Giters

browserpass / browserpass-legacy

Legacy Browserpass repo, development is now happening at:

Home Page:https://github.com/browserpass/browserpass-extension

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

XDG Basedir compliance breaks browserpass

mcnesium opened this issue · comments

commented

I just editet my Manjaro Linux profile to have it more XDG Basedir compliant. According to this cheat sheet I added this to my .bashrc:

export PASSWORD_STORE_DIR="$XDG_DATA_HOME"/pass
export GNUPGHOME="$XDG_CONFIG_HOME"/gnupg

On the command line, using gpg works as expected, and so does pass. The browser extension does not, though. I did add ~/.local/share/password-store/ to the "custom store locations" setting, but there is no setting for the GnuPG keyring directory. This I assume is why browserpass can now certainly find passwords according to the current site, but when trying to select it, it fails with

Error: exit status 2 gpg: decryption failed: No secret key

To double-check I added a symlink to the actual gnupg directory in my homedir ln -s ~/.config/gnupg ~/.gnupg and this makes browserpass work as expected again. This symlink is kind of a hack though, and ridicules the XDG basedir spec, since with the symlink in the home directory it is not actually any cleaner.

So I am arguing that browserpass should respect $GNUPGHOME. I am not sure, whether .bashrc or .bash_profile or .profile would be the correct place, but as an alternative, the path could be set in a config file for browserpass in $XDG_CONFIG_HOME/browserpass/ as it has been proposed in #197 already.

What do you think?

commented

This should not be something browserpass needs to care about. Provided we are passing the correct environment variables though to gpg (@maximbaz are we?) then gpg should just pick this up.

.bashrc probably isn't the right place to define it though - it's the bash config file, and won't apply to much that gets launched without involving a shell. The correct place is anywhere that results in it being part of your session - most likely the profile file.

commented

@erayd is right, this isn't really related to browserpass. In order for any UI app (e.g. browser) to recognize your env variables, they have to be defined in a config that is being sourced before your session starts. For example, I put such env variables in /etc/profile.d/zz_custom.sh file