From 98b870bc730a7d22ccd6254c0a73bbe49f48f37e Mon Sep 17 00:00:00 2001
From: "Rick Farina (Zero_Chaos)" <zerochaos@gentoo.org>
Date: Mon, 21 Oct 2024 02:11:35 -0400
Subject: [PATCH 1/2] zero-system: auto add ssh keys from my yubikeys

---
 pentoo/zero-system/files/TODO                 | 12 ------
 pentoo/zero-system/files/zshrc                | 39 +++++++++++++++++--
 ....3.ebuild => zero-system-2024.3-r1.ebuild} |  1 +
 3 files changed, 37 insertions(+), 15 deletions(-)
 delete mode 100644 pentoo/zero-system/files/TODO
 rename pentoo/zero-system/{zero-system-2024.3.ebuild => zero-system-2024.3-r1.ebuild} (99%)

diff --git a/pentoo/zero-system/files/TODO b/pentoo/zero-system/files/TODO
deleted file mode 100644
index ef1de638b1..0000000000
--- a/pentoo/zero-system/files/TODO
+++ /dev/null
@@ -1,12 +0,0 @@
-#automatically handle ssh key when missing
-#this only checks green key and should check red
-if [ ! -r ~/.ssh/id_ed25519_sk_rk_yk5cgreen ] && [ ! -r ~/.ssh/id_ed25519_sk_yk5cgreen ]; then
-  if lsusb -d 1050:0407 > /dev/null 2>&1; then
-    sshkey -K
-  fi
-fi
-
-#Check if we need to do this somehow?
-if lsusb -d 1050:0407 > /dev/null 2>&1; then
-  gpg-connect-agent "scd serialno" "learn --force" /bye
-fi
diff --git a/pentoo/zero-system/files/zshrc b/pentoo/zero-system/files/zshrc
index 3b083f9e47..aa3f8f529f 100644
--- a/pentoo/zero-system/files/zshrc
+++ b/pentoo/zero-system/files/zshrc
@@ -59,17 +59,50 @@ bindkey "\eOF" end-of-line
 #bindkey "\eOc" forward-word 
 
 if [ "${USER}" != "root" ]; then
+  card="unknown"
   if [ ! -r ~/.ssh/id_ed25519_sk_green ] && [ ! -r id_ed25519_sk_rk_yk5cgreen ]; then
-    printf "This system is missing your yk5cgreen primary key file\n"
+    if lsusb -d 1050:0407 > /dev/null 2>&1; then
+      if [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489729" ]; then
+        card="green"
+        mkdir -p "${HOME}/.ss"
+        cd "${HOME}/.ssh"
+        ssh-keygen -K
+        cd "${OLDPWD}"
+      fi
+    fi
+    if [ "${card}" != "green" ]; then
+      printf "This system is missing your yk5cgreen primary key file\n"
+    fi
   fi
   if [ ! -r ~/.ssh/id_ed25519_sk_red ] && [ ! -r id_ed25519_sk_rk_yk5cred ]; then
-    printf "This system is missing your yk5cred backup key file\n"
+    if lsusb -d 1050:0407 > /dev/null 2>&1; then
+      if [ "${card}" = "unknown" ] && [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489728" ]; then
+        card="red"
+        mkdir -p "${HOME}/.ss"
+        cd "${HOME}/.ssh"
+        ssh-keygen -K
+        cd "${OLDPWD}"
+      fi
+    fi
+    if [  "${card}" != "red" ]; then
+      printf "This system is missing your yk5cred backup key file\n"
+    fi
   fi
   if [ ! -r ~/.ssh/gentoo_rsa ]; then
     printf "This system is missing your old key gentoo_rsa\n"
   fi
-
   eval $(keychain --eval --ignore-missing ~/.ssh/id_ed25519_sk_green ~/.ssh/id_ed25519_sk_rk_yk5cgreen ~/.ssh/id_ed25519_sk_red ~/.ssh/id_ed25519_sk_rk_yk5cred ~/.ssh/gentoo_rsa)
+
+  # https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#notes
+  ## This doesn't work but it should?
+  # running "scd serialno" "learn --force" once on a new system finds the first card, but running again doesn't successfully change the card
+  #if [ "${card}" = "green" ] && ! gpg-connect-agent 'keyinfo --list' /bye | grep -q 'D2760001240100000006204897290000'; then
+  #  gpg-connect-agent killagent /bye
+  #  gpg-connect-agent "scd serialno" "learn --force" /bye
+  #elif [ "${card}" = "red" ] && ! gpg-connect-agent 'keyinfo --list' /bye | grep -q 'D2760001240100000006204897280000'; then
+  #  gpg-connect-agent killagent /bye
+  #  gpg-connect-agent "scd serialno" "learn --force" /bye
+  #fi
   GPG_TTY=$(tty)
 fi
 
diff --git a/pentoo/zero-system/zero-system-2024.3.ebuild b/pentoo/zero-system/zero-system-2024.3-r1.ebuild
similarity index 99%
rename from pentoo/zero-system/zero-system-2024.3.ebuild
rename to pentoo/zero-system/zero-system-2024.3-r1.ebuild
index 554bedb07b..c872139d9d 100644
--- a/pentoo/zero-system/zero-system-2024.3.ebuild
+++ b/pentoo/zero-system/zero-system-2024.3-r1.ebuild
@@ -15,6 +15,7 @@ IUSE="dev lto minimal nu printer naga"
 RDEPEND="
 	app-shells/zsh
 	net-misc/keychain
+	sys-auth/ykpers
 	!minimal? (
 		dev? (
 			app-crypt/glep63-check

From 4b7b54b8e8b9999a648251c4e112e69e7c573e7f Mon Sep 17 00:00:00 2001
From: "Rick Farina (Zero_Chaos)" <zerochaos@gentoo.org>
Date: Mon, 21 Oct 2024 02:35:59 -0400
Subject: [PATCH 2/2] zero-system: check the path correctly

---
 pentoo/zero-system/files/zshrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pentoo/zero-system/files/zshrc b/pentoo/zero-system/files/zshrc
index aa3f8f529f..23f23bdb8d 100644
--- a/pentoo/zero-system/files/zshrc
+++ b/pentoo/zero-system/files/zshrc
@@ -60,7 +60,7 @@ bindkey "\eOF" end-of-line
 
 if [ "${USER}" != "root" ]; then
   card="unknown"
-  if [ ! -r ~/.ssh/id_ed25519_sk_green ] && [ ! -r id_ed25519_sk_rk_yk5cgreen ]; then
+  if [ ! -r ~/.ssh/id_ed25519_sk_green ] && [ ! -r ~/.ssh/id_ed25519_sk_rk_yk5cgreen ]; then
     if lsusb -d 1050:0407 > /dev/null 2>&1; then
       if [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489729" ]; then
         card="green"
@@ -74,7 +74,7 @@ if [ "${USER}" != "root" ]; then
       printf "This system is missing your yk5cgreen primary key file\n"
     fi
   fi
-  if [ ! -r ~/.ssh/id_ed25519_sk_red ] && [ ! -r id_ed25519_sk_rk_yk5cred ]; then
+  if [ ! -r ~/.ssh/id_ed25519_sk_red ] && [ ! -r ~/.ssh/id_ed25519_sk_rk_yk5cred ]; then
     if lsusb -d 1050:0407 > /dev/null 2>&1; then
       if [ "${card}" = "unknown" ] && [ -x "$(command -v ykinfo)" ] && [ "$(ykinfo -s -q)" = "20489728" ]; then
         card="red"