Skip to content

Commit c42af5b

Browse files
sudoforgesudoforge
committed
feat: add support for gopass as a credential store
This change adds support for `gopass` as a credential store, utilizing the upstream library. Closes: #138 Closes: #166 Signed-off-by: sudoforge <[email protected]>
1 parent 9d9d252 commit c42af5b

File tree

1,345 files changed

+421657
-51
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,345 files changed

+421657
-51
lines changed

.github/workflows/build.yml

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,26 +70,30 @@ jobs:
7070
if: startsWith(matrix.os, 'macOS-')
7171
run: |
7272
brew install pass
73+
-
74+
name: Install gopass
75+
env:
76+
GOPASS_VERSION: v1.15.5
77+
run: go install github.com/gopasspw/gopass@${{ env.GOPASS_VERSION }}
7378
-
7479
name: GPG conf
75-
if: ${{ !startsWith(matrix.os, 'windows-') }}
7680
uses: actions/github-script@v7
7781
id: gpg
7882
with:
7983
script: |
8084
const fs = require('fs');
81-
const gnupgfolder = `${require('os').homedir()}/.gnupg`;
85+
const sep = require('path').sep;
86+
const gnupgfolder = `${require('os').homedir()}${sep}.gnupg`;
8287
if (!fs.existsSync(gnupgfolder)){
8388
fs.mkdirSync(gnupgfolder);
8489
}
85-
fs.copyFile('.github/workflows/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
90+
fs.copyFile('.github/workflows/fixtures/gpg.conf', `${gnupgfolder}${sep}gpg.conf`, (err) => {
8691
if (err) throw err;
8792
});
8893
core.setOutput('key', fs.readFileSync('.github/workflows/fixtures/7D851EB72D73BDA0.key', {encoding: 'utf8'}));
8994
core.setOutput('passphrase', fs.readFileSync('.github/workflows/fixtures/7D851EB72D73BDA0.pass', {encoding: 'utf8'}));
9095
-
9196
name: Import GPG key
92-
if: ${{ !startsWith(matrix.os, 'windows-') }}
9397
uses: crazy-max/ghaction-import-gpg@v6
9498
with:
9599
gpg_private_key: ${{ steps.gpg.outputs.key }}
@@ -101,6 +105,18 @@ jobs:
101105
run: |
102106
pass init 7D851EB72D73BDA0
103107
shell: bash
108+
-
109+
name: Init gopass
110+
run: |
111+
gopass config mounts.path "${HOME}/.gopass-password-store" 1>/dev/null
112+
gopass config core.autopush false 1>/dev/null
113+
gopass config core.autosync false 1>/dev/null
114+
gopass config core.exportkeys false 1>/dev/null
115+
gopass config core.notifications false 1>/dev/null
116+
gopass config core.color false 1>/dev/null
117+
gopass config core.nopager true 1>/dev/null
118+
gopass init --crypto gpgcli --storage fs 7D851EB72D73BDA0
119+
shell: bash
104120
-
105121
name: Test
106122
run: |

Dockerfile

Lines changed: 28 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ ARG XX_VERSION=1.6.1
77
ARG OSXCROSS_VERSION=11.3-r7-debian
88
ARG GOLANGCI_LINT_VERSION=v1.64.5
99
ARG DEBIAN_FRONTEND=noninteractive
10+
ARG GOPASS_VERSION=v1.15.5
1011

1112
ARG PACKAGE=github.com/docker/docker-credential-helpers
1213

@@ -70,12 +71,19 @@ RUN xx-apt-get install -y binutils gcc libc6-dev libgcc-11-dev libsecret-1-dev p
7071

7172
FROM base AS test
7273
ARG DEBIAN_FRONTEND
74+
ARG GOPASS_VERSION
7375
RUN xx-apt-get install -y dbus-x11 gnome-keyring gpg-agent gpgconf libsecret-1-dev pass
76+
RUN --mount=type=bind,target=. \
77+
--mount=type=cache,target=/root/.cache \
78+
--mount=type=cache,target=/go/pkg/mod \
79+
GOFLAGS='' go install github.com/gopasspw/gopass@${GOPASS_VERSION}
7480
RUN --mount=type=bind,target=. \
7581
--mount=type=cache,target=/root/.cache \
7682
--mount=type=cache,target=/go/pkg/mod <<EOT
7783
set -e
84+
7885
cp -r .github/workflows/fixtures /root/.gnupg
86+
chmod 0400 /root/.gnupg
7987
gpg-connect-agent "RELOADAGENT" /bye
8088
gpg --import --batch --yes /root/.gnupg/7D851EB72D73BDA0.key
8189
gpg --update-trustdb
@@ -84,7 +92,20 @@ RUN --mount=type=bind,target=. \
8492
gpg-connect-agent "KEYINFO 3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627" /bye
8593
gpg-connect-agent "PRESET_PASSPHRASE BA83FC8947213477F28ADC019F6564A956456163 -1 77697468207374757069642070617373706872617365" /bye
8694
gpg-connect-agent "KEYINFO BA83FC8947213477F28ADC019F6564A956456163" /bye
95+
96+
# initialize password store for `pass`
8797
pass init 7D851EB72D73BDA0
98+
99+
# initialize password store for `gopass`
100+
gopass config mounts.path /root/.gopass-password-store 1>/dev/null
101+
gopass config core.autopush false 1>/dev/null
102+
gopass config core.autosync false 1>/dev/null
103+
gopass config core.exportkeys false 1>/dev/null
104+
gopass config core.notifications false 1>/dev/null
105+
gopass config core.color false 1>/dev/null
106+
gopass config core.nopager true 1>/dev/null
107+
gopass init --crypto gpgcli --storage fs 7D851EB72D73BDA0
108+
88109
gpg -k
89110

90111
mkdir /out
@@ -108,7 +129,8 @@ RUN --mount=type=bind,target=. \
108129
--mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
109130
set -ex
110131
xx-go --wrap
111-
make build-pass build-secretservice PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
132+
make build-gopass build-pass build-secretservice PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
133+
xx-verify /out/docker-credential-gopass
112134
xx-verify /out/docker-credential-pass
113135
xx-verify /out/docker-credential-secretservice
114136
EOT
@@ -125,7 +147,8 @@ RUN --mount=type=bind,target=. \
125147
export MACOSX_VERSION_MIN=$(make print-MACOSX_DEPLOYMENT_TARGET)
126148
xx-go --wrap
127149
go install std
128-
make build-osxkeychain build-pass PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
150+
make build-gopass build-osxkeychain build-pass PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
151+
xx-verify /out/docker-credential-gopass
129152
xx-verify /out/docker-credential-osxkeychain
130153
xx-verify /out/docker-credential-pass
131154
EOT
@@ -139,7 +162,9 @@ RUN --mount=type=bind,target=. \
139162
--mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
140163
set -ex
141164
xx-go --wrap
142-
make build-wincred PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
165+
make build-gopass build-wincred PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
166+
mv /out/docker-credential-gopass /out/docker-credential-gopass.exe
167+
xx-verify /out/docker-credential-gopass.exe
143168
mv /out/docker-credential-wincred /out/docker-credential-wincred.exe
144169
xx-verify /out/docker-credential-wincred.exe
145170
EOT

Makefile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,12 @@ clean:
3838
rm -rf bin
3939

4040
.PHONY: build-%
41-
build-%: # build, can be one of build-osxkeychain build-pass build-secretservice build-wincred
41+
build-%: # build, can be one of build-gopass build-osxkeychain build-pass build-secretservice build-wincred
4242
go build -trimpath -ldflags="$(GO_LDFLAGS) -X ${GO_PKG}/credentials.Name=docker-credential-$*" -o "$(DESTDIR)/docker-credential-$*" ./$*/cmd/
4343

4444
# aliases for build-* targets
45-
.PHONY: osxkeychain secretservice pass wincred
45+
.PHONY: gopass osxkeychain secretservice pass wincred
46+
gopass: build-gopass
4647
osxkeychain: build-osxkeychain
4748
secretservice: build-secretservice
4849
pass: build-pass

README.md

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -80,15 +80,26 @@ You can see examples of each function in the [client](https://godoc.org/github.c
8080

8181
### Available programs
8282

83-
1. osxkeychain: Provides a helper to use the OS X keychain as credentials store.
84-
2. secretservice: Provides a helper to use the D-Bus secret service as credentials store.
85-
3. wincred: Provides a helper to use Windows credentials manager as store.
86-
4. pass: Provides a helper to use `pass` as credentials store.
83+
- gopass: Provides a helper to use `gopass` as credentials store.
84+
- osxkeychain: Provides a helper to use the OS X keychain as credentials store.
85+
- pass: Provides a helper to use `pass` as credentials store.
86+
- secretservice: Provides a helper to use the D-Bus secret service as credentials store.
87+
- wincred: Provides a helper to use Windows credentials manager as store.
8788

88-
#### Note
89+
#### Note regarding `gopass`
8990

90-
`pass` needs to be configured for `docker-credential-pass` to work properly.
91-
It must be initialized with a `gpg2` key ID. Make sure your GPG key exists is in `gpg2` keyring as `pass` uses `gpg2` instead of the regular `gpg`.
91+
`gopass` requires manual intervention in order for `docker-credential-gopass` to
92+
work properly: a password store must be initialized. Please ensure to review the
93+
upstream [quick start guide][gopass-quick-start] for more information.
94+
95+
[gopass-quick-start]: https://github.com/gopasspw/gopass#quick-start-guide
96+
97+
#### Note regarding `pass`
98+
99+
`pass` requires manual interview in order for `docker-credential-pass` to
100+
work properly. It must be initialized with a `gpg2` key ID. Make sure your GPG
101+
key exists is in `gpg2` keyring as `pass` uses `gpg2` instead of the regular
102+
`gpg`.
92103

93104
## Development
94105

go.mod

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
module github.com/docker/docker-credential-helpers
22

3-
go 1.21
3+
go 1.23.2
4+
5+
toolchain go1.23.6
46

57
retract (
68
v0.9.1 // osxkeychain: a regression caused backward-incompatibility with earlier versions
@@ -9,7 +11,39 @@ retract (
911

1012
require (
1113
github.com/danieljoos/wincred v1.2.2
14+
github.com/gopasspw/gopass v1.15.15
1215
github.com/keybase/go-keychain v0.0.1
1316
)
1417

15-
require golang.org/x/sys v0.20.0 // indirect
18+
require (
19+
al.essio.dev/pkg/shellescape v1.5.1 // indirect
20+
filippo.io/age v1.2.1-0.20240618131852-7eedd929a6cf // indirect
21+
filippo.io/edwards25519 v1.1.0 // indirect
22+
github.com/ProtonMail/go-crypto v1.1.2 // indirect
23+
github.com/blang/semver/v4 v4.0.0 // indirect
24+
github.com/caspr-io/yamlpath v0.0.0-20200722075116-502e8d113a9b // indirect
25+
github.com/cloudflare/circl v1.5.0 // indirect
26+
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
27+
github.com/dustin/go-humanize v1.0.1 // indirect
28+
github.com/fatih/color v1.18.0 // indirect
29+
github.com/godbus/dbus/v5 v5.1.0 // indirect
30+
github.com/google/go-cmp v0.6.0 // indirect
31+
github.com/google/go-github/v61 v61.0.0 // indirect
32+
github.com/google/go-querystring v1.1.0 // indirect
33+
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
34+
github.com/kr/pretty v0.3.1 // indirect
35+
github.com/mattn/go-colorable v0.1.13 // indirect
36+
github.com/mattn/go-isatty v0.0.20 // indirect
37+
github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
38+
github.com/rs/zerolog v1.33.0 // indirect
39+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
40+
github.com/twpayne/go-pinentry v0.3.0 // indirect
41+
github.com/urfave/cli/v2 v2.27.5 // indirect
42+
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
43+
github.com/zalando/go-keyring v0.2.6 // indirect
44+
golang.org/x/crypto v0.32.0 // indirect
45+
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
46+
golang.org/x/sys v0.29.0 // indirect
47+
golang.org/x/term v0.28.0 // indirect
48+
gopkg.in/yaml.v3 v3.0.1 // indirect
49+
)

0 commit comments

Comments
 (0)