Lastpass Arch

Lastpass Arch

Lastpass needs openssl v 1.0 but current arch linux version is openssl v 1.1 odysseywestra commented on 2019-01-04 23:04 I also Migrated over from Lastpass to Bitwarden, so disowning the package as well. LastPass Authenticator is a two-factor authentication app for your LastPass account and other supported apps. LastPass Authenticator offers simple, secure authentication to your accounts by generating passcodes for login or receiving push notifications for one-tap approval. LastPass command line interface tool. Contribute to ifel/lastpass-cli development by creating an account on GitHub.

Introducing pass

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.

pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It's capable of temporarily putting passwords on your clipboard and tracking password changes using git.

You can edit the password store using ordinary unix shell commands alongside the pass command. There are no funky file formats or new paradigms to learn. There is bashcompletion so that you can simply hit tab to fill in names and commands, as well as completion for zsh and fish available in the completion folder. The very active community has produced many impressive clients and GUIs for other platforms as well as extensions for pass itself.

Lastpass Architecture

The pass command is extensively documented in its man page.

Using the password store

We can list all the existing passwords in the store:

And we can show passwords too:

Or copy them to the clipboard:

There will be a nice password input dialog using the standard gpg-agent (which can be configured to stay authenticated for several minutes), since all passwords are encrypted.

We can add existing passwords to the store with insert:

This also handles multiline passwords or other data with --multiline or -m, and passwords can be edited in your default text editor using pass edit pass-name.

The utility can generate new passwords using /dev/urandom internally:

It's possible to generate passwords with no symbols using --no-symbols or -n, and we can copy it to the clipboard instead of displaying it at the console using --clip or -c.

And of course, passwords can be removed:

If the password store is a git repository, since each manipulation creates a git commit, you can synchronize the password store using pass git push and pass git pull, which call git-push or git-pull on the store.

You can read more examples and more features in the man page.

Setting it up

To begin, there is a single command to initialize the password store:

Here, ZX2C4 Password Storage Key is the ID of my GPG key. You can use your standard GPG key or use an alternative one especially for the password store as shown above. Multiple GPG keys can be specified, for using pass in a team setting, and different folders can have different GPG keys, by using -p.

We can additionally initialize the password store as a git repository:

If a git repository is initialized, pass creates a git commit each time the password store is manipulated.

There is a more detailed initialization example in the man page.


The latest version is 1.7.3.

Ubuntu / Debian

Fedora / RHEL






The password store is available through the Homebrew package manager:



The tarball contains a generic makefile, for which a simple sudo make install should do the trick.

Git Repository

You may browse the git repository or clone the repo:

All releases are tagged, and the tags are signed with 0xA5DE03AE.

Data Organization

Usernames, Passwords, PINs, Websites, Metadata, et cetera

The password store does not impose any particular schema or type of organization of your data, as it is simply a flat text file, which can contain arbitrary data. Though the most common case is storing a single password per entry, some power users find they would like to store more than just their password inside the password store, and additionally store answers to secret questions, website URLs, and other sensitive information or metadata. Since the password store does not impose a scheme of it's own, you can choose your own organization. There are many possibilities.

One approach is to use the multi-line functionality of pass (--multiline or -m in insert), and store the password itself on the first line of the file, and the additional information on subsequent lines. For example, Amazon/bookreader might look like this:

This is the preferred organzational scheme used by the author. The --clip / -c options will only copy the first line of such a file to the clipboard, thereby making it easy to fetch the password for login forms, while retaining additional information in the same file.

Lastpass Security Architecture

Another approach is to use folders, and store each piece of data inside a file in that folder. For example Amazon/bookreader/password would hold bookreader's password inside the Amazon/bookreader directory, and Amazon/bookreader/secretquestion1 would hold a secret question, and Amazon/bookreader/sensitivecode would hold something else related to bookreader's account. And yet another approach might be to store the password in Amazon/bookreader and the additional data in Amazon/bookreader.meta. And even another approach might be use multiline, as outlined above, but put the URL template in the filename instead of inside the file.

The point is, the possibilities here are extremely numerous, and there are many other organizational schemes not mentioned above; you have the freedom of choosing the one that fits your workflow best.

Extensions for pass

Lastpass Arch

In order to faciliate the large variety of uses users come up with, pass supports extensions. Extensions installed to /usr/lib/password-store/extensions (or some distro-specific variety of such) are always enabled. Extensions installed to ~/.password-store/.extensions/COMMAND.bash are enabled if the PASSWORD_STORE_ENABLE_EXTENSIONS environment variable is true Read the man page for more details.

The community has produced many such extensions:

  • pass-tomb: manage your password store in a Tomb
  • pass-update: an easy flow for updating passwords
  • pass-import: a generic importer tool from other password managers
  • pass-extension-tail: a way of printing only the tail of a file
  • pass-extension-wclip: a plugin to use wclip on Windows
  • pass-otp: support for one-time-password (OTP) tokens

Compatible Clients

The community has assembled an impressive list of clients and GUIs for various platforms:

  • passmenu: an extremely useful and awesome dmenu script
  • qtpass: cross-platform GUI client
  • Android-Password-Store: Android app
  • passforios: iOS app
  • pass-ios: (older) iOS app
  • passff: Firefox plugin
  • browserpass: Chrome plugin
  • Pass4Win: Windows client
  • pext_module_pass: module for Pext
  • gopass: Go GUI app
  • upass: interactive console UI
  • alfred-pass: Alfred integration
  • pass-alfred: Alfred integration
  • simple-pass-alfred: Alfred integration
  • pass.applescript: OS X integration
  • pass-git-helper: git credential integration
  • password-store.el: an emacs package
  • XMonad.Prompt.Pass: prompt for Xmonad

Migrating to pass

To free password data from the clutches of other (bloated) password managers, various users have come up with different password store organizations that work best for them. Some users have contributed scripts to help import passwords from other programs:

  • 1password2pass.rb: imports 1Password txt or 1pif data
  • keepassx2pass.py: imports KeepassX XML data
  • keepass2csv2pass.py: imports Keepass2 CSV data
  • keepass2pass.py: imports Keepass2 XML data
  • fpm2pass.pl: imports Figaro's Password Manager XML data
  • lastpass2pass.rb: imports Lastpass CSV data
  • kedpm2pass.py: imports Ked Password Manager data
  • revelation2pass.py: imports Revelation Password Manager data
  • gorilla2pass.rb: imports Password Gorilla data
  • pwsafe2pass.sh: imports PWSafe data
  • kwallet2pass.py: imports KWallet data
  • roboform2pass.rb: imports Roboform data
  • password-exporter2pass.py: imports password-exporter data
  • pwsafe2pass.py: imports pwsafe data
  • firefox_decrypt: full blown Firefox password interface, which supports exporting to pass

Credit & License

pass was written by Jason A. Donenfeld of zx2c4.com and is licensed under the GPLv2+.


This is a very active project with a healthy dose of contributors. The best way to contribute to the password store is to join the mailing list and send git formatted patches. You may also join the discussion in #pass on Freenode.

Package Details: lastpass

Package Actions

  • View PKGBUILD / View Changes
Lastpass archive logins
Git Clone URL: https://aur.archlinux.org/lastpass.git (read-only, click to copy)
Package Base: lastpass
Description: The Universal LastPass installer for Firefox, Chrome, and Opera
Upstream URL: https://lastpass.com
Licenses: custom
Submitter: Det
Maintainer: eschwartz
Last Packager: eschwartz
Votes: 95
Popularity: 0.031277
First Submitted: 2013-06-02 17:50
Last Updated: 2020-09-09 00:31

Dependencies (4)

  • unzip(unzip-natspec, unzip-iconv)(make)
  • chromium(chromium-dev-ozone, chromium-beta-ozone, chromium-ozone, ungoogled-chromium-git, chromium-snapshot-bin, chromium-no-extras, chromium-vaapi, ungoogled-chromium)(optional)
  • firefox(firefox56, firefox-unbranded, firefox-esr-pt-br-bin, firefox-nightly-zh-cn, firefox-developer-edition-firefox-symlink-latest, firefox-hg, firefox-esr68-bin, firefox-esr52, firefox-fuckpa, fedora-firefox-wayland-bin, librewolf-firefox-shim, firefox-nightly-zh-tw, firefox-nightly-es-es, firefox-ubuntu-bin, firefox-wayland-hg, firefox-appmenu, firefox-kde-opensuse-rpm, firefox-appmenu-bin, firefox-kde-opensuse, firefox-kde-opensuse-bin, firefox-esr-bin, firefox-esr, firefox-beta-bin, firefox-beta, firefox-bin, firefox-beta-bin-all-localizations)(optional)
  • google-chrome(google-chrome-dev, google-chrome-beta)(optional)

Sources (7)

eschwartz commented on 2020-09-09 00:31

Nice diff there for install_lastpass.sh.

What a waste of time this bump is. Grrr.

This file isn't even used by the package. I'm fixing this without bumping pkgrel, users who successfully built it in the past are unaffected.

daniel_shub commented on 2020-09-08 23:59

I am getting a build error for with makepkg in a clean chroot. The sha256 checksum of the lplinux-4.1.59.tar.bz2 file that gets downloaded (826e383a6bad905d942e22b14aee67dbc39e8f7a5243d706af787c8fcec6f158) does not match the checksum in the PKGBUILD. Looking at the downloaded lplinux-4.1.59.tar.bz2 file, while the version number has not changed with the updated lastpass/PKGBUILD, the tarball now contains a file with a date of 2020-08-31, which makes me think they may have changed something behind the scenes without incrementing the version number.

Det commented on 2019-07-11 11:51

He responses in complaining manners, but he's right.

eschwartz commented on 2019-04-03 17:17

No, it really isn't bad practice. It is bad practice to fail hard because you have a tightly interwoven dependency on makepkg internals (and the format that is absolutely, positively, guaranteedly documented, since I wrote the documentation). Given I have actually discussed this with one of the lead developers of yay, and my advice to not be vulnerable to breaking for any reason, was accepted, I consider myself justified in adding this.

I did not break yay. I discovered that yay was already broken. I also guaranteed that yay-git now supports upcoming versions of pacman.

Furthermore, the official policy of the AUR is that if an AUR helper does not work, you should use makepkg directly, and if makepkg itself does work, then the problem is automatically with the AUR helper and only the AUR helper.

I am not changing this, and it is not open for debate.

gromain commented on 2019-04-03 17:00

I think that adding an unreleased and undocumented feature to something is bad practice too, since it breaks tools that could not have been informed of coming changes.

thayne commented on 2019-04-01 06:49

Is b2sums supported by makepkg? I can't find any documentation on it.

linuxninja commented on 2019-04-01 02:18

Thanks for your quick response, and all of your hard work! Sometimes it's just not obvious how to prevent breaking changes, ey?

I will follow-up by reporting this issue via yay's reporting mechanism (github issues). I'll have to check the yay-git package to be sure it hasn't already been fixed, there, and maybe just a new release of yay is all that is needed.

eschwartz commented on 2019-04-01 02:04

Was this tested?

It was tested to work with makepkg, which is the gold standard...

I don't exactly test what every fad AUR helper does. Note that this sort of heuristic blacklisting of perfectly good packages means that yay would not work for packages that implement new features, immediately after makepkg itself received a new release. So I don't generally encourage this sort of error-checking anyway. It gives me flashbacks to pacaur and its 'mismatched srcinfo' errors.

linuxninja commented on 2019-04-01 02:00

for the less informed who run into this issue, here's the quick and dirty on upgrading the aur package when yay breaks:

cd ~/.cache/yay/lastpass

makepkg -si

linuxninja commented on 2019-04-01 01:56

Lastpass Archive Sites

I'm also running into a breaking error with aur package upgrades:

Lastpass Architecture

yay error message:

:: Parsing SRCINFO (1/1): lastpassfailed to parse lastpass: Line 30: Unknown key: 'b2sums': b2sums = 493334b0cf11abe2add52a2935b1e3a4afdffd8b4b64d659913084257af058c51b2157fb1fdb4f78da9dee9f61750bcd0614661b092a66c6fd252eff35f348f8

This is a fatal error and aborts the entire yay run. I would suggest adding an as-yet unsupported line to the config is not backwards compatible for the various AUR tools. Maybe those tools should be given some time to either ignore invalid config lines, or add support for the new proposed config lines.

Was this tested? Can we remove the b2sums line until tools like yay have some time to get this added?