local/bin/homeinit: Add support for pinentry-tty
Pierre Neidhardt
parent
05e4c64bb6
commit
6c5c2f1f95
|
|
@ -1,7 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
# TODO: Test if TTY and set pinentry appropriately without clobbering
|
||||
# ~/.gnupg/gpg-agent.conf
|
||||
# TODO: Run guix pull if OPT_UPDATE and if guix chekout is more than some days old, as specified by an environment variable.
|
||||
|
||||
# TODO: Guix pull on commit specified in package-lists/guix-version?
|
||||
|
|
@ -92,7 +90,7 @@ section "Initial packages"
|
|||
if inpath guix; then
|
||||
## REVIEW: Should openssh be an input of Git? Mail sent to guix-devel.
|
||||
mkdir "$(dirname "$PROFILE")"
|
||||
guix package --profile="$PROFILE" --install openssh gnupg git stow password-store
|
||||
guix package --profile="$PROFILE" --install openssh gnupg git stow password-store pinentry-tty
|
||||
source "$PROFILE"/etc/profile
|
||||
elif inpath pacman; then
|
||||
sudo pacman --noconfirm -S --needed openssh gnupg git stow password-store
|
||||
|
|
@ -102,9 +100,26 @@ section "GPG"
|
|||
if [ -d ~/.gnupg ]; then
|
||||
ROOT=$SSH_ROOT
|
||||
## Set up gpg-agent to authenticate to SSH_ROOT.
|
||||
chmod go-rwx ~/.gnupg ~/.gnupg/*
|
||||
chmod -R go-rwx ~/.gnupg
|
||||
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
||||
guix package -i pinentry-tty
|
||||
if [ "$GPG_TTY" != "not a tty" ]; then
|
||||
## If a TTY, since our ~/.gnupg/gpg-agent.conf exists and specifies a
|
||||
## pinentry, we must force the TTY version or else it won't work from a TTY.
|
||||
gpgconf --kill gpg-agent
|
||||
cat<<EOF>"$(dirname "$PROFILE")/gpg-agent.conf"
|
||||
## 1-day timeout
|
||||
default-cache-ttl 86400
|
||||
max-cache-ttl 86400
|
||||
## SSH
|
||||
enable-ssh-support
|
||||
default-cache-ttl-ssh 86400
|
||||
max-cache-ttl-ssh 86400
|
||||
## Force pinentry (should be pinentry-tty)
|
||||
pinentry-program $(readlink -f $(which pinentry))
|
||||
EOF
|
||||
gpg-agent --home-dir ~/.gnupg --use-standard-socket -daemon --options "$(dirname "$PROFILE")/gpg-agent.conf"
|
||||
fi
|
||||
## Start gpg-agent manually since SSH requests do not do it automatically.
|
||||
gpg-connect-agent updatestartuptty /bye
|
||||
|
||||
if [ -e "$SOURCEDIR" ]; then
|
||||
|
|
@ -136,7 +151,7 @@ else
|
|||
git clone ${ROOT}Ambrevar/dotfiles
|
||||
fi
|
||||
pushd ~/dotfiles
|
||||
## .bash_profile may prevent .profile from being parsed, so we remove it.
|
||||
## .bash_profile may prevent .profile from being parsed, so we move it.
|
||||
[ -e ~/.bash_profile ] && mv -v ~/.bash_profile ~/.bash_profile.old
|
||||
stow -v . || exit 1
|
||||
popd
|
||||
|
|
|
|||
Loading…
Reference in New Issue