keymanagement.sh
3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
SSH_KEYGEN="/usr/bin/ssh-keygen"
SSH_ADD="/usr/bin/ssh-add"
export SSH_KEYGEN SSH_ADD
IDENTITY_FILE="${HOME}/.ssh/ident"
SSH_AGENT_FILE="${HOME}/.ssh/agent.info"
GPG_TTY=$(tty)
export IDENTITY_FILE SSH_AGENT_FILE GPG_TTY
alias ssh_init_github="ssh-add ${HOME}/.ssh/ident-github ${HOME}/.ssh/getcred_github.sh"
function ssh-keygen() {
local ident="${1:-${IDENTITY_FILE}}"
${SSH_KEYGEN} -f "${ident}" "$@"
}
function ssh-add() {
local ident="${1}"
local ask_pass ident_file
if [[ "${ident}" ]]
then
ask_pass="${HOME}/.ssh/getcred_${ident}.sh"
ident_file="${HOME}/.ssh/ident-${ident}"
else
ask_pass="${HOME}/.ssh/getcred.sh"
ident_file="${HOME}/.ssh/ident"
fi
if [[ '-' != "${ident:0:1}" ]]
then
DISPLAY=:0.0 SSH_ASKPASS="${ask_pass}" \
${SSH_ADD} ${ident_file} 2>/dev/null </dev/null
else
${SSH_ADD} "$@"
fi
}
function ssh-init-agent() {
local CAT="/bin/cat"
local PS="/bin/ps"
local ECHO="/bin/echo"
local SSH_AGENT="/usr/bin/ssh-agent"
local MKTEMP="/usr/bin/mktemp"
[[ -e "${SSH_AGENT_FILE}" ]] && eval $(${CAT} "${SSH_AGENT_FILE}") >/dev/null
# printf "|ssh-agent| %s\n" "${SSH_AUTH_SOCK}" "${SSH_AGENT_PID}"
if [[ "x" != x${SSH_AGENT_PID} ]]
then
if [[ "ssh-agent" = "$(${PS} -p ${SSH_AGENT_PID} -o comm=)" ]]
then
return
fi
fi
insert_keypair "/authdata/${USER}/.ecryptfs" authdata
mount_crypt authdata
${ECHO} -n "start ssh-agent ... "
local SOCKDIR="$(${MKTEMP} -d -p "${TMPDIR}" agent-XXXXXXXX)"
${SSH_AGENT} -a "${SOCKDIR}/agent.${PPID}" >"${SSH_AGENT_FILE}"
if [[ 0 -eq $? ]]
then
eval $(${CAT} "${SSH_AGENT_FILE}") >/dev/null
${ECHO} "OK"
ssh-add
else
${ECHO} "FAILED"
fi
umount_crypt authdata
}
function gpg-init-agent() {
local AWK="/usr/bin/awk"
local SED="/bin/sed"
local LSOF="/usr/bin/lsof"
local CAT="/bin/cat"
local PS="/bin/ps"
local ECHO="/bin/echo"
local CUT="/usr/bin/cut"
local GPG_AGENT="/usr/bin/gpg-agent"
local GPG_AGENT_ARGS="--daemon --allow-preset-passphrase"
local GPG_PRESET="/usr/libexec/gpg-preset-passphrase"
local CREDDIR="${1}"
local KEYGRIP="D17D6099DA4F7CF580991F6525BAC9DB841C9B30"
local SUBKEYGRIP="BE4A9914142B488736792B9CBE01AE3A94D96E7A"
export GPG_AGENT_SOCK="${RUNDIR}/gnupg/S.gpg-agent"
if [[ -e "${GPG_AGENT_SOCK}" ]]
then
local SOCK_OPEN_PID="$(${LSOF} -w -F p ${GPG_AGENT_SOCK}|tr -d "p ")"
fi
GPG_AGENT_PID="$(${PS} -C gpg-agent -o pid=|tr -d " ")"
# printf "|gpg-agent| %s\n" \
# "${GPG_AGENT_SOCK}" \
# "${GPG_AGENT_PID}" \
# "open socket on: ${SOCK_OPEN_PID}"
if [[ "${SOCK_OPEN_PID}" && ${GPG_AGENT_PID} -eq ${SOCK_OPEN_PID} ]]
then
:
else
insert_keypair "/authdata/${USER}/.ecryptfs" authdata
mount_crypt authdata
${ECHO} -n "start gpg-agent ... "
eval ${GPG_AGENT} ${GPG_AGENT_ARGS}
if [[ 0 -eq $? ]]
then
${CAT} "${CREDDIR}/gpg.pw" | ${GPG_PRESET} --preset ${KEYGRIP}
${CAT} "${CREDDIR}/gpg.pw" | ${GPG_PRESET} --preset ${SUBKEYGRIP}
${ECHO} "OK"
GPG_AGENT_PID="$(${PS} -C ${USER} -o pid=|tr -d "")"
else
${ECHO} "FAILED"
fi
umount_crypt authdata
fi
export GPG_AGENT_PID
}
# vim: set ft=sh ts=4 sw=4: