comotion / cpm Goto Github PK

# ./configure --prefix=/usr --with-cracklib-dict=/usr/share/cracklib/pw_dict --with-cdk-dir=/usr
.....
checking for gettext in -lintl... no
: using CRACKLIB_DICTPATH=/usr/share/cracklib/pw_dict.
: CDK header found at /usr/include/cdk.h.
: Sorry, CPM is not compatible with the current verion of CDK.
: You must downgrade to a version older than cdk-4.9.11-20031210
: or newer than cdk-5.0.20090215.
: error: Incompatible libcdk version found.

Currently installed version: libcdk 5.0.20120323-1

I added my key twice to the keys to encrypt with. Doing this troughs and GPGme error - can not encrypt, too many keys or something....

On natty, compiled with ncurses or ncursesw cpm will display "Error opening terminal: $term" if there are no errors.

krav@krav:/cpm$ ulimit -l
5120
krav@krav:/cpm$ ./cpm
Error opening terminal: rxvt-256color.
krav@krav:/cpm$ ulimit -l 64
krav@krav:/cpm$ ./cpm
Running without root privileges: yes
Memory protection from core dumps: yes
Memory protection from swap writings: no
Max. memory lock ok: no (64 kB)
Memory protection from ptrace spying: yes
Validation of environment variables: yes
Cracklib dictionary (/var/cache/cracklib/cracklib_dict):yes

Maximum security level not reached. Are you sure you want to continue?
Press CTRL+C to stop now or ENTER to continue.
[interfaces then shows]

$ ncursesw5-config --version ; ncurses5-config --version
5.7.20101128
5.7.20101128

as seen in debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720891

$ cpm

Running without root privileges:                  yes
Memory protection from core dumps:                yes
Memory protection from swap writings:             no
Max. memory lock ok:                              no (4194304 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes
Cracklib dictionary (/var/cache/cracklib/cracklib_dict):yes

Maximum security level not reached. Your database will be less protected while CPM is running.
Are you sure you want to continue?

I've set the memlock limit very high, and still cpm complains. I don't have that many passwords:

$ ls -lh ~/.cpmdb
-rw-r--r-- 1 smlx smlx 11K Sep 11 12:32 .cpmdb

This is using the debian jessie packages:

$ cpm --version
cpm 0.31 (64 bit)
CDK version 5.0 (20060507).
GpgME version 1.4.3 (rcpt).
ncursesw version 5.9 (20140118).
XML2 version 2.9.1.
zlib version 1.2.8.
cracklib is enabled.
Written by Harry Brueckner <[email protected]> 2005-2009.
Maintained by Kacper Wysocki <[email protected]> 2010.

Any idea why cpm expects the memory lock limit to be so high?

Would it be possible to implement some kind of inactivity timeout, where cpm would exit after a configurable number of seconds? I keep forgetting to exit after copying passwords.

add a node -> changes service name
add a password-> changes node name.
weird, no?

debian bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720892

only god knows why

have to redraw scroll list after update of keys, yarr

can't depend on dictionary for build

cpm is unhappy with my kernel…

$ cpm
Failed to scan kernel release. (Success, 0)
Can't attach to parent!
[1] 23628 killed cpm
$ echo $?
137

$ uname -a
Linux turbotape 3.10-rc5-amd64 #1 SMP Debian 3.10rc5-1exp1 (2013-06-11) x86_64 GNU/Linux

$dpkg -l cpm
[...] cpm 0.28-1 [...]

On Debian based systems, looks like memlock must be set to something around 32768.

it's because there is an "unknown" ID in the default db file, which is set as creator in some circumstances? needs a fix

$ cpm
Can't attach to parent!
Killed
$ uname -a 
Linux koda 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/issue
Ubuntu 13.10 \n \l
$ dpkg -l | grep cpm
ii  cpm                                       0.28-1                                  amd64        Curses based password manager using PGP-encryption
$

Any idea why this happens?

happens when your created_by tag is empty, likely because gpg can't determine what user ident it should be using.

submitted by @petterreinholdtsen through issue #27:
"""
Why would skipping the warning be a bad idea?

https://bugs.debian.org/806404 is a bug report in Debian which seem to be related to this issue, and the problem I reported there was being unable to read passwords unless trusting the key use do sign the passwords. It seem strange to me that I have to trust the people giving me passwords. I can understand such trust relationship for those I plan to give a password, but I do not really expect me to trust everyone giving me a password.
"""

Hello,

maybe it would be better if there would be the possibility to copy the password to the X selection instead of displaying it on the screen (somebody else could read it). Also a warning befor showing the passwords could be helpful (of course you should able to disable the message in the config to prevent from annoying).

I know it's a password manager for the console, but this function would be desirable for your tool, it exists already in pwsafe.

Thanks a lot for cpm, it's a very nice password manager!

Greetings

ssia

One of the recommendations in the Revision control Wiki is to use gibberish for the gitlog messages when committing in cpmgit.

I propose to automate this giberish using a command similar to this in the 'else' part of the if-clause in the cpmgit script:

git commit -m "$(cat /dev/urandom| tr -dc '0-9a-zA-Z!@#$%^&*_+-'|head -c 8)"

urandom extraction courtsey LinuxQuestions.org

I am by no means an expert in handling '/dev/urandom'. Please feel free to tune the line to perform properly. Perhaps 'dd' is a better tool than 'cat', as 'dd' can easily read a limited number of bytes from '/dev/urandom', and hence perform better. Something like

git commit -m "$(dd if=/dev/urandom bs=100 count=1 | tr -cd '[:alnum:]' | head -c 8)"

should do the trick?

The bottom rectangle in the ncurses UI is positioned two lines too far down, effectively pushing the information regarding keyboard shortcuts outside of the viewable area. This happens independent of terminal size. (The same rectangle is also two characters to narrow.)

Screenshots here: http://users.linpro.no/kid/software/cpm/

This is with cpm_0.25~beta-2lucid1_amd64.deb on the matching distribution.

When compiling from source, I see the following:

$ ./configure --with-cracklib-dir=/var/cache/cracklib
[...]
checking for gpgme-config... /usr/bin/gpgme-config
: GpgME version 1.1+ found. Enabling automatic recipient detection.
[...]

$ make
[...]
memory.c: In function ‘memDebugAlloc’:
memory.c:47: warning: format ‘%5d’ expects type ‘int’, but argument 3 has type ‘size_t’
memory.c: In function ‘memDebugFree’:
memory.c:62: warning: format ‘%5d’ expects type ‘int’, but argument 3 has type ‘size_t’
memory.c: In function ‘memDebugFreeString’:
memory.c:80: warning: format ‘%5d’ expects type ‘int’, but argument 3 has type ‘size_t’
memory.c: In function ‘memRealAlloc’:
memory.c:122: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘size_t’
memory.c: In function ‘memRealRealloc’:
memory.c:204: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘size_t’
[...]

$ make check
[...]
xgettext -p ./po -o cpm.po --language=C --indent --width=80 --keyword=_ *.c
cd ./po;
mv cpm.po cpm.tmp;
sed -e 's/; charset=CHARSET/; charset=iso-8859-1/' cpm.tmp > cpm.po;
rm -f cpm.tmp
cd ./po;
msgmerge --no-fuzzy-matching de_DE.po cpm.po > de_DE_new.po
......................... done.
cd po;
tail --lines=+18 de_DE.po > current.txt;
tail --lines=+18 de_DE_new.po > new.txt;
diff -u current.txt new.txt
--- current.txt 2010-06-16 07:24:11.000000000 +0200
+++ new.txt 2010-06-16 07:24:11.000000000 +0200
@@ -49,37 +49,37 @@
"Bitte senden Sie einen Bericht �ber dieses Problem an Harry Brueckner "
"[email protected].\n"

-#: general.c:124
+#: general.c:120
#, c-format
msgid "error %d (%s) removing file '%s'."
msgstr "Fehler %d (%s) beim L�schen der Datei '%s'."

-#: general.c:128 general.c:171 general.c:188 xml.c:257 xml.c:388 xml.c:412
+#: general.c:124 general.c:167 general.c:184 xml.c:257 xml.c:388 xml.c:412
#: xml.c:522 xml.c:539
msgid "file error"
msgstr "Dateifehler"

-#: general.c:184 xml.c:535
+#: general.c:180 xml.c:535
#, c-format
msgid "error %d (%s) writing file '%s'."
msgstr "Fehler %d (%s) beim Schreiben der Datei '%s'."

-#: general.c:436
+#: general.c:432
#, c-format
msgid "error %d (%s) opening file '%s'."
msgstr "Fehler %d (%s) beim �ffnen von '%s'."

-#: general.c:449
+#: general.c:445
#, c-format
msgid "error %d (%s) seeking in file '%s'."
msgstr "Fehler %d (%s) beim Positionieren in Datei '%s'."

-#: general.c:476
+#: general.c:472
#, c-format
msgid "could not exclusively open '%s'."
msgstr "Datei '%s' konnte nicht exklusiv ge�ffnet werden."

-#: general.c:485
+#: general.c:481
#, c-format
msgid "error %d (%s) locking file '%s'."
msgstr "Fehler %d (%s) beim exklusiven �ffnen von '%s'."
make: *** [gettext_compile] Error 1

These are the installed locales:

$ locale -a
bokmal
bokmål
C
en_US.utf8
nb_NO
nb_NO.iso88591
nb_NO.utf8
no_NO
no_NO.ISO-8859-1
norwegian
POSIX

I'm trying cpm for the first time on Debian 7:

$ cat /etc/debian_version 
7.3
$ cpm --version
cpm 0.26 (64 bit)
CDK version 5.0 (20060507).
GpgME version 1.2.0 (rcpt).
ncursesw version 5.9 (20110404).
XML2 version 2.7.8.
zlib version 1.2.3.4.
cracklib is enabled.
Written by Harry Brueckner <[email protected]> 2005-2009.
Maintained by Kacper Wysocki <[email protected]> 2010.

I suppose that the first message tells me about non-encrypted swap:

$ cpm
Running without root privileges:                  yes
Memory protection from core dumps:                yes
Memory protection from swap writings:             no
Max. memory lock ok:                              no (64 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes
Cracklib dictionary (/var/cache/cracklib/cracklib_dict):yes

Maximum security level not reached. Are you sure you want to continue?
Press CTRL+C to stop now or ENTER to continue.

Then I type ENTER and get a file error:

error 2 (No such file or directory) opening file '/home/vagrant/.cpmdb'.

Then I type OK and C^K to add a key, however the list is empty.

I don't understand because I created a key as described in this procedure and it doesn't appear in the list.

$ gpg --edit-key harry
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/1D9BD7D9  created: 2014-02-06  expires: 2015-02-06  usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/2295B1F4  created: 2014-02-06  expires: 2015-02-06  usage: E   
[ultimate] (1). Harry Potter <[email protected]>

gpg> 

I can't save the database because I'm unable to specify an encryption key. Any idea to fix this issue?

When one installs the .deb package, some automation should at best try to set up a .cpmdb for/with you. Or at least point you to a readme so the user knows how to get startet!

Hei

Hva med en hardy-pakke? eller kanskje lucid? eller begge? :)

When double-clicking the password in cpm in a "urxvt" terminal, the clipboard will include the border character as well.

Today, the password appears somewhat like this:

+-------------
|yourpassword
|

Could this be changed to include space above and beside the password like this?

+--------------
|
| yourpassword
|

package the software for redhat and centos

gpgme_op_decrypt_result returned success and gpgme_op_verify_result found signatures on your
password database, but you haven't signed the keys so the signature is not valid.

The signature summary should never be null according to the GpgMe docs, so this is an undocumented "feature",
which results in this cryptic error message.

Quick fix: trust sign the keys that your database is crypted with so that key validity is not "none" or "unknown".

Next release will include, at the very least, a better error message.
Ideally a proper fix for this issue would be:

• show the signatures and your validity for them
• allow you to trust or skip the warning

Multiple issues cause CDK to be less than ideal for drawing to the terminal. Chief among these is the lack of UTF8 support, which is never to be added to CDK. Alternatives (to ncurses) are nchanterm and termbox, though both need a layer on top to support listboxes and menus.

this is #12 all over again: your memlock limits are too low. please increase them in /etc/security/limits.conf and reboot your system.

looking into whether it's possible to detect this condition and at least error/exit out instead of segmentation faults.

On startup, cpm prints:

Usage: clear [options]

Options:
  -T TERM     use this instead of $TERM
  -V          print curses-version
  -x          do not try to clear scrollback

This is because it calls execl("/usr/bin/clear", "clear") instead of execl("/usr/bin/clear", "clear", NULL). Forgetting the NULL terminator for the argument list causes execl to pass additional garbage arguments from registers or stack.

Need to make directory before install:
sudo mkdir -p /usr/local/share/locale/de/LC_MESSAGES

would be real cool eh

this is a regression, doesn't seem to clear the screen on certain terminals (ie urxvt on arch)

and it's hard to obtain a core file

... and cpm dies due to cracklib missing a dictionary.

To fix this, install cracklib-runtime and run
create-cracklib-dict

Coding up a simple GPG trust interface would be nice, perhaps just as a mod to the existing key list. Ie

<fingerprint>       <key name> <key address> <validity>        <trust>
0xFD827E34674A506    K Wysocki   comotion@kr.. 2015-02-14     ultimate

For background, see #27.

would be cool to PTRACE_ATTACH itself so that it's protected from debugging on linux.

Howto? fungerer det fint?

sliter med rekkefølge av signering av nøkler og det der. (brukte aldri mye tid på dette, da å dele en nøkkel og passord var skittent men godt.)

Copied and pasted from https://bugs.launchpad.net/ubuntu/+source/cpm/+bug/914989

,----
| When I'm using a gpg key which has the follwing identity
| uid Żółw Słoń [email protected]
| cpm ran using command:
| cpm --key [email protected]
| crashes with the following error message:
| conversion failed for string 'Żółw Słoń' (-2). Segmentation fault
|
| But when using id:
| uid Zolw Slon [email protected]
| everything works fine.
|
| To reproduce, just generate gpg rsa&rsa 1024 keys with the given ids.
`----

package the software for debian

The 0.27 release does not build on Debian GNU/kFreeBSD, due to missing sys/prctl.h

Build log at https://gist.github.com/3884493

cpm uses gpgme which should interface with gpg-agent. thus you securely avoid typing your password a million times

fixed in lenny and newer packages

CPM craps out if there are ie norwegian symbols in your key comment field

When I close cpm, I get

┌────────────────────────────────────────────────┐
│warning │
│You did not specify any of your secret keys to │
│encrypt the database. │
│You won't be able to read this file yourself! │
│Do you want to continue? │
├────────────────────────────────────────────────┤
│ Yes No │
└────────────────────────────────────────────────┘

I did specify my key in the ^K menu. I don't have a clue what to do else.

not a cpm bug, but still an issue that you might have.

it's a gpg-agent configuration problem. see this ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/cpm/+bug/1169121

the bug might or might not affect you on other distros. I have been hit by this on debian jessie.

Got the following message when exiting cpm today...

error: memory leak detected.
-10409 byte of memory were freed without being allocated.
Please send a report about this problem to Harry Brueckner <[email protected]>.

https://bugs.launchpad.net/ubuntu/+source/cpm/+bug/1169121

gpg-agent daemon is usually started from the .xsession

eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")

writing GPG_AGENT_INFO to the environment, and also to a file ~/.gpg-agent-info file

in which case those environment variables need to be set and exported in all interactive sessions:

  if [ -f "${HOME}/.gpg-agent-info" ]; then
    . "${HOME}/.gpg-agent-info"
    export GPG_AGENT_INFO
    export SSH_AUTH_SOCK
  fi

(the last export for --enable-ssh-support)