Port to GNU/Linux

Tested on Void Linux x86_64 glibc.

7 files changed, 131 insertions, 39 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..aee2e4c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+config.mk
diff --git a/Makefile b/Makefile
index 6b6f559..48c1a65 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,35 @@
-MAN=     shellpass.1
-BINDIR=  /usr/local/bin
-MANDIR=  /usr/local/man/man
-SCRIPTS= shellpass.ksh shellpass-fzf.ksh shellpass-ssh.sh
-
-beforeinstall:
-.for script in ${SCRIPTS}
-	${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \
-		${.CURDIR}/${script} ${DESTDIR}${BINDIR}/${script:R}
-.endfor
-
-.include <bsd.prog.mk>
+# Portable makefile supporting OpenBSD and GNU/Linux.
+
+PREFIX = /usr/local
+INSTALL = install
+BINDIR = bin
+BINOWN = root
+BINGRP = root
+BINMODE = 555
+MANDIR = man/man
+MANOWN = root
+MANGRP = root
+MANMODE = 444
+
+include config.mk
+
+all:
+
+clean:
+
+lint:
+	shellcheck -a shellpass.ksh shellpass-fzf.ksh shellpass-ssh.sh
+	mandoc -T lint -W warning shellpass.1
+	-mandoc -T lint -W all shellpass.1
+
+install:
+	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass.ksh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass
+	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass-fzf.ksh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-fzf
+	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass-ssh.sh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-ssh
+	${INSTALL} -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} shellpass.1 ${DESTDIR}${PREFIX}/${MANDIR}1/shellpass.1
+
+uninstall:
+	rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass
+	rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-fzf
+	rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-ssh
+	rm -f ${DESTDIR}${PREFIX}/${MANDIR}1/shellpass.1
diff --git a/README.md b/README.md
index 52e1cef..dc1d3a9 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,28 @@
-# shellpass
+# Shellpass
 
-The shellpass utility is a minimalist password manager for the OpenBSD Korn
+The `shellpass` utility is a minimalist password manager for OpenBSD's Korn
 shell.
 
 Warning: This is a toy project. Do not use it to store sensitive information.
 
-## Install
+## Dependencies
+
+The `shellpass` utility depends on `ksh(1)`, `gpg(1)`, several base utilities
+like `sed`, as well as `fzf(1)`, `qrencode(1)`, and `xclip(1)` or `wl-copy(1)`
+for convenience functionality.
+
+On OpenBSD you can install the dependencies using `pkg_add(1)`:
+
+    $ doas pkg_add gnupg xclip libqrencode fzf
+
+On Void Linux you can install the dependencies using `xbps-install(1)`:
+
+    $ sudo xbps-install -S oksh gnupg nvi wl-clipboard outils qrencode \
+        fzf sed coreutils bc
+
+## Installation
+
+    $ ./configure
+    $ make
+    $ sudo make install
 
-Run `make install` as root to install the `shellpass` utility and man page.
diff --git a/configure b/configure
new file mode 100755
index 0000000..9a1e936
--- /dev/null
+++ b/configure
@@ -0,0 +1,18 @@
+#! /bin/sh
+
+set -o errexit
+set -o nounset
+
+exec 3>config.mk
+
+case "$( uname )" in
+  OpenBSD)
+    echo 'BINGRP = bin' 1>&3
+    echo 'MANGRP = bin' 1>&3
+    ;;
+  Linux)
+    echo 'BINMODE = 755' 1>&3
+    echo 'MANMODE = 644' 1>&3
+    echo 'MANDIR = share/man/man' 1>&3
+    ;;
+esac
diff --git a/shellpass-ssh.sh b/shellpass-ssh.sh
index 6a6b79c..e0cc38d 100755
--- a/shellpass-ssh.sh
+++ b/shellpass-ssh.sh
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# Copyright (c) 2021 Stefan Kreutz <mail@skreutz.com>
+# Copyright (c) 2021, 2022 Stefan Kreutz <mail@skreutz.com>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@
 #
 # Usage:
 #
-#     shellpass generate ~/passwords/ssh/id_foo
+#     shellpass generate ~/passwords/ssh/id_foo.gpg
 #     ssh-keygen -f ~/.ssh/id_foo
 #     export SHELLPASS_SSH_DIR="$HOME/passwords/ssh"
 #     export SSH_ASKPASS=shellpass-ssh
@@ -36,8 +36,13 @@ identity="$( echo "$prompt" | sed -n \
   -e "s/^Enter passphrase for key '\\(.*\\)': $/\\1/p" \
   -e 's/^Enter passphrase for \(.*\): $/\1/p' )"
 
-if [ -z "$identity" ]; then
-  exec ssh-askpass "$@"
+if [ -z "$identity" ] ; then
+  if command -v ssh-askpass >/dev/null 2>&1 ; then
+    exec ssh-askpass "$@"
+  else
+    ( >&2 echo "failed to parse prompt: $prompt" )
+    exit 1
+  fi
 fi
 
 password="$SHELLPASS_SSH_DIR/$( basename "$identity" ).gpg"
diff --git a/shellpass.1 b/shellpass.1
index 4b26cf5..a8f0d0e 100644
--- a/shellpass.1
+++ b/shellpass.1
@@ -11,12 +11,12 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: May 19 2022 $
+.Dd $Mdocdate: November 8 2022 $
 .Dt SHELLPASS 1
 .Os
 .Sh NAME
 .Nm shellpass
-.Nd minimalist password manager for the Korn shell
+.Nd minimalist password manager for OpenBSD's Korn shell
 .Sh SYNOPSIS
 .Nm shellpass
 .Ar command
@@ -25,11 +25,9 @@
 The
 .Nm
 utility is a simple password manager built upon
-.Xr ksh 1 ,
-.Xr gpg 1 ,
-.Xr xclip 1 ,
+.Xr ksh 1
 and
-.Xr qrencode 1 .
+.Xr gpg 1 .
 Essentially, it provides transparent access to OpenPGP-encrypted text files.
 .Pp
 Warning: This is a toy project.
@@ -62,9 +60,11 @@ in
 .Sh SEE ALSO
 .Xr gpg 1 ,
 .Xr ksh 1 ,
+.Xr mktemp 1 ,
 .Xr pass 1 ,
 .Xr qrencode 1 ,
 .Xr vi 1 ,
+.Xr wl-copy 1 ,
 .Xr xclip 1
 .Sh HISTORY
 The
@@ -73,7 +73,7 @@ utility is obviously inspired by
 .Xr pass 1 .
 However,
 .Nm
-specifically targets the Korn shell on OpenBSD and implements only an essential
+specifically targets OpenBSD's Korn shell and implements only an essential
 subset of the features of
 .Xr pass 1 .
 .Sh AUTHORS
@@ -86,9 +86,11 @@ backup, recovery, swap, undo, etc. files.
 .Sh BUGS
 The
 .Ar edit
-command assumens that
-.Xr rm 1
-is able to overwrite a temporary file in the user-specific TMPDIR or else /tmp
-in place.
-Consider to use a temporary file system in virtual memory using
-.Xr mount_mfs 8 .
+command overwrites temporary plaintext files with random data before deleting
+them.
+Consider to use a use a virtual memory filesystem for TMPDIR respectively /tmp.
+See
+.Xr mount_mfs 8
+on OpenBSD, or
+.Xr tmpfs 5
+on Linux.
diff --git a/shellpass.ksh b/shellpass.ksh
index 084be0d..6f3651a 100755
--- a/shellpass.ksh
+++ b/shellpass.ksh
@@ -65,9 +65,16 @@ function clip {
   fi
   file="$1"
 
+  if [ -n "${WAYLAND_DISPLAY:-}" ] ; then
+    clip_cmd="wl-copy --paste-once --trim-newline"
+  else
+    clip_cmd="xclip -selection clipboard -rmlastnl -loops 1 -silent"
+  fi
+
+  # shellcheck disable=SC2086
   gpg --quiet --decrypt "$file" \
     | head -n 1 \
-    | nohup xclip -selection clipboard -rmlastnl -loops 1 -silent >/dev/null 2>&1
+    | nohup ${clip_cmd} >/dev/null 2>&1
 }
 
 function edit {
@@ -80,10 +87,10 @@ function edit {
 
   umask 077
 
-  plaintext="$( mktemp -t )"
-  trap 'rm -fP "$plaintext"' EXIT ERR INT
-  encrypted="$( mktemp -t )"
-  trap 'rm -fP "$plaintext" "$encrypted"' EXIT ERR INT
+  plaintext="$( mktemp )"
+  trap 'shred "$plaintext"' EXIT ERR INT
+  encrypted="$( mktemp )"
+  trap 'shred "$plaintext" "$encrypted"' EXIT ERR INT
 
   if [[ ! -e "$file" ]]; then
     touch "$plaintext"
@@ -98,10 +105,28 @@ function edit {
   NEXINIT="set backup=" /usr/bin/vi "$plaintext"
 
   gpg --quiet --encrypt --recipient "$gpg_id" --output - <"$plaintext" >"$encrypted"
-  rm -P "$plaintext"
+  shred "$plaintext"
   mv "$encrypted" "$file"
 }
 
+function shred {
+  if [ "$( uname )" == "OpenBSD" ] ; then
+    rm -fP -- "$@"
+  else
+    for f in "$@" ; do
+      [ -e "$f" ] && command shred -fun 1 -- "$f"
+    done
+  fi
+}
+
+function mktemp {
+  if [ "$( uname )" == "OpenBSD" ] ; then
+    command mktemp -t
+  else
+    command mktemp --tmpdir
+  fi
+}
+
 function err_exit {
   print -u2 -- "$*"
   exit 1