[jay.scot]
[016]


--[ Messing with pkg_info and ditching password-store


This week has been a tinkering one where I haven't been doing anything
very productive. It has been so long since I properly used C, so I am
working my way through a book on C programming as a refresher. I was
recommended a game, Tales of Maj'Eyal [0], on IRC [1] and I have been
hooked on that most of the day! As a sidenote, I am pleasantly surprised
with the games available on OpenBSD so far.


I did notice at the beginning of the week that bash somehow ended up
installed on my system, since I use ksh and never installed it directly
it must be a package dependency. I managed to track it down to the
password-store [2] utility.


	$ pkg_info -R bash


Looking at the package dependencies it also requires a few other
packages I never use.


	$ pkg_info -f password-store | grep @depend

	@depend converters/base64:base64-*:base64-1.5p0
	@depend devel/git,-main:git-*:git-2.37.3
	@depend graphics/libqrencode:libqrencode-*:libqrencode-4.1.1
	@depend misc/gnugetopt:gnugetopt-*:gnugetopt-1.1.6p2
	@depend security/gnupg:gnupg->=2.2.23p1:gnupg-2.2.39
	@depend shells/bash:bash-*:bash-5.1.16
	@depend sysutils/colortree:colortree-*:colortree-1.8.0
	@depend x11/xclip:xclip-*:xclip-0.13p1


While I use some of these, all the extras have an estimated file size of
just over 100MB in total. This seems a bit excessive for my usecase and
is something that I basically use as front end to GPG.


	$ pkg_info -s password-store bash libqrencode colortree gnugetopt


I use pass in a few applications such as fdm and senpai, the rest of the
time it's just for website logins, so I really don't need all the
features that pass provides. I just wrote a script that uses my current
pass folder of GPG encrypted files to send these to dmenu. For the
applications, I just added a flag that outputs the pass to stdout
instead.


	#!/bin/sh
	# pass.sh

	if [ "$1" = '-c' ]; then
		[ -f "$2" ] && gpg -q --decrypt "$2" | head -n1 | tr -d '\n'
		exit 0
	fi

	password=$(find "${PASSWORD_STORE_DIR}" -type f -name '*.gpg' |
		sed 's/.*\/\(.*\)\.gpg$/\1/' | dmenu -i -p "Pass:")

	[ -n "$password" ] &&
		gpg -q --decrypt "${PASSWORD_STORE_DIR}/$password.gpg" |
		head -n1 | tr -d '\n' | xclip


In DWM I just added a keybind for the pass.sh script and for
applications I just pass in the -c flag, so for fdm I just do this:


	$imap_pass = $(pass.sh -c ~/.pass/myimappass.gpg)


100MB of packages replaced by a few lines of shell script, nice! If
I ever need to update the passwords or generate a new one I can just use
GPG like normal.


	$ openssl rand -base64 32 | gpg -e -o ~/.pass/mynewpass.gpg


0. https://te4.org/
1. irc.libera.chat #openbsd_gaming
2. https://www.passwordstore.org/


.EOF