Commit d75f2d39 authored by Peter Pentchev's avatar Peter Pentchev

New upstream version 2.8.4

parent d774eefe
/keychain
/keychain.1
/keychain.spec
/keychain.txt
/keychain.1.orig
.idea/
keychain.iml
......@@ -2,7 +2,7 @@
#
# Copyright 2002-2006 Gentoo Foundation http://www.gentoo.org/
# Copyright 2007 Aron Griffis <agriffis@n01se.net>
# Copyright 2009-2015 Funtoo Solutions, Inc.
# Copyright 2009-2017 Funtoo Solutions, Inc.
# lockfile() Copyright 2009 Parallels, Inc.
# Distributed under the GNU General Public License version 2
......@@ -10,7 +10,16 @@
# Originally authored by Daniel Robbins <drobbins@gentoo.org>
# Maintained August 2002 - April 2003 by Seth Chandler <sethbc@gentoo.org>
# Maintained and rewritten April 2004 - July 2007 by Aron Griffis <agriffis@n01se.net>
# Maintained July 2009 - present by Daniel Robbins <drobbins@funtoo.org>
# Maintained July 2009 - September 2017 by Daniel Robbins <drobbins@funtoo.org>
# Maintained September 2017 - present by Ryan Harris <x48rph@gmail.com>
* keychain 2.8.4 (19 Oct 2017)
Summary: Support to GPG2 (Ryan Harris)
Support busybox ps (Alastair Hughes)
Various optimizations
* keychain 2.8.3 (24 Jun 2016)
......@@ -122,7 +131,7 @@
29 Sep 2009; Daniel Robbins <drobbins@funtoo.org>: disable "Identity added"
messages when --quiet is specified (Gentoo bug #250328, thanks to Richard
Laager,) --help will print output to stdout (Gentoo bug #196060, thanks to
Elan Ruusamäe,) output cleanup and colorization changes - moving away from
Elan Ruusame,) output cleanup and colorization changes - moving away from
blue and over to cyan as it displays better terminals with black background.
Also some additional colorization. Version bump to 2.6.10.
......
Introduction to Keychain
IMPORTANT - GitHub Contributors
===============================
Please apply your patches to `keychain.sh`, *not* the generated `keychain`
script, which we are now including in the git repo to facilitate the
distribution of release archives direct from GitHub. The file `keychain` and
related generated file (man pages, spec file) may be out-of-date during active
development. We will regenerate them for official release archives only (those
tagged with the release version.) Thanks!
Please submit Introduction to Keychain
========================
**Official documentation for Keychain can be found on [the official Keychain
......@@ -15,3 +25,4 @@ time your local machine is rebooted. `Keychain` also makes it easy for remote
cron jobs to securely "hook in" to a long running `ssh-agent` process,
allowing your scripts to take advantage of key-based logins.
#!/bin/sh
# Copyright 1999-2005 Gentoo Foundation
# Copyright 2007 Aron Griffis <agriffis@n01se.net>
# Copyright 2009-2017 Funtoo Solutions, Inc.
# lockfile() Copyright 2009 Parallels, Inc.
# Distributed under the terms of the GNU General Public License v2
# Originally authored by Daniel Robbins <drobbins@gentoo.org>
# Maintained August 2002 - April 2003 by Seth Chandler <sethbc@gentoo.org>
# Maintained and rewritten April 2004 - July 2007 by Aron Griffis <agriffis@n01se.net>
# Maintained July 2009 - Sept 2017 by Daniel Robbins <drobbins@funtoo.org>
# Maintained September 2017 - present by Ryan Harris <x48rph@gmail.com>
version=2.8.4
PATH="${PATH:-/usr/bin:/bin:/sbin:/usr/sbin:/usr/ucb}"
maintainer="x48rph@gmail.com"
unset mesglog
unset myaction
unset agentsopt
havelock=false
unset hostopt
ignoreopt=false
noaskopt=false
noguiopt=false
nolockopt=false
lockwait=5
openssh=unknown
sunssh=unknown
confhost=unknown
sshconfig=false
quickopt=false
quietopt=false
clearopt=false
color=true
inheritwhich=local-once
unset stopwhich
unset timeout
unset ssh_timeout
attempts=1
unset sshavail
unset sshkeys
unset gpgkeys
unset mykeys
keydir="${HOME}/.keychain"
unset envf
evalopt=false
queryopt=false
confirmopt=false
absoluteopt=false
systemdopt=false
unset ssh_confirm
unset GREP_OPTIONS
gpg_prog_name="gpg"
BLUE=""
CYAN=""
CYANN=""
GREEN=""
RED=""
PURP=""
OFF=""
# GNU awk and sed have regex issues in a multibyte environment. If any locale
# variables are set, then override by setting LC_ALL
unset pinentry_locale
if [ -n "$LANG$LC_ALL" ] || [ -n "$(locale 2>/dev/null | egrep -v '="?(|POSIX|C)"?$' 2>/dev/null)" ]; then
# save LC_ALL so that pinentry-curses works right. This has always worked
# correctly for me but peper and kloeri had problems with it.
pinentry_lc_all="$LC_ALL"
LC_ALL=C
export LC_ALL
fi
# synopsis: qprint "message"
qprint() {
$quietopt || echo "$*" >&2
}
# synopsis: mesg "message"
# Prettily print something to stderr, honors quietopt
mesg() {
qprint " ${GREEN}*${OFF} $*"
}
# synopsis: warn "message"
# Prettily print a warning to stderr
warn() {
echo " ${RED}* Warning${OFF}: $*" >&2
}
# synopsis: error "message"
# Prettily print an error
error() {
echo " ${RED}* Error${OFF}: $*" >&2
}
# synopsis: die "message"
# Prettily print an error, then abort
die() {
[ -n "$1" ] && error "$*"
qprint
$evalopt && { echo; echo "false;"; }
exit 1
}
# synopsis: versinfo
# Display the version information
versinfo() {
qprint
qprint " Copyright ${CYANN}2002-2006${OFF} Gentoo Foundation;"
qprint " Copyright ${CYANN}2007${OFF} Aron Griffis;"
qprint " Copyright ${CYANN}2009-2017${OFF} Funtoo Solutions, Inc;"
qprint " lockfile() Copyright ${CYANN}2009${OFF} Parallels, Inc."
qprint
qprint " Keychain is free software: you can redistribute it and/or modify"
qprint " it under the terms of the ${CYANN}GNU General Public License version 2${OFF} as"
qprint " published by the Free Software Foundation."
qprint
}
# synopsis: helpinfo
# Display the help information. There's no really good way to use qprint for
# this...
helpinfo() {
cat >&1 <<EOHELP
SYNOPSIS
keychain [ ${GREEN}-hklQqV${OFF} ] [ ${GREEN}--clear${OFF} ${GREEN}--confhost${OFF} ${GREEN}--gpg2${OFF} ${GREEN}--help${OFF} ${GREEN}--ignore-missing${OFF}
${GREEN}--list${OFF} ${GREEN}--noask${OFF} ${GREEN}--nocolor${OFF} ${GREEN}--nogui${OFF} ${GREEN}--nolock${OFF} ${GREEN}--quick${OFF} ${GREEN}--quiet${OFF} ${GREEN}--version${OFF} ]
[ ${GREEN}--agents${OFF} ${CYAN}list${OFF} ] [ ${GREEN}--attempts${OFF} ${CYAN}num${OFF} ] [ ${GREEN}--dir${OFF} ${CYAN}dirname${OFF} ]
[ ${GREEN}--host${OFF} ${CYAN}name${OFF} ] [ ${GREEN}--lockwait${OFF} ${CYAN}seconds${OFF} ]
[ ${GREEN}--stop${OFF} ${CYAN}which${OFF} ] [ ${GREEN}--timeout${OFF} ${CYAN}minutes${OFF} ] [ keys... ]
OPTIONS
${GREEN}--agents${OFF} ${CYAN}list${OFF}
Start the agents listed. By default keychain will start ssh-agent if
it is found in your path. The list should be comma-separated, for
example "gpg,ssh"
${GREEN}--attempts${OFF} ${CYAN}num${OFF}
Try num times to add keys before giving up. The default is 1.
${GREEN}--clear${OFF}
Delete all of ssh-agent's keys. Typically this is used in
.bash_profile. The theory behind this is that keychain should assume
that you are an intruder until proven otherwise. However, while this
option increases security, it still allows your cron jobs to use
your ssh keys when you're logged out.
${GREEN}--confhost${OFF}
By default, keychain will look for key pairs in the ~/.ssh/
directory. The ${GREEN}--confhost${OFF} option will inform keychain to look in
~/.ssh/config for IdentityFile settings defined for particular
hosts, and use these paths to locate keys.
${GREEN}--confirm${OFF}
Keys are subject to interactive confirmation by the SSH_ASKPASS
program before being used for authentication. See the ${GREEN}-c${OFF} option for
ssh-add(1).
${GREEN}--absolute${OFF}
Any arguments to "--dir" are interpreted to be absolute. The default
behavior is to append "/.keychain" to the argument for backwards
compatibility.
${GREEN}--dir${OFF} ${CYAN}dirname${OFF}
Keychain will use dirname rather than \$HOME/.keychain
${GREEN}--query${OFF}
Keychain will print lines in KEY=value format representing the
values which are set by the agents.
${GREEN}--eval${OFF}
Keychain will print lines to be evaluated in the shell on stdout. It
respects the SHELL environment variable to determine if Bourne shell
or C shell output is expected.
${GREEN}--env${OFF} ${CYAN}filename${OFF}
After parsing options, keychain will load additional environment
settings from "filename". By default, if "--env" is not given, then
keychain will attempt to load from ~/.keychain/[hostname]-env or
alternatively ~/.keychain/env. The purpose of this file is to
override settings such as PATH, in case ssh is stored in a
non-standard place.
${GREEN}--gpg2${OFF}
This option changes the default gpg calls to use gpg2 instead to
support distributions such as Ubuntu which has both gpg and gpg2
${GREEN}-h${OFF} ${GREEN}--help${OFF}
Show help that looks remarkably like this man-page. As of 2.6.10,
help is sent to stdout so it can be easily piped to a pager.
${GREEN}--host${OFF} ${CYAN}name${OFF}
Set alternate hostname for creation of pidfiles
${GREEN}--ignore-missing${OFF}
Don't warn if some keys on the command-line can't be found. This is
useful for situations where you have a shared .bash_profile, but
your keys might not be available on every machine where keychain is
run.
${GREEN}--inherit${OFF} ${CYAN}which${OFF}
Attempt to inherit agent variables from the environment. This can be
useful in a variety of circumstances, for example when ssh-agent is
started by gdm. The following values are valid for "which":
local Inherit when a pid (e.g. SSH_AGENT_PID) is set in the
environment. This disallows inheriting a forwarded
agent.
any Inherit when a sock (e.g. SSH_AUTH_SOCK) is set in the
environment. This allows inheriting a forwarded agent.
local-once Same as "local", but only inherit if keychain isn't
already providing an agent.
any-once Same as "any", but only inherit if keychain isn't
already providing an agent.
By default, keychain-2.5.0 and later will behave as if "--inherit
local-once" is specified. You should specify "--noinherit" if you
want the older behavior.
${GREEN}-l${OFF} ${GREEN}--list${OFF}
List signatures of all active SSH keys, and exit, similar to
"ssh-add ${GREEN}-l${OFF}".
${GREEN}-L${OFF} ${GREEN}--list-fp${OFF}
List fingerprints of all active SSH keys, and exit, similar to
"ssh-add ${GREEN}-L${OFF}".
${GREEN}--lockwait${OFF} ${CYAN}seconds${OFF}
How long to wait for the lock to become available. Defaults to 5
seconds. Specify a value of zero or more. If the lock cannot be
acquired within the specified number of seconds, then this keychain
process will forcefully acquire the lock.
${GREEN}--noask${OFF}
This option tells keychain do everything it normally does (ensure
ssh-agent is running, set up the ~/.keychain/[hostname]-{c}sh files)
except that it will not prompt you to add any of the keys you
specified if they haven't yet been added to ssh-agent.
${GREEN}--nocolor${OFF}
Disable color hilighting for non ANSI-compatible terms.
${GREEN}--nogui${OFF}
Don't honor SSH_ASKPASS, if it is set. This will cause ssh-add to
prompt on the terminal instead of using a graphical program.
${GREEN}--noinherit${OFF}
Don't inherit any agent processes, overriding the default "--inherit
local-once"
${GREEN}--nolock${OFF}
Don't attempt to use a lockfile while manipulating files, pids and
keys.
${GREEN}-k${OFF} ${GREEN}--stop${OFF} ${CYAN}which${OFF}
Kill currently running agent processes. The following values are
valid for "which":
all Kill all agent processes and quit keychain immediately.
Prior to keychain-2.5.0, this was the behavior of the bare
"--stop" option.
others Kill agent processes other than the one keychain is
providing. Prior to keychain-2.5.0, keychain would do this
automatically. The new behavior requires that you specify
it explicitly if you want it.
mine Kill keychain's agent processes, leaving other agents
alone.
${GREEN}--systemd${OFF}
Inject environment variables into the systemd ${GREEN}--user${OFF} session.
${GREEN}-Q${OFF} ${GREEN}--quick${OFF}
If an ssh-agent process is running then use it. Don't verify the
list of keys, other than making sure it's non-empty. This option
avoids locking when possible so that multiple terminals can be
opened simultaneously without waiting on each other.
${GREEN}-q${OFF} ${GREEN}--quiet${OFF}
Only print messages in case of warning, error or required
interactivity. As of version 2.6.10, this also suppresses
"Identities added" messages for ssh-agent.
${GREEN}--timeout${OFF} ${CYAN}minutes${OFF}
Allows a timeout to be set for identities added to ssh-agent. When
this option is used with a keychain invocation that starts ssh-agent
itself, then keychain uses the appropriate ssh-agent option to set
the default timeout for ssh-agent. The ${GREEN}--timeout${OFF} option also gets
passed to ssh-add invocations, so any keys added to a running
ssh-agent will be individually configured to have the timeout
specified, overriding any ssh-agent default.
Most users can simply use the timeout setting they desire and get
the result they want ${GREEN}--${OFF} with all identities having the specified
timeout, whether added by keychain or not. More advanced users can
use one invocation of keychain to set the default timeout, and
optionally set different timeouts for keys added by using a
subsequent invocation of keychain.
${GREEN}-V${OFF} ${GREEN}--version${OFF}
Show version information.
EOHELP
}
# synopsis: testssh
# Figure out which ssh is in use, set the global boolean $openssh and $sunssh
testssh() {
# Query local host for SSH application, presently supporting
# OpenSSH, Sun SSH, and ssh.com
openssh=false
sunssh=false
case "$(ssh -V 2>&1)" in
*OpenSSH*) openssh=true ;;
*Sun?SSH*) sunssh=true ;;
esac
}
# synopsis: getuser
# Set the global string $me
getuser() {
# id -un gives euid, which might be different from USER or LOGNAME
me=$(id -un) || die "Who are you? id -un doesn't know..."
}
# synopsis: getos
# Set the global string $OSTYPE
getos() {
OSTYPE=$(uname) || die 'uname failed'
}
# synopsis: verifykeydir
# Make sure the key dir is set up correctly. Exits on error.
verifykeydir() {
# Create keydir if it doesn't exist already
if [ -f "${keydir}" ]; then
die "${keydir} is a file (it should be a directory)"
# Solaris 9 doesn't have -e; using -d....
elif [ ! -d "${keydir}" ]; then
( umask 0077 && mkdir "${keydir}"; ) || die "can't create ${keydir}"
fi
}
lockfile() {
# This function originates from Parallels Inc.'s OpenVZ vpsreboot script
# Description: This function attempts to acquire the lock. If it succeeds,
# it returns 0. If it fails, it returns 1. This function retuns immediately
# and only tries to acquire the lock once.
local tmpfile="$lockf.$$"
echo $$ >"$tmpfile" 2>/dev/null || exit
if ln "$tmpfile" "$lockf" 2>/dev/null; then
rm -f "$tmpfile"
havelock=true && return 0
fi
if kill -0 $(cat $lockf 2>/dev/null) 2>/dev/null; then
rm -f "$tmpfile"
return 1
fi
if ln "$tmpfile" "$lockf" 2>/dev/null; then
rm -f "$tmpfile"
havelock=true && return 0
fi
rm -f "$tmpfile" "$lockf" && return 1
}
takelock() {
# Description: This function calls lockfile() multiple times if necessary
# to try to acquire the lock. It returns 0 on success and 1 on failure.
# Change in behavior: if timeout expires, we will forcefully acquire lock.
[ "$havelock" = "true" ] && return 0
[ "$nolockopt" = "true" ] && return 0
# First attempt:
lockfile && return 0
local counter=0
mesg "Waiting $lockwait seconds for lock..."
while [ "$counter" -lt "$(( $lockwait * 2 ))" ]
do
lockfile && return 0
sleep 0.5; counter=$(( $counter + 1 ))
done
rm -f "$lockf" && lockfile && return 0
return 1
}
# synopsis: droplock
# Drops the lock if we're holding it.
droplock() {
$havelock && [ -n "$lockf" ] && rm -f "$lockf"
}
# synopsis: findpids [prog]
# Returns a space-separated list of agent pids.
# prog can be ssh or gpg, defaults to ssh. Note that if another prog is ever
# added, need to pay attention to the length for Solaris compatibility.
findpids() {
fp_prog=${1-ssh}
unset fp_psout
# Different systems require different invocations of ps. Try to generalize
# the best we can. The only requirement is that the agent command name
# appears in the line, and the PID is the first item on the line.
[ -n "$OSTYPE" ] || getos
# Try systems where we know what to do first
case "$OSTYPE" in
AIX|*bsd*|*BSD*|CYGWIN|darwin*|Linux|linux-gnu|OSF1)
fp_psout=$(ps x 2>/dev/null) ;; # BSD syntax
HP-UX)
fp_psout=$(ps -u $me 2>/dev/null) ;; # SysV syntax
SunOS)
case $(uname -r) in
[56]*)
fp_psout=$(ps -u $me 2>/dev/null) ;; # SysV syntax
*)
fp_psout=$(ps x 2>/dev/null) ;; # BSD syntax
esac ;;
GNU|gnu)
fp_psout=$(ps -g 2>/dev/null) ;; # GNU Hurd syntax
esac
# If we didn't get a match above, try a list of possibilities...
# The first one will probably fail on systems supporting only BSD syntax.
if [ -z "$fp_psout" ]; then
fp_psout=$(UNIX95=1 ps -u $me -o pid,comm 2>/dev/null | grep '^ *[0-9]')
[ -z "$fp_psout" ] && fp_psout=$(ps x 2>/dev/null)
[ -z "$fp_psout" ] && fp_psout=$(ps w 2>/dev/null) # Busybox syntax
fi
# Return the list of pids; ignore case for Cygwin.
# Check only 8 characters since Solaris truncates at that length.
# Ignore defunct ssh-agents (bug 28599)
if [ -n "$fp_psout" ]; then
echo "$fp_psout" | \
awk "BEGIN{IGNORECASE=1} /defunct/{next}
/$fp_prog-[a]gen/{print \$1}" | xargs
return 0
fi
# If none worked, we're stuck
error "Unable to use \"ps\" to scan for $fp_prog-agent processes"
error "Please report to $maintainer via http://bugs.gentoo.org"
return 1
}
# synopsis: stopagent [prog]
# --stop tells keychain to kill the existing agent(s)
# prog can be ssh or gpg, defaults to ssh.
stopagent() {
stop_prog=${1-ssh}
eval stop_except=\$\{${stop_prog}_agent_pid\}
stop_mypids=$(findpids "$stop_prog")
[ $? = 0 ] || die
if [ -z "$stop_mypids" ]; then
mesg "No $stop_prog-agent(s) found running"
return 0
fi
case "$stopwhich" in
all)
kill $stop_mypids >/dev/null 2>&1
mesg "All ${CYANN}$me${OFF}'s $stop_prog-agents stopped: ${CYANN}$stop_mypids${OFF}"
;;
others)
# Try to handle the case where we *will* inherit a pid
kill -0 $stop_except >/dev/null 2>&1
if [ -z "$stop_except" -o $? != 0 -o \
"$inheritwhich" = local -o "$inheritwhich" = any ]; then
if [ "$inheritwhich" != none ]; then
eval stop_except=\$\{inherit_${stop_prog}_agent_pid\}
kill -0 $stop_except >/dev/null 2>&1
if [ -z "$stop_except" -o $? != 0 ]; then
# Handle ssh2
eval stop_except=\$\{inherit_${stop_prog}2_agent_pid\}
fi
fi
fi
# Filter out the running agent pid
unset stop_mynewpids
for stop_x in $stop_mypids; do
[ $stop_x -eq $stop_except ] 2>/dev/null && continue
stop_mynewpids="${stop_mynewpids+$stop_mynewpids }$stop_x"
done
if [ -n "$stop_mynewpids" ]; then
kill $stop_mynewpids >/dev/null 2>&1
mesg "Other ${CYANN}$me${OFF}'s $stop_prog-agents stopped: ${CYANN}$stop_mynewpids${OFF}"
else
mesg "No other $stop_prog-agent(s) than keychain's $stop_except found running"
fi
;;
mine)
if [ $stop_except -gt 0 ] 2>/dev/null; then
kill $stop_except >/dev/null 2>&1
mesg "Keychain $stop_prog-agents stopped: ${CYANN}$stop_except${OFF}"
else
mesg "No keychain $stop_prog-agent found running"
fi
;;
esac
# remove pid files if keychain-controlled
if [ "$stopwhich" != others ]; then
if [ "$stop_prog" != ssh ]; then
rm -f "${pidf}-$stop_prog" "${cshpidf}-$stop_prog" "${fishpidf}-$stop_prog" 2>/dev/null
else
rm -f "${pidf}" "${cshpidf}" "${fishpidf}" 2>/dev/null
fi
eval unset ${stop_prog}_agent_pid
fi
}
# synopsis: inheritagents
# Save agent variables from the environment before they get wiped out
inheritagents() {
# Verify these global vars are null
unset inherit_ssh_auth_sock inherit_ssh_agent_pid
unset inherit_ssh2_auth_sock inherit_ssh2_agent_sock
unset inherit_gpg_agent_info inherit_gpg_agent_pid
# Save variables so we can inherit a running agent
if [ "$inheritwhich" != none ]; then
if wantagent ssh; then
if [ -n "$SSH_AUTH_SOCK" ]; then
inherit_ssh_auth_sock="$SSH_AUTH_SOCK"
inherit_ssh_agent_pid="$SSH_AGENT_PID"
fi
if [ -n "$SSH2_AUTH_SOCK" ]; then
inherit_ssh2_auth_sock="$SSH2_AUTH_SOCK"
inherit_ssh2_agent_pid="$SSH2_AGENT_PID"
fi
fi
if wantagent gpg; then
if [ -n "$GPG_AGENT_INFO" ]; then
inherit_gpg_agent_info="$GPG_AGENT_INFO"
inherit_gpg_agent_pid=$(echo "$GPG_AGENT_INFO" | cut -f2 -d:)
# GnuPG v.2.1+ removes $GPG_AGENT_INFO
elif [ -S "${GNUPGHOME:=$HOME/.gnupg}/S.gpg-agent" ]; then
inherit_gpg_agent_pid=$(findpids "${gpg_prog_name}")
inherit_gpg_agent_info="$GNUPGHOME/S.gpg-agent:${inherit_gpg_agent_pid}:1"
fi
fi
fi
}
# synopsis: validinherit
# Test inherit_* variables for validity
validinherit() {
vi_agent="$1"
vi_status=0
if [ "$vi_agent" = ssh ]; then
if [ -n "$inherit_ssh_auth_sock" ]; then
ls "$inherit_ssh_auth_sock" >/dev/null 2>&1
if [ $? != 0 ]; then
warn "SSH_AUTH_SOCK in environment is invalid; ignoring it"
unset inherit_ssh_auth_sock inherit_ssh_agent_pid
vi_status=1
fi
fi
if [ -n "$inherit_ssh2_auth_sock" ]; then
ls "$inherit_ssh2_auth_sock" >/dev/null 2>&1
if [ $? != 0 ]; then
warn "SSH2_AUTH_SOCK in environment is invalid; ignoring it"
unset inherit_ssh2_auth_sock inherit_ssh2_agent_pid
vi_status=1
fi
fi
elif [ "$vi_agent" = gpg ]; then
if [ -n "$inherit_gpg_agent_pid" ]; then
kill -0 "$inherit_gpg_agent_pid" >/dev/null 2>&1
if [ $? != 0 ]; then
unset inherit_gpg_agent_pid inherit_gpg_agent_info
warn "GPG_AGENT_INFO in environment is invalid; ignoring it"
vi_status=1
fi
fi
fi
return $vi_status
}
# synopsis: catpidf_shell shell agents...
# cat the pid files for the given agents. This is used by loadagents and also
# for keychain output when --eval is given.
catpidf_shell() {
case "$1" in
*/fish|fish) cp_pidf="$fishpidf" ;;
*csh) cp_pidf="$cshpidf" ;;
*) cp_pidf="$pidf" ;;
esac
shift
for cp_a in "$@"; do
case "${cp_a}" in
ssh) [ -f "$cp_pidf" ] && cat "$cp_pidf" ;;
*) [ -f "${cp_pidf}-$cp_a" ] && cat "${cp_pidf}-$cp_a" ;;
esac
echo
done
return 0
}
# synopsis: catpidf agents...
# cat the pid files for the given agents, appropriate for the current value of
# $SHELL. This is used for keychain output when --eval is given.
catpidf() {
catpidf_shell "$SHELL" "$@"
}
# synopsis: loadagents agents...
# Load agent variables from $pidf and copy implementation-specific environment
# variables into generic global strings
loadagents() {
for la_a in "$@"; do
case "$la_a" in
ssh)
unset SSH_AUTH_SOCK SSH_AGENT_PID SSH2_AUTH_SOCK SSH2_AGENT_PID
eval "$(catpidf_shell sh $la_a)"
if [ -n "$SSH_AUTH_SOCK" ]; then
ssh_auth_sock=$SSH_AUTH_SOCK
ssh_agent_pid=$SSH_AGENT_PID
elif [ -n "$SSH2_AUTH_SOCK" ]; then
ssh_auth_sock=$SSH2_AUTH_SOCK
ssh_agent_pid=$SSH2_AGENT_PID
else
unset ssh_auth_sock ssh_agent_pid
fi
;;
gpg)
unset GPG_AGENT_INFO
eval "$(catpidf_shell sh $la_a)"
if [ -n "$GPG_AGENT_INFO" ]; then
la_IFS="$IFS" # save current IFS
IFS=':' # set IFS to colon to separate PATH
set -- $GPG_AGENT_INFO
IFS="$la_IFS" # restore IFS
gpg_agent_pid=$2
fi
;;
*)
eval "$(catpidf_shell sh $la_a)"
;;
esac
done
return 0
}
# synopsis: startagent [prog]
# Starts an agent if it isn't already running.
# Requires $ssh_agent_pid
startagent() {
start_prog=${1-ssh}
start_proto=${2-${start_prog}}
unset start_pid
start_inherit_pid=none
start_mypids=$(findpids "$start_prog")
[ $? = 0 ] || die
# Unfortunately there isn't much way to genericize this without introducing
# a lot more supporting code/structures.
if [ "$start_prog" = ssh ]; then
start_pidf="$pidf"
start_cshpidf="$cshpidf"
start_fishpidf="$fishpidf"
start_pid="$ssh_agent_pid"
if [ -n "$inherit_ssh_auth_sock" -o -n "$inherit_ssh2_auth_sock"