Bug 235454 - [NEW PORT] security/py-pass-audit: Extension to audit your password-store password repository
Summary: [NEW PORT] security/py-pass-audit: Extension to audit your password-store pas...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tobias C. Berner
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-03 08:25 UTC by tobias.rehbein
Modified: 2019-02-03 11:16 UTC (History)
1 user (show)

See Also:


Attachments
New port security/py-pass-audit (3.48 KB, text/plain)
2019-02-03 08:25 UTC, tobias.rehbein
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description tobias.rehbein 2019-02-03 08:25:13 UTC
Created attachment 201670 [details]
New port security/py-pass-audit

pass audit is a password-store extension for auditing your password repository. Passwords will be checked against the Python implementation of Dropbox' zxcvbn algorithm and Troy Hunt's Have I Been Pwned Service. It supports safe breached password detection from haveibeenpwned.com using a K-anonymity method. Using this method, you do not need to (fully) trust the server that stores the breached password. You should read the security consideration section for more information.

Porter's Note:
- this port needs the overly specific version dependency on sysutils/password-store, as only with this version "pass" starts to check the system extension directory this port installs into.
- portlint -CN and poudriere testport are okay with the new port.
Comment 1 commit-hook freebsd_committer 2019-02-03 11:16:12 UTC
A commit references this bug:

Author: tcberner
Date: Sun Feb  3 11:15:43 UTC 2019
New revision: 492047
URL: https://svnweb.freebsd.org/changeset/ports/492047

Log:
  [NEW PORT] security/py-pass-audit: Extension to audit your password-store password repository

  pass audit is a password-store extension for auditing your password repository.
  Passwords will be checked against the Python implementation of Dropbox' zxcvbn
  algorithm and Troy Hunt's Have I Been Pwned Service. It supports safe breached
  password detection from haveibeenpwned.com using a K-anonymity method.

  Using this method, you do not need to (fully) trust the server that stores the
  breached password. You should read the security consideration section for more
  information.

  PR:		235454
  Submitted by:	Tobias Rehbein <tobias.rehbein@web.de>

Changes:
  head/security/Makefile
  head/security/py-pass-audit/
  head/security/py-pass-audit/Makefile
  head/security/py-pass-audit/distinfo
  head/security/py-pass-audit/pkg-descr
  head/security/py-pass-audit/pkg-plist
Comment 2 Tobias C. Berner freebsd_committer 2019-02-03 11:16:35 UTC
Thanks.

Committed with a minor plist-change.


mfg Tobias