Rewrite and simplification of id-init

Did a complete rewrite and simplication of id-init to use only pass and to cutout KeePassXC. The new implementation simply creates a temporary executable that runs "pass ssh", sets it as the SSH_ASKPASS program, and runs ssh-add. This prompts for and caches the GPG key password when running "pass ssh". The output of that command is then used as the input for the password prompt of ssh-add, which then succeeds and adds the SSH key to the agent.
author: Sam Chudnick <sam@chudnick.com> 2022-06-16 20:51:52 -0400
committer: Sam Chudnick <sam@chudnick.com> 2022-06-16 20:51:52 -0400
commit: 106f5faba0e8e5dc844a806a9149316b2657951b (patch)
tree: c7251143cb44d3a3ce73224d7a3a7c7a28dd2cc2
parent: b0a2c1c5800c30ecf37311885ce11f244102873e (diff)
1 files changed, 9 insertions, 31 deletions
diff --git a/.local/bin/id-init b/.local/bin/id-init
index 11221c3..72f8cbe 100755
--- a/.local/bin/id-init
+++ b/.local/bin/id-init
@@ -1,31 +1,9 @@
-#!/bin/bash
+#!/bin/sh
-#
-# Initalizes various identity management programs
+tmpfile="$(mktemp)"
-#
+chmod 700 $tmpfile
-# Must be run with bash (or probably any other shell that is not narrowly posix-compliant)
+echo "pass ssh" > $tmpfile
-# to use here-string redirection
+export SSH_ASKPASS="$tmpfile"
+export SSH_ASKPASS_REQUIRE="force"
-# Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC
+ssh-add
-# Caching the GPG passphrase will allow access to pass without user input
+rm $tmpfile
-# 
-# gpg-agent must be started with --allow-preset-passhprase or have it in the config file
-# gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours
-# you may want to increase that if you want the password to be cached for the whole session
-get_pass() {
-        continue=1
-        while [ $continue -eq 1 ]
-        do
-                keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG
-                continue=$?
-        done
-}
-KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)"
-/usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP <<< "$(get_pass)"
-# Open graphical KeePassXC with password stored in pass, now that pass can be accessed
-# without entering credentials for the GPG key
-# This will also add SSH keys to ssh-agent
-keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)"
author	Sam Chudnick <sam@chudnick.com>	2022-06-16 20:51:52 -0400
committer	Sam Chudnick <sam@chudnick.com>	2022-06-16 20:51:52 -0400
commit	106f5faba0e8e5dc844a806a9149316b2657951b (patch)
tree	c7251143cb44d3a3ce73224d7a3a7c7a28dd2cc2
parent	b0a2c1c5800c30ecf37311885ce11f244102873e (diff)

diff --git a/.local/bin/id-init b/.local/bin/id-init index 11221c3..72f8cbe 100755 --- a/.local/bin/id-init +++ b/.local/bin/id-init
@@ -1,31 +1,9 @@
1	#!/bin/bash	1	#!/bin/sh
2	#	2
3	# Initalizes various identity management programs	3	tmpfile="$(mktemp)"
4	#	4	chmod 700 $tmpfile
5	# Must be run with bash (or probably any other shell that is not narrowly posix-compliant)	5	echo "pass ssh" > $tmpfile
6	# to use here-string redirection	6	export SSH_ASKPASS="$tmpfile"
7		7	export SSH_ASKPASS_REQUIRE="force"
8	# Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC	8	ssh-add
9	# Caching the GPG passphrase will allow access to pass without user input	9	rm $tmpfile
10	#
11	# gpg-agent must be started with --allow-preset-passhprase or have it in the config file
12	# gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours
13	# you may want to increase that if you want the password to be cached for the whole session
14
15	get_pass() {
16	continue=1
17	while [ $continue -eq 1 ]
18	do
19	keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG
20	continue=$?
21	done
22	}
23
24	KEYGRIP="$(gpg -K --with-keygrip --with-colons \| grep grp \| tail -n 1 \| cut -d':' -f10)"
25	/usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP <<< "$(get_pass)"
26
27	# Open graphical KeePassXC with password stored in pass, now that pass can be accessed
28	# without entering credentials for the GPG key
29	# This will also add SSH keys to ssh-agent
30
31	keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)"