Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Calum MacRae
    @cmacrae
    Yeah, crashes straight away for me
    Mingshen Sun
    @mssun
    Hi @cmacrae , I think something wrong with your upgrade. Can you uninstall/install again? TF builds indeed break some keychain information.
    Calum MacRae
    @cmacrae
    Yep! That behaviour is gone after a reinstall 👍🏻
    Carl Dong
    @dongcarl
    I'm using the App Store version and can't seem to get my git repo working...
    Mingshen Sun
    @mssun
    Any details?
    Carl Dong
    @dongcarl
    from my sshd logs, it seems that the app tries to connect, but then just closes the connection
    gimme one second, I'll provide more details
    Mingshen Sun
    @mssun
    Should be a wrong password or ssh key?
    Ok
    Carl Dong
    @dongcarl
    so let's try the base case, for password, I only need to enter the password for the username that hosts the git repo right?

    let's say I have user git on server server.io and the repo is named pass-store under git's home directory

    the correct repository URL should be ssh://git@server.io/pass-store and the password I enter should be the UNIX account password for git right?

    @mssun
    The Error that I get is "Failed to clone repository from blah blah to blah blah"
    Mingshen Sun
    @mssun
    If pass-store is under the home direction, the url should be ssh://git@server.io/home/git/pass-store.
    Carl Dong
    @dongcarl
    @mssun same error unfortunately
    here's my sshd: sshd[4079]: Connection closed by 169.229.22.131 port 57056 [preauth]
    Mingshen Sun
    @mssun
    Can you clone the repo on a computer by the git clone command?
    Carl Dong
    @dongcarl
    @mssun yup, works perfectly
    is there special configuration I need to do to enable password cloning or no?
    @mssun also, I'm curious, do ssh keys with no passwords work?
    Mingshen Sun
    @mssun
    No special config. That's wired.
    Carl Dong
    @dongcarl
    I know the distinction, I'm just asking about this specific case
    yeah it really is
    Mingshen Sun
    @mssun
    Yes, should work. I have tested.
    Carl Dong
    @dongcarl
    @mssun okay let me try the key I usually use to ssh in then, sorry I keep a lot of different keys haha
    @mssun do you support OpenSSH format keys? Or only PEM format?
    Mingshen Sun
    @mssun
    I guess (but not sure) both are supported.
    [preauth] error is about authentication: https://unix.stackexchange.com/questions/102502/meaning-of-connection-closed-by-xxx-preauth-in-sshd-logs. Seems that passforios didn't initiate authentication.
    Carl Dong
    @dongcarl
    hmmmm, I'll look into it
    Raffaele Rossi
    @raffopazzo
    Hi There
    I might be a bit think but I can't find how to git pull/push with this app
    any help?
    ok found...I only needed need to scroll up....please add that to your wiki
    Mingshen Sun
    @mssun
    @raffopazzo OK, good suggestion. Thank you.
    Oh, it's in the wiki already (section: Synchronizing your password store).
    Raffaele Rossi
    @raffopazzo
    @mssun oops, I didn't see that. My bad, sorry :)
    Jaime Gómez Obregón
    @JaimeObregon
    Hello and, first and foremost: thank you very much for this project, @mssun!
    That said, I'd like to gather some feedback on privacy and security. I know the app is open source, but... is there any guarantee that this app won't steal my passwords or keys and stealthyly store or leak them over the internet? I mean: a guarantee by design.
    I know the app is open source and that I can read the code myself, but that doesn't necessarily mean the app downloadable from the app store is the same as the app hosted here at Github, isn't it? I am not familiar with mobile app development and thus my ignorance and suspiciousness :-)
    What I want ultimately to know is: is all a matter of trust and faith that my very private passwords won't be leaked, or am I missing some considerations which make this app "secure by design"?
    I am aware that this same questions apply to pass the Bash script itself, git, gpg and the rest of the stack, but in that case they are broadly trusted and well known tools, which run in an open environment (my Linux box), which I am able to audit. An iOS app, however, is a dark box to me, and I am not absolutely sure what is it exactly running inside, plus it is not so massively trusted and adopted.
    Thank you!
    Rodrigo Orem
    @rodorgas
    I don’t know a way to prove that the App Store version is the same of the GitHub version. But if you have access to a Mac, you can compile it on Xcode from source and install on your iPhone.
    Mingshen Sun
    @mssun
    @JaimeObregon Thanks, Jaime. I understand your concern. For your question on "secure by design", I cannot guarantee it right now.
    But I'm working on this. For example, using Apple's security framework to protect the private key.
    Indeed, as @rodorgas said. I cannot prove that the App Store version is the same of the GitHub version. You can compile the app by yourself from the source code and install it.
    For the current state, all credentials (password, passphrase, and others) are protected by the iOS sandbox. We should trust the OS.
    Raffaele Rossi
    @raffopazzo
    @mssun Perhaps you could hash the entire content of the repo when you tag and in the about info show the SHA256. You could the describe in the README how to run the same process
    e.g. $ find src/ -type f | xargs cat | shasum | tee signature
    311f5f7bf8d8a8ce8a56e326a4e62898e93f05c2
    Raffaele Rossi
    @raffopazzo
    then you put this hash in the about info for version x.y.z and I can just git checkout x.y.z and cat signature