nullobsi / pass-secrets Goto Github PK

View Code? Open in Web Editor NEW

29.0 29.0 4.0 452 KB

Use pass to store your application secrets!

License: GNU General Public License v3.0

CMake 0.27% C++ 95.89% C 3.74% Shell 0.10%

pass-secrets's People

Contributors

Stargazers

Watchers

Forkers

miguelzamora13 halcyonseeker jbeich l-pt

pass-secrets's Issues

use GPGME

Using pass directly as a subprocess feels fragile and prone to error (#2)

Pros:

direct support for encrypting/decrypting
error handling
less hacky

Cons:

git commit would not be made
have to manually support .gpg-id

Services crashes if another program provides org.freedesktop.secrets

The service should fail instead.

Sep 07 13:08:14 odin pass-secrets[2634448]: terminate called after throwing an instance of 'sdbus::Error'
Sep 07 13:08:14 odin pass-secrets[2634448]:   what():  [org.freedesktop.DBus.Error.FileExists] Failed to request bus name (File exists)

use lower-level DBus library

sdbus-cpp is great but requires hacks for the proxy objects which increases code complexity

also, it requires a lot of spreading of the code state. moving to a lower level library would allow some state from dbus (request path)

Read existing passwords

I tried this assuming it also reads existing passwords. Is there an option to do so?
Also it shouldn't necessarily try to write passwords itself.

problem with compiling

Hello @nullobsi
Thank you for your work!
Can you help me with compilling? Because I have next error:

[ 83%] Building CXX object CMakeFiles/pass-secrets.dir/impl/CollectionProxy.cpp.o
In file included from /usr/include/signal.h:328,
                 from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:8007,
                 from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:10791:58: error: call to non-‘constexpr’ function ‘long int sysconf(int)’
10791 |     static constexpr std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ;
      |                                                          ^~~~~~~~~~~
In file included from /usr/include/bits/sigstksz.h:24,
                 from /usr/include/signal.h:328,
                 from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:8007,
                 from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/usr/include/unistd.h:640:17: note: ‘long int sysconf(int)’ declared here
  640 | extern long int sysconf (int __name) __THROW;
      |                 ^~~~~~~
In file included from /home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:10:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/vendor/catch2/catch2/catch.h:10850:45: error: size of array ‘altStackMem’ is not an integral constant-expression
10850 |     char FatalConditionHandler::altStackMem[sigStackSize] = {};
      |                                             ^~~~~~~~~~~~
[ 88%] Building CXX object CMakeFiles/pass-secrets.dir/impl/sessions/Plain.cpp.o
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp: In member function ‘predefined_random::result_type predefined_random::operator()()’:
/home/grisa/.cache/yay/pass-secrets-git/src/pass-secrets/nanoid_cpp/tests/unit_tests.cpp:36:9: warning: no return statement in function returning non-void [-Wreturn-type]
   36 |         }
      |         ^
make[2]: *** [nanoid_cpp/CMakeFiles/nanoid_tests.dir/build.make:76: nanoid_cpp/CMakeFiles/nanoid_tests.dir/tests/unit_tests.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:145: nanoid_cpp/CMakeFiles/nanoid_tests.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 94%] Linking CXX executable pass-secrets
[ 94%] Built target pass-secrets
make: *** [Makefile:136: all] Error 2

Coredump

When using fractal-git with pass-secrets on Arch, it coredumps quite reproducibly.

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f557a49f2d3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f557a44fa08 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f557a438538 in __GI_abort () at abort.c:79
#4  0x00007f557a69ca6f in __gnu_cxx::__verbose_terminate_handler () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/vterminate.cc:95
#5  0x00007f557a6b011c in __cxxabiv1::__terminate (handler=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48
#6  0x00007f557a6b0189 in std::terminate () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:58
#7  0x00007f557a6b03ed in __cxxabiv1::__cxa_throw (obj=<optimized out>, tinfo=0x55de57d817d0, dest=0x55de57d4eb00) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_throw.cc:98
#8  0x000055de57d41007 in ?? ()
#9  0x000055de57d4d7b2 in ?? ()
#10 0x000055de57d4ee9a in ?? ()
#11 0x00007f557aa693a6 in sdbus::internal::Object::sdbus_method_callback(sd_bus_message*, void*, sd_bus_error*) () from /usr/lib/libsdbus-c++.so.1
#12 0x00007f557a96fe2d in method_callbacks_run (found_object=0x7ffea0918848, require_fallback=false, c=0x55de59d71d40, m=0x55de59d80ce0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:406
#13 object_find_and_run (bus=0x55de59d6e410, m=0x55de59d80ce0, p=0x55de59d80948 "/org/freedesktop/secrets", require_fallback=false, found_object=0x7ffea0918848) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:1319
#14 0x00007f557a9862be in bus_process_object (m=<optimized out>, bus=<optimized out>) at ../systemd-stable/src/libsystemd/sd-bus/bus-objects.c:1439
#15 process_message (m=0x55de59d80ce0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:2976
#16 process_running (ret=0x0, bus=0x55de59d6e410) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:3018
#17 bus_process_internal (bus=<optimized out>, ret=0x0) at ../systemd-stable/src/libsystemd/sd-bus/sd-bus.c:3238
#18 0x00007f557aa5f876 in sdbus::internal::Connection::processPendingRequest() () from /usr/lib/libsdbus-c++.so.1
#19 0x000055de57d42487 in ?? ()
#20 0x00007f557a439850 in __libc_start_call_main (main=main@entry=0x55de57d41280, argc=argc@entry=1, argv=argv@entry=0x7ffea0918cb8) at ../sysdeps/nptl/libc_start_call_main.h:58
#21 0x00007f557a43990a in __libc_start_main_impl (main=0x55de57d41280, argc=1, argv=0x7ffea0918cb8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffea0918ca8) at ../csu/libc-start.c:360
#22 0x000055de57d42fd5 in ?? ()

Also provide instructions for FreeBSD

Thank you for this useful tool. The README seems to refer to systemd, which we don't use on FreeBSD:

% systemctl --user enable pass-secrets
zsh: command not found: systemctl

Please also provide instructions for FreeBSD.

Usage is not exactly clear:

% pass-secrets 
zsh: abort      pass-secrets

% pass-secrets -h
zsh: abort      pass-secrets -h

% pass-secrets --help
zsh: abort      pass-secrets --help

% sudo pass-secrets 
Password:
zsh: abort      sudo pass-secrets

Thanks!

Support for encrypted dbus communication

Thank you for implementing this nice alternative to the major keyrings. I came here since the new fractal alpha (from gnome) forces the use of a dbus secrets service. Unfortunately, I run into "Only plain is supported" from here

Are there plans to support more algorithms than just plain text? I'd really like to get around installing kwallet, gnome-keyring or similar :)

For reference, fractal seems to use this code path.

Storing pass secrets in password store and git

I see that there is some secret information stored as json files. I have several questions:

Should this be stored in the password store directory? Some of the extensions/apps that interface with password store think they are passwords which I think is incorrect. If they aren't passwords then maybe they should be stored elsewhere.
If they should be stored in the password store, should they be tracked in git? Currently I am not tracking them.

Daemon crashes when the pass store directory doesn't exist

I have my pass' store directory set up at ~/.local/share/pass and I set it up through PASSWORD_STORE_DIR environment variable, however the systemd unit didn't have the said variable, so it tried to read from ~/.password-store and the service has died. After adding a systemd unit override to include the environment variable everything started working fine.
I suggest that pass' store directory missing could handled gracefully instead of dumping core due to an exception.

journalctl logs

Jan 22 21:05:34 uds systemd[936]: Starting Pass SecretService...
Jan 22 21:05:34 uds systemd[936]: Started Pass SecretService.
Jan 22 21:05:34 uds pass-secrets[2133]: terminate called after throwing an instance of 'std::filesystem::__cxx11::filesystem_error'
Jan 22 21:05:34 uds pass-secrets[2133]:   what():  filesystem error: cannot create directory: No such file or directory [/home/zneix/.password-store/secretservice]
Jan 22 21:05:34 uds systemd-coredump[2139]: [🡕] Process 2133 (pass-secrets) of user 1000 dumped core.

                                            Module linux-vdso.so.1 with build-id f9fada32e91353254b262e357cb155d189cc0523
                                            Module libgpg-error.so.0 with build-id 3801187d42c4955bd93c605451430cdf1b164e63
                                            Module libgcrypt.so.20 with build-id db45f5d5e0f7af1e77324fea1885f974619ad268
                                            Module libcap.so.2 with build-id f56c6cd6ad4d35053340d7ff2f8f954498796739
                                            Module liblz4.so.1 with build-id e63600ab23b2f6997f42fac2fa56e1f02ce159a1
                                            Module libzstd.so.1 with build-id ea8f70c7c6816cee97c9890081a80259ca44d397
                                            Module liblzma.so.5 with build-id 8b615460aa230708c5183f16bede67aa0437d95e
                                            Module librt.so.1 with build-id 75484da2d6f1515189eefa076e0a40328834cd16
                                            Module ld-linux-x86-64.so.2 with build-id 040cc3dd10461562f177df39e3be2f3704258c3c
                                            Module libm.so.6 with build-id 2b8fd1f869ecab4e0b55e92f2f151897f6818acf
                                            Module libsystemd.so.0 with build-id 6a2a26aa5fff87c1eb61137339bc55a53956c9ac
                                            Module libc.so.6 with build-id 4b406737057708c0e4c642345a703c47a61c73dc
                                            Module libpthread.so.0 with build-id 07c8f95b4f3251d08550217ad8a1f31066229996
                                            Module libgcc_s.so.1 with build-id 7f8508bb914546ada778809b64b99d234337d835
                                            Module libstdc++.so.6 with build-id 9b5eeeb149bf3c4efe787fb398b44f00507aec87
                                            Module libsdbus-c++.so.1 with build-id 3b1e7345adc1d1bf90efd0a7789e2259b81b6e2a
                                            Module pass-secrets with build-id 7a3e759d73d8fbe5524afd43868c332ebbc8ba68
                                            Stack trace of thread 2133:
                                            #0  0x00007f8d52e1fd22 raise (libc.so.6 + 0x3cd22)
                                            #1  0x00007f8d52e09862 abort (libc.so.6 + 0x26862)
                                            #2  0x00007f8d53084802 _ZN9__gnu_cxx27__verbose_terminate_handlerEv (libstdc++.so.6 + 0x99802)
                                            #3  0x00007f8d53090c8a _ZN10__cxxabiv111__terminateEPFvvE (libstdc++.so.6 + 0xa5c8a)
                                            #4  0x00007f8d53090cf7 _ZSt9terminatev (libstdc++.so.6 + 0xa5cf7)
                                            #5  0x00007f8d53090f8e __cxa_throw (libstdc++.so.6 + 0xa5f8e)
                                            #6  0x00007f8d530890a1 _ZNSt10filesystem16create_directoryERKNS_7__cxx114pathE (libstdc++.so.6 + 0x9e0a1)
                                            #7  0x000055cfb625e998 n/a (pass-secrets + 0x22998)
                                            #8  0x000055cfb624cf18 n/a (pass-secrets + 0x10f18)
                                            #9  0x000055cfb624acff n/a (pass-secrets + 0xecff)
                                            #10 0x00007f8d52e0ab25 __libc_start_main (libc.so.6 + 0x27b25)
                                            #11 0x000055cfb624b25e n/a (pass-secrets + 0xf25e)
                                            ELF object binary architecture: AMD x86-64
Jan 22 21:05:34 uds systemd[936]: pass-secrets.service: Main process exited, code=dumped, status=6/ABRT
Jan 22 21:05:34 uds systemd[936]: pass-secrets.service: Failed with result 'core-dump'.
Jan 22 21:15:00 uds systemd[936]: Starting Pass SecretService...
Jan 22 21:15:00 uds systemd[936]: Started Pass SecretService.

Cannot find libsdbus-c++.so.1

Since a couple of weeks, pass-secrets stopped working because it cannot find libsdbus-c++.so.1.

I can however confirm that it is present on my system (installed from source) :

I tried rebuilding after updating the master branch to commit 9bf333c, without success.
What could be the cause of this?

Thank you very much.