strip .gpg suffix from browser-provided password path

process keys of any file extension -- not just .gpg
add a flake.nix for nix development
2022-10-26 06:44:29 -07:00 · 2022-10-26 05:13:52 -07:00 · 2022-10-26 05:03:28 -07:00
4 changed files with 112 additions and 13 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,42 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1666610816,
+        "narHash": "sha256-q4F2VNe5bpxXOvp16DyLwE1SgNZMbNO29ZQJPIomedg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6107f97012a0c134c5848125b5aa1b149b76d2c9",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.05",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,68 @@
+{
+  description = "TODO";
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-22.05";
+    flake-utils.url = github:numtide/flake-utils;
+  };
+
+  outputs = { self, nixpkgs, flake-utils  }:
+  with flake-utils.lib; eachSystem allSystems (system:
+    let
+      pkgs = import nixpkgs { inherit system; };
+      lib = pkgs.lib;
+      nativeBuildInputs = with pkgs; [ makeWrapper ];
+    in rec {
+      packages = {
+        browserpass = pkgs.buildGoModule rec {
+          # this is mostly excerpted from <nixpkgs/pkgs/tools/security/browserpass/default.nix>
+          pname = "browserpass";
+          version = "3.0.10-next-20221026";
+
+          src = ./.;
+
+          inherit nativeBuildInputs;
+
+          vendorSha256 = "gWXcYyIp86b/Pn6vj7qBj/VZS9rTr4weVw0YWmg+36c=";
+
+          doCheck = false;
+          postPatch = ''
+            # Because this Makefile will be installed to be used by the user, patch
+            # variables to be valid by default
+            substituteInPlace Makefile \
+              --replace "PREFIX ?= /usr" ""
+            sed -i -e 's/SED =.*/SED = sed/' Makefile
+            sed -i -e 's/INSTALL =.*/INSTALL = install/' Makefile
+          '';
+
+          DESTDIR = placeholder "out";
+
+          postConfigure = ''
+            make configure
+          '';
+
+          buildPhase = ''
+            make
+          '';
+
+          installPhase = ''
+            make install
+
+            wrapProgram $out/bin/browserpass \
+              --suffix PATH : ${lib.makeBinPath [ pkgs.gnupg ]}
+
+            # This path is used by our firefox wrapper for finding native messaging hosts
+            mkdir -p $out/lib/mozilla/native-messaging-hosts
+            ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts
+          '';
+        };
+      };
+      defaultPackage = packages.browserpass;
+
+      devShells.default = with pkgs; mkShell {
+        buildInputs = nativeBuildInputs ++ [ go ];
+      };
+    }
+  );
+}
+
+
--- a/request/fetch.go
+++ b/request/fetch.go
@@ -16,18 +16,6 @@ import (
 func fetchDecryptedContents(request *request) {
 	responseData := response.MakeFetchResponse()

-	if !strings.HasSuffix(request.File, ".gpg") {
-		log.Errorf("The requested password file '%v' does not have the expected '.gpg' extension", request.File)
-		response.SendErrorAndExit(
-			errors.CodeInvalidPasswordFileExtension,
-			&map[errors.Field]string{
-				errors.FieldMessage: "The requested password file does not have the expected '.gpg' extension",
-				errors.FieldAction:  "fetch",
-				errors.FieldFile:    request.File,
-			},
-		)
-	}
-
 	store, ok := request.Settings.Stores[request.StoreID]
 	if !ok {
 		log.Errorf(
@@ -147,6 +135,7 @@ func validateGpgBinary(gpgPath string) error {
 }

 func decryptFile(store *store, file string, gpgPath string) (string, error) {
+	file = strings.TrimSuffix(file, ".gpg");  // browserpass-extension forcibly adds the .gpg extension
 	passwordFilePath := filepath.Join(store.Path, file)
 	passwordFile, err := os.Open(passwordFilePath)
 	if err != nil {
--- a/request/list.go
+++ b/request/list.go
@@ -36,7 +36,7 @@ func listFiles(request *request) {

 		store.Path = normalizedStorePath

-		files, err := zglob.GlobFollowSymlinks(filepath.Join(store.Path, "/**/*.gpg"))
+		files, err := zglob.GlobFollowSymlinks(filepath.Join(store.Path, "/**/*"))
 		if err != nil {
 			log.Errorf(
 				"Unable to list the files in the password store '%+v' at its location: %+v",
Author	SHA1	Message	Date
colin	8de7959fa5	strip `.gpg` suffix from browser-provided password path	2022-10-26 06:44:29 -07:00
colin	85bdb08379	process keys of any file extension -- not just `.gpg`	2022-10-26 05:13:52 -07:00
colin	99185164fb	add a `flake.nix` for nix development use it for interactive development: ``` $ nix develop $ make ``` or for non-interactive builds: ``` $ nix build $ ./result/bin/browserpass listen ```	2022-10-26 05:03:28 -07:00