Skip to content

Commit

Permalink
Merge pull request #2129 from pentoo/zero-system
Browse files Browse the repository at this point in the history 
zero-system: auto add ssh keys from my yubikeys
  • Loading branch information
@github-actions
github-actions[bot] authored Oct 21, 2024
2 parents 35d77f9 + 4b7b54b commit 67760ed
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 17 deletions.
12 changes: 0 additions & 12 deletions pentoo/zero-system/files/TODO
View file

This file was deleted.

43 changes: 38 additions & 5 deletions pentoo/zero-system/files/zshrc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,17 +59,50 @@ bindkey "\eOF" end-of-line
#bindkey "\eOc" forward-word

if [ "${USER}" != "root" ]; then
if [ ! -r ~/.ssh/id_ed25519_sk_green ] && [ ! -r id_ed25519_sk_rk_yk5cgreen ]; then
printf "This system is missing your yk5cgreen primary key file\n"
card="unknown"
if [ ! -r ~/.ssh/id_ed25519_sk_green ] && [ ! -r ~/.ssh/id_ed25519_sk_rk_yk5cgreen ]; then
if lsusb -d 1050:0407 > /dev/null 2>&1; then
if [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489729" ]; then
card="green"
mkdir -p "${HOME}/.ss"
cd "${HOME}/.ssh"
ssh-keygen -K
cd "${OLDPWD}"
fi
fi
if [ "${card}" != "green" ]; then
printf "This system is missing your yk5cgreen primary key file\n"
fi
fi
if [ ! -r ~/.ssh/id_ed25519_sk_red ] && [ ! -r id_ed25519_sk_rk_yk5cred ]; then
printf "This system is missing your yk5cred backup key file\n"
if [ ! -r ~/.ssh/id_ed25519_sk_red ] && [ ! -r ~/.ssh/id_ed25519_sk_rk_yk5cred ]; then
if lsusb -d 1050:0407 > /dev/null 2>&1; then
if [ "${card}" = "unknown" ] && [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489728" ]; then
card="red"
mkdir -p "${HOME}/.ss"
cd "${HOME}/.ssh"
ssh-keygen -K
cd "${OLDPWD}"
fi
fi
if [ "${card}" != "red" ]; then
printf "This system is missing your yk5cred backup key file\n"
fi
fi
if [ ! -r ~/.ssh/gentoo_rsa ]; then
printf "This system is missing your old key gentoo_rsa\n"
fi

eval $(keychain --eval --ignore-missing ~/.ssh/id_ed25519_sk_green ~/.ssh/id_ed25519_sk_rk_yk5cgreen ~/.ssh/id_ed25519_sk_red ~/.ssh/id_ed25519_sk_rk_yk5cred ~/.ssh/gentoo_rsa)

# https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#notes
## This doesn't work but it should?
# running "scd serialno" "learn --force" once on a new system finds the first card, but running again doesn't successfully change the card
#if [ "${card}" = "green" ] && ! gpg-connect-agent 'keyinfo --list' /bye | grep -q 'D2760001240100000006204897290000'; then
# gpg-connect-agent killagent /bye
# gpg-connect-agent "scd serialno" "learn --force" /bye
#elif [ "${card}" = "red" ] && ! gpg-connect-agent 'keyinfo --list' /bye | grep -q 'D2760001240100000006204897280000'; then
# gpg-connect-agent killagent /bye
# gpg-connect-agent "scd serialno" "learn --force" /bye
#fi
GPG_TTY=$(tty)
fi

Expand Down
1 change: 1 addition & 0 deletions pentoo/zero-system/zero-system-2024.3.ebuild → .../zero-system/zero-system-2024.3-r1.ebuild
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ IUSE="dev lto minimal nu printer naga"
RDEPEND="
app-shells/zsh
net-misc/keychain
sys-auth/ykpers
!minimal? (
dev? (
app-crypt/glep63-check
Expand Down

0 comments on commit 67760ed

Please sign in to comment.