3 files changed, 64 insertions, 0 deletions
diff --git a/overlays/pass/default.nix b/overlays/pass/default.nix
new file mode 100644
index 0000000..df42cf1
--- /dev/null
+++ b/overlays/pass/default.nix
@@ -0,0 +1,8 @@
+self: super: {
+  pass = (super.pass.withExtensions (exts: [ exts.pass-otp ])).overrideAttrs (old:
+    self.mylibs.fetchedGit ./pass.json // {
+      patches = old.patches ++ [ ./pass-fix-pass-init.patch ];
+    }
+  );
+}
diff --git a/overlays/pass/pass-fix-pass-init.patch b/overlays/pass/pass-fix-pass-init.patch
new file mode 100644
index 0000000..10a76c1
--- /dev/null
+++ b/overlays/pass/pass-fix-pass-init.patch
@@ -0,0 +1,42 @@
+From 33e8f1cd0065639a948d7b5ba3f93d43bdf7f3be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
+Date: Sun, 11 Nov 2018 19:47:33 +0100
+Subject: [PATCH] Fix pass init for some gpg keys
+This fixes the pass init for gpg keys which have their main key as
+encryption key. This may happen for instance with RSA keys and specific
+configuration.
+---
+ src/password-store.sh       | 2 +-
+ tests/t0300-reencryption.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/password-store.sh b/src/password-store.sh
+index d89d455..44d122e 100755
+--- a/src/password-store.sh
+++ b/src/password-store.sh
+@@ -124,7 +124,7 @@ reencrypt_path() {
+                                IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
+                                unset "GPG_RECIPIENTS[$index]"
+                        done
+-                       gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+                       gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^[ps]ub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+                fi
+                current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -n 's/^gpg: public key is \([A-F0-9]\+\)$/\1/p' | LC_ALL=C sort -u)"
+ 
+diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
+index 3c88987..57d873f 100755
+--- a/tests/t0300-reencryption.sh
+++ b/tests/t0300-reencryption.sh
+@@ -7,7 +7,7 @@ cd "$(dirname "$0")"
+ INITIAL_PASSWORD="will this password live? a big question indeed..."
+ 
+ canonicalize_gpg_keys() {
+-       $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
+       $GPG --list-keys --with-colons "$@" | sed -n 's/[ps]ub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
+ }
+ gpg_keys_from_encrypted_file() {
+        $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u
+-- 
+2.19.1
diff --git a/overlays/pass/pass.json b/overlays/pass/pass.json
new file mode 100644
index 0000000..a4638c1
--- /dev/null
+++ b/overlays/pass/pass.json
@@ -0,0 +1,14 @@
+{
+  "tag": "d29a389-master",
+  "meta": {
+    "name": "password-store",
+    "url": "https://git.zx2c4.com/password-store/",
+    "branch": "master"
+  },
+  "git": {
+    "url": "https://git.zx2c4.com/password-store/",
+    "rev": "d29a389a40524c684595f51bb937f66958bc14ea",
+    "sha256": "17g43i0if9nggcq6005iyxxy9my8s15ihc2nzwjgqzhy3svh5xvn",
+    "fetchSubmodules": true
+  }
+}

diff --git a/overlays/pass/default.nix b/overlays/pass/default.nix new file mode 100644 index 0000000..df42cf1 --- /dev/null +++ b/overlays/pass/default.nix
@@ -0,0 +1,8 @@
	1	self: super: {
	2	pass = (super.pass.withExtensions (exts: [ exts.pass-otp ])).overrideAttrs (old:
	3	self.mylibs.fetchedGit ./pass.json // {
	4	patches = old.patches ++ [ ./pass-fix-pass-init.patch ];
	5	}
	6	);
	7
	8	}


diff --git a/overlays/pass/pass-fix-pass-init.patch b/overlays/pass/pass-fix-pass-init.patch new file mode 100644 index 0000000..10a76c1 --- /dev/null +++ b/overlays/pass/pass-fix-pass-init.patch
@@ -0,0 +1,42 @@
	1	From 33e8f1cd0065639a948d7b5ba3f93d43bdf7f3be Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
	3	Date: Sun, 11 Nov 2018 19:47:33 +0100
	4	Subject: [PATCH] Fix pass init for some gpg keys
	5
	6	This fixes the pass init for gpg keys which have their main key as
	7	encryption key. This may happen for instance with RSA keys and specific
	8	configuration.
	9	---
	10	src/password-store.sh \| 2 +-
	11	tests/t0300-reencryption.sh \| 2 +-
	12	2 files changed, 2 insertions(+), 2 deletions(-)
	13
	14	diff --git a/src/password-store.sh b/src/password-store.sh
	15	index d89d455..44d122e 100755
	16	--- a/src/password-store.sh
	17	+++ b/src/password-store.sh
	18	@@ -124,7 +124,7 @@ reencrypt_path() {
	19	IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
	20	unset "GPG_RECIPIENTS[$index]"
	21	done
	22	- gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" \| sed -n 's/^sub:[^:]:[^:]:[^:]:\([^:]\):[^:]:[^:]:[^:]:[^:]:[^:]:[^:]:[a-zA-Z]e[a-zA-Z]:.*/\1/p' \| LC_ALL=C sort -u)"
	23	+ gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" \| sed -n 's/^[ps]ub:[^:]:[^:]:[^:]:\([^:]\):[^:]:[^:]:[^:]:[^:]:[^:]:[^:]:[a-zA-Z]e[a-zA-Z]:.*/\1/p' \| LC_ALL=C sort -u)"
	24	fi
	25	current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 \| sed -n 's/^gpg: public key is \([A-F0-9]\+\)$/\1/p' \| LC_ALL=C sort -u)"
	26
	27	diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
	28	index 3c88987..57d873f 100755
	29	--- a/tests/t0300-reencryption.sh
	30	+++ b/tests/t0300-reencryption.sh
	31	@@ -7,7 +7,7 @@ cd "$(dirname "$0")"
	32	INITIAL_PASSWORD="will this password live? a big question indeed..."
	33
	34	canonicalize_gpg_keys() {
	35	- $GPG --list-keys --with-colons "$@" \| sed -n 's/sub:[^:]:[^:]:[^:]:\([^:]\):[^:]:[^:]:[^:]:[^:]:[^:]:[^:]:[a-zA-Z]e[a-zA-Z]:.*/\1/p' \| LC_ALL=C sort -u
	36	+ $GPG --list-keys --with-colons "$@" \| sed -n 's/[ps]ub:[^:]:[^:]:[^:]:\([^:]\):[^:]:[^:]:[^:]:[^:]:[^:]:[^:]:[a-zA-Z]e[a-zA-Z]:.*/\1/p' \| LC_ALL=C sort -u
	37	}
	38	gpg_keys_from_encrypted_file() {
	39	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 \| grep "public key is" \| cut -d ' ' -f 5 \| LC_ALL=C sort -u
	40	--
	41	2.19.1
	42


diff --git a/overlays/pass/pass.json b/overlays/pass/pass.json new file mode 100644 index 0000000..a4638c1 --- /dev/null +++ b/overlays/pass/pass.json
@@ -0,0 +1,14 @@
	1	{
	2	"tag": "d29a389-master",
	3	"meta": {
	4	"name": "password-store",
	5	"url": "https://git.zx2c4.com/password-store/",
	6	"branch": "master"
	7	},
	8	"git": {
	9	"url": "https://git.zx2c4.com/password-store/",
	10	"rev": "d29a389a40524c684595f51bb937f66958bc14ea",
	11	"sha256": "17g43i0if9nggcq6005iyxxy9my8s15ihc2nzwjgqzhy3svh5xvn",
	12	"fetchSubmodules": true
	13	}
	14	}