sync with admin.svn
[shellsnippets/shellsnippets.git] / posix / sysadmin / agents.sh
1 # $Id: agents.sh 3654 2013-05-22 12:22:54Z tglase $
2 #-
3 # Copyright © 2009, 2012
4 #       Thorsten Glaser <t.glaser@tarent.de>
5 # Licenced under the AGPLv3
6 #-
7 # /etc/profile.d/agents.sh (sourced by /etc/profile on *buntu)
8 # • install gpg and ssh skeleton files
9 # • load gpg-agent and ssh-agent, unless already there
10
11 test -n "$USER_ID" || USER_ID=$(id -u)
12 mkdir -p "$HOME/.ssh" "$HOME/.gnupg"
13 chmod 0700 "$HOME/.ssh" "$HOME/.gnupg"
14
15 for PID_FILE in .gnupg/gpg.conf .gnupg/gpg-agent.conf .ssh/config; do
16         test -s /etc/skel/$PID_FILE || continue
17
18         # list of known MD5 hashes of templates deployed by us
19         # + note the spaces at beginning and end of md5list! +
20         case $PID_FILE in
21         .gnupg/gpg.conf)
22                 _md5list=" 2b7d7e47afb59ec164cf0ab512bb4ddc c8b796ed85a79e458a564645dcf38281 d5c4f4335d1eab08bfc9afe7ab494801 e6af3b74078a49db14f2f79fa82b7d3a 1f5d00be735cd1b1a57960c0128d2368 e51c210618d7dbc93c63e456d4dd4af1 7dfefaad0f417b7f50da1d80f8f0759b 07826f04f9e3b700e0f45da360d25877 "
23                 ;;
24         .gnupg/gpg-agent.conf)
25                 _md5list=" e7e9b7940f07c3cb447b30da27914f8d "
26                 ;;
27         *)
28                 _md5list=
29                 ;;
30         esac
31
32         if test -s "$HOME/$PID_FILE"; then
33                 _md5=$( (fgrep -v '$Id' "$HOME/$PID_FILE" | md5sum) 2>&1 || \
34                     echo fail)
35                 case $_md5list in
36                 *\ ${_md5%% *}\ *)
37                         # MD5 matches, remove file
38                         rm -f "$HOME/$PID_FILE"
39                         ;;
40                 *)
41                         # MD5 does not match, do not touch file
42                         continue
43                         ;;
44                 esac
45         fi
46
47         # file does not exist or was removed by us, install template
48         cp /etc/skel/$PID_FILE "$HOME/$PID_FILE"
49         chmod 0600 "$HOME/$PID_FILE"
50 done
51 unset _md5
52 unset _md5list
53
54 PID_FILE="/dev/shm/.ssh-$USER_ID"
55 test -n "$SSH_AGENT_PID" || test -z "$SSH_CONNECTION" || SSH_AGENT_PID=fwd
56 if test -n "$SSH_AUTH_SOCK"; then
57         test -S "$SSH_AUTH_SOCK" || SSH_AGENT_PID=
58 else
59         SSH_AGENT_PID=
60 fi
61 if test -z "$SSH_AGENT_PID" && \
62     test -d "$PID_FILE/." && test -O "$PID_FILE/." && \
63     test -s "$PID_FILE/info" && test -O "$PID_FILE/info"; then
64         chmod -R go-rwx "$PID_FILE"
65         . "$PID_FILE/info"
66 fi
67 if test -z "$SSH_AUTH_SOCK" || test -z "$SSH_AGENT_PID" || \
68     test \! -S "$SSH_AUTH_SOCK"; then
69         unset SSH_AUTH_SOCK SSH_AGENT_PID
70         eval $(ssh-agent -s)
71 fi
72 if test -d "$PID_FILE/." && test -O "$PID_FILE/."; then
73         : wonderful
74 else
75         rm -rf "$PID_FILE"
76         mkdir -p "$PID_FILE" && test -d "$PID_FILE/." && \
77             test -O "$PID_FILE/." && chmod -R go-rwx "$PID_FILE" || \
78             rm -rf "$PID_FILE"
79 fi
80 if test -d "$PID_FILE/." && test -O "$PID_FILE/."; then
81         rm -f "$PID_FILE/info"
82         : >"$PID_FILE/info"
83         chmod 0600 "$PID_FILE/info"
84 fi
85 if test -f "$PID_FILE/info" && test -O "$PID_FILE/info" &&
86     test -n "$SSH_AGENT_PID" && test -n "$SSH_AUTH_SOCK"; then
87         echo "SSH_AGENT_PID=$SSH_AGENT_PID" >>"$PID_FILE/info"
88         echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >>"$PID_FILE/info"
89         export SSH_AUTH_SOCK SSH_AGENT_PID
90 else
91         rm -f "$PID_FILE/info"
92         unset SSH_AUTH_SOCK SSH_AGENT_PID
93 fi
94
95 : ${GNUPGHOME=$HOME/.gnupg}
96 PID_FILE="$GNUPGHOME/gpg-agent-info-$(hostname)"
97 GPG_TTY=$(tty); export GPG_TTY
98 if test -n "$GPG_AGENT_INFO" && test -S "${GPG_AGENT_INFO%%:*}" && \
99     gpg-agent 2>/dev/null; then
100         : wonderful
101 else
102         unset GPG_AGENT_INFO
103         test -s "$PID_FILE" && . "$PID_FILE"
104         export GPG_AGENT_INFO
105         if test -n "$GPG_AGENT_INFO" && test -S "${GPG_AGENT_INFO%%:*}" && \
106             gpg-agent 2>/dev/null; then
107                 : wonderful
108         else
109                 unset GPG_AGENT_INFO
110                 eval $(gpg-agent --daemon --sh "--write-env-file=$PID_FILE")
111                 export GPG_AGENT_INFO
112                 if test -n "$GPG_AGENT_INFO" && \
113                     test -S "${GPG_AGENT_INFO%%:*}" && \
114                     gpg-agent 2>/dev/null; then
115                         : works now
116                 else
117                         unset GPG_AGENT_INFO
118                 fi
119         fi
120 fi
121
122 unset PID_FILE
123 :