Better support for zsh

• Added support for .zshrc to the installation script.
• Better error message if lpass can't be found.

Bugfixes

There was a bug in signame that caused code not to be run at exit. This has been fixed.

I’ve also added some minor details to the documentation.

Better behaviour, better POSIX compliance, better documentation

Better behaviour

• LPASSH_ADD_PATH_REGEX="" now behaves in the same way as LPASSH_ADD_PATH_REGEX="ssh".
• Setting LPASSH_ADD_AGENT_DISABLE to a meaningless value now causes an error.
• Nows checks whether printf is a built-in; this check should be superfluous, but better be safe than sorry.
• More succient messages.
• Some very minor improvements.

Better POSIX compliance

• trap now uses signal names, rather than signal numbers.
• for $var statements that aren't for $var in <list> statements no longer (and incorrectly) end with a linefeed.

Better documentation

• The discussions of shells now mentions that mksh may not provide a built-in printf.
• Various minor improvements.

Fixed errors in documentation

Fixed a wrong link in the script. No functionality changed.

Very minor changes

'Fixes'

• Made surer that lpassh-add kills its children on exit (likely superfluous).
• Made installation script easier to read.

Documentation

• Actually re-compiled the manual.
• Fixed some typos.

Installation script, minor fixes, better docs

Installation script

make install tries to find a POSIX-compliant shell, copies lpassh-add and its manual to /opt/lpassh-add and adds /opt/lpassh-add/bin to your PATH (if you're using bash).

Fixes

• Now exits with a proper status code when it receives a signal.
• No longer calls the exit handler from the exit handler.
• Redirects are no longer attached to control structures to improve portability.
• Fixed a minor bug in warn that didn’t actually occur.
• Simplified code (askpass was removed entirely, other minor simplifications).

Documentation

More extensive where it should be, less extensive where it shouldn't.

Installation script, Minor fixes, better documentation

Installation script

make install tries to find a POSIX-compliant shell, a good installation directory, and a suitable directory for the manual.

Fixes

• Now exits with a proper status code when it receives a signal.
• No longer calls exit handler from exit handler.
• Redirects are no longer attached to control structures to improve portability.
• Fixed a minor bug in warn that didn’t actually occur.
• Simplified code (askpass was removed entirely, other minor simplifications).

Documentation

More extensive where it should be, less extensive where it shouldn't.

Major, security-relevant update

SECURITY-RELEVANT CHANGES

lpassh-add up to v1.0.5 uses here documents (i.e., cat <<EOF) to make sure that passphrases don’t show up in the output of ps -f, because printf may not be a builtin command of the shell that runs lpassh-add. This was misguided. Many shells implement here documents using temporary files, including many modern ones. cat <<EOF is still better than printf if printf isn't a builtin command. However, on most modern shells, it is. So, using printf is typically safe. lpassh-add from v1.1.0 onwards uses printf for writing passphrases to buffers, making sure that it's a builtin.

New features

• Now uses the LastPass agent by default. (This can be changed by setting LPASS_AGENT_DISABLE or LPASSH_ADD_AGENT_DISABLE.)
• Now considers every item in LastPass an SSH key that matches the regular expression "ssh". (This can be changed by setting LPASSH_ADD_PATH_REGEX.) As a consequence, it should now "just work" for most users. It's also faster.
• Now also respects the environment variable LPASS_ASKPASS.
• No longer uses temporary files or directories.

Obsoleted features

The environment variables LPASSH_ADD_KEYS and LPASSH_ADD_IGNORE_KEYS are no longer supported. You can pass keys as arguments to lpassh-add. So you can use an alias instead.

Codebase

I have simplified the code a lot. It's also much more extensively documented.

Cleaner code and bugfixes

I've re-factored the code. It’s now a lot more readable. I also fixed some minor bugs along the way.

• lpassh-add now makes ure to terminate its children.
• The temporary directory is only deleted if it has been created.
• The PID message is now clearer.

Bugfix

lpassh-add can now be called again.