nullobsi / pass-secrets Goto Github PK
View Code? Open in Web Editor NEWUse pass to store your application secrets!
License: GNU General Public License v3.0
Use pass to store your application secrets!
License: GNU General Public License v3.0
Using pass directly as a subprocess feels fragile and prone to error (#2)
Pros:
Cons:
The service should fail instead.
Sep 07 13:08:14 odin pass-secrets[2634448]: terminate called after throwing an instance of 'sdbus::Error'
Sep 07 13:08:14 odin pass-secrets[2634448]: what(): [org.freedesktop.DBus.Error.FileExists] Failed to request bus name (File exists)
sdbus-cpp is great but requires hacks for the proxy objects which increases code complexity
also, it requires a lot of spreading of the code state. moving to a lower level library would allow some state from dbus (request path)
I tried this assuming it also reads existing passwords. Is there an option to do so?
Also it shouldn't necessarily try to write passwords itself.
after enabling/starting the systemd service unit I tried to log in into minecraft, but the unit get stopped because pass couldn't write:
× pass-secrets.service - Pass SecretService
Loaded: loaded (/usr/lib/systemd/user/pass-secrets.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since Wed 2021-09-29 10:48:43 -03; 432ms ago
Process: 3564 ExecStart=/usr/bin/pass-secrets (code=killed, signal=ABRT)
Main PID: 3564 (code=killed, signal=ABRT)
CPU: 41ms
set 29 10:48:43 shadow systemd[561]: Starting Pass SecretService...
set 29 10:48:43 shadow systemd[561]: Started Pass SecretService.
set 29 10:48:43 shadow pass-secrets[3564]: Loaded collection /home/mg_user/.password-store/secretservice/0M58kCNVdu2p9fpY9gHBi
set 29 10:48:43 shadow pass-secrets[3564]: Found pass at /usr/bin/pass
set 29 10:48:43 shadow pass-secrets[3564]: terminate called after throwing an instance of 'std::runtime_error'
set 29 10:48:43 shadow pass-secrets[3564]: what(): pass returned an error while writing!
set 29 10:48:43 shadow systemd[561]: pass-secrets.service: Main process exited, code=killed, status=6/ABRT
set 29 10:48:43 shadow systemd[561]: pass-secrets.service: Failed with result 'signal'.
I probably not setting something right, I followed part of the example from arch wiki and it went all good.
gpg --gen-key # generated a key, set it up a password and all
pass init [email protected]
pass insert archlinux.org/wiki/username # again here all went good, set it up a password too, no errors
what more do I need to do?
Hello @nullobsi
Thank you for your work!
Can you help me with compilling? Because I have next error:
[ 83%] Building CXX object CMakeFiles/pass-secrets.dir/impl/CollectionProxy.cpp.o
In file included from /usr/include/signal.h:328,
from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:8007,
from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:10791:58: error: call to non-‘constexpr’ function ‘long int sysconf(int)’
10791 | static constexpr std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ;
| ^~~~~~~~~~~
In file included from /usr/include/bits/sigstksz.h:24,
from /usr/include/signal.h:328,
from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:8007,
from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/usr/include/unistd.h:640:17: note: ‘long int sysconf(int)’ declared here
640 | extern long int sysconf (int __name) __THROW;
| ^~~~~~~
In file included from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:10850:45: error: size of array ‘altStackMem’ is not an integral constant-expression
10850 | char FatalConditionHandler::altStackMem[sigStackSize] = {};
| ^~~~~~~~~~~~
[ 88%] Building CXX object CMakeFiles/pass-secrets.dir/impl/sessions/Plain.cpp.o
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp: In member function ‘predefined_random::result_type predefined_random::operator()()’:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:36:9: warning: no return statement in function returning non-void [-Wreturn-type]
36 | }
| ^
make[2]: *** [nanoid_cpp/CMakeFiles/nanoid_tests.dir/build.make:76: nanoid_cpp/CMakeFiles/nanoid_tests.dir/tests/unit_tests.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:145: nanoid_cpp/CMakeFiles/nanoid_tests.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 94%] Linking CXX executable pass-secrets
[ 94%] Built target pass-secrets
make: *** [Makefile:136: all] Error 2
When using fractal-git with pass-secrets on Arch, it coredumps quite reproducibly.
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f557a49f2d3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007f557a44fa08 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f557a438538 in __GI_abort () at abort.c:79
#4 0x00007f557a69ca6f in __gnu_cxx::__verbose_terminate_handler () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/vterminate.cc:95
#5 0x00007f557a6b011c in __cxxabiv1::__terminate (handler=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48
#6 0x00007f557a6b0189 in std::terminate () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:58
#7 0x00007f557a6b03ed in __cxxabiv1::__cxa_throw (obj=<optimized out>, tinfo=0x55de57d817d0, dest=0x55de57d4eb00) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_throw.cc:98
#8 0x000055de57d41007 in ?? ()
#9 0x000055de57d4d7b2 in ?? ()
#10 0x000055de57d4ee9a in ?? ()
#11 0x00007f557aa693a6 in sdbus::internal::Object::sdbus_method_callback(sd_bus_message*, void*, sd_bus_error*) () from /usr/lib/libsdbus-c++.so.1
#12 0x00007f557a96fe2d in method_callbacks_run (found_object=0x7ffea0918848, require_fallback=false, c=0x55de59d71d40, m=0x55de59d80ce0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:406
#13 object_find_and_run (bus=0x55de59d6e410, m=0x55de59d80ce0, p=0x55de59d80948 "/org/freedesktop/secrets", require_fallback=false, found_object=0x7ffea0918848) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:1319
#14 0x00007f557a9862be in bus_process_object (m=<optimized out>, bus=<optimized out>) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:1439
#15 process_message (m=0x55de59d80ce0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:2976
#16 process_running (ret=0x0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:3018
#17 bus_process_internal (bus=<optimized out>, ret=0x0) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:3238
#18 0x00007f557aa5f876 in sdbus::internal::Connection::processPendingRequest() () from /usr/lib/libsdbus-c++.so.1
#19 0x000055de57d42487 in ?? ()
#20 0x00007f557a439850 in __libc_start_call_main (main=main@entry=0x55de57d41280, argc=argc@entry=1, argv=argv@entry=0x7ffea0918cb8) at ../sysdeps/nptl/libc_start_call_main.h:58
#21 0x00007f557a43990a in __libc_start_main_impl (main=0x55de57d41280, argc=1, argv=0x7ffea0918cb8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffea0918ca8) at ../csu/libc-start.c:360
#22 0x000055de57d42fd5 in ?? ()
Thank you for this useful tool. The README seems to refer to systemd, which we don't use on FreeBSD:
% systemctl --user enable pass-secrets
zsh: command not found: systemctl
Please also provide instructions for FreeBSD.
Usage is not exactly clear:
% pass-secrets
zsh: abort pass-secrets
% pass-secrets -h
zsh: abort pass-secrets -h
% pass-secrets --help
zsh: abort pass-secrets --help
% sudo pass-secrets
Password:
zsh: abort sudo pass-secrets
Thanks!
Thank you for implementing this nice alternative to the major keyrings. I came here since the new fractal alpha (from gnome) forces the use of a dbus secrets service. Unfortunately, I run into "Only plain is supported" from here
Are there plans to support more algorithms than just plain text? I'd really like to get around installing kwallet, gnome-keyring or similar :)
For reference, fractal seems to use this code path.
I see that there is some secret information stored as json files. I have several questions:
I have my pass' store directory set up at ~/.local/share/pass
and I set it up through PASSWORD_STORE_DIR
environment variable, however the systemd unit didn't have the said variable, so it tried to read from ~/.password-store
and the service has died. After adding a systemd unit override to include the environment variable everything started working fine.
I suggest that pass' store directory missing could handled gracefully instead of dumping core due to an exception.
Jan 22 21:05:34 uds systemd[936]: Starting Pass SecretService...
Jan 22 21:05:34 uds systemd[936]: Started Pass SecretService.
Jan 22 21:05:34 uds pass-secrets[2133]: terminate called after throwing an instance of 'std::filesystem::__cxx11::filesystem_error'
Jan 22 21:05:34 uds pass-secrets[2133]: what(): filesystem error: cannot create directory: No such file or directory [/home/zneix/.password-store/secretservice]
Jan 22 21:05:34 uds systemd-coredump[2139]: [🡕] Process 2133 (pass-secrets) of user 1000 dumped core.
Module linux-vdso.so.1 with build-id f9fada32e91353254b262e357cb155d189cc0523
Module libgpg-error.so.0 with build-id 3801187d42c4955bd93c605451430cdf1b164e63
Module libgcrypt.so.20 with build-id db45f5d5e0f7af1e77324fea1885f974619ad268
Module libcap.so.2 with build-id f56c6cd6ad4d35053340d7ff2f8f954498796739
Module liblz4.so.1 with build-id e63600ab23b2f6997f42fac2fa56e1f02ce159a1
Module libzstd.so.1 with build-id ea8f70c7c6816cee97c9890081a80259ca44d397
Module liblzma.so.5 with build-id 8b615460aa230708c5183f16bede67aa0437d95e
Module librt.so.1 with build-id 75484da2d6f1515189eefa076e0a40328834cd16
Module ld-linux-x86-64.so.2 with build-id 040cc3dd10461562f177df39e3be2f3704258c3c
Module libm.so.6 with build-id 2b8fd1f869ecab4e0b55e92f2f151897f6818acf
Module libsystemd.so.0 with build-id 6a2a26aa5fff87c1eb61137339bc55a53956c9ac
Module libc.so.6 with build-id 4b406737057708c0e4c642345a703c47a61c73dc
Module libpthread.so.0 with build-id 07c8f95b4f3251d08550217ad8a1f31066229996
Module libgcc_s.so.1 with build-id 7f8508bb914546ada778809b64b99d234337d835
Module libstdc++.so.6 with build-id 9b5eeeb149bf3c4efe787fb398b44f00507aec87
Module libsdbus-c++.so.1 with build-id 3b1e7345adc1d1bf90efd0a7789e2259b81b6e2a
Module pass-secrets with build-id 7a3e759d73d8fbe5524afd43868c332ebbc8ba68
Stack trace of thread 2133:
#0 0x00007f8d52e1fd22 raise (libc.so.6 + 0x3cd22)
#1 0x00007f8d52e09862 abort (libc.so.6 + 0x26862)
#2 0x00007f8d53084802 _ZN9__gnu_cxx27__verbose_terminate_handlerEv (libstdc++.so.6 + 0x99802)
#3 0x00007f8d53090c8a _ZN10__cxxabiv111__terminateEPFvvE (libstdc++.so.6 + 0xa5c8a)
#4 0x00007f8d53090cf7 _ZSt9terminatev (libstdc++.so.6 + 0xa5cf7)
#5 0x00007f8d53090f8e __cxa_throw (libstdc++.so.6 + 0xa5f8e)
#6 0x00007f8d530890a1 _ZNSt10filesystem16create_directoryERKNS_7__cxx114pathE (libstdc++.so.6 + 0x9e0a1)
#7 0x000055cfb625e998 n/a (pass-secrets + 0x22998)
#8 0x000055cfb624cf18 n/a (pass-secrets + 0x10f18)
#9 0x000055cfb624acff n/a (pass-secrets + 0xecff)
#10 0x00007f8d52e0ab25 __libc_start_main (libc.so.6 + 0x27b25)
#11 0x000055cfb624b25e n/a (pass-secrets + 0xf25e)
ELF object binary architecture: AMD x86-64
Jan 22 21:05:34 uds systemd[936]: pass-secrets.service: Main process exited, code=dumped, status=6/ABRT
Jan 22 21:05:34 uds systemd[936]: pass-secrets.service: Failed with result 'core-dump'.
Jan 22 21:15:00 uds systemd[936]: Starting Pass SecretService...
Jan 22 21:15:00 uds systemd[936]: Started Pass SecretService.
Since a couple of weeks, pass-secrets stopped working because it cannot find libsdbus-c++.so.1
.
I can however confirm that it is present on my system (installed from source) :
I tried rebuilding after updating the master branch to commit 9bf333c
, without success.
What could be the cause of this?
Thank you very much.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.