2015/02/15 18:58:40 gls Exp $ +@comment $NetBSD$ bin/pass man/man1/pass.1 share/examples/password-store/completion/pass.bash-completion @@ -6,7 +6,6 @@ share/examples/password-store/completion share/examples/password-store/completion/pass.zsh-completion share/examples/password-store/contrib/dmenu/README.md share/examples/password-store/contrib/dmenu/passmenu -share/examples/password-store/contrib/emacs/.gitignore share/examples/password-store/contrib/emacs/Cask share/examples/password-store/contrib/emacs/README.md share/examples/password-store/contrib/emacs/password-store.el @@ -14,12 +13,16 @@ share/examples/password-store/contrib/im share/examples/password-store/contrib/importers/fpm2pass.pl share/examples/password-store/contrib/importers/gorilla2pass.rb share/examples/password-store/contrib/importers/kedpm2pass.py +share/examples/password-store/contrib/importers/keepass2csv2pass.py share/examples/password-store/contrib/importers/keepass2pass.py share/examples/password-store/contrib/importers/keepassx2pass.py share/examples/password-store/contrib/importers/kwallet2pass.py share/examples/password-store/contrib/importers/lastpass2pass.rb +share/examples/password-store/contrib/importers/password-exporter2pass.py +share/examples/password-store/contrib/importers/pwsafe2pass.py share/examples/password-store/contrib/importers/pwsafe2pass.sh share/examples/password-store/contrib/importers/revelation2pass.py -share/examples/password-store/contrib/related-projects.txt +share/examples/password-store/contrib/importers/roboform2pass.rb +share/examples/password-store/contrib/pass.applescript share/examples/password-store/contrib/vim/noplaintext.vim share/examples/password-store/example-filter.sh Index: distinfo =================================================================== RCS file: /cvsroot/pkgsrc/security/password-store/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo 4 Nov 2015 01:18:00 -0000 1.3 +++ distinfo 26 Apr 2018 11:26:49 -0000 @@ -1,7 +1,9 @@ $NetBSD: distinfo,v 1.3 2015/11/04 01:18:00 agc Exp $ -SHA1 (password-store-1.6.5.tar.xz) = 7590bee627bc9d617cdaf901544996cde54f5a12 -RMD160 (password-store-1.6.5.tar.xz) = 76e50eaef02163dc23c155ade34b88e965ac6f30 -SHA512 (password-store-1.6.5.tar.xz) = e28503b63c6d18a2f45f4a732fdec0380c2ac15e1778136ec5e7ac568662b09183d3ad4fd36ca7e87cfe74540f916cb6365695bdf665a39da4cbe86c4bde7a78 -Size (password-store-1.6.5.tar.xz) = 54576 bytes -SHA1 (patch-src_password-store.sh) = 5a1c1742b16716bbf50ef591b99f0e84d1f52062 +SHA1 (password-store-1.7.1.tar.xz) = e7982416eaea8773ead0836f0b4c7a475ef33cb3 +RMD160 (password-store-1.7.1.tar.xz) = ebd86a7ae52559eeac5001e9634306dc0b8bdd5f +SHA512 (password-store-1.7.1.tar.xz) = 2ba2ebc80c90454bbab1da3c43c2cfc87135f838f381e2616eef7c36b0c1de01e491cf587a666bb052d6dfd475fa429bc8fd82b0269325bd2b70afbb897b923e +Size (password-store-1.7.1.tar.xz) = 62340 bytes +SHA1 (patch-contrib_dmenu_passmenu) = 025e88b68b68936d80e6eca914e7e6e44d1d887e +SHA1 (patch-src_password-store.sh) = a5a472d5e0e0762ded9775eb59e63eefb2c14dd5 +SHA1 (patch-tests_t0300-reencryption.sh) = d98a0872914a8cb74805c86894c06772b0b7365b Index: options.mk =================================================================== RCS file: /cvsroot/pkgsrc/security/password-store/options.mk,v retrieving revision 1.1 diff -u -p -r1.1 options.mk --- options.mk 5 Jan 2015 11:32:49 -0000 1.1 +++ options.mk 26 Apr 2018 11:26:49 -0000 @@ -2,12 +2,15 @@ PKG_OPTIONS_VAR= PKG_OPTIONS.pass -PKG_SUPPORTED_OPTIONS= git xclip -PKG_SUGGESTED_OPTIONS= git +PKG_SUPPORTED_OPTIONS= git x11 +PKG_SUGGESTED_OPTIONS= git +PKG_OPTIONS_LEGACY_OPTS+= xclip:x11 .include "../../mk/bsd.options.mk" -.if !empty(PKG_OPTIONS:Mxclip) +.if !empty(PKG_OPTIONS:Mx11) +DEPENDS+= base64-[0-9]*:../../converters/base64 +DEPENDS+= qrencode-[0-9]*:../../converters/qrencode DEPENDS+= xclip>=0.12:../../x11/xclip .endif Index: patches/patch-contrib_dmenu_passmenu =================================================================== RCS file: patches/patch-contrib_dmenu_passmenu diff -N patches/patch-contrib_dmenu_passmenu --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-contrib_dmenu_passmenu 26 Apr 2018 11:26:49 -0000 @@ -0,0 +1,18 @@ +$NetBSD$ + +Avoid unsupported x11/xdotool (at least version 2.20110530.1) `--file' option. +Refactor the logic for `passmenu --type' in order to avoid `--file' and directly +inject the `type' command and password via a pipe. + +--- contrib/dmenu/passmenu.orig 2017-04-13 10:11:14.000000000 +0000 ++++ contrib/dmenu/passmenu +@@ -20,6 +20,7 @@ password=$(printf '%s\n' "${password_fil + if [[ $typeit -eq 0 ]]; then + pass show -c "$password" 2>/dev/null + else +- pass show "$password" | { read -r pass; printf %s "$pass"; } | +- xdotool type --clearmodifiers --file - ++ { printf "type --clearmodifiers -- "; ++ pass show "$password" | head -n 1 ; } | ++ xdotool - + fi Index: patches/patch-src_password-store.sh =================================================================== RCS file: /cvsroot/pkgsrc/security/password-store/patches/patch-src_password-store.sh,v retrieving revision 1.1 diff -u -p -r1.1 patch-src_password-store.sh --- patches/patch-src_password-store.sh 2 Jan 2015 12:52:16 -0000 1.1 +++ patches/patch-src_password-store.sh 26 Apr 2018 11:26:49 -0000 @@ -1,10 +1,27 @@ $NetBSD: patch-src_password-store.sh,v 1.1 2015/01/02 12:52:16 imil Exp $ -Remove non portable mkdir parameter +Avoid non portable mkdir(1) `-v' parameter. ---- src/password-store.sh.orig 2014-07-01 08:42:26.000000000 +0000 +--- src/password-store.sh.orig 2017-04-13 10:11:14.000000000 +0000 +++ src/password-store.sh -@@ -291,7 +291,7 @@ cmd_init() { +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/usr/pkg/bin/bash + + # Copyright (C) 2012 - 2017 Jason A. Donenfeld . All Rights Reserved. + # This file is licensed under the GPLv2+. Please see COPYING for more information. +@@ -222,8 +222,8 @@ tmpdir() { + fi + + } +-GETOPT="getopt" +-SHRED="shred -f -z" ++GETOPT="/usr/pkg/bin/getopt" ++SHRED="/bin/rm -f -P" + + source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr '[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE + +@@ -323,7 +323,7 @@ cmd_init() { fi rmdir -p "${gpg_id%/*}" 2>/dev/null else @@ -12,8 +29,8 @@ Remove non portable mkdir parameter + mkdir -p "$PREFIX/$id_path" printf "%s\n" "$@" > "$gpg_id" local id_print="$(printf "%s, " "$@")" - echo "Password store initialized for ${id_print%, }" -@@ -382,7 +382,7 @@ cmd_insert() { + echo "Password store initialized for ${id_print%, }${id_path:+ ($id_path)}" +@@ -430,7 +430,7 @@ cmd_insert() { [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" @@ -22,30 +39,30 @@ Remove non portable mkdir parameter set_gpg_recipients "$(dirname "$path")" if [[ $multiline -eq 1 ]]; then -@@ -416,7 +416,7 @@ cmd_edit() { +@@ -464,7 +464,7 @@ cmd_edit() { - local path="$1" + local path="${1%/}" check_sneaky_paths "$path" - mkdir -p -v "$PREFIX/$(dirname "$path")" + mkdir -p "$PREFIX/$(dirname "$path")" set_gpg_recipients "$(dirname "$path")" local passfile="$PREFIX/$path.gpg" - -@@ -455,7 +455,7 @@ cmd_generate() { - local length="$2" + set_git "$passfile" +@@ -506,7 +506,7 @@ cmd_generate() { + local length="${2:-$GENERATED_LENGTH}" check_sneaky_paths "$path" [[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must be a number." - mkdir -p -v "$PREFIX/$(dirname "$path")" + mkdir -p "$PREFIX/$(dirname "$path")" set_gpg_recipients "$(dirname "$path")" local passfile="$PREFIX/$path.gpg" - -@@ -538,7 +538,7 @@ cmd_copy_move() { - [[ ! -f $old_path ]] && die "Error: $1 is not in the password store." - fi + set_git "$passfile" +@@ -595,7 +595,7 @@ cmd_copy_move() { + echo "$old_path" + [[ -e $old_path ]] || die "Error: $1 is not in the password store." - mkdir -p -v "${new_path%/*}" + mkdir -p "${new_path%/*}" - [[ -d $old_path || -d $new_path || $new_path =~ /$ ]] || new_path="${new_path}.gpg" + [[ -d $old_path || -d $new_path || $new_path == */ ]] || new_path="${new_path}.gpg" local interactive="-i" Index: patches/patch-tests_t0300-reencryption.sh =================================================================== RCS file: patches/patch-tests_t0300-reencryption.sh diff -N patches/patch-tests_t0300-reencryption.sh --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_t0300-reencryption.sh 26 Apr 2018 11:26:49 -0000 @@ -0,0 +1,21 @@ +$NetBSD$ + +Adjust output for gnupg2>=2.2.5. + +--- tests/t0300-reencryption.sh.orig 2017-04-13 10:11:14.000000000 +0000 ++++ tests/t0300-reencryption.sh +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/usr/pkg/bin/bash + + test_description='Reencryption consistency' + cd "$(dirname "$0")" +@@ -10,7 +10,7 @@ canonicalize_gpg_keys() { + $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u + } + gpg_keys_from_encrypted_file() { +- $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u ++ $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | sed -n '/public key/p' | cut -d ' ' -f 5 | LC_ALL=C sort -u + } + gpg_keys_from_group() { + local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)"