password-store: Update security/password-store to 1.7.1

pkgsrc changes:
 - Rename `xclip' PKG_OPTION to `x11' (and add a PKG_OPTIONS_LEGACY_OPTS
   accordingly) and also depends on converters/base64 (needed by the `--clip'
   option, like xclip) and qrencode (needed by the new `--qrcode' option).
 - Add support for `test' target and adjust the part of the test suite for
   gnupg>=2.2.5 via patches/patch-tests_t0300-reencryption.sh.
 - sysutils/pwgen is no more needed, remove it from DEPENDS
   (now `tr -dc '<characters>' < /dev/urandom' is used instead)
 - Add patches/patch-contrib_dmenu_passmenu to fix `passmenu --type'
   (at least xdotool-2.20110530.1 does not support any `--file' option used by
   passmenu)
 - Adjust PAX invocations in `do-install' target to ignore possible `*.orig'
   and `.gitignore' files.

Changes
1.7.1
-----
== Bug Fixes ==
* Fix test suite on OS X
* Add compatibility with GnuPG 2.2.19
* Uniformly use the $GPG variable
* Do the correct thing with subkeys when reencrypting

1.7
---
== New Features ==
* Extensions: pass can now load user-defined extensions from a system
  directory or a user directory. There's already a nice ecosystem of
  extensions being built, even at this early stage. See the pass man page for
  more information.
* Signatures: there is now an option to enforce signatures of the .gpg-id file
  and extensions using an environment variable.
* QRCodes: generate and show have now learned the --qrcode/-q switch. Note to
  package maintainers: this adds a dependency on the popular qrencode package.
* Password generation: rather than use pwgen, we now use /dev/urandom more
  directly, which results in more assured password security, as well as
  customizable character sets, via an environment variable. See the pass man
  page for more information on this customization. Package maintainers: you
  may now drop the dependency on pwgen.
* Importers: there now are several more importers. More and more folks are
  moving to pass!
* Selectable clipping: you can now specify which line you wish to copy to the
  clipboard or display with a qrcode when using -c or -q.
* Git discovery: The PASSWORD_STORE_GIT environment variable has been removed,
  and instead pass will automatically choose the git repository closest to the
  file being modified (but not out of the actual password store itself). This
  should help people who like to nest git repos for different organizations.
* Bug fixes: too many to count.

== Note To Distros ==
* Drop the dependency of pwgen.
* Add the dependency of qrencode.
* The Makefile now does the right thing with DESTDIR, so you might want to
  double check that your package recipe does the right thing.
* The semantics for auto-detection of bash completion has changed, with new
  environment variables for such things. See INSTALL for details.

7 files changed, 81 insertions, 36 deletions

diff --git a/security/password-store/Makefile b/security/password-store/Makefile
index 0d9d025f601..8acdb766821 100644
--- a/security/password-store/Makefile
+++ b/security/password-store/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2017/09/03 08:53:14 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2018/05/06 11:56:58 leot Exp $
 
-DISTNAME=	password-store-1.6.5
+DISTNAME=	password-store-1.7.1
 CATEGORIES=	security
 MASTER_SITES=	http://git.zx2c4.com/password-store/snapshot/
 EXTRACT_SUFX=	.tar.xz
@@ -16,7 +16,6 @@ USE_TOOLS+=	gmake pax bash:run
 
 DEPENDS+=	getopt>=1.1.6:../../misc/getopt
 DEPENDS+=	gnupg2>=2.0.26:../../security/gnupg2
-DEPENDS+=	pwgen>=2.06:../../sysutils/pwgen
 DEPENDS+=	tree>=1.7.0:../../sysutils/tree
 
 EGDIR=			share/examples/password-store
@@ -24,6 +23,7 @@ INSTALLATION_DIRS+=	bin ${PKGMANDIR}/man1
 INSTALLATION_DIRS+=	${EGDIR}/contrib ${EGDIR}/completion
 
 REPLACE_BASH+=	src/password-store.sh
+REPLACE_BASH+=	tests/*.sh
 
 SUBST_CLASSES+=		fixsh
 SUBST_STAGE.fixsh=	post-patch
@@ -32,6 +32,8 @@ SUBST_FILES.fixsh=	src/password-store.sh
 SUBST_SED.fixsh+=	-e 's,GETOPT="getopt",GETOPT="${PREFIX}/bin/getopt",'
 SUBST_SED.fixsh+=	-e "s,SHRED=\"shred -f -z\",SHRED=\"${RM} -f -P\","
 
+TEST_TARGET=		test
+
 .include "options.mk"
 
 do-install:
@@ -41,9 +43,11 @@ do-install:
 		${DESTDIR}${PREFIX}/${EGDIR}
 	${INSTALL_MAN} ${WRKSRC}/man/pass.1 			\
 		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/pass.1
-	cd ${WRKSRC}/contrib &&					\
-		${PAX} -wr * ${DESTDIR}${PREFIX}/${EGDIR}/contrib
-	cd ${WRKSRC}/src/completion &&				\
-		${PAX} -wr * ${DESTDIR}${PREFIX}/${EGDIR}/completion
+	cd ${WRKSRC}/contrib &&						\
+		${PAX} -wr * -s',.*\.orig$$,,' -s',.*\.gitignore$$,,'	\
+			${DESTDIR}${PREFIX}/${EGDIR}/contrib
+	cd ${WRKSRC}/src/completion &&					\
+		${PAX} -wr * -s',.*\.orig$$,,' -s',.*\.gitignore$$,,'	\
+			${DESTDIR}${PREFIX}/${EGDIR}/completion
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/password-store/PLIST b/security/password-store/PLIST
index 0309d0b0a01..613d6fe7466 100644
--- a/security/password-store/PLIST
+++ b/security/password-store/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2015/02/15 18:58:40 gls Exp $
+@comment $NetBSD: PLIST,v 1.3 2018/05/06 11:56:58 leot Exp $
 bin/pass
 man/man1/pass.1
 share/examples/password-store/completion/pass.bash-completion
@@ -6,7 +6,6 @@ share/examples/password-store/completion/pass.fish-completion
 share/examples/password-store/completion/pass.zsh-completion
 share/examples/password-store/contrib/dmenu/README.md
 share/examples/password-store/contrib/dmenu/passmenu
-share/examples/password-store/contrib/emacs/.gitignore
 share/examples/password-store/contrib/emacs/Cask
 share/examples/password-store/contrib/emacs/README.md
 share/examples/password-store/contrib/emacs/password-store.el
@@ -14,12 +13,16 @@ share/examples/password-store/contrib/importers/1password2pass.rb
 share/examples/password-store/contrib/importers/fpm2pass.pl
 share/examples/password-store/contrib/importers/gorilla2pass.rb
 share/examples/password-store/contrib/importers/kedpm2pass.py
+share/examples/password-store/contrib/importers/keepass2csv2pass.py
 share/examples/password-store/contrib/importers/keepass2pass.py
 share/examples/password-store/contrib/importers/keepassx2pass.py
 share/examples/password-store/contrib/importers/kwallet2pass.py
 share/examples/password-store/contrib/importers/lastpass2pass.rb
+share/examples/password-store/contrib/importers/password-exporter2pass.py
+share/examples/password-store/contrib/importers/pwsafe2pass.py
 share/examples/password-store/contrib/importers/pwsafe2pass.sh
 share/examples/password-store/contrib/importers/revelation2pass.py
-share/examples/password-store/contrib/related-projects.txt
+share/examples/password-store/contrib/importers/roboform2pass.rb
+share/examples/password-store/contrib/pass.applescript
 share/examples/password-store/contrib/vim/noplaintext.vim
 share/examples/password-store/example-filter.sh
diff --git a/security/password-store/distinfo b/security/password-store/distinfo
index a75150e74ab..d909c4d76f4 100644
--- a/security/password-store/distinfo
+++ b/security/password-store/distinfo
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.3 2015/11/04 01:18:00 agc Exp $
+$NetBSD: distinfo,v 1.4 2018/05/06 11:56:58 leot Exp $
 
-SHA1 (password-store-1.6.5.tar.xz) = 7590bee627bc9d617cdaf901544996cde54f5a12
-RMD160 (password-store-1.6.5.tar.xz) = 76e50eaef02163dc23c155ade34b88e965ac6f30
-SHA512 (password-store-1.6.5.tar.xz) = e28503b63c6d18a2f45f4a732fdec0380c2ac15e1778136ec5e7ac568662b09183d3ad4fd36ca7e87cfe74540f916cb6365695bdf665a39da4cbe86c4bde7a78
-Size (password-store-1.6.5.tar.xz) = 54576 bytes
-SHA1 (patch-src_password-store.sh) = 5a1c1742b16716bbf50ef591b99f0e84d1f52062
+SHA1 (password-store-1.7.1.tar.xz) = e7982416eaea8773ead0836f0b4c7a475ef33cb3
+RMD160 (password-store-1.7.1.tar.xz) = ebd86a7ae52559eeac5001e9634306dc0b8bdd5f
+SHA512 (password-store-1.7.1.tar.xz) = 2ba2ebc80c90454bbab1da3c43c2cfc87135f838f381e2616eef7c36b0c1de01e491cf587a666bb052d6dfd475fa429bc8fd82b0269325bd2b70afbb897b923e
+Size (password-store-1.7.1.tar.xz) = 62340 bytes
+SHA1 (patch-contrib_dmenu_passmenu) = 025e88b68b68936d80e6eca914e7e6e44d1d887e
+SHA1 (patch-src_password-store.sh) = 21741ae5c3c7f4f1cae713ce8ba2f029c6318625
+SHA1 (patch-tests_t0300-reencryption.sh) = 281b25c8fa46d0412b87725aaa375dc902bf971f
diff --git a/security/password-store/options.mk b/security/password-store/options.mk
index 575b77d4cc9..d1aec7862aa 100644
--- a/security/password-store/options.mk
+++ b/security/password-store/options.mk
@@ -1,13 +1,16 @@
-# $NetBSD: options.mk,v 1.1 2015/01/05 11:32:49 imil Exp $
+# $NetBSD: options.mk,v 1.2 2018/05/06 11:56:58 leot Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.pass
 
-PKG_SUPPORTED_OPTIONS=	git xclip
-PKG_SUGGESTED_OPTIONS=	git
+PKG_SUPPORTED_OPTIONS=		git x11
+PKG_SUGGESTED_OPTIONS=		git
+PKG_OPTIONS_LEGACY_OPTS+=	xclip:x11
 
 .include "../../mk/bsd.options.mk"
 
-.if !empty(PKG_OPTIONS:Mxclip)
+.if !empty(PKG_OPTIONS:Mx11)
+DEPENDS+=	base64-[0-9]*:../../converters/base64
+DEPENDS+=	qrencode-[0-9]*:../../converters/qrencode
 DEPENDS+=	xclip>=0.12:../../x11/xclip
 .endif
 
diff --git a/security/password-store/patches/patch-contrib_dmenu_passmenu b/security/password-store/patches/patch-contrib_dmenu_passmenu
new file mode 100644
index 00000000000..0db443564fb
--- /dev/null
+++ b/security/password-store/patches/patch-contrib_dmenu_passmenu
@@ -0,0 +1,18 @@
+$NetBSD: patch-contrib_dmenu_passmenu,v 1.1 2018/05/06 11:56:58 leot Exp $
+
+Avoid unsupported x11/xdotool (at least version 2.20110530.1) `--file' option.
+Refactor the logic for `passmenu --type' in order to avoid `--file' and directly
+inject the `type' command and password via a pipe.
+
+--- contrib/dmenu/passmenu.orig	2017-04-13 10:11:14.000000000 +0000
++++ contrib/dmenu/passmenu
+@@ -20,6 +20,7 @@ password=$(printf '%s\n' "${password_fil
+ if [[ $typeit -eq 0 ]]; then
+ 	pass show -c "$password" 2>/dev/null
+ else
+-	pass show "$password" | { read -r pass; printf %s "$pass"; } |
+-		xdotool type --clearmodifiers --file -
++	{ printf "type --clearmodifiers -- ";
++	    pass show "$password" | head -n 1 ; } |
++		xdotool -
+ fi
diff --git a/security/password-store/patches/patch-src_password-store.sh b/security/password-store/patches/patch-src_password-store.sh
index b8b6bcd26bb..2c5cee52054 100644
--- a/security/password-store/patches/patch-src_password-store.sh
+++ b/security/password-store/patches/patch-src_password-store.sh
@@ -1,10 +1,10 @@
-$NetBSD: patch-src_password-store.sh,v 1.1 2015/01/02 12:52:16 imil Exp $
+$NetBSD: patch-src_password-store.sh,v 1.2 2018/05/06 11:56:58 leot Exp $
 
-Remove non portable mkdir parameter
+Avoid non portable mkdir(1) `-v' parameter.
 
---- src/password-store.sh.orig	2014-07-01 08:42:26.000000000 +0000
+--- src/password-store.sh.orig	2017-04-13 10:11:14.000000000 +0000
 +++ src/password-store.sh
-@@ -291,7 +291,7 @@ cmd_init() {
+@@ -323,7 +323,7 @@ cmd_init() {
  		fi
  		rmdir -p "${gpg_id%/*}" 2>/dev/null
  	else
@@ -12,8 +12,8 @@ Remove non portable mkdir parameter
 +		mkdir -p "$PREFIX/$id_path"
  		printf "%s\n" "$@" > "$gpg_id"
  		local id_print="$(printf "%s, " "$@")"
- 		echo "Password store initialized for ${id_print%, }"
-@@ -382,7 +382,7 @@ cmd_insert() {
+ 		echo "Password store initialized for ${id_print%, }${id_path:+ ($id_path)}"
+@@ -430,7 +430,7 @@ cmd_insert() {
  
  	[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
  
@@ -22,30 +22,30 @@ Remove non portable mkdir parameter
  	set_gpg_recipients "$(dirname "$path")"
  
  	if [[ $multiline -eq 1 ]]; then
-@@ -416,7 +416,7 @@ cmd_edit() {
+@@ -464,7 +464,7 @@ cmd_edit() {
  
- 	local path="$1"
+ 	local path="${1%/}"
  	check_sneaky_paths "$path"
 -	mkdir -p -v "$PREFIX/$(dirname "$path")"
 +	mkdir -p "$PREFIX/$(dirname "$path")"
  	set_gpg_recipients "$(dirname "$path")"
  	local passfile="$PREFIX/$path.gpg"
- 
-@@ -455,7 +455,7 @@ cmd_generate() {
- 	local length="$2"
+ 	set_git "$passfile"
+@@ -506,7 +506,7 @@ cmd_generate() {
+ 	local length="${2:-$GENERATED_LENGTH}"
  	check_sneaky_paths "$path"
  	[[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must be a number."
 -	mkdir -p -v "$PREFIX/$(dirname "$path")"
 +	mkdir -p "$PREFIX/$(dirname "$path")"
  	set_gpg_recipients "$(dirname "$path")"
  	local passfile="$PREFIX/$path.gpg"
- 
-@@ -538,7 +538,7 @@ cmd_copy_move() {
- 		[[ ! -f $old_path ]] && die "Error: $1 is not in the password store."
- 	fi
+ 	set_git "$passfile"
+@@ -595,7 +595,7 @@ cmd_copy_move() {
+ 	echo "$old_path"
+ 	[[ -e $old_path ]] || die "Error: $1 is not in the password store."
  
 -	mkdir -p -v "${new_path%/*}"
 +	mkdir -p "${new_path%/*}"
- 	[[ -d $old_path || -d $new_path || $new_path =~ /$ ]] || new_path="${new_path}.gpg"
+ 	[[ -d $old_path || -d $new_path || $new_path == */ ]] || new_path="${new_path}.gpg"
  
  	local interactive="-i"
diff --git a/security/password-store/patches/patch-tests_t0300-reencryption.sh b/security/password-store/patches/patch-tests_t0300-reencryption.sh
new file mode 100644
index 00000000000..83ca3ab4daf
--- /dev/null
+++ b/security/password-store/patches/patch-tests_t0300-reencryption.sh
@@ -0,0 +1,15 @@
+$NetBSD: patch-tests_t0300-reencryption.sh,v 1.1 2018/05/06 11:56:58 leot Exp $
+
+Adjust output for gnupg2>=2.2.5.
+
+--- tests/t0300-reencryption.sh.orig	2017-04-13 10:11:14.000000000 +0000
++++ tests/t0300-reencryption.sh
+@@ -10,7 +10,7 @@ canonicalize_gpg_keys() {
+ 	$GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
+ }
+ gpg_keys_from_encrypted_file() {
+-	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u
++	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | sed -n '/public key/p' | cut -d ' ' -f 5 | LC_ALL=C sort -u
+ }
+ gpg_keys_from_group() {
+ 	local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)"