m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-09-17 18:24:06 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2012-09-17 23:45:13 +0200
commit7ea239e376bbdf88e2a2c9eb2f77363eafa7a612 (patch)
treec73bbe149ea5fa64ab0192477859155204674cf6 /src
parent65a4751b3802ca84904385646b95ff15bae89e70 (diff)
Abstract potentially platform specific commands into their own commands.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/password-store.sh83
-rw-r--r--src/platform/darwin.sh32
2 files changed, 82 insertions, 33 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 0a12d67..e30adff 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -7,11 +7,11 @@ umask 077
PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
ID="$PREFIX/.gpg-id"
-GIT="$PREFIX/.git"
+GIT_DIR="$PREFIX/.git"
GPG_OPTS="--quiet --yes --batch"
-export GIT_DIR="$GIT"
-export GIT_WORK_TREE="$PREFIX"
+export GIT_DIR
+export GIT_DIR_WORK_TREE="$PREFIX"
version() {
cat <<_EOF
@@ -67,6 +67,10 @@ isCommand() {
*) return 1 ;;
esac
}
+
+#
+# BEGIN Platform definable
+#
clip() {
# This base64 business is a disgusting hack to deal with newline inconsistancies
# in shell. There must be a better way to deal with this, but because I'm a dolt,
@@ -89,6 +93,29 @@ clip() {
) & disown
echo "Copied $2 to clipboard. Will clear in 45 seconds."
}
+tmpdir() {
+ if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
+ tmp_dir="$(TMPDIR=/dev/shm mktemp -t "$template" -d)"
+ else
+ prompt=$(echo "Your system does not have /dev/shm, which means that it may"
+ echo "be difficult to entirely erase the temporary non-encrypted"
+ echo "password file after editing. Are you sure you would like to"
+ echo -n "continue? [y/N] ")
+ read -p "$prompt" yesno
+ [[ $yesno == "y" || $yesno == "Y" ]] || exit 1
+ tmp_dir="$(mktemp -t "$template" -d)"
+ fi
+
+}
+GPG="gpg"
+GETOPT="getopt"
+
+# source /path/to/platform-defined-functions
+#
+# END Platform definable
+#
+
+
program="$(basename "$0")"
command="$1"
if isCommand "$command"; then
@@ -134,7 +161,7 @@ case "$command" in
show|ls|list)
clip=0
- opts="$(getopt -o c -l clip -n $program -- "$@")"
+ opts="$($GETOPT -o c -l clip -n $program -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
@@ -162,9 +189,9 @@ case "$command" in
exit 1
fi
if [ $clip -eq 0 ]; then
- exec gpg -d $GPG_OPTS "$passfile"
+ exec $GPG -d $GPG_OPTS "$passfile"
else
- clip "$(gpg -d $GPG_OPTS "$passfile" | head -n 1)" "$path"
+ clip "$($GPG -d $GPG_OPTS "$passfile" | head -n 1)" "$path"
fi
fi
;;
@@ -173,7 +200,7 @@ case "$command" in
noecho=0
force=0
- opts="$(getopt -o mnf -l multiline,no-echo,force -n $program -- "$@")"
+ opts="$($GETOPT -o mnf -l multiline,no-echo,force -n $program -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
@@ -201,7 +228,7 @@ case "$command" in
if [[ $multiline -eq 1 ]]; then
echo "Enter contents of $path and press Ctrl+D when finished:"
echo
- cat | gpg -e -r "$ID" -o "$passfile" $GPG_OPTS
+ cat | $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS
elif [[ $noecho -eq 1 ]]; then
while true; do
read -p "Enter password for $path: " -s password
@@ -209,7 +236,7 @@ case "$command" in
read -p "Retype password for $path: " -s password_again
echo
if [[ $password == $password_again ]]; then
- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password"
+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password"
break
else
echo "Error: the entered passwords do not match."
@@ -217,9 +244,9 @@ case "$command" in
done
else
read -p "Enter password for $path: " -e password
- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password"
+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password"
fi
- if [[ -d $GIT ]]; then
+ if [[ -d $GIT_DIR ]]; then
git add "$passfile"
git commit -m "Added given password for $path to store."
fi
@@ -237,31 +264,21 @@ case "$command" in
trap 'rm -rf "$tmp_dir" "$tmp_file"' INT TERM EXIT
- if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
- tmp_dir="$(TMPDIR=/dev/shm mktemp -t $template -d)"
- else
- prompt=$(echo "Your system does not have /dev/shm, which means that it may"
- echo "be difficult to entirely erase the temporary non-encrypted"
- echo "password file after editing. Are you sure you would like to"
- echo -n "continue? [y/N] ")
- read -p "$prompt" yesno
- [[ $yesno == "y" || $yesno == "Y" ]] || exit 1
- tmp_dir="$(mktemp -t $template -d)"
- fi
- tmp_file="$(TMPDIR="$tmp_dir" mktemp -t $template)"
+ tmpdir #Defines $tmp_dir
+ tmp_file="$(TMPDIR="$tmp_dir" mktemp -t "$template")"
action="Added"
if [[ -f $passfile ]]; then
- gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1
+ $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1
action="Edited"
fi
${EDITOR:-vi} "$tmp_file"
- while ! gpg -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do
+ while ! $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do
echo "GPG encryption failed. Retrying."
sleep 1
done
- if [[ -d $GIT ]]; then
+ if [[ -d $GIT_DIR ]]; then
git add "$passfile"
git commit -m "$action password for $path using ${EDITOR:-vi}."
fi
@@ -270,7 +287,7 @@ case "$command" in
clip=0
symbols="-y"
- opts="$(getopt -o nc -l no-symbols,clip -n $program -- "$@")"
+ opts="$($GETOPT -o nc -l no-symbols,clip -n $program -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
@@ -292,8 +309,8 @@ case "$command" in
mkdir -p -v "$PREFIX/$(dirname "$path")"
pass="$(pwgen -s $symbols $length 1)"
passfile="$PREFIX/$path.gpg"
- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass"
- if [[ -d $GIT ]]; then
+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass"
+ if [[ -d $GIT_DIR ]]; then
git add "$passfile"
git commit -m "Added generated password for $path to store."
fi
@@ -308,7 +325,7 @@ case "$command" in
delete|rm|remove)
recursive=""
force="-i"
- opts="$(getopt -o rf -l recursive,force -n $program -- "$@")"
+ opts="$($GETOPT -o rf -l recursive,force -n $program -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
@@ -331,13 +348,13 @@ case "$command" in
fi
fi
rm $recursive $force -v "$passfile"
- if [[ -d $GIT && ! -e $passfile ]]; then
+ if [[ -d $GIT_DIR && ! -e $passfile ]]; then
git rm -r "$passfile"
git commit -m "Removed $path from store."
fi
;;
push|pull)
- if [[ -d $GIT ]]; then
+ if [[ -d $GIT_DIR ]]; then
exec git $command "$@"
else
echo "Error: the password store is not a git repository."
@@ -345,7 +362,7 @@ case "$command" in
fi
;;
git)
- if [[ $1 == "init" || -d $GIT ]]; then
+ if [[ $1 == "init" || -d $GIT_DIR ]]; then
exec git "$@"
else
echo "Error: the password store is not a git repository."
diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
new file mode 100644
index 0000000..3370618
--- /dev/null
+++ b/src/platform/darwin.sh
@@ -0,0 +1,32 @@
+clip() {
+ before="$(pbpaste | openssl base64)"
+ echo -n "$1" | pbcopy
+ (
+ sleep 45
+ now="$(pbpaste | openssl base64)"
+ if [[ $now != $(echo -n "$1" | openssl base64) ]]; then
+ before="$now"
+ fi
+ echo "$before" | openssl base64 -d | pbcopy
+ ) & disown
+ echo "Copied $2 to clipboard. Will clear in 45 seconds."
+}
+
+tmpdir() {
+ cleanup_tmp() {
+ [[ -d $tmp_dir ]] || return
+ rm -rf "$tmp_file" "$tmp_dir" 2>/dev/null
+ umount "$tmp_dir"
+ diskutil quiet eject "$ramdisk_dev"
+ rmdir "$tmp_dir"
+ }
+ trap cleanup_tmp INT TERM EXIT
+ tmp_dir="$(mktemp -t $template -d)"
+ ramdisk_dev="$(hdid -drivekey system-image=yes -nomount 'ram://32768' | cut -d ' ' -f 1)" # 32768 sectors = 16 mb
+ [[ -z $ramdisk_dev ]] && exit 1
+ newfs_hfs -M 700 "$ramdisk_dev" &>/dev/null || exit 1
+ mount -t hfs -o noatime -o nobrowse "$ramdisk_dev" "$tmp_dir" || exit 1
+}
+
+GPG="gpg2"
+GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || echo /usr/local)/bin/getopt"