I am using `pass` to manage my passwords, and I also use the `[passmenu](https://git.zx2c4.com/password-store/tree/contrib/dmenu/passmenu)`, a script that uses `dmenu` to select which password you want to copy to the clipboard. Now on my Linux machine running `Gnome`, upon selecting a password from the `passmenu` a full screen authentication overlay (Pinentry?) appears asking for the master password. _Please correct me if this is not pinentry_ It looks like this: [url=https://i.postimg.cc/sg9XKpB1/Screenshot-from-2020-09-23-22-40-33.png][img]https://i.postimg.cc/sg9XKpB1/Screenshot-from-2020-09-23-22-40-33.png[/img][/url] On my NetBSD machine however, using only a stand alone WM, I am unable to authenticate `pass` when launched from `passmenu` as no `pinentry` is triggered. When launched from within a terminal however with `pass -c github.com` for example, you get this: [url=https://i.postimg.cc/Lsq2ZLMJ/09-23-2020-21-46.png][img]https://i.postimg.cc/Lsq2ZLMJ/09-23-2020-21-46.png[/img][/url] Essentially `passmenu` is useless if I cant authenticate it. Therefore my question is, would it be possible to use `passmenu` to spawn this `pinentry` program/event in an `xterm` ?

`gnome-keyring` and `systemd` _black-magic_ ;) **EDIT:** If you really want this... ``` $ pkgin search gnome | grep keyring gnome-keyring-2.32.1nb30 GNOME password and secret manager gnome-keyring-manager-2.20.0nb49 GNOME password and secret manager libgnome-keyring-3.12.0nb1 GNOME password and secret manager ``` Also, you'll need `polkit` running. ``` $ doas pkgin install gnome-keyring gnome-keyring-manager Password: calculating dependencies...done. 30 packages to install: gnome-keyring-2.32.1nb30 gnome-keyring-manager-2.20.0nb49 gtk2+-2.24.32nb16 rarian-0.8.1nb5 libgnomeui-2.24.5nb51 libglade-2.6.4nb35 GConf-3.2.3nb6 python27-2.7.18nb3 py27-expat-2.7.18 dbus-glib-0.110nb1 ORBit2-2.14.19nb5 popt-1.18 libgnomecanvas-2.30.3nb29 libgnome-keyring-3.12.0nb1 libgnome-2.32.1nb40 libbonoboui-2.24.5nb2 gnome-vfs-2.24.4nb44 getopt-1.1.6 bash-5.0.18 hal-0.5.14nb24 libcanberra-0.30nb4 libbonobo-2.32.1nb2 libart-2.3.21 libIDL-0.8.14nb5 libltdl-2.4.6 usbids-20200622 policykit-0.9nb25 pciids-20200222 libvolume_id-0.81.1nb1 hal-info-20091130nb8 0 to refresh, 0 to upgrade, 30 to install 29M to download, 206M to install proceed ? [Y/n] n ```

> @"pin"#p4426 black-magic Nay, Sir @"pin"#2, it be _deep_ black magic this. Verily I could not have perform'd this feat (or maybe, it would have taken me _many_ a day to accomplish)--but you have solved it in an instant!

@"pin"#p4426 Well, no, I dont want gnome-keyring installed... 😅 What I want, is to trigger the existing authentication program _(whatever its called)_ used when running `pass -c` in a terminal. Although I am not clever enough to figure out how, I would imagine that with some scripting knowledge this should be possible?

@"pfr"#p4431 You can use a keybinding in your spectrwm.conf to spawn an xterm instance and execute the command ;) What about something like `xterm -e "command_to_execute"`

@"pin"#p4433 Yes, but that would only be useful for individual passwords.. That's why I want it to work with `passmenu`. I have more passwords than I could remember the bindings for 😅

@"pfr"#p4435 But how do you launch `passmenu`?

@"pfr"#61 Maybe I was wrong... https://wiki.archlinux.org/index.php/Pass https://pkgsrc.se/search.php?stype=folder&sbranch=CURRENT&so=pinentry https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords Now I see what you're looking for, ...I guess.

If `pass` needs a terminal to take input from, just modify `passmenu.sh` to run `pass` via `xterm -e program`, like @"pin"#2 suggested.

Opening pinentry in xterm from passmenu(dmenu)

pfr

rvp
Yes, without defining FLOAT based on WM_CLASS all windows will be tiled and and -geometry settings get ignored.

I've set these settings in my .Xresources

! Passmenu Pinentry
Pinentry*faceName: xft:Pragmata:pixelsize=10
Pinentry*internalBorder: 7
Pinentry*geometry: 78x15

As well as setting quirk[Pinentry:xterm] = FLOAT + FOCUSPREV in my .spectrwm.conf. So I just have to give xterm a class flag eg xterm -class Pinentry and it'll be centred, floating and now with the geometry and font set in .Xresources

While this works and gives me the UI behavior I want, it still doesn't actually copy my passwords to the clipboard. I've re-read your comment above @rvp and although I am starting to understand why it isn't working I still cant decide if It's possible or if I should give up on this.

rvp

pfr it still doesn't actually copy my passwords to the clipboard.

Probably some minor syntax issue somewhere. Post your WM's config file (relevant bits only) and passmenu.sh as they are now.

pin Geometries are ignored, that's part of the features of tiling WM's.

Makes sense--ignore geometries and choose some strategy (with multiple selectable variations) to arrange how windows are tiled; provide an escape hatch using a FLOAT. If I were writing a tiling WM, I would do the same.

rvp Just to follow-up on what @pfr just said.
One image, ...you know 😉

Geometries are ignored, that's part of the features of tiling WM's.
You might consider this wrong but, it was one of the reasons I started using tiling WM's some years ago

pfr

OT...

program[feh]		= feh -g 700x393 --scale-down
quirk[feh:feh]		= FLOAT

As it turns out, the geometry is not set using quirks and this setting is actually useless... launching feh someimage.png will FLOAT but will not adhere to any of the other arguments.
I have had to set up aliases in my .shrc eg. alias view="feh -g 700x393 --scale-down" instead.

rvp Probably some minor syntax issue somewhere. Post your WM's config file (relevant bits only) and passmenu.sh as they are now.

Ok will do later tonight. Thanks.

pfr

rvp post your WM's config file (relevant bits only) and passmenu.sh as they are now.

The only relevant lines from my ~/.spectrwm.conf

program[passmenu]       = ~/.config/spectrwm/./passmenu.sh $dmenu_bottom -fn $bar_font -nb $bar_color -nf $bar_font_color -sb $bar_color_selected -sf $bar_font_color_selected
bind[passmenu]          = MOD+Shift+p
...
quirk[Pinentry:xterm]   = FLOAT + FOCUSPREV

The pass menu script:

#!/usr/bin/env bash
 
shopt -s nullglob globstar
 
typeit=0
if [[ $1 == "--type" ]]; then
        typeit=1
        shift
fi

prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@")

[[ -n $password ]] || exit

if [[ $typeit -eq 0 ]]; then
        xterm -class Pinentry -e pass show -c "$password" 2>/dev/null
else
        pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
                xdotool type --clearmodifiers --file -
fi

And of course in my ~/.Xresources

! Passmenu Pinentry
Pinentry*faceName: xft:Pragmata:pixelsize=10
Pinentry*internalBorder: 7
Pinentry*geometry: 78x15

pfr As it turns out, the geometry is not set using quirks and this setting is actually useless

Your config 😉
When I was using spectrwm, I'd assign a quirk simply to make the window floating.
Then I'd assign the geometry by appending it to the command in the binding.

So yes, what you wrote makes sense.

rvp

pfr

program[passmenu]       = ~/.config/spectrwm/./passmenu.sh $dmenu_bottom -fn $bar_font -nb $bar_color -nf $bar_font_color -sb $bar_color_selected -sf $bar_font_color_selected

Use this instead and roll back to the original passmenu.sh in post #8:

program[passmenu]       = xterm -class Pinentry -e $HOME/.config/spectrwm/passmenu.sh $dmenu_bottom -fn $bar_font -nb $bar_color -nf $bar_font_color -sb $bar_color_selected -sf $bar_font_color_selected

Thought, I don't understand who the trailing options are for. Some of them seem like they're for xterm, some not, and some don't make sense for it.

They way I've written it now, all options apart from -e are passed to passmenu.sh (which doesn't use them--or, are they being consumed by dmenu?) as done before.

pfr

rvp
Yeah, all the trailing options are just style options for dmenu which is necessary if I want the same fonts etc for passmenu

Adding xterm -class Pinentry -e to the beginning of the program[passmenu] line wont work (actually, it doesn't work) as it begins the sequence with an xterm rather than beginning with passmenu.sh piped through dmenu.

I need to first select which password I'd like to copy to my clipboard from dmenu, then, and only if necessary, open pinentry-curses for my passphrase. I say only if necessary because once I have entered my passphrase, it holds onto it (persists) for a minute or so, meaning I dont need to enter it each time I want to copy a password.
That's why I've been trying to edit the passmenu script, because this works on my Linux machine with Gnome using gnome-keyring.

If I could figure out at which point gnome-keyring is called, and by which program, then perhaps I could set it to call pinentry-cureses and specify xterm -class Pinentry -e [pinentry-curses].... etc..

So where in the chain does pinentry get triggered? gpg-agent perhaps?

rvp

pfr Adding xterm -class Pinentry -e to the beginning of the program[passmenu] line wont work (actually, it doesn't work) as it begins the sequence with an xterm rather than beginning with passmenu.sh piped through dmenu.

I'm afraid you've lost me. This should've worked as follows:

MOD + Shift + p triggers xterm -e.
xterm runs passmenu.sh inside a pseudo-tty--which is what's needed for pass to work.
passmenu.sh gathers a list of .gpg files--which are site labels--belonging to pass and echoes them to dmenu.
dmenu creates a menu from input read from stdin.
You choose which site's password you want to extract.
Site name is passed to pass which runs inside xterm.
pass contacts gpg-agent to retrieve password (PIN) for decryption of chosen site.
gpg-agent runs pinentry-curses to ask PIN for decryption. (All of this is running inside the xterm we've launched.)
pinentry-curses creates a dialog box, reads PIN, hands back PIN to gpg-agent; which in turn sends it on to pass.
pass uses PIN to decrypt site file which holds password; reads this password and either :
a) copies this to the clipboard -- the -c option, or,
b) writes password to xdotool, which simulates a user typing the password into some input box.

Which step is failing here?

If you want passmenu.sh to be run directly on MOD + Shift + p instead of via xterm you can do it by splitting the original passmenu.sh file into 2 pieces. Otherwise, the shell quoting needed to run pass inside xterm becomes a little hairy.

This is piece one, passmenu.sh. Make it executable and call this without xterm -e:

#!/usr/bin/env bash

shopt -s nullglob globstar

typeit=0
if [[ $1 == "--type" ]]; then
	typeit=1
	shift
fi

prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@")

[[ -n $password ]] || exit

xterm -class Pinentry -e ~/bin/run-pass.sh "$typeit" "$password"

Piece two, run-pass.sh, gets called from passmenu.sh. Put this file in ~/bin; make it executable chmod 755 ~/bin/run-pass.sh:

#!/usr/bin/env bash

if [[ $# -ne 2 ]]
then	printf '%s: needs 2 arguments\n' $0 1>&2
	exit 1
fi

typeit=$1
password=$2

if [[ $typeit -eq 0 ]]; then
	pass show -c "$password" 2>/dev/null
else
	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
		xdotool type --clearmodifiers --file -
fi

This works slightly differently from what I've outlined above, but, you should be able to figure it out easily. See if this works.

pfr

rvp I'm afraid you've lost me.

No I haven't, you've got it.
I tried your 'split script' solution. This does launch passmenu but nothing pop's up after selecting a password and therefore nothing gets copied to the clipboard.

I'm curious why I need to put it in ~/bin rather than /usr/local/bin Anyway, I created the directory /home/$USER/bin/ anyway (I actually tried both dir's, neither worked)

rvp

pfr This does launch passmenu but nothing pop's up after selecting a password

Is the run-pass.sh script executable? chmod 755 ~/bin/run-pass.sh

Splitting makes stand-alone testing possible. Test run-pass.sh on its own:

xterm -class Pinentry -e ~/bin/run-pass.sh 0 DMENU_SITE_LABEL

The above should copy the password to clipboard. (Make sure, that xclip(1) is installed, as the pass man-page for the -c option says.)

xterm -class Pinentry -e ~/bin/run-pass.sh 1 DMENU_SITE_LABEL

This one, OTOH, will simulate key input using xdotool. Make sure this is installed too.

pfr I'm curious why I need to put it in ~/bin rather than /usr/local/bin

You can put it where you want.

pfr

rvp
Yes, run-pass.sh executable and yes, I have both xclip and xdotool installed. Also, I've moved the run-pass.sh script to /usr/local/bin/ which I prefer.

Running run-pass.sh on its own with xterm -class Pinentry -e /usr/local/bin/run-pass.sh 0 DMENU_SITE_LABEL briefly opens an xterm then exits immediately.
Running xterm -class Pinentry -e /usr/local/bin/run-pass.sh 1 DMENU_SITE_LABEL does the same. I'm unsure what is meant to be copied to the clipboard at this point without specifying a .gpg file

rvp

pfr briefly opens an xterm then exits immediately

Use this as a debug run-pass.sh:

#!/usr/bin/env bash

if [[ $# -ne 2 ]]
then	printf '%s: needs 2 arguments\n' $0 1>&2
read x
	exit 1
fi

typeit=$1
password=$2

if [[ $typeit -eq 0 ]]; then
echo "pass show"
	pass show -c "$password"
else
echo "pass type"
	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
		xdotool type --clearmodifiers --file -
fi
read x

It waits until enter is pressed.
What does this display?

Note: DMENU_SITE_LABEL should be the name of some .gpg file, minus the .gpg extension. (ie. Whatever dmenu shows.)

pfr

rvp
Ok, so getting a little closer.. The script above forces the xterm window (the one that opens with pinentry) to stay open and now show's the usual message 'Copied password to clipboard. will clear in 45 seconds'

While this window is open, my password is copied to xclip and I can paste it where needed. However, If I close this window, even before the 45 seconds is up, this somehow revokes it and clears the clipboard.

rvp

pfr However, If I close this window, even before the 45 seconds is up, this somehow revokes it and clears the clipboard.

That sounds like the correct behaviour. If you close the window, the program is terminated and it clears the clipboard before it dies.

If you want to be able to close the window, or, press ENTER and make the program disappear, and still retain the password for 45 secs, then that's a new feature, I think--one you'll have to request from the developer of pass. He'll have to add code to fork(2) a new background process to handle the clipboard clearing while the main instance exits on ENTER, or somesuch.

pfr The script above forces the xterm window (the one that opens with pinentry) to stay open and now show's the usual message 'Copied password to clipboard. will clear in 45 seconds'

Hmm. Are you saying that without the read x at the end, pass would've immediately exited? Doesn't it open an input box for the decryption PIN? I don't have pass installed, but, this behaviour doesn't make sense to me. I can understand it exiting (and the xterm window closing) after waiting for 45 seconds.

pfr

rvp If you want to be able to close the window, or, press ENTER and make the program disappear, and still retain the password for 45 secs, then that's a new feature, I think--one you'll have to request from the developer of pass. He'll have to add code to fork(2) a new background process to handle the clipboard clearing while the main instance exits on ENTER, or somesuch.

Ok, will see what I can do.

rvp Hmm. Are you saying that without the read x at the end, pass would've immediately exited? Doesn't it open an input box for the decryption PIN? I don't have pass installed, but, this behavior doesn't make sense to me. I can understand it exiting (and the xterm window closing) after waiting for 45 seconds.

Yes. Upon removing read x, on the first instance obviously, the pinentry window opens, but once you enter the passphrase the window closes, also clearing the clipboard. As opposed to having read x in the script, the window stays open until it is closed manually, and the password is kept on the clipboard for 45 seconds.

rvp

pfr Upon removing...the pinentry window opens, but once you enter the passphrase the window closes, also clearing the clipboard

Hm. This behaviour only makes sense if pass was doing something like what I outlined before; but, the clearing of the password doesn't make sense. I'll look into the source--when I get the time. For now, just keep the wndow around and press ENTER to close it.

BTW, since you're running under X, wouldn't it be easier to set ~/.gnupg/gpg-agent.conf to run pinentry-gtk and bypass all these minor irritations entirely?

rvp

pfr As opposed to having read x in the script, the window stays open until it is closed manually,

Just realized: since both the scripts run under bash, you can change the unconditional read, read x to a read with timeout: read -t 45 x. The window will then close when the clipboard clears.

rvp

pfr Upon removing read x, on the first instance obviously, the pinentry window opens, but once you enter the passphrase the window closes, also clearing the clipboard.

Update: patched patch!
Turns out pass is written in bash (I had assumed C) and it wasn't too hard to go through it and find the problem. There is a bug in pass with non-interactive shells.

Patch:

--- pass.orig	2020-07-17 13:45:22.000000000 +0000
+++ pass	2020-10-06 23:08:41.159955217 +0000
@@ -157,6 +157,12 @@
 	local sleep_argv0="password store sleep on display $DISPLAY"
 	pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
 	local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)"
+	# Explicitly ignore SIGHUP because "disown" only works in interactive shells.
+	# Otherwise, in non-interactive cases like "xterm -e passmenu" or "xterm -e pass",
+	# which is needed to supply a terminal for pinentry when the script is called from
+	# a GUI, bash will kill xclip when the script finishes ie. before $CLIP_TIME has
+	# elapsed.
+	trap '' HUP
 	echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard"
 	(
 		( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" )
@@ -173,7 +179,7 @@
 		qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null
 
 		echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION"
-	) >/dev/null 2>&1 & disown
+	) >/dev/null 2>&1 &
 	echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds."
 }

You can either use the original passmenu.sh or the 2-piece version (both called via xterm -e ... as before to supply a terminal). They both do the same thing, just their aesthetics differ (with the first you get a blank screen before pinentry when selecting items; with the other you don't). You won't need the read x pauses now.

OK...back to sleep. (Woke up for a whizz and this started nagging, so I had to sit down and do something about it.)

rvp since you're running under X, wouldn't it be easier to set ~/.gnupg/gpg-agent.conf to run pinentry-gtk and bypass all these minor irritations entirely?

🙂

pfr

rvp pin
Yes, this does make more sense. But as I'm sure @pin can appreciate, I am striving for a gtk free system (eventually).
But for now it may have to do.

« Previous Page Next Page »