Files
dotfiles/bin/.local/bin/load_keys

88 lines
2.3 KiB
Bash
Executable File

#!/usr/bin/env bash
set -euo pipefail
log() { printf '%s\n' "$*" >&2; }
HOST="${HOST:-$(hostname -s 2>/dev/null || hostname)}"
PASS_BASE="personal/ssh"
STORE_ROOT="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
ABS_BASE_PATH="${STORE_ROOT}/${PASS_BASE}"
log "load_keys: host=$HOST"
log "load_keys: SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-<unset>}"
log "load_keys: PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-<unset>}"
log "load_keys: STORE_ROOT=$STORE_ROOT"
log "load_keys: PASS_BASE=$PASS_BASE"
# Require an existing ssh-agent (do NOT start one here)
if [[ -z "${SSH_AUTH_SOCK:-}" || ! -S "${SSH_AUTH_SOCK:-}" ]]; then
log "ERROR: SSH_AUTH_SOCK is unset or not a socket: ${SSH_AUTH_SOCK:-<unset>}"
exit 2
fi
# ssh-add -l exit codes: 0 = has keys, 1 = no keys, 2 = cannot connect
rc=0
ssh-add -l >/dev/null 2>&1 || rc=$?
if [[ $rc -eq 2 ]]; then
log "ERROR: Cannot connect to ssh-agent at SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
exit 2
fi
# rc 0 or 1 are OK here
# pinentry hygiene (helps in emacs -nw)
if [[ -t 0 || -t 1 || -t 2 ]]; then
export GPG_TTY="$(tty 2>/dev/null || true)"
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1 || true
fi
# Verify pass store path exists
if [[ ! -d "$ABS_BASE_PATH" ]]; then
log "ERROR: Base path not found: $ABS_BASE_PATH"
exit 1
fi
# Find host-matching identity directories
dirs=()
while IFS= read -r d; do
dirs+=("$d")
done < <(find "$ABS_BASE_PATH" -mindepth 1 -maxdepth 1 -type d -name "*${HOST}*" 2>/dev/null || true)
if [[ ${#dirs[@]} -eq 0 ]]; then
log "ERROR: No identity directories matched '*${HOST}*' under '${PASS_BASE}'"
log " Looked under: $ABS_BASE_PATH"
exit 1
fi
loaded=0
for dir in "${dirs[@]}"; do
identity="$(basename "$dir")"
# newest by filename (ISO date sort), portable
latest="$(
(cd "$dir" && ls -1 *.gpg 2>/dev/null | sed 's/\.gpg$//' | sort -r | head -n 1) || true
)"
if [[ -z "$latest" ]]; then
log "WARN: No .gpg files in ${PASS_BASE}/${identity}"
continue
fi
entry="${PASS_BASE}/${identity}/${latest}"
log "Adding key from: $entry"
if pass show "$entry" | ssh-add - >/dev/null; then
loaded=1
else
log "ERROR: Failed to add key from: $entry"
exit 1
fi
done
if [[ $loaded -eq 0 ]]; then
log "ERROR: Matching directories found, but no keys were loaded."
exit 1
fi
log "OK: keys loaded into agent"