[jay.scot]
[016]


--[ Messing with pkg_info and ditching password-store


This week has been a tinkering one where I haven't been doing anything
very productive. It has been so long since I properly used C, so I am
working my way through a book on C programming as a refresher. I was
recommended a game, Tales of Maj'Eyal [0], on IRC [1] and I have been
hooked on that most of the day! As a sidenote, I am pleasantly surprised
with the games available on OpenBSD so far.


I did notice at the beginning of the week that bash somehow ended up
installed on my system, since I use ksh and never installed it directly
it must be a package dependency. I managed to track it down to the
password-store [2] utility.


       $ pkg_info -R bash


Looking at the package dependencies it also requires a few other
packages I never use.


       $ pkg_info -f password-store | grep @depend

       @depend converters/base64:base64-*:base64-1.5p0
       @depend devel/git,-main:git-*:git-2.37.3
       @depend graphics/libqrencode:libqrencode-*:libqrencode-4.1.1
       @depend misc/gnugetopt:gnugetopt-*:gnugetopt-1.1.6p2
       @depend security/gnupg:gnupg->=2.2.23p1:gnupg-2.2.39
       @depend shells/bash:bash-*:bash-5.1.16
       @depend sysutils/colortree:colortree-*:colortree-1.8.0
       @depend x11/xclip:xclip-*:xclip-0.13p1


While I use some of these, all the extras have an estimated file size of
just over 100MB in total. This seems a bit excessive for my usecase and
is something that I basically use as front end to GPG.


       $ pkg_info -s password-store bash libqrencode colortree gnugetopt


I use pass in a few applications such as fdm and senpai, the rest of the
time it's just for website logins, so I really don't need all the
features that pass provides. I just wrote a script that uses my current
pass folder of GPG encrypted files to send these to dmenu. For the
applications, I just added a flag that outputs the pass to stdout
instead.


       #!/bin/sh
       # pass.sh

       if [ "$1" = '-c' ]; then
               [ -f "$2" ] && gpg -q --decrypt "$2" | head -n1 | tr -d '\n'
               exit 0
       fi

       password=$(find "${PASSWORD_STORE_DIR}" -type f -name '*.gpg' |
               sed 's/.*\/\(.*\)\.gpg$/\1/' | dmenu -i -p "Pass:")

       [ -n "$password" ] &&
               gpg -q --decrypt "${PASSWORD_STORE_DIR}/$password.gpg" |
               head -n1 | tr -d '\n' | xclip


In DWM I just added a keybind for the pass.sh script and for
applications I just pass in the -c flag, so for fdm I just do this:


       $imap_pass = $(pass.sh -c ~/.pass/myimappass.gpg)


100MB of packages replaced by a few lines of shell script, nice! If
I ever need to update the passwords or generate a new one I can just use
GPG like normal.


       $ openssl rand -base64 32 | gpg -e -o ~/.pass/mynewpass.gpg


0. https://te4.org/
1. irc.libera.chat #openbsd_gaming
2. https://www.passwordstore.org/


EOF

You are viewing proxied material from ams.jay.scot. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.