TL;DR: How should we handle truly breaking changes? With a major version bump or a fork?

Background

gopass has accumulated a lot of features in the past. Some of them were contributed, some never truly finished. Also supporting troublesome dependencies like GnuPG and git adds to the maintenance burden.

It has become clear that we don't have enough time to support all of these feature and dependencies and we prefer to have a stable, polished core feature set over a huge number of partly broken features.

We had some small breaking changes in the last minor release and we will have more small breaking changes while we continue to clean up the code base leading up to a major breaking change in the next major release.

Upcoming Changes

Going forward we consider to:

• Drop GPG support, including most tooling we built around that (e.g. key export / import and such)
• Drop Git support
• Drop most configuration options
• Reduce the number of CLI subcommands and command line options
• Break compatibility with other pass implementations

This will break most existing setups and will require careful planning and execution.

If you care about any of these features the only (!) way to keep them from being removed are sustained, high quality contributions, e.g. triaging issues, improving documentation, test coverage and finally refactoring the code to make them better maintainable. Unless contributors step up to work on these, the aforementioned features will be dropped. Probably before the end of this year.

Upcoming Changes

While our goal is clear, it's not so clear how we want to get there.

Obviously we want to keep supporting our existing users (but not necessarily on their current stack).

Right now I see two options moving forward.

Both have in common that we will make smaller (possibly) breaking changes in the minor releases leading up to the next major release. We will try to limit the impact but features which are already broken, rarely used or poorly implemented will either be changed or removed.

Also we will work to add support for the storage and crypto backends that will be used in the next major release.

Crypto Backend

In the next major release our age might become our default crypto backend.

I have a very strong preference for age, but this is only possible if the project receives sustained attention and provides answers for some open questions (e.g. Go library support, agent support).

Storage / RCS Backend

While git itself is muss less troublesome to support than GnuPG it still adds unnecessary overhead. If you think about how we use git you'll realize that we don't need most of it's features, e.g. we don't need merging (useless with encrypted files), branches, tags, or actually almost any other feature it has.

What do we really need in terms of storage / revision control?

• a Key-Value stores resembling a file system (tree)
• versioned values

Since we can't really merge or diff entries the versioning can just be a list ordered by the revision timestamp. Optionally we'd like to be able to hide the names of the keys (#673, #674).

These properties can trivially be implemented in Go.

Implementation cleanup

It's clear that in the next major release we'll reduce support for different backends, reducing the amount of code.

Eventually we'd like to get rid of complicated recipient key handling. If we're using age the recipient list will already include the whole public key with no need to additionally export or import keys to and from huge keyrings. We might even default to using GitHub username as the default mechanism (age can encrypt for ssh public keys which are publicly visible on GitHub).

Options

This section lists possible options how to reach a major reduction in tech debt with the next major release without loosing most of our users on the way.

Hard Fork

This would be the easiest option. We would implement all required changes as detailed above in the 1.9 branch and before we start to actually remove features we'd fork the gopass repo to e.g. github.com/gopasspw/gopass2 and keep both repos around: One for the 1.x branch and the other for the 2.x branch.

Obviously we could also do that in the gopass repo with a different branch, but I think that might be more confusing.

However this approach has two big disadvantages:

1. We'd still have to maintain the old gopass 1.x repo. Since our time is very limited this will slowly rot up to a point where it's unuseable. For a security critical project this isn't a good idea.
2. Many users won't make the switch, cf. the Perl5/6 or Python 2/3 situation.

Provide an automated migration path

The second option would be to (try to) automatically migrate all users to the new backends.

This would require us to implement the migration tooling that would automatically migrate the users stores to the new backends in the 1.x branch. If a user misses one of the releases with this migration tooling they would need to resort to the last 1.x release before the can use the 2.x releases.

The big advantage is that this avoid the disadvantages of the first option.

The disadvantage that this is a pretty disruptive change.

Users will need to replace their remote setup (git) with something else (which doesn't exist, yet). Also they will need to trust a different kind of crypto (which is likely much safer, but in some cases it might be perceived as a step back).

Request for Comments

Please let me know what you think. But please keep in mind that this is an open source project run by volunteers.

Feel free to share this proposal with any gopass users you know.

The question here is not if or when we'll make these breaking changes, only how! The only way to prevent a feature from being dropped is to make sustained high quality contributions!

Edit: Updated to better reflect to current plans.

Summary

i get failed to read recipient IDs from raw secret on gopass fsck on some passwords.

Steps To Reproduce

i run gopass fsck.

Environment

• OS: ubuntu 20.04
• OS version: Linux troy 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
• gopass Version:

gopass 1.12.7 (2021-07-02 09:20:21) go1.16.6 linux amd64
<root>     -  gpg 2.3.1 - git 2.32.0
Available Crypto Backends: age, gpgcli, plain
Available Storage Backends: fs, gitfs

• Installation method: brew install gopass

Additional context

i can decrypt the files manually with gpg --decrypt .password-store/websites/bla.gpg. with gopass show they get shown. but with rofi-gopass i get empty secret in the debug logs. after that i tried the gopass fsck and ran in this. i have the feeling that this happens on passwords i added the last. here is a snippet from the debug log:

2021/08/17 14:46:06.798912 leaf/store.go:68     leaf.New        Instantiated  at /home/marv/.password-store - storage: &gitfs.Git{fs:(*fs.Store)(0xc000098890)} - crypto: &cli.GPG{binary:"/usr/bin/gpg", args:[]string{"--quiet", "--yes", "--compress-algo=none", "--no-encrypt-to", "--no-auto-check-trustdb"}, pubKeys:gpg.KeyList(nil), privKeys:gpg.KeyList(nil), listCache:(*lru.TwoQueueCache)(0xc000319860), throwKids:false}
2021/08/17 14:46:06.798918 root/init.go:71      root.(*Store).initialize        Root Store initialized at /home/marv/.password-store
2021/08/17 14:46:06.798927 fs/store.go:109      fs.(*Store).Exists      Checking if .gpg-id exists at /home/marv/.password-store/.gpg-id: true
2021/08/17 14:46:06.798933 action/init.go:36    action.(*Action).IsInitialized  Store is already initialized
2021/08/17 14:46:06.798985 fs/store.go:156      fs.(*Store).IsDir       websites/amazon/[email protected] at /home/marv/.password-store/websites/amazon/[email protected] is a directory? false
2021/08/17 14:46:06.798993 fs/store.go:156      fs.(*Store).IsDir       websites/amazon/[email protected] at /home/marv/.password-store/websites/amazon/[email protected] is a directory? false
2021/08/17 14:46:06.799001 fs/store.go:41       fs.(*Store).Get Reading websites/amazon/[email protected] from /home/marv/.password-store/websites/amazon/[email protected]
2021/08/17 14:46:06.799017 cli/decrypt.go:22    cli.(*GPG).Decrypt      /usr/bin/gpg [/usr/bin/gpg --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --decrypt]
2021/08/17 14:46:07.025924 secparse/parse.go:20 secparse.Parse  failed to parse as MIME: EOF
2021/08/17 14:46:07.025951 secrets/yaml.go:95   secrets.ParseYAML       Parsing
2021/08/17 14:46:07.025965 secparse/parse.go:30 secparse.Parse  failed to parse as YAML: EOF

2021/08/17 14:46:07.025971 secparse/parse.go:37 secparse.Parse  failed to parse as KV: EOF
2021/08/17 14:46:07.025976 secparse/parse.go:40 secparse.Parse  parsed as plain:
2021/08/17 14:46:07.025992 action/show.go:147   action.(*Action).showHandleOutput       empty secret - stacktrace: empty secret
2021/08/17 14:46:07.026000 action/show.go:63    action.(*Action).Show   empty secret - stacktrace: empty secret

and all the newer passwords are also not readable by the classic pass command. did something changed in the format?

Summary

There a git repository that has been cloned.

My public key in the repo is matching mine in Kleopatra, but still I can't add a new password, gopass keeps returning: gpg: [stdin]: encryption failed: No public key

Steps To Reproduce

Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                             [16:08]
❯ $env:GOPASS_DEBUG = 'true'
Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                             [16:09]
❯ gopass insert pass/dev/pgsql-rm/read_model_migrations
[DEBUG] Trying to load config from C:\Users\Meow\.config\gopass\config.yml
[DEBUG] Loaded config: Config[Root:StoreConfig[AskForMore:false,AutoClip:true,AutoImport:true,AutoSync:false,ClipTimeout:45,Concurrency:1,EditRecipients:false,NoColor:false,NoConfirm:true,NoPager:false,Notifications:true,Path:gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass,SafeContent:false,UseSymbols:false],Mounts()]
[DEBUG] Loaded config from C:\Users\Meow\.config\gopass\config.yml: Config[Root:StoreConfig[AskForMore:false,AutoClip:true,AutoImport:true,AutoSync:false,ClipTimeout:45,Concurrency:1,EditRecipients:false,NoColor:false,NoConfirm:true,NoPager:false,Notifications:true,Path:gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass,SafeContent:false,UseSymbols:false],Mounts()]
[DEBUG] store/root/init.go:18 initializing store and possible sub-stores
[DEBUG] store/sub/store.go:43 sub.New - URL: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass
[DEBUG] store/sub/store.go:57 sub.New - Using storage backend from ctx: fs
[DEBUG] backend/storage/fs/loader.go:23 Using Storage Backend: fs(v0.1.0,path:C:\Users\Meow\Desktop\Work\Passwords\pass)
[DEBUG] store/sub/store.go:66 sub.New - Using RCS backend from ctx: gitcli
[DEBUG] store/sub/store.go:75 sub.New - Using Crypto backend from ctx: gpgcli
[DEBUG] backend/crypto/gpg/cli/loader.go:23 Using Crypto Backend: gpgcli
[DEBUG] store/sub/store.go:81 sub.New - initialized - storage: fs (0xc0002305f0) - rcs: git (0xc00035e000) - crypto: gpg (0xc0002000c0)
[DEBUG] store/root/init.go:116 Root Store initialized with URL gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] action/init.go:31 Store is already initialized
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass/dev/pgsql-rm/read_model_migrations.gpg) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations.gpg
Enter password for pass/dev/pgsql-rm/read_model_migrations []: mypassword
Retype password for pass/dev/pgsql-rm/read_model_migrations []: mypassword
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass/dev/pgsql-rm/read_model_migrations.gpg) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations.gpg
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\.pass-template
[DEBUG] action/templates.go:120 No template found for pass/dev/pgsql-rm/read_model_migrations
[DEBUG] backend/storage/fs/store.go:130 fs.Isdir(pass/dev/pgsql-rm/read_model_migrations) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations -> false
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\read_model_migrations\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/storage/fs/store.go:37 fs.Get(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 69CB13B55D75DEF6E4A08297CD3833FA2ACF816C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/storage/fs/store.go:37 fs.Get(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

(x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/gpg.go:131 gpg.Encrypt: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --encrypt --trust-model=always --recipient 007B8FCE310A5A369C5FA1E023D166DB074B6BC6 --recipient 08B3C0F62B5039919325BC5FDE40A9898D3DC818 --recipient 092A67EBD261FE479D15A858078425A332F77857 --recipient 2A05CC76C821EDAA9D67C52C407172741190894B --recipient 69CB13B55D75DEF6E4A08297CD3833FA2ACF816C --recipient 7FC147A251D1C008B01A9FECBACFA90D099FBC3C --recipient CBDA8515A67EFCFDEA8A8909F0CCC407C152420A --recipient F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE --recipient F22854456422B6AA080DDC0F41FE7D6F018E72BD --recipient 0xCD3833FA2ACF816C]
gpg: F22854456422B6AA080DDC0F41FE7D6F018E72BD: skipped: No public key
gpg: [stdin]: encryption failed: No public key
[DEBUG] store/sub/write.go:49 Failed encrypt secret: exit status 2
[DEBUG] action/errors.go:60 Stacktrace: Failed to encrypt
github.com/gopasspw/gopass/pkg/store.init.ializers
        /home/tex/src/go/src/github.com/gopasspw/gopass/pkg/store/err.go:11
runtime.main
        /usr/local/go/src/runtime/proc.go:188
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1337

Error: failed to write secret 'pass/dev/pgsql-rm/read_model_migrations': Failed to encrypt
⨯ Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                           [16:10]
❯ gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys
sec:u:4096:1:CD3833FA2ACF816C:1576667410:::u:::scESC:::+:::23::0:
fpr:::::::::69CB13B55D75DEF6E4A08297CD3833FA2ACF816C:
grp:::::::::8F49FFDEBA8442D6CD01B8FC20F9346B865626FF:
uid:u::::1576667410::880A25962758AA323EC520E5B4857E9236B84BEF::Kerry Perret (Meow) <kperret@mydomain>::::::::::0:
ssb:u:4096:1:7C8692C8A3446CBA:1576667410::::::e:::+:::23:
fpr:::::::::61884AAE4E84CA04B677C1437C8692C8A3446CBA:
grp:::::::::D2E15DA41C162B457032B13DBD7B1809E6B663CB:

My config.yml file content:

root:
  askformore: false
  autoclip: true
  autoprint: false
  autoimport: true
  autosync: false
  check_recipient_hash: false
  cliptimeout: 45
  concurrency: 1
  editrecipients: false
  nocolor: false
  noconfirm: true
  nopager: false
  notifications: true
  path: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMichelle%5CDesktop%5CWork%5CPasswords%5Cpass
  recipient_hash:
    .gpg-id: 3078434433383333464132414346383136430aa69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26
  safecontent: false
  usesymbols: false
mounts: {}

I'm not too sure whether this is ok but the content of the file in the root repo .gpg-id file (aka from the origin repo) differs from the one config.yml file, does it really matter?

See above

Expected behavior

Should add the password to my pass store.

Environment

• OS: Windows 10 Pro

Relevant bits of the PowerShell Get-ComputerInfo:

OsName                                                  : Microsoft Windows 10 Enterprise
OsType                                                  : WINNT
OsOperatingSystemSKU                                    : EnterpriseEdition
OsVersion                                               : 10.0.18363
OsCSDVersion                                            :
OsBuildNumber                                           : 18363
OsHotFixes                                              : {KB4578974, KB4497165, KB4513661, KB4516115...}
OsBootDevice                                            : \Device\HarddiskVolume3
OsSystemDevice                                          : \Device\HarddiskVolume5
OsSystemDirectory                                       : C:\WINDOWS\system32
OsSystemDrive                                           : C:
OsWindowsDirectory                                      : C:\WINDOWS
OsCountryCode                                           : 33
OsCurrentTimeZone                                       : 60
OsLocaleID                                              : 040c
OsLocale                                                : fr-FR
OsLocalDateTime                                         : 10/30/2020 4:21:57 PM
OsLastBootUpTime                                        : 10/26/2020 3:00:52 AM
OsUptime                                                : 4.13:21:04.6356128
OsBuildType                                             : Multiprocessor Free
OsCodeSet                                               : 1252
OsDataExecutionPreventionAvailable                      : True
OsDataExecutionPrevention32BitApplications              : True
OsDataExecutionPreventionDrivers                        : True
OsDataExecutionPreventionSupportPolicy                  : OptIn
OsDebug                                                 : False
OsDistributed                                           : False
OsEncryptionLevel                                       : 256
OsForegroundApplicationBoost                            : Maximum
OsTotalVisibleMemorySize                                : 16622560
OsFreePhysicalMemory                                    : 3087436
OsTotalVirtualMemorySize                                : 30192852
OsFreeVirtualMemory                                     : 5673484
OsInUseVirtualMemory                                    : 24519368
OsTotalSwapSpaceSize                                    :
OsSizeStoredInPagingFiles                               : 13570292
OsFreeSpaceInPagingFiles                                : 10825424
OsPagingFiles                                           : {C:\pagefile.sys}
OsHardwareAbstractionLayer                              : 10.0.18362.752
OsInstallDate                                           : 2/10/2020 11:00:49 PM
OsManufacturer                                          : Microsoft Corporation
OsMaxNumberOfProcesses                                  : 4294967295
OsMaxProcessMemorySize                                  : 137438953344
OsMuiLanguages                                          : {en-US, fr-FR}
OsNumberOfLicensedUsers                                 :
OsNumberOfProcesses                                     : 367
OsNumberOfUsers                                         : 2
OsArchitecture                                          : 64-bit
OsLanguage                                              : en-US
OsProductSuites                                         : {TerminalServicesSingleSession}
OsOtherTypeDescription                                  :
OsPAEEnabled                                            :
OsPortableOperatingSystem                               : False
OsPrimary                                               : True
OsProductType                                           : WorkStation
OsSerialNumber                                          : 00329-10180-00000-AA421
OsServicePackMajorVersion                               : 0
OsServicePackMinorVersion                               : 0
OsStatus                                                : OK
OsSuites                                                : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel                                           :

• gopass Version: 1.8.6
• Installation method: chocolatey, see https://chocolatey.org/packages/gopass

This is a feature request to help people move from their other password managers to gopass.

Other password managers usually have an export function, including the "password manager" included with Google's Chrome browser. It would be great to have a feature that could work with these exported files.

This could work like this:

gopass import --format=chrome /path/to/export.csv

The format could be csv, chrome, safari or other types of exports. I haven't checked how similar these are and if they are following a common scheme.

I'd be willing to give it a shot if we can agree on how it should work.

I use zsh -d -f to start zsh without an rc.

❯ zsh -d -f
bianca2% source <(gopass completion zsh)
_gopass:213: command not found: _describe
_gopass:214: command not found: _arguments
_gopass_complete_passwords:1: command not found: _arguments
_gopass_complete_passwords:3: command not found: _values

This is awesome tool, I looked for something like this for ages! Is there any chances that you'll set the PPA repository for Ubuntu so users like me can mirror it and use it in their companies?

Hello,

I'm trying to update FreeBSD gopass port from 1.11.0 to 1.12.1 and I verifying a very strange behavior when port do a post-build to create completions:

post-build:
.for SHELL in bash fish zsh
        ${WRKDIR}/bin/${PORTNAME} completion ${SHELL} > ${WRKSRC}/${SHELL}
.endfor

And it gives the error:

/wrkdirs/usr/ports/security/gopass/work/bin/gopass completion bash > /wrkdirs/usr/ports/security/gopass/work/gopass-1.12.1/bash
❌ No gpg binary found: mkdir /nonexistent: permission denied
*** Error code 19

Stop.
make: stopped in /usr/ports/security/gopass
build of security/gopass | gopass-1.12.1 ended at Thu Mar 11 12:09:45 WET 2021
build time: 00:00:58
!!! build failure encountered !!!

It works ok with 1.11.0.

Any hints on this issue?

Thanks,

Nuno Teixeira

As the pass itself and buggy tree,

% gopass find linux
...password-store
├── IT
│   └── linux.org.ru.gpg
└── shops
    ├── amazon.ca.gpg -> amazon.gpg
    ├── amazon.co.uk.gpg -> amazon.gpg
    ├── amazon.com.gpg -> amazon.gpg
    ├── amazon.de.gpg -> amazon.gpg
    ├── ebay.ca.gpg -> ebay.gpg
    ├── ebay.co.uk.gpg -> ebay.gpg

Steps to reproduce:

1. Download the 64-bit, located here.
2. Extract it to some directory.
3. Add that directory to the PATH variable with the instructions located here.
4. Open a new command window via Start --> Run --> cmd
5. Do a go init command.

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\Zamiell>gopass

Error: password-store is not initialized. Try 'gopass init'

C:\Users\Zamiell>gopass init

Error: exec: "": executable file not found in %PATH%

C:\Users\Zamiell>

These steps were performed on a Windows 10 OS. I also tried using the 32-bit binary, and I received the same error. Any tips?

gopass audit validates known passwords against common flaws, like being too short or systematic.

This uses my own Golang implementation of cracklib: https://github.com/muesli/crunchy

Wordlist / dictionary checking is still on my TODO-list, but the API should remain stable for that. A simple vendor-bump would be enough in that case.

EDIT: renamed to gopass audit after lengthy discussion below, to avoid confusion.

I've been using gopass for few months already. Unfortunately I'm not sure since when but gopass bridge is failing with failed to get secret: Failed to decrypt. I don't recall playing with gpg lately. The gopass cli client works fine, and gopass bridge in Chromium works fine as well. Can't figure out what might be the problem or how to fix that. I'd be happy if someone could help.

Versions:

• gopass 1.7.2 (39fb91ab96c8ba59b67c33d6b938a474dcbb5000) go1.10 linux amd64
• Mozilla Firefox 63.0
• gopass bridge 0.4.0, last updated November 5, 2018
• Ubuntu 18.04
• gpg (GnuPG) 2.2.4
• libgcrypt 1.8.1

I'm not sure if it's worth the additional dependencies, yet.

RELEASE_NOTES=[ENHANCEMENT] Add internal pager (ov).

Fixes #2507

Signed-off-by: Dominik Schulz [email protected]

Summary

When running any gopass commands that require decryption, I receive the following warning:

gpg: problem with fast path key listing: Forbidden - ignored

Steps To Reproduce

1. Configure a new gopass vault using GPG
2. Run any commands that require decryption (i.e. gopass show my/secret)
3. See the warning appear

Expected behavior

I am expecting no warnings to be produced from GPG.

Environment

• OS: NixOS
• OS version: 22.11
• gopass Version: 1.14.10
• Installation method: From nixpkgs

Additional context

It's worth noting that I do not see this warning when performing other decryption actions using gpg from the CLI. I'm assuming that gopass must be doing something unique that's triggering this warning. Unfortunately, searching for the exact warning basically produces nothing.

It's also worth noting that I use gopass with a lot of other tools, namely aws-vault, and so when calling commands that rely on decryption I'm constantly seeing this warning appear. It would be nice to figure out how to make it stop.

gpg (GnuPG) 2.3.7
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/josh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

gpg-agent (GnuPG) 2.3.7
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

We should try to get gopass into the official Debian repos. Unfortunately gopass is already taken (ref), but maybe a package name of gopasspw would work.

Any help here is appreciated since I'm not very keen Debian policies and proceses myself.

We should:

• File an ITP bug
• Create a "proper" Deb package (we have proper packages, but they are most likely not fully in line with the extensive Debian policy)
• Find a Sponsor to upload the package

If any changes to gopass are necessary to ease that work I will look into it.

Summary

After upgrading to gopass 1.14.10 on osx it started to crash randomly. I attached the trace that is printed. I tried killing the gpg agent but it does not help.

Steps To Reproduce

use any gopass command (even gopass version sometimes crashes)

Expected behavior

There to be no error :D

Environment

• OS: macOS Monterey 12.6.1
• OS version: Darwin Kernel Version 21.6.0: Thu Sep 29 20:12:57 PDT 2022; root:xnu-8020.240.7~1/RELEASE_X86_64
• gopass Version: gopass 1.14.10 go1.19.3 darwin amd64
• Installation method: brew

Additional context

Error: failed to retrieve secret "personal/artifactory_key": failed to decrypt
runtime: nameOff 0x34312e31 base 0xd2177b0 not in ranges:
	types 0xd22a000 etypes 0xd3b0ce8
fatal error: runtime: name offset base pointer out of range

goroutine 50 [running]:
runtime.throw({0xd1375a7?, 0x0?})
	runtime/panic.go:1047 +0x5d fp=0xc000642c28 sp=0xc000642bf8 pc=0xcb11cbd
runtime.resolveNameOff(0x0?, 0x34312e31)
	runtime/type.go:221 +0x1d6 fp=0xc000642c80 sp=0xc000642c28 pc=0xcb3a936
runtime.(*_type).nameOff(...)
	runtime/type.go:227
runtime.(*_type).string(0xd2177b0)
	runtime/type.go:55 +0x25 fp=0xc000642ca0 sp=0xc000642c80 pc=0xcb3a5c5
runtime.(*TypeAssertionError).Error(0xc00009a810)
	runtime/error.go:39 +0x9e fp=0xc000642da8 sp=0xc000642ca0 pc=0xcae417e
runtime.preprintpanics(0xc000560140?)
	runtime/panic.go:581 +0x7f fp=0xc000642e08 sp=0xc000642da8 pc=0xcb10b1f
panic({0xd2b5c20, 0xc00009a810})
	runtime/panic.go:985 +0x3ac fp=0xc000642ec8 sp=0xc000642e08 pc=0xcb1186c
runtime.panicdottypeE(0xd2177b0, 0xd277e40, 0xd299100)
	runtime/iface.go:262 +0x6a fp=0xc000642ee8 sp=0xc000642ec8 pc=0xcae6b2a
context.(*cancelCtx).Done(0x0?)
	context/context.go:361 +0x1d4 fp=0xc000642f68 sp=0xc000642ee8 pc=0xcb6ec74
main.main.func2()
	/private/tmp/gopass-20221110-9511-1b72ciz/main.go:74 +0x3b fp=0xc000642fe0 sp=0xc000642f68 pc=0xd0f601b
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc000642fe8 sp=0xc000642fe0 pc=0xcb43ee1
created by main.main
	/private/tmp/gopass-20221110-9511-1b72ciz/main.go:70 +0x1db

goroutine 1 [runnable]:
runtime.gcTrigger.test({0x0?, 0x0?, 0x0?})
	runtime/mgc.go:548 +0xfc fp=0xc00046dba0 sp=0xc00046db98 pc=0xcaf585c
runtime.mallocgc(0x30, 0xd33cae0, 0x1)
	runtime/malloc.go:1137 +0x7fd fp=0xc00046dc18 sp=0xc00046dba0 pc=0xcae957d
runtime.newobject(0xc000580000?)
	runtime/malloc.go:1192 +0x27 fp=0xc00046dc40 sp=0xc00046dc18 pc=0xcae9767
runtime.makemap(0xc00046dcc8?, 0xcbb972f?, 0x0?)
	runtime/map.go:312 +0x5b fp=0xc00046dc88 sp=0xc00046dc40 pc=0xcaea3bb
github.com/gopasspw/gopass/internal/store/root.New(0x7ff7b4423730?)
	github.com/gopasspw/gopass/internal/store/root/store.go:32 +0x4f fp=0xc00046dce0 sp=0xc00046dc88 pc=0xcf873ef
github.com/gopasspw/gopass/internal/action.newAction(0xc000594000, {0x1, 0xe, 0xa, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}}, ...)
	github.com/gopasspw/gopass/internal/action/action.go:45 +0x6f fp=0xc00046dd50 sp=0xc00046dce0 pc=0xd0aa68f
github.com/gopasspw/gopass/internal/action.New(...)
	github.com/gopasspw/gopass/internal/action/action.go:32
main.setupApp({0xd3727d0, 0xc00054c300}, {0x1, 0xe, 0xa, {0x0, 0x0, 0x0}, {0x0, 0x0, ...}})
	/private/tmp/gopass-20221110-9511-1b72ciz/main.go:108 +0xb4 fp=0xc00046de00 sp=0xc00046dd50 pc=0xd0f6194
main.main()
	/private/tmp/gopass-20221110-9511-1b72ciz/main.go:87 +0x407 fp=0xc00046df80 sp=0xc00046de00 pc=0xd0f5ee7
runtime.main()
	runtime/proc.go:250 +0x212 fp=0xc00046dfe0 sp=0xc00046df80 pc=0xcb144d2
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00046dfe8 sp=0xc00046dfe0 pc=0xcb43ee1

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc00005cfb0 sp=0xc00005cf90 pc=0xcb14896
runtime.goparkunlock(...)
	runtime/proc.go:369
runtime.forcegchelper()
	runtime/proc.go:302 +0xad fp=0xc00005cfe0 sp=0xc00005cfb0 pc=0xcb1472d
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00005cfe8 sp=0xc00005cfe0 pc=0xcb43ee1
created by runtime.init.6
	runtime/proc.go:290 +0x25

goroutine 17 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000058790 sp=0xc000058770 pc=0xcb14896
runtime.goparkunlock(...)
	runtime/proc.go:369
runtime.bgsweep(0x0?)
	runtime/mgcsweep.go:297 +0xd7 fp=0xc0000587c8 sp=0xc000058790 pc=0xcb007f7
runtime.gcenable.func1()
	runtime/mgc.go:178 +0x26 fp=0xc0000587e0 sp=0xc0000587c8 pc=0xcaf5466
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0000587e8 sp=0xc0000587e0 pc=0xcb43ee1
created by runtime.gcenable
	runtime/mgc.go:178 +0x6b

goroutine 18 [GC scavenge wait]:
runtime.gopark(0xc000036070?, 0xd2177c0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000058f70 sp=0xc000058f50 pc=0xcb14896
runtime.goparkunlock(...)
	runtime/proc.go:369
runtime.(*scavengerState).park(0xd7e0300)
	runtime/mgcscavenge.go:389 +0x53 fp=0xc000058fa0 sp=0xc000058f70 pc=0xcafe853
runtime.bgscavenge(0x0?)
	runtime/mgcscavenge.go:622 +0x65 fp=0xc000058fc8 sp=0xc000058fa0 pc=0xcafee45
runtime.gcenable.func2()
	runtime/mgc.go:179 +0x26 fp=0xc000058fe0 sp=0xc000058fc8 pc=0xcaf5406
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc000058fe8 sp=0xc000058fe0 pc=0xcb43ee1
created by runtime.gcenable
	runtime/mgc.go:179 +0xaa

goroutine 19 [finalizer wait]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000059628 sp=0xc000059608 pc=0xcb14896
runtime.goparkunlock(...)
	runtime/proc.go:369
runtime.runfinq()
	runtime/mfinal.go:180 +0x10f fp=0xc0000597e0 sp=0xc000059628 pc=0xcaf456f
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0000597e8 sp=0xc0000597e0 pc=0xcb43ee1
created by runtime.createfing
	runtime/mfinal.go:157 +0x45

goroutine 20 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000059f50 sp=0xc000059f30 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc000059fe0 sp=0xc000059f50 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc000059fe8 sp=0xc000059fe0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 33 [GC worker (idle)]:
runtime.gopark(0x1391f34fad46?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000508750 sp=0xc000508730 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc0005087e0 sp=0xc000508750 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0005087e8 sp=0xc0005087e0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 21 [GC worker (idle)]:
runtime.gopark(0x1391f1b27b20?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc00005a750 sp=0xc00005a730 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc00005a7e0 sp=0xc00005a750 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00005a7e8 sp=0xc00005a7e0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 3 [GC worker (idle)]:
runtime.gopark(0x1391f3499295?, 0xc00006a010?, 0x40?, 0x78?, 0xc000036070?)
	runtime/proc.go:363 +0xd6 fp=0xc00005c750 sp=0xc00005c730 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc00005c7e0 sp=0xc00005c750 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00005c7e8 sp=0xc00005c7e0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 22 [GC worker (idle)]:
runtime.gopark(0x1391f3499517?, 0x3?, 0x5a?, 0x83?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc00005af50 sp=0xc00005af30 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc00005afe0 sp=0xc00005af50 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00005afe8 sp=0xc00005afe0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 34 [GC worker (idle)]:
runtime.gopark(0x1391f3510b3f?, 0x3?, 0x21?, 0x9c?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000508f50 sp=0xc000508f30 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc000508fe0 sp=0xc000508f50 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc000508fe8 sp=0xc000508fe0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 35 [GC worker (idle)]:
runtime.gopark(0x1391f24afc7c?, 0x1?, 0xb9?, 0x23?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000509750 sp=0xc000509730 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc0005097e0 sp=0xc000509750 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0005097e8 sp=0xc0005097e0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 4 [GC worker (idle)]:
runtime.gopark(0x1391f24aea6d?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc00005d750 sp=0xc00005d730 pc=0xcb14896
runtime.gcBgMarkWorker()
	runtime/mgc.go:1235 +0xf1 fp=0xc00005d7e0 sp=0xc00005d750 pc=0xcaf75b1
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00005d7e8 sp=0xc00005d7e0 pc=0xcb43ee1
created by runtime.gcBgMarkStartWorkers
	runtime/mgc.go:1159 +0x25

goroutine 23 [select, locked to thread]:
runtime.gopark(0xc00050bfa8?, 0x2?, 0x17?, 0x4c?, 0xc00050bfa4?)
	runtime/proc.go:363 +0xd6 fp=0xc00050be20 sp=0xc00050be00 pc=0xcb14896
runtime.selectgo(0xc00050bfa8, 0xc00050bfa0, 0x0?, 0x0, 0x0?, 0x1)
	runtime/select.go:328 +0x7bc fp=0xc00050bf60 sp=0xc00050be20 pc=0xcb244fc
runtime.ensureSigM.func1()
	runtime/signal_unix.go:991 +0x187 fp=0xc00050bfe0 sp=0xc00050bf60 pc=0xcb28a27
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc00050bfe8 sp=0xc00050bfe0 pc=0xcb43ee1
created by runtime.ensureSigM
	runtime/signal_unix.go:974 +0xbd

goroutine 49 [syscall]:
runtime.sigNoteSleep(0x0)
	runtime/os_darwin.go:123 +0x1e fp=0xc0005067a0 sp=0xc000506768 pc=0xcb0ed3e
os/signal.signal_recv()
	runtime/sigqueue.go:149 +0x28 fp=0xc0005067c0 sp=0xc0005067a0 pc=0xcb3ff08
os/signal.loop()
	os/signal/signal_unix.go:23 +0x19 fp=0xc0005067e0 sp=0xc0005067c0 pc=0xcbcd799
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0005067e8 sp=0xc0005067e0 pc=0xcb43ee1
created by os/signal.Notify.func1.1
	os/signal/signal.go:151 +0x2a

goroutine 51 [chan receive]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:363 +0xd6 fp=0xc000507698 sp=0xc000507678 pc=0xcb14896
runtime.chanrecv(0xc00058c1e0, 0xc0005077a0, 0x1)
	runtime/chan.go:583 +0x49b fp=0xc000507728 sp=0xc000507698 pc=0xcae27fb
runtime.chanrecv2(0x0?, 0x0?)
	runtime/chan.go:447 +0x18 fp=0xc000507750 sp=0xc000507728 pc=0xcae2338
github.com/gopasspw/gopass/internal/queue.(*Queue).run(0xc00018a3b0, {0xd372728, 0xc000220140})
	github.com/gopasspw/gopass/internal/queue/background.go:85 +0x70 fp=0xc0005077b8 sp=0xc000507750 pc=0xcf4dff0
github.com/gopasspw/gopass/internal/queue.New.func1()
	github.com/gopasspw/gopass/internal/queue/background.go:79 +0x2e fp=0xc0005077e0 sp=0xc0005077b8 pc=0xcf4df4e
runtime.goexit()
	runtime/asm_amd64.s:1594 +0x1 fp=0xc0005077e8 sp=0xc0005077e0 pc=0xcb43ee1
created by github.com/gopasspw/gopass/internal/queue.New
	github.com/gopasspw/gopass/internal/queue/background.go:79 +0x10d
gpg: public key decryption failed: Screen or window too small
gpg: decryption failed: Screen or window too small
❌ Decryption failed: exit status 2

Simliar to https://github.com/gopasspw/gopass/issues/2398 we should consider signing MacOS releases so people can easily download new releases and don't have to go through Homebrew or mess with their security settings.

There is a good guide here: https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/

However there might be one catch: It says we need an .app file. So need to figure that out first.