[ssh] Cleaning up load_keys to be easier to debug
This commit is contained in:
@ -1,42 +1,87 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
log() { printf '%s\n' "$*" >&2; }
|
||||
|
||||
HOST="${HOST:-$(hostname -s 2>/dev/null || hostname)}"
|
||||
PASS_BASE="personal/ssh"
|
||||
STORE_ROOT="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
|
||||
ABS_BASE_PATH="${STORE_ROOT}/${PASS_BASE}"
|
||||
|
||||
# Ensure ssh-agent is running
|
||||
if [[ -z "${SSH_AUTH_SOCK:-}" ]]; then
|
||||
eval "$(ssh-agent -s)"
|
||||
log "load_keys: host=$HOST"
|
||||
log "load_keys: SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-<unset>}"
|
||||
log "load_keys: PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-<unset>}"
|
||||
log "load_keys: STORE_ROOT=$STORE_ROOT"
|
||||
log "load_keys: PASS_BASE=$PASS_BASE"
|
||||
|
||||
# Require an existing ssh-agent (do NOT start one here)
|
||||
if [[ -z "${SSH_AUTH_SOCK:-}" || ! -S "${SSH_AUTH_SOCK:-}" ]]; then
|
||||
log "ERROR: SSH_AUTH_SOCK is unset or not a socket: ${SSH_AUTH_SOCK:-<unset>}"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# Verify the base path exists
|
||||
# ssh-add -l exit codes: 0 = has keys, 1 = no keys, 2 = cannot connect
|
||||
rc=0
|
||||
ssh-add -l >/dev/null 2>&1 || rc=$?
|
||||
if [[ $rc -eq 2 ]]; then
|
||||
log "ERROR: Cannot connect to ssh-agent at SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
|
||||
exit 2
|
||||
fi
|
||||
# rc 0 or 1 are OK here
|
||||
|
||||
# pinentry hygiene (helps in emacs -nw)
|
||||
if [[ -t 0 || -t 1 || -t 2 ]]; then
|
||||
export GPG_TTY="$(tty 2>/dev/null || true)"
|
||||
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1 || true
|
||||
fi
|
||||
|
||||
# Verify pass store path exists
|
||||
if [[ ! -d "$ABS_BASE_PATH" ]]; then
|
||||
echo "ERROR: Base path not found in pass: $PASS_BASE" >&2
|
||||
log "ERROR: Base path not found: $ABS_BASE_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Find host-matching identity directories
|
||||
dirs=()
|
||||
while IFS= read -r d; do
|
||||
dirs+=("$d")
|
||||
done < <(find "$ABS_BASE_PATH" -mindepth 1 -maxdepth 1 -type d -name "*${HOST}*" 2>/dev/null || true)
|
||||
|
||||
# Loop through each identity subdirectory
|
||||
echo -n "Loading ssh keys for host: "
|
||||
while IFS= read -r dir; do
|
||||
IDENTITY=$(basename "$dir")
|
||||
if [[ ${#dirs[@]} -eq 0 ]]; then
|
||||
log "ERROR: No identity directories matched '*${HOST}*' under '${PASS_BASE}'"
|
||||
log " Looked under: $ABS_BASE_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Find the latest .gpg file by name (ISO sort) and hostname
|
||||
LATEST_FILE=$(find "$dir" -maxdepth 1 -name "*.gpg" -exec basename {} \; \
|
||||
| sed 's/\.gpg$//' \
|
||||
| sort -r \
|
||||
| head -n 1)
|
||||
loaded=0
|
||||
|
||||
if [[ -z "$LATEST_FILE" ]]; then
|
||||
for dir in "${dirs[@]}"; do
|
||||
identity="$(basename "$dir")"
|
||||
|
||||
# newest by filename (ISO date sort), portable
|
||||
latest="$(
|
||||
(cd "$dir" && ls -1 *.gpg 2>/dev/null | sed 's/\.gpg$//' | sort -r | head -n 1) || true
|
||||
)"
|
||||
|
||||
if [[ -z "$latest" ]]; then
|
||||
log "WARN: No .gpg files in ${PASS_BASE}/${identity}"
|
||||
continue
|
||||
fi
|
||||
|
||||
echo -n "$HOST"
|
||||
entry="${PASS_BASE}/${identity}/${latest}"
|
||||
log "Adding key from: $entry"
|
||||
|
||||
# Decrypt and pipe directly to ssh-add
|
||||
# The '-' tells ssh-add to read the key from standard input (stdin)
|
||||
pass show "${PASS_BASE}/${IDENTITY}/${LATEST_FILE}" | ssh-add - >/dev/null 2>&1
|
||||
if pass show "$entry" | ssh-add - >/dev/null; then
|
||||
loaded=1
|
||||
else
|
||||
log "ERROR: Failed to add key from: $entry"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
done < <(find "$ABS_BASE_PATH" -mindepth 1 -maxdepth 1 -type d -name "*${HOST}*")
|
||||
if [[ $loaded -eq 0 ]]; then
|
||||
log "ERROR: Matching directories found, but no keys were loaded."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "OK: keys loaded into agent"
|
||||
|
||||
@ -1,14 +1,12 @@
|
||||
# If you come from bash you might have to change your $PATH.
|
||||
export GOPATH="$HOME/.go"
|
||||
export PATH=$HOME/.bin:$HOME/var/bin:/usr/local/bin:$PATH:$HOME/.go/bin:$HOME/.local/bin
|
||||
|
||||
export GIT_CU_DIR="$HOME/src"
|
||||
export ZSH="$HOME/.oh-my-zsh"
|
||||
|
||||
ZSH_THEME="robbyrussell"
|
||||
|
||||
plugins=(git z fzf asdf direnv emacs yarn aws)
|
||||
eval $(ssh-agent)
|
||||
load_keys &>/dev/null
|
||||
|
||||
source $ZSH/oh-my-zsh.sh
|
||||
|
||||
Reference in New Issue
Block a user