About two weeks ago LastPass Firefox plugin was updated and I started to notice that Firefox is taking much more resources. We all know that the browser is a heavy cow on the system, and now its a cow with a wagon. My beast laptop, ThinkPad W541, handled it without sweat with a bit of struggle on cold start and restoring large sessions. I didn’t think about it too much until I was trying to put Firefox in a container, which required lots of restarts. Every cold restart Firefox was asking about hanging javascript from the lovely LastPass. And guess what, when I disabled LastPass Firefox became blazing fast, like a running bull. So I left it disabled and didn’t think about it too much.
Fortunately, few days later I was working on a new deployment and needed a place to store and share passwords. I was wondering why can’t we share passwords with Git or something, where there is no need in a dedicated server. After short search I found GoPass which was exactly what I was looking for. Now, GoPass is based on more popular tool called pass, and it has support for Firefox… and it can import passwords from LastPass…
Go back, what is pass:
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.
What is gopass:
The slightly more awesome Standard Unix Password Manager for Teams. Written in Go.
Theoretically you can use pass for shared passwords, but gopass does it much easier. To get started you can follow these guides:
I was excited, and started migrating from LastPass, when I remembered there is automation for it. But damn, it doesn’t work with gpg-agent for some unknown hellish reason. And I had more than 300 passwords(?!). So the script kept asking me for password to open my GPG key, and its pretty long to type. First I thought “well this is a case for ops”, and starting shift-inserting my password. After 20 imports I gave up. Next I developed a expect script, which BTW took longer than the ops approach. Anyway, if you encounter this problem, here is the script:
1 | Fuck! I lost it... |
Finally I got all most all of my password in pass, victory! Now… how I’m using it in my containerized Firefox?
- Install gpg inside the container
RUN dnf install -y gnupg - I will probably need pass in it too
RUN dnf install -y pass - Add the Firefox plugin PassFF
That’s it, should work out of the box. In your dreams…
PassFF listed all the credentials but unable to get them. Tried another plugin for Firefox - Browserpass - no luck. Step back, docker exec -it firefox_Personal2 bash and pass github.com asking for GPG password.
Not this again…
OK. Let’s share the GPG agent with the container: /run/user/1000/gnupg/S.gpg-agent, no luck, and ‘yes’ I made sure to connect to the agent gpg-connect-agent /bye. For some reason, gpg-agent in the container created a socket in ~/.gnupg/. I tried so many things and googled the shit out of it. And then I found it!
The problem was with gpg command, while works fine with gpg2. And what about pass? pass prefers gpg2, why isn’t it working?
Because which is not installed in fedora containers.
The last problem is one that I actually thought off during all the testing, was how to enter the password for GPG key the first time? The answer lies in gpg-agent ‘pinentry-program’ setting, I’ve installed pinentry-gtk package and set the program to /usr/bin/pinentry. I also changed the TTL to something reasonable. The final result looks like this ~/.gnupg/gpg-agent.conf:
1 | default-cache-ttl 999999 |
Now pass works from shell. Going back to Firefox, and… it still doesn’t work.
sigh
Well I can try to make this plugin work, but do I really need it? I mean, anyway I wanted to make LastPass work with Vimperator, maybe there is a script for pass, geeky enough, no?
Well there is no such script, but it shouldn’t be too hard. Just to make sure, I searched the web, and I found something close for ‘keyring’ tool. So I did some manipulations to it and ta-dam! I have pass working from Firefox with Vimperator!