diff options
author | Stefan Kreutz <mail@skreutz.com> | 2022-11-08 21:34:54 +0100 |
---|---|---|
committer | Stefan Kreutz <mail@skreutz.com> | 2022-11-09 09:49:46 +0100 |
commit | f5d2d52764917c9b5a171d8c68a61a13a4be6d88 (patch) | |
tree | 3ecba9da054b7eb318a11829aac2ad65def8f403 | |
parent | 8fd889a0357af1e68aab1a572ef27b066dbab71a (diff) | |
download | shellpass-f5d2d52764917c9b5a171d8c68a61a13a4be6d88.tar |
Port to GNU/Linux
Tested on Void Linux x86_64 glibc.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 47 | ||||
-rw-r--r-- | README.md | 26 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rwxr-xr-x | shellpass-ssh.sh | 13 | ||||
-rw-r--r-- | shellpass.1 | 28 | ||||
-rwxr-xr-x | shellpass.ksh | 37 |
7 files changed, 131 insertions, 39 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aee2e4c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +config.mk @@ -1,12 +1,35 @@ -MAN= shellpass.1 -BINDIR= /usr/local/bin -MANDIR= /usr/local/man/man -SCRIPTS= shellpass.ksh shellpass-fzf.ksh shellpass-ssh.sh - -beforeinstall: -.for script in ${SCRIPTS} - ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ - ${.CURDIR}/${script} ${DESTDIR}${BINDIR}/${script:R} -.endfor - -.include <bsd.prog.mk> +# Portable makefile supporting OpenBSD and GNU/Linux. + +PREFIX = /usr/local +INSTALL = install +BINDIR = bin +BINOWN = root +BINGRP = root +BINMODE = 555 +MANDIR = man/man +MANOWN = root +MANGRP = root +MANMODE = 444 + +include config.mk + +all: + +clean: + +lint: + shellcheck -a shellpass.ksh shellpass-fzf.ksh shellpass-ssh.sh + mandoc -T lint -W warning shellpass.1 + -mandoc -T lint -W all shellpass.1 + +install: + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass.ksh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass-fzf.ksh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-fzf + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} shellpass-ssh.sh ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-ssh + ${INSTALL} -o ${MANOWN} -g ${MANGRP} -m ${MANMODE} shellpass.1 ${DESTDIR}${PREFIX}/${MANDIR}1/shellpass.1 + +uninstall: + rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass + rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-fzf + rm -f ${DESTDIR}${PREFIX}/${BINDIR}/shellpass-ssh + rm -f ${DESTDIR}${PREFIX}/${MANDIR}1/shellpass.1 @@ -1,10 +1,28 @@ -# shellpass +# Shellpass -The shellpass utility is a minimalist password manager for the OpenBSD Korn +The `shellpass` utility is a minimalist password manager for OpenBSD's Korn shell. Warning: This is a toy project. Do not use it to store sensitive information. -## Install +## Dependencies + +The `shellpass` utility depends on `ksh(1)`, `gpg(1)`, several base utilities +like `sed`, as well as `fzf(1)`, `qrencode(1)`, and `xclip(1)` or `wl-copy(1)` +for convenience functionality. + +On OpenBSD you can install the dependencies using `pkg_add(1)`: + + $ doas pkg_add gnupg xclip libqrencode fzf + +On Void Linux you can install the dependencies using `xbps-install(1)`: + + $ sudo xbps-install -S oksh gnupg nvi wl-clipboard outils qrencode \ + fzf sed coreutils bc + +## Installation + + $ ./configure + $ make + $ sudo make install -Run `make install` as root to install the `shellpass` utility and man page. diff --git a/configure b/configure new file mode 100755 index 0000000..9a1e936 --- /dev/null +++ b/configure @@ -0,0 +1,18 @@ +#! /bin/sh + +set -o errexit +set -o nounset + +exec 3>config.mk + +case "$( uname )" in + OpenBSD) + echo 'BINGRP = bin' 1>&3 + echo 'MANGRP = bin' 1>&3 + ;; + Linux) + echo 'BINMODE = 755' 1>&3 + echo 'MANMODE = 644' 1>&3 + echo 'MANDIR = share/man/man' 1>&3 + ;; +esac diff --git a/shellpass-ssh.sh b/shellpass-ssh.sh index 6a6b79c..e0cc38d 100755 --- a/shellpass-ssh.sh +++ b/shellpass-ssh.sh @@ -1,6 +1,6 @@ #! /bin/sh -# Copyright (c) 2021 Stefan Kreutz <mail@skreutz.com> +# Copyright (c) 2021, 2022 Stefan Kreutz <mail@skreutz.com> # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -18,7 +18,7 @@ # # Usage: # -# shellpass generate ~/passwords/ssh/id_foo +# shellpass generate ~/passwords/ssh/id_foo.gpg # ssh-keygen -f ~/.ssh/id_foo # export SHELLPASS_SSH_DIR="$HOME/passwords/ssh" # export SSH_ASKPASS=shellpass-ssh @@ -36,8 +36,13 @@ identity="$( echo "$prompt" | sed -n \ -e "s/^Enter passphrase for key '\\(.*\\)': $/\\1/p" \ -e 's/^Enter passphrase for \(.*\): $/\1/p' )" -if [ -z "$identity" ]; then - exec ssh-askpass "$@" +if [ -z "$identity" ] ; then + if command -v ssh-askpass >/dev/null 2>&1 ; then + exec ssh-askpass "$@" + else + ( >&2 echo "failed to parse prompt: $prompt" ) + exit 1 + fi fi password="$SHELLPASS_SSH_DIR/$( basename "$identity" ).gpg" diff --git a/shellpass.1 b/shellpass.1 index 4b26cf5..a8f0d0e 100644 --- a/shellpass.1 +++ b/shellpass.1 @@ -11,12 +11,12 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: May 19 2022 $ +.Dd $Mdocdate: November 8 2022 $ .Dt SHELLPASS 1 .Os .Sh NAME .Nm shellpass -.Nd minimalist password manager for the Korn shell +.Nd minimalist password manager for OpenBSD's Korn shell .Sh SYNOPSIS .Nm shellpass .Ar command @@ -25,11 +25,9 @@ The .Nm utility is a simple password manager built upon -.Xr ksh 1 , -.Xr gpg 1 , -.Xr xclip 1 , +.Xr ksh 1 and -.Xr qrencode 1 . +.Xr gpg 1 . Essentially, it provides transparent access to OpenPGP-encrypted text files. .Pp Warning: This is a toy project. @@ -62,9 +60,11 @@ in .Sh SEE ALSO .Xr gpg 1 , .Xr ksh 1 , +.Xr mktemp 1 , .Xr pass 1 , .Xr qrencode 1 , .Xr vi 1 , +.Xr wl-copy 1 , .Xr xclip 1 .Sh HISTORY The @@ -73,7 +73,7 @@ utility is obviously inspired by .Xr pass 1 . However, .Nm -specifically targets the Korn shell on OpenBSD and implements only an essential +specifically targets OpenBSD's Korn shell and implements only an essential subset of the features of .Xr pass 1 . .Sh AUTHORS @@ -86,9 +86,11 @@ backup, recovery, swap, undo, etc. files. .Sh BUGS The .Ar edit -command assumens that -.Xr rm 1 -is able to overwrite a temporary file in the user-specific TMPDIR or else /tmp -in place. -Consider to use a temporary file system in virtual memory using -.Xr mount_mfs 8 . +command overwrites temporary plaintext files with random data before deleting +them. +Consider to use a use a virtual memory filesystem for TMPDIR respectively /tmp. +See +.Xr mount_mfs 8 +on OpenBSD, or +.Xr tmpfs 5 +on Linux. diff --git a/shellpass.ksh b/shellpass.ksh index 084be0d..6f3651a 100755 --- a/shellpass.ksh +++ b/shellpass.ksh @@ -65,9 +65,16 @@ function clip { fi file="$1" + if [ -n "${WAYLAND_DISPLAY:-}" ] ; then + clip_cmd="wl-copy --paste-once --trim-newline" + else + clip_cmd="xclip -selection clipboard -rmlastnl -loops 1 -silent" + fi + + # shellcheck disable=SC2086 gpg --quiet --decrypt "$file" \ | head -n 1 \ - | nohup xclip -selection clipboard -rmlastnl -loops 1 -silent >/dev/null 2>&1 + | nohup ${clip_cmd} >/dev/null 2>&1 } function edit { @@ -80,10 +87,10 @@ function edit { umask 077 - plaintext="$( mktemp -t )" - trap 'rm -fP "$plaintext"' EXIT ERR INT - encrypted="$( mktemp -t )" - trap 'rm -fP "$plaintext" "$encrypted"' EXIT ERR INT + plaintext="$( mktemp )" + trap 'shred "$plaintext"' EXIT ERR INT + encrypted="$( mktemp )" + trap 'shred "$plaintext" "$encrypted"' EXIT ERR INT if [[ ! -e "$file" ]]; then touch "$plaintext" @@ -98,10 +105,28 @@ function edit { NEXINIT="set backup=" /usr/bin/vi "$plaintext" gpg --quiet --encrypt --recipient "$gpg_id" --output - <"$plaintext" >"$encrypted" - rm -P "$plaintext" + shred "$plaintext" mv "$encrypted" "$file" } +function shred { + if [ "$( uname )" == "OpenBSD" ] ; then + rm -fP -- "$@" + else + for f in "$@" ; do + [ -e "$f" ] && command shred -fun 1 -- "$f" + done + fi +} + +function mktemp { + if [ "$( uname )" == "OpenBSD" ] ; then + command mktemp -t + else + command mktemp --tmpdir + fi +} + function err_exit { print -u2 -- "$*" exit 1 |