KeepassXC mode: "open" does not work with args ["--yubikey", "1:2343434"]
mihakrumpestar opened this issue · 1 comments
Describe the bug
When KeepassXC mode is set to open, the open command is positioned after arguments (e.g., /usr/local/bin/keepassxc-cli --no-password --yubikey 1:2343434 open <path>) instead of the valid syntax (e.g., /usr/local/bin/keepassxc-cli open --no-password --yubikey 1:2343434 <path>). Due to this, the HMAC-SHA1 slot number (and key ID) is interpreted as command instead of being value of the argument.
To reproduce
chezmoi.yml
keepassxc:
database: "~/Desktop/KeePass.kdbx"
args: ["--no-password", "--yubikey", "1:2343434"]
mode: "open"
prompt: falseExpected behavior
Chezmoi should prompt me to unlock YubiKey once and remember the session (never prompt me again in this run).
Output of command with the --debug flag
$ chezmoi apply --debug
...
time=2024-08-20T20:38:01.042+02:00 level=INFO msg=Start cmd="/usr/local/bin/keepassxc-cli --no-password --yubikey 1:1097617 open /home/<user>/Desktop/KeePass.kdbx" start=2024-08-20T20:38:01.042+02:00 err=<nil>
chezmoi: etc/ssh/sshd_config: template: etc/ssh/sshd_config.tmpl:1:3: executing "etc/ssh/sshd_config.tmpl" at <keepassxcAttribute "sshd-config" "sshd_config">: error calling keepassxcAttribute: Invalid command 1:1097617.Output of chezmoi doctor
$ chezmoi doctor
RESULT CHECK MESSAGE
warning version v2.52.1, built by nixpkgs
ok latest-version v2.52.1
ok os-arch linux/amd64 (Arch Linux)
ok uname Linux <hostname> 6.10.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 15 Aug 2024 00:25:30 +0000 x86_64 GNU/Linux
ok go-version go1.22.5 (gc)
ok executable /nix/store/0nbd9r0j2kyzi6rlmpn65mydwm3whlk0-chezmoi-2.52.1/bin/chezmoi
ok upgrade-method sudo-upgrade-package
ok config-file ~/.config/chezmoi/chezmoi.yaml, last modified 2024-08-20T20:36:55+02:00
error source-dir open ~/.local/share/chezmoi: no such file or directory
ok suspicious-entries ~/.local/share/chezmoi: no such file or directory
error working-tree open ~/.local/share/chezmoi: no such file or directory
ok dest-dir ~ is a directory
ok umask 022
ok cd-command found /usr/bin/bash
ok cd-args /usr/bin/bash
info diff-command not set
ok edit-command found ~/.local/share/devbox/global/default/.devbox/nix/profile/default/bin/codium
ok edit-args ~/.local/share/devbox/global/default/.devbox/nix/profile/default/bin/codium
ok git-command found ~/.local/share/devbox/global/default/.devbox/nix/profile/default/bin/git, version 2.45.2
ok merge-command found ~/.local/share/devbox/global/default/.devbox/nix/profile/default/bin/codium
ok shell-command found /usr/bin/bash
ok shell-args /usr/bin/bash
info age-command age not found in $PATH
ok gpg-command found /usr/bin/gpg, version 2.4.5
info pinentry-command not set
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info bitwarden-secrets-command bws not found in $PATH
info dashlane-command dcli not found in $PATH
info doppler-command doppler not found in $PATH
info gopass-command gopass not found in $PATH
ok keepassxc-command found ~/.local/share/devbox/global/default/.devbox/nix/profile/default/bin/keepassxc-cli, version 2.7.9
ok keepassxc-db ~/Desktop/digital-identity/KeePass.kdbx is a file
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info rbw-command rbw not found in $PATH
info vault-command vault not found in $PATH
info vlt-command vlt not found in $PATH
info secret-command not setAdditional info
Validated that the operation works with correct order of command and arguments:
keepassxc-cli open --no-password --yubikey 1:2343434 <path>Thanks for reporting this. keepassxc-cli is one of those annoying programs where the position of command line flags matters :( Fix coming up.