diff --git a/.eid/authorized_certificates b/.eid/authorized_certificates new file mode 100644 index 0000000..ab088e6 --- /dev/null +++ b/.eid/authorized_certificates @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFIDCCAwigAwIBAgIUK1zXH5UosBim7i+kIZyPGpowU9cwDQYJKoZIhvcNAQEL +BQAwgZUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCRUlKSU5HMRAwDgYDVQQHDAdC +RUlKSU5HMRIwEAYDVQQKDAlEaWN0IFRlY2gxEDAOBgNVBAsMB1Jvb3QgQ0ExHjAc +BgNVBAMMFURpY3QgVGVjaCBSb290IENBIC0gMDEcMBoGCSqGSIb3DQEJARYNbWVA +YmVhcmRpYy5jbjAeFw0yMjA3MjIxNzU5MjNaFw0yNTA3MjExNzU5MjNaMEkxEjAQ +BgNVBAoMCURpY3QgVGVjaDEQMA4GA1UECAwHQkVJSklORzELMAkGA1UEBhMCQ04x +FDASBgNVBAMMC3NrMC5pYmQuaW5rMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAlDeyFxeJ5RXFX4B3rIIpNyyAIl5VTGCT5t8g9dxFWq0MeY6nQYJPA8IJ +IH+KzzujBabyKYpzshDvMzkuhx0Kwi2VL+ckxWg5FLge3kNBJqYnBm5pPWx6o9R5 +DmcWqG5KRH0FJhSmL5KeBHsVcOurDtKn174x2eB+sggCSyuWlJyn4KxPLTg8z/Nr +FP5qSY1vj6t7mpzau+eIGh8IcQiFxteN/86fKswQHint/MVaqg6vX05BuIb8xb5E +XUvPIupdc/vtD959BxnTo7UoOz+3zu/u2cj2K9IDubwe9tDpv88aj6xnfXInFouD +/mlSmvtLo1h/6arn1hurgoylh5wbOwIDAQABo4GyMIGvMAkGA1UdEwQCMAAwCwYD +VR0PBAQDAgTwMB0GA1UdDgQWBBR9DxLqtR0+zUWoPyFoDRrnyJyDBTAfBgNVHSME +GDAWgBRsprmVI/Tjey+sw4qoZpLd7PT0gTBVBgNVHSUETjBMBggrBgEFBQcDAgYI +KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCN0MBAQYKKwYBBAGC +N0MBAgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCAgEA7BJXiRg32shmZWyY +gPjq52ffN9RDNe58KadajJ1PnVP1yNJySgsOG3eSxONQX3ITr36Ihsfb3fZneBfX +/IcXgjyvy1CDcvBBAyee91hdR8orMCePqMpeOSNP9CUp9Ctd4V+an0DE8Z1yrezA +ieaYgBZCDxuZdloYSmj9Z/Rqn2dy4dcUAxKrEwW/6VPqQNrJETTtadS1SF0EsDxV +XZpDqNYaS/N7/ciSm7TaQJud62A4m+FWWHNnttTp9IjLESr3U80+qtRY8yDNpulb +/eNL8KK9aORiFUz9789l6M62HPi6vCsMflI0iHUeoi69GKX8mKf0WFR1KxoDsJiN +DG9/1gCfj6whFCrT6fJTKAGl8Hp5toWMOeDprbsE5gf4Ik3p+sKMV9t43zNm3gvA +1zNPtgQUffPU0kONlavIxUNfCmD8qVwK5ECT7wh0hrB8fRYfxTZHgN6Yvu7M9HNz +SNt5JZCLBT4nLt0uQp9O/xctdHElZw+/W8OfnP5vxnPdccIeVOxpGIyzErwjD0+E +9mNiqOa5JV9OMAJ+0I9cbOnuMaXm4mvHZadnetUzq2ZUw1Jba7z62zIJTciNRq9i +ZJc6v5e+iqbE1ECZLco5LjWqqfvFfYCrkqeOhCRsRkVPsXnGPo2QDDYdTm4EGCmg +dVZ6R452SZsrE4V+3LR011BxzEg= +-----END CERTIFICATE----- diff --git a/.zshrc2 b/.zshrc2 index 4cf3b31..9d8df17 100644 --- a/.zshrc2 +++ b/.zshrc2 @@ -101,16 +101,15 @@ fi # alias alias "pls"='sudo $(fc -ln -1)' alias "se"='sudo -sE' +alias "sl"='sudo zsh -l' alias "pbd"='ping baidu.com' alias "p114"='ping 114.114.114.114' alias "p666"='ping6 2001:da8::666' alias "cbd"='curl http://www.baidu.com' alias "cbds"='curl https://www.baidu.com' alias "gdebug"='git add -A; git commit --allow-empty -m "bug fix ($(date))"' -case $(bash "$DOTFILES/tools/common.sh" get_os_type) in - macos ) alias l='ls -lAGh -D "%y-%m-%d %H:%M"' ;; - * ) alias l='ls -lAGh --time-style="+%y-%m-%d %H:%M"' ;; -esac +alias "ls"='ls --color=tty' +alias "l"='ls -lAGh --time-style="+%y-%m-%d %H:%M"' if [[ -x $(command -v trash) ]]; then alias "rm"="echo use the full path i.e. '/bin/rm'\; consider using trash" fi @@ -177,6 +176,11 @@ dfs() esac } +# motd +if [[ "$DFS_INITED" != "1" && -n "$DFS_UPDATE_CHANNEL" && "$DFS_UPDATE_CHANNEL" != "main" ]]; then + echo dotfiles not in the main channel. use with caution. +fi + # clean unset i export DFS_INITED=1 diff --git a/install.sh b/install.sh index b58d7f7..7ecdc94 100755 --- a/install.sh +++ b/install.sh @@ -26,6 +26,8 @@ declare -a HOME_SYMLINKS_SRC declare -a HOME_SYMLINKS_DST HOME_SYMLINKS_SRC[0]=".ssh/authorized_keys2" HOME_SYMLINKS_DST[0]=".ssh/authorized_keys2" +HOME_SYMLINKS_SRC[1]=".eid/authorized_certificates" +HOME_SYMLINKS_DST[1]=".eid/authorized_certificates" install_dependencies() { @@ -147,6 +149,9 @@ install_symlink() { fmt_note "installing symlinks ..." for ((i=0; i<${#HOME_SYMLINKS_SRC[@]}; i++)); do + if [[ -z "${HOME_SYMLINKS_SRC[$i]}" ]]; then + continue + fi local src="$DOTFILES/${HOME_SYMLINKS_SRC[$i]}" local dst="$HOME/${HOME_SYMLINKS_DST[$i]}" fmt_info "creating symlink \"$dst\" --> \"$src\" ..." @@ -325,6 +330,7 @@ for i in ${GOT_OPTS[@]}; do -a|--auto ) INSTALL_DEP=1 ;; -H|--hist|--history ) store_hist=1 ;; -x ) store_config=1 ;; + --no-ssh ) unset HOME_SYMLINKS_SRC[0]; unset HOME_SYMLINKS_DST[0] ;; * ) fmt_fatal "unknown option \"$i\"" ;; esac done diff --git a/scripts/riot b/scripts/riot index 9bf3816..9827750 100755 --- a/scripts/riot +++ b/scripts/riot @@ -29,6 +29,14 @@ get_server_meta() { RET_JUMP_SERVER="" # optional # body local remote="$1" + # shortcuts + if [[ "$remote" == "i" ]]; then + remote="sir0.ibd" + elif [[ "$remote" == "x" ]]; then + remote="bj1.ibd" + elif [[ "$remote" == "j" ]]; then + remote="sir0.ibd:36122" + fi # if in the form user@... if [[ "$remote" == *@* ]]; then RET_USERNAME=${remote%%@*} @@ -70,30 +78,38 @@ get_server_meta() { RET_USERNAME=root RET_TRUST_SERVER=1 ;; + box[0-9] ) + RET_HOSTNAME=$host + RET_PORT=${RET_PORT:-12022} + RET_USERNAME=${RET_USERNAME:-root} + RET_JUMP_SERVER="root@$domain.ibd.ink:12022" + RET_TRUST_SERVER=1 + ;; * ) test -z "$domain" || fmt_warning "unknown domain: \"$domain\". will try as host name" RET_HOSTNAME="$remote" esac } -# remote setting, including jump servers -# will be called only once -# provides: -SERVER="" -TRUST_SERVER=1 -PORT="" # optional -USERNAME="" # optional -SSH_OPTIONS="" # optional -if [[ "$RIOT_TRUST_CLIENT" == "1" ]]; then - SSH_OPTIONS='-o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes' -fi parse_remote() { + # remote setting, including jump servers + # called for every remote + # provides: + SERVER="" + TRUST_SERVER=1 + PORT="" # optional + USERNAME="" # optional + SSH_OPTIONS="" # optional + if [[ "$RIOT_TRUST_CLIENT" == "1" ]]; then + SSH_OPTIONS='-o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes' + fi + # handle input local remote="$1" local jump_servers="" # loop for jump servers while [[ -n $remote ]]; do - local server=${remote%%,*} - remote=${remote#*,} + local server=${remote%%/*} + remote=${remote#*/} get_server_meta "$server" if [[ -n "$RET_JUMP_SERVER" ]]; then jump_servers="$jump_servers${jump_servers:+,}$RET_JUMP_SERVER" @@ -134,13 +150,13 @@ prepare_ssh_cmd() { else local port_param='-p' fi - echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST" + echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST ${@:2}" } # ssh run_ssh() { - local cmd="$(prepare_ssh_cmd $1)" + local cmd="$(prepare_ssh_cmd $@)" fmt_note "-->" $cmd eval_or_echo $cmd } @@ -153,12 +169,7 @@ run_sshl() # treat as a port number arg=localhost:$arg fi - while - local port=$(shuf -n 1 -i 49152-65535) - netstat -atun | grep -q "$port" - do - continue - done + local port=$(get_free_port) SSH_OPTIONS="$SSH_OPTIONS -NC -L $port:$arg" local cmd="$(prepare_ssh_cmd ssh)" @@ -202,35 +213,38 @@ router() { print_help exit fi - parse_remote "$1" - case $2 in - -h|--help) - print_help - exit - ;; - ssh|"" ) - run_ssh - ;; - zssh ) - run_ssh zssh - ;; - sftp ) - run_ssh sftp - ;; - sshl ) - test -n "$3" || fmt_fatal "no target address provided" - run_sshl "$3" - ;; - scp ) - test -n "$3" || fmt_fatal "no source path specified" - test -n "$4" || fmt_fatal "no destination path specified" - run_scp "$3" "$4" - ;; - * ) - print_help - fmt_fatal "unknown command: $2" - ;; - esac + + IFS=',' read -ra remotes <<< "$1" + for remote in "${remotes[@]}"; do + if [[ -z "$remote" ]]; then + continue + fi + parse_remote "$remote" + case $2 in + ssh|"" ) + run_ssh ssh "${@:3}" + ;; + zssh ) + run_ssh zssh + ;; + sftp ) + run_ssh sftp + ;; + sshl ) + test -n "$3" || fmt_fatal "no target address provided" + run_sshl "$3" + ;; + scp ) + test -n "$3" || fmt_fatal "no source path specified" + test -n "$4" || fmt_fatal "no destination path specified" + run_scp "$3" "$4" + ;; + * ) + print_help + fmt_fatal "unknown command: $2" + ;; + esac + done } router "${GOT_OPTS[@]}" diff --git a/tools/common.sh b/tools/common.sh index 0023c82..ddae15f 100755 --- a/tools/common.sh +++ b/tools/common.sh @@ -233,6 +233,31 @@ get_os_name() echo $ans } +is_port_free() { + ( echo $1 | grep -qxE "[1-9][0-9]{0,4}" ) || false + local cmd + case $(get_os_type) in + macos ) cmd="netstat -van | grep -q \".$1\"" ;; + cygwin|msys ) cmd="netstat -ano | grep -q \":$1\"" ;; + *) cmd="netstat -tuanp | grep -q \":$1\"" ;; + esac + if eval $cmd; then + return 2 + else + return 0 + fi +} + +get_free_port() { + while + local port=$(shuf -n 1 -i 49152-65535) + ! is_port_free $port + do + continue + done + echo $port +} + # if bash-ed, else source-d if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then $1 "${@:2}" diff --git a/tools/macos.sh b/tools/macos.sh index 9c7aa9d..48ccc1e 100755 --- a/tools/macos.sh +++ b/tools/macos.sh @@ -6,7 +6,7 @@ source "$THIS_DIR/common.sh" brew_install() { # brew update - brew install git zsh curl tmux vim util-linux + brew install git zsh curl tmux vim util-linux coreutils } router() diff --git a/tools/sagent.sh b/tools/sagent.sh index aebf317..8f2545f 100755 --- a/tools/sagent.sh +++ b/tools/sagent.sh @@ -5,9 +5,14 @@ export DFS_COLOR=1 source "$THIS_DIR/common.sh" +SO_PATHS=( + "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" # ubuntu 22.04 + "/run/current-system/sw/lib/opensc-pkcs11.so" # nixos 23.05 + "/Library/OpenSC/lib/opensc-pkcs11.so" # macos 13.4 +) + find_so_file() { - local SO_PATHS=( "/usr/lib64/opensc-pkcs11.so" "/usr/local/lib/opensc-pkcs11.so" "/run/current-system/sw/lib/opensc-pkcs11.so" ) local SO_FILE for SO_FILE in ${SO_PATHS[*]}; do if [[ -f "$SO_FILE" ]]; then @@ -19,7 +24,8 @@ find_so_file() create_agent() { - ssh-agent -P "/usr/lib64/*,/usr/local/lib/*,/nix/store/*" + local IFS="," + ssh-agent -P "${SO_PATHS[*]}" } kill_agent() diff --git a/tools/test.zsh b/tools/test.zsh index 039d7c6..68edf99 100644 --- a/tools/test.zsh +++ b/tools/test.zsh @@ -3,6 +3,12 @@ set -ex trap "dfs beacon gh.ci.fail" ERR +# fix for macos +dfs cd +if [[ $(./tools/common.sh get_os_type) == "macos" ]]; then + export PATH="/usr/local/opt/coreutils/libexec/gnubin:/opt/homebrew/opt/coreutils/libexec/gnubin:${PATH}" +fi + # check files cd / l @@ -13,6 +19,7 @@ l pwd test -f .zshrc2 diff -q ./.ssh/authorized_keys2 ~/.ssh/authorized_keys2 +diff -q ./.eid/authorized_certificates ~/.eid/authorized_certificates grep -q ".zshrc2" ~/.zshrc # check scripts and functions @@ -31,7 +38,8 @@ test $(echo n | tools/common.sh ask_for_yN "test") = "0" test $(echo | tools/common.sh ask_for_yN "test") = "0" test $(echo | tools/common.sh ask_for_Yn "test") = "1" test $(DFS_QUIET=1 tools/common.sh ask_for_Yn "test") = "1" -test "$(DFS_TRUST=1 riot time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd.,try@it scp /tmp/ ./tmp -D 2>/dev/null)" = 'scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ProxyJump=time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd. -r try@it.ibd.ink:"/tmp/" "./tmp"' +test "$(DFS_TRUST=1 riot time@is.impt:2222/yes@you-r.right/you@are.really.recht./ibd./try@it,another@host scp /tmp/ ./tmp -D 2>/dev/null)" = 'scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ProxyJump=time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd. -r try@it.ibd.ink:"/tmp/" "./tmp" +scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ForwardX11=yes -o ForwardAgent=yes -r another@host.ibd.ink:"/tmp/" "./tmp"' # check alias alias p114 diff --git a/tools/to-install.sh b/tools/to-install.sh index bfb1feb..04b019e 100755 --- a/tools/to-install.sh +++ b/tools/to-install.sh @@ -11,6 +11,7 @@ INSTALL_COMMANDS=(\ [zerotier-one]='curl -s https://install.zerotier.com | sudo bash' \ [docker-ce]='curl -fsSL https://get.docker.com | sudo bash -s - --mirror Aliyun #--dry-run' \ [lemonbench]='curl -fsSL https://ilemonra.in/LemonBenchIntl | bash -s fast # or full' \ + [nix]='sh <(curl -L https://nixos.org/nix/install) #--daemon' \ ) install()