dotfiles/tools/sagent.sh

#!/usr/bin/env bash
set -e
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
export DFS_COLOR=1
source "$THIS_DIR/common.sh"


SO_PATHS=(
    "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"  # ubuntu 22.04
    "/run/current-system/sw/lib/opensc-pkcs11.so"  # nixos 23.05
    "/Library/OpenSC/lib/opensc-pkcs11.so"  # macos 13.4
)

find_so_file()
{
    local SO_FILE
    for SO_FILE in ${SO_PATHS[*]}; do
        if [[ -f "$SO_FILE" ]]; then
            echo "$SO_FILE"
            return
        fi
    done
}

create_agent()
{
    local IFS=","
    ssh-agent -P "${SO_PATHS[*]},/nix/store/*"
}

kill_agent()
{
    if pgrep -x ssh-agent > /dev/null; then
        fmt_note "killing existing agent"
        pkill -9 -x ssh-agent
    fi
}

add_piv()
{
    local SO_FILE=$(find_so_file)
    if [[ -n "$SO_FILE" ]]; then
        echo ssh-add -s \"$SO_FILE\"
    else
        fmt_error "opensc-pkcs11.so not found"
    fi
    list
}

list()
{
    echo echo "available keys:"
    echo ssh-add -l
}

reset()
{
    kill_agent
    all
}

all()
{
    local agent_file="/tmp/piv-agent-$(whoami)"
    if [[ -f $agent_file ]]; then
        source $agent_file > /dev/null
    else
        touch $agent_file
        chmod 600 $agent_file
    fi
    if ! ps -p "$SSH_AGENT_PID" 1>/dev/null 2>&1; then
        kill_agent
        fmt_note "launching a new agent"
        create_agent | tee $agent_file
    else
        fmt_note "using existing agent: $SSH_AGENT_PID"
        cat $agent_file
    fi
}

route()
{
    os_type="$(get_os_type)"
    if [[ "$os_type" == "msys" || "$os_type" == "cygwin" ]]; then
        fmt_fatal "unsupported platform: $os_type. you may use WinCryptSSHAgent."
    fi
    if [[ $# -eq 0 ]]; then
        all
        return
    fi
    case $1 in
        kill)
            kill_agent
            ;;
        piv)
            add_piv
            ;;
        reset)
            reset
            ;;
        list|ls)
            list
            ;;
        *)
            fmt_error "unknown command: $1"
            ;;
    esac
}

route "$@"
[debug] support nixos; fix ci (#41) * support for nixos * fix ci 2023-07-26 21:18:24 +08:00			`#!/usr/bin/env bash`
[dev] ddns; better ssh agent; riot sshl; sys.online; zsh hist import; DFS_DEBUG; cbd/cbds (#36) * riot: bj1 -> proxy * ci: test ask_for_yn * --wip-- [skip ci] * install.sh: will prompt version * zshrc: piv-agent now can re-use agents * zshrc: in docker use theme robbyrussell * update.sh: will send online beacon * beacon: support meta with limited len 64 * bug fix (Sat Jan 21 16:45:35 CST 2023) * well, finally add ssh key for ltp1-bd * set DFS_INITED and do not send login beacon if it was set * rewrite piv-agent to sagent; fmt_note and fmt_into will write to stderr * bug fix (Mon Jan 30 19:41:00 CST 2023) * bug fix (Mon Jan 30 19:46:27 CST 2023) * login beacon add details * $DFS_ORPHAN turns logger off * disable more beacons in CI * install.sh: prepare config earlier * init pbin * install.sh: -H\|--hist\|--history * install.sh: -H hint * install.sh: -H support multiple keys * fix zsh hist with no new line at the end * remove ^M in hist * bug fix (Wed Feb 1 21:11:41 CST 2023) * bug fix (Wed Feb 1 21:16:29 CST 2023) * bug fix (Wed Feb 1 21:20:21 CST 2023) * ci will send gh.ci.fail * show install opts * DFS_DEBUG to set -x * bug fix: install.sh re-start itself with no args incorrectly * bug fix (Thu Feb 2 18:43:16 CST 2023) * riot: ob->ebd, swap option $1 and $2 and $2 is default to ssh * riot: introduce sshl * logger.sh: support ddns * bug fix (Wed Mar 1 16:37:42 CST 2023) * dfs.ddns.failed -> dfs.ddns.fail * login beacon 2>/dev/null * logger.sh -> frigg-client.sh; curl add time limit 10s * to-install.sh: improve docker-ce * use $DFS_CURL_OPTIONS * ci: add ddns * bug fix (Wed Mar 15 19:37:21 CST 2023) * Revert "bug fix (Wed Mar 15 19:37:21 CST 2023)" This reverts commit 2df87ce1a8893d832e665a0429c7f9e7ae1108eb. * Revert "ci: add ddns" This reverts commit 4fe83215048b05ae3234ce801ac67856d0fea52e. * alias cbd and cbds, riot nasp port to 12022 * .zshrc: sagent -> sagt * fix ci * riot: bug fix when 'tmp' has leading zeros * add ci for cbds --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-04-21 12:37:05 +08:00			`set -e`
			`THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )`
			`export DFS_COLOR=1`
			`source "$THIS_DIR/common.sh"`


[dev] nixos; riot multiple targets; install without ssh keys (#42) * auth: add .eid/authorized_certificates for pam pkcs11 auth * .zshrc: alias sl for sudo zsh -l * to-install: nix * zshrc: use gnu ls on mac * zshrc: try to use gnu-ls * try to fix ci for macos * riot: add domain box[0-9] * riot: shortcuts i,x,j * .zshrc: warn if not in main channel * sagt: reset agent so paths * sagt: import ssh-agent -P paths * common.sh: is_port_free and get_free_port * riot use get_free_port to fix issue on windows * riot: ssh support instant command * riot: proxy delimiter from comma (,) to slash (/) * riot: support multiple remotes, delimiter=comma (,) * riot: fix ci; install.sh: --no-ssh * riot: improve ci --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-11-06 19:13:22 +08:00			`SO_PATHS=(`
			`"/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" # ubuntu 22.04`
			`"/run/current-system/sw/lib/opensc-pkcs11.so" # nixos 23.05`
			`"/Library/OpenSC/lib/opensc-pkcs11.so" # macos 13.4`
			`)`

[dev] ddns; better ssh agent; riot sshl; sys.online; zsh hist import; DFS_DEBUG; cbd/cbds (#36) * riot: bj1 -> proxy * ci: test ask_for_yn * --wip-- [skip ci] * install.sh: will prompt version * zshrc: piv-agent now can re-use agents * zshrc: in docker use theme robbyrussell * update.sh: will send online beacon * beacon: support meta with limited len 64 * bug fix (Sat Jan 21 16:45:35 CST 2023) * well, finally add ssh key for ltp1-bd * set DFS_INITED and do not send login beacon if it was set * rewrite piv-agent to sagent; fmt_note and fmt_into will write to stderr * bug fix (Mon Jan 30 19:41:00 CST 2023) * bug fix (Mon Jan 30 19:46:27 CST 2023) * login beacon add details * $DFS_ORPHAN turns logger off * disable more beacons in CI * install.sh: prepare config earlier * init pbin * install.sh: -H\|--hist\|--history * install.sh: -H hint * install.sh: -H support multiple keys * fix zsh hist with no new line at the end * remove ^M in hist * bug fix (Wed Feb 1 21:11:41 CST 2023) * bug fix (Wed Feb 1 21:16:29 CST 2023) * bug fix (Wed Feb 1 21:20:21 CST 2023) * ci will send gh.ci.fail * show install opts * DFS_DEBUG to set -x * bug fix: install.sh re-start itself with no args incorrectly * bug fix (Thu Feb 2 18:43:16 CST 2023) * riot: ob->ebd, swap option $1 and $2 and $2 is default to ssh * riot: introduce sshl * logger.sh: support ddns * bug fix (Wed Mar 1 16:37:42 CST 2023) * dfs.ddns.failed -> dfs.ddns.fail * login beacon 2>/dev/null * logger.sh -> frigg-client.sh; curl add time limit 10s * to-install.sh: improve docker-ce * use $DFS_CURL_OPTIONS * ci: add ddns * bug fix (Wed Mar 15 19:37:21 CST 2023) * Revert "bug fix (Wed Mar 15 19:37:21 CST 2023)" This reverts commit 2df87ce1a8893d832e665a0429c7f9e7ae1108eb. * Revert "ci: add ddns" This reverts commit 4fe83215048b05ae3234ce801ac67856d0fea52e. * alias cbd and cbds, riot nasp port to 12022 * .zshrc: sagent -> sagt * fix ci * riot: bug fix when 'tmp' has leading zeros * add ci for cbds --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-04-21 12:37:05 +08:00			`find_so_file()`
			`{`
			`local SO_FILE`
			`for SO_FILE in ${SO_PATHS[*]}; do`
			`if [[ -f "$SO_FILE" ]]; then`
			`echo "$SO_FILE"`
			`return`
			`fi`
			`done`
			`}`

			`create_agent()`
			`{`
[dev] nixos; riot multiple targets; install without ssh keys (#42) * auth: add .eid/authorized_certificates for pam pkcs11 auth * .zshrc: alias sl for sudo zsh -l * to-install: nix * zshrc: use gnu ls on mac * zshrc: try to use gnu-ls * try to fix ci for macos * riot: add domain box[0-9] * riot: shortcuts i,x,j * .zshrc: warn if not in main channel * sagt: reset agent so paths * sagt: import ssh-agent -P paths * common.sh: is_port_free and get_free_port * riot use get_free_port to fix issue on windows * riot: ssh support instant command * riot: proxy delimiter from comma (,) to slash (/) * riot: support multiple remotes, delimiter=comma (,) * riot: fix ci; install.sh: --no-ssh * riot: improve ci --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-11-06 19:13:22 +08:00			`local IFS=","`
[dev] refactor riot; improve tmux and vim; more plugins; more aliases (#43) * riot: remove unknown domain warn * install.sh: --no-ssh -> --no-auth-info * doll: --restart=unless-stopped * zshrc: alias cps and mvs * riot: proxy -> ssh * zshrc: not alias rm to trash * (trial) riot devel: separate preset to config dir riot.d * riot: support extra options and extra -o options * (experimental) riot config in a single file * riot config: add nasp remote and null domain * gitconf: pull.ff = only * fix ci * riot: dynamic port forwarding * riot: only one domain func will be exec * to-install: update lemonbench * to-install: alist * [exp] riot inferred ssh: ping ping6 * sagt: fix nixos * riot config: domain 42 * ubuntu.sh: DEBIAN_FRONTEND=noninteractive * zshrc: ping -n * zshrc: alias ping -n * riot-config: jumpserver from sir0 to ssh.beardic.cn * zshrc: alias ping before checking os type * frigg: support api4.beardic.cn * fix(install.sh): crontab fails on a new server * fix(riot-conf): nasp.ob.ac.cn -> nasp.fit * fix(install.sh): install crontab (exp) * feat(test.zsh): test crontab * fix(riot): secure control master * fix(ci): riot control master * fix(riot): not mkdir if dry-run * feat(vimrc): set shiftwidth=4 * feat(ci): sync tmux-yank * feat(tmux): set-clipboard on and mouse on (experimental) * feat(zshrc): alias ping6 * build(ci): hub mirror 1.3->1.4 * fix(zshrc): tmux on msys; feat(common): better perf getting os type and linux dist * fix(common.sh): get_os_type and get_linux_dist * feat(zshrc): add plugin {magic-enter,per-directory-history,pip,podman,python,rsync,systemd,timer} * feat(zshrc): journalctl alias * feat(vimrc): tab=2 for c,cpp,nix,yaml * build(ci): checkout v3 -> v4 --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2024-05-05 12:02:55 +08:00			`ssh-agent -P "${SO_PATHS[]},/nix/store/"`
[dev] ddns; better ssh agent; riot sshl; sys.online; zsh hist import; DFS_DEBUG; cbd/cbds (#36) * riot: bj1 -> proxy * ci: test ask_for_yn * --wip-- [skip ci] * install.sh: will prompt version * zshrc: piv-agent now can re-use agents * zshrc: in docker use theme robbyrussell * update.sh: will send online beacon * beacon: support meta with limited len 64 * bug fix (Sat Jan 21 16:45:35 CST 2023) * well, finally add ssh key for ltp1-bd * set DFS_INITED and do not send login beacon if it was set * rewrite piv-agent to sagent; fmt_note and fmt_into will write to stderr * bug fix (Mon Jan 30 19:41:00 CST 2023) * bug fix (Mon Jan 30 19:46:27 CST 2023) * login beacon add details * $DFS_ORPHAN turns logger off * disable more beacons in CI * install.sh: prepare config earlier * init pbin * install.sh: -H\|--hist\|--history * install.sh: -H hint * install.sh: -H support multiple keys * fix zsh hist with no new line at the end * remove ^M in hist * bug fix (Wed Feb 1 21:11:41 CST 2023) * bug fix (Wed Feb 1 21:16:29 CST 2023) * bug fix (Wed Feb 1 21:20:21 CST 2023) * ci will send gh.ci.fail * show install opts * DFS_DEBUG to set -x * bug fix: install.sh re-start itself with no args incorrectly * bug fix (Thu Feb 2 18:43:16 CST 2023) * riot: ob->ebd, swap option $1 and $2 and $2 is default to ssh * riot: introduce sshl * logger.sh: support ddns * bug fix (Wed Mar 1 16:37:42 CST 2023) * dfs.ddns.failed -> dfs.ddns.fail * login beacon 2>/dev/null * logger.sh -> frigg-client.sh; curl add time limit 10s * to-install.sh: improve docker-ce * use $DFS_CURL_OPTIONS * ci: add ddns * bug fix (Wed Mar 15 19:37:21 CST 2023) * Revert "bug fix (Wed Mar 15 19:37:21 CST 2023)" This reverts commit 2df87ce1a8893d832e665a0429c7f9e7ae1108eb. * Revert "ci: add ddns" This reverts commit 4fe83215048b05ae3234ce801ac67856d0fea52e. * alias cbd and cbds, riot nasp port to 12022 * .zshrc: sagent -> sagt * fix ci * riot: bug fix when 'tmp' has leading zeros * add ci for cbds --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-04-21 12:37:05 +08:00			`}`

			`kill_agent()`
			`{`
			`if pgrep -x ssh-agent > /dev/null; then`
			`fmt_note "killing existing agent"`
			`pkill -9 -x ssh-agent`
			`fi`
			`}`

			`add_piv()`
			`{`
			`local SO_FILE=$(find_so_file)`
			`if [[ -n "$SO_FILE" ]]; then`
			`echo ssh-add -s \"$SO_FILE\"`
			`else`
			`fmt_error "opensc-pkcs11.so not found"`
			`fi`
			`list`
			`}`

			`list()`
			`{`
			`echo echo "available keys:"`
			`echo ssh-add -l`
			`}`

			`reset()`
			`{`
			`kill_agent`
			`all`
			`}`

			`all()`
			`{`
			`local agent_file="/tmp/piv-agent-$(whoami)"`
			`if [[ -f $agent_file ]]; then`
			`source $agent_file > /dev/null`
			`else`
			`touch $agent_file`
			`chmod 600 $agent_file`
			`fi`
			`if ! ps -p "$SSH_AGENT_PID" 1>/dev/null 2>&1; then`
			`kill_agent`
			`fmt_note "launching a new agent"`
			`create_agent \| tee $agent_file`
			`else`
			`fmt_note "using existing agent: $SSH_AGENT_PID"`
			`cat $agent_file`
			`fi`
			`}`

			`route()`
			`{`
[dev] enhance riot; ddns avoid burst (#38) * riot: add . for .ibd and non for proxied * riot: 'user@..' to overwrite username, '...:22' to overwrite port, treat the arg as server name if it doesn't match any preset, sshl can accept only a port number and default to use localhost * update.sh: ddns sleep for random seconds to avoid burst * riot: support zssh and sftp, and set ssh options according to trust settings * riot: add scp * riot: support jump servers, sep by commas * common.sh: argparser supports -d/--dev and -D/--dry-run * install.sh: remove -s/--secure because of no use * riot: if remote ends with dot, treat it as a full-hostname; add tests * sagent.sh: refuse to work on windows --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-05-30 13:43:25 +08:00			`os_type="$(get_os_type)"`
			`if [[ "$os_type" == "msys" \|\| "$os_type" == "cygwin" ]]; then`
			`fmt_fatal "unsupported platform: $os_type. you may use WinCryptSSHAgent."`
			`fi`
[dev] ddns; better ssh agent; riot sshl; sys.online; zsh hist import; DFS_DEBUG; cbd/cbds (#36) * riot: bj1 -> proxy * ci: test ask_for_yn * --wip-- [skip ci] * install.sh: will prompt version * zshrc: piv-agent now can re-use agents * zshrc: in docker use theme robbyrussell * update.sh: will send online beacon * beacon: support meta with limited len 64 * bug fix (Sat Jan 21 16:45:35 CST 2023) * well, finally add ssh key for ltp1-bd * set DFS_INITED and do not send login beacon if it was set * rewrite piv-agent to sagent; fmt_note and fmt_into will write to stderr * bug fix (Mon Jan 30 19:41:00 CST 2023) * bug fix (Mon Jan 30 19:46:27 CST 2023) * login beacon add details * $DFS_ORPHAN turns logger off * disable more beacons in CI * install.sh: prepare config earlier * init pbin * install.sh: -H\|--hist\|--history * install.sh: -H hint * install.sh: -H support multiple keys * fix zsh hist with no new line at the end * remove ^M in hist * bug fix (Wed Feb 1 21:11:41 CST 2023) * bug fix (Wed Feb 1 21:16:29 CST 2023) * bug fix (Wed Feb 1 21:20:21 CST 2023) * ci will send gh.ci.fail * show install opts * DFS_DEBUG to set -x * bug fix: install.sh re-start itself with no args incorrectly * bug fix (Thu Feb 2 18:43:16 CST 2023) * riot: ob->ebd, swap option $1 and $2 and $2 is default to ssh * riot: introduce sshl * logger.sh: support ddns * bug fix (Wed Mar 1 16:37:42 CST 2023) * dfs.ddns.failed -> dfs.ddns.fail * login beacon 2>/dev/null * logger.sh -> frigg-client.sh; curl add time limit 10s * to-install.sh: improve docker-ce * use $DFS_CURL_OPTIONS * ci: add ddns * bug fix (Wed Mar 15 19:37:21 CST 2023) * Revert "bug fix (Wed Mar 15 19:37:21 CST 2023)" This reverts commit 2df87ce1a8893d832e665a0429c7f9e7ae1108eb. * Revert "ci: add ddns" This reverts commit 4fe83215048b05ae3234ce801ac67856d0fea52e. * alias cbd and cbds, riot nasp port to 12022 * .zshrc: sagent -> sagt * fix ci * riot: bug fix when 'tmp' has leading zeros * add ci for cbds --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> 2023-04-21 12:37:05 +08:00			`if [[ $# -eq 0 ]]; then`
			`all`
			`return`
			`fi`
			`case $1 in`
			`kill)`
			`kill_agent`
			`;;`
			`piv)`
			`add_piv`
			`;;`
			`reset)`
			`reset`
			`;;`
			`list\|ls)`
			`list`
			`;;`
			`*)`
			`fmt_error "unknown command: $1"`
			`;;`
			`esac`
			`}`

[debug] support nixos; fix ci (#41) * support for nixos * fix ci 2023-07-26 21:18:24 +08:00			`route "$@"`