local/bin/homeinit: Add support for pinentry-tty
parent
05e4c64bb6
commit
6c5c2f1f95
|
@ -1,7 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# TODO: Test if TTY and set pinentry appropriately without clobbering
|
|
||||||
# ~/.gnupg/gpg-agent.conf
|
|
||||||
# TODO: Run guix pull if OPT_UPDATE and if guix chekout is more than some days old, as specified by an environment variable.
|
# TODO: Run guix pull if OPT_UPDATE and if guix chekout is more than some days old, as specified by an environment variable.
|
||||||
|
|
||||||
# TODO: Guix pull on commit specified in package-lists/guix-version?
|
# TODO: Guix pull on commit specified in package-lists/guix-version?
|
||||||
|
@ -92,7 +90,7 @@ section "Initial packages"
|
||||||
if inpath guix; then
|
if inpath guix; then
|
||||||
## REVIEW: Should openssh be an input of Git? Mail sent to guix-devel.
|
## REVIEW: Should openssh be an input of Git? Mail sent to guix-devel.
|
||||||
mkdir "$(dirname "$PROFILE")"
|
mkdir "$(dirname "$PROFILE")"
|
||||||
guix package --profile="$PROFILE" --install openssh gnupg git stow password-store
|
guix package --profile="$PROFILE" --install openssh gnupg git stow password-store pinentry-tty
|
||||||
source "$PROFILE"/etc/profile
|
source "$PROFILE"/etc/profile
|
||||||
elif inpath pacman; then
|
elif inpath pacman; then
|
||||||
sudo pacman --noconfirm -S --needed openssh gnupg git stow password-store
|
sudo pacman --noconfirm -S --needed openssh gnupg git stow password-store
|
||||||
|
@ -102,9 +100,26 @@ section "GPG"
|
||||||
if [ -d ~/.gnupg ]; then
|
if [ -d ~/.gnupg ]; then
|
||||||
ROOT=$SSH_ROOT
|
ROOT=$SSH_ROOT
|
||||||
## Set up gpg-agent to authenticate to SSH_ROOT.
|
## Set up gpg-agent to authenticate to SSH_ROOT.
|
||||||
chmod go-rwx ~/.gnupg ~/.gnupg/*
|
chmod -R go-rwx ~/.gnupg
|
||||||
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
||||||
guix package -i pinentry-tty
|
if [ "$GPG_TTY" != "not a tty" ]; then
|
||||||
|
## If a TTY, since our ~/.gnupg/gpg-agent.conf exists and specifies a
|
||||||
|
## pinentry, we must force the TTY version or else it won't work from a TTY.
|
||||||
|
gpgconf --kill gpg-agent
|
||||||
|
cat<<EOF>"$(dirname "$PROFILE")/gpg-agent.conf"
|
||||||
|
## 1-day timeout
|
||||||
|
default-cache-ttl 86400
|
||||||
|
max-cache-ttl 86400
|
||||||
|
## SSH
|
||||||
|
enable-ssh-support
|
||||||
|
default-cache-ttl-ssh 86400
|
||||||
|
max-cache-ttl-ssh 86400
|
||||||
|
## Force pinentry (should be pinentry-tty)
|
||||||
|
pinentry-program $(readlink -f $(which pinentry))
|
||||||
|
EOF
|
||||||
|
gpg-agent --home-dir ~/.gnupg --use-standard-socket -daemon --options "$(dirname "$PROFILE")/gpg-agent.conf"
|
||||||
|
fi
|
||||||
|
## Start gpg-agent manually since SSH requests do not do it automatically.
|
||||||
gpg-connect-agent updatestartuptty /bye
|
gpg-connect-agent updatestartuptty /bye
|
||||||
|
|
||||||
if [ -e "$SOURCEDIR" ]; then
|
if [ -e "$SOURCEDIR" ]; then
|
||||||
|
@ -136,7 +151,7 @@ else
|
||||||
git clone ${ROOT}Ambrevar/dotfiles
|
git clone ${ROOT}Ambrevar/dotfiles
|
||||||
fi
|
fi
|
||||||
pushd ~/dotfiles
|
pushd ~/dotfiles
|
||||||
## .bash_profile may prevent .profile from being parsed, so we remove it.
|
## .bash_profile may prevent .profile from being parsed, so we move it.
|
||||||
[ -e ~/.bash_profile ] && mv -v ~/.bash_profile ~/.bash_profile.old
|
[ -e ~/.bash_profile ] && mv -v ~/.bash_profile ~/.bash_profile.old
|
||||||
stow -v . || exit 1
|
stow -v . || exit 1
|
||||||
popd
|
popd
|
||||||
|
|
Loading…
Reference in New Issue