jakob/myshellconfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' of git://git.schuerz.at/public/myshellconfig

Browse source
This commit is contained in:
Jakobus Schürz 2021-09-11 23:30:57 +02:00
commit a19afef6b2
28 changed files with 218 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -58,3 +58,6 @@
[submodule "vim/pack/plugins/start/vim-gnupg"]
path = vim/pack/plugins/start/vim-gnupg
url = https://github.com/jamessan/vim-gnupg
[submodule "vim/pack/plugins/start/vim-soa"]
path = vim/pack/plugins/start/vim-soa
url = git@git.schuerz.at:/public/vim-soa.git

2
aliases
View file

@ -13,6 +13,8 @@ alias cdlastfiledir='cd $(history -p \!\!:$:h)'
#alias ssh='function f() { trap "reset; stty sane; tput rs1; clear; echo -e \"\033c\"" EXIT ; ssh $@; }; f $@'
alias s='sshs $(history -p \!ssh:$:t)'
alias sexit='ssh -O exit $(history -p \!ssh:$:t)'
alias remountshared='sudo systemctl restart media-remote-sharefs-userdata.mount'
alias umountshared='sudo systemctl stop media-remote-sharefs-userdata.mount'

9
bashrc_add
View file

@ -67,8 +67,13 @@ if [[ $- = *i* ]] ; then
# load logging functions
. ${MSC_BASE}/logging
# PKCS11_MODULE for etoken/smartcard authentification
[ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && PKCS11_MODULE=$(whereis p11-kit-proxy.so|awk '{print $2}')
# P11M for etoken/smartcard authentification
# which dnf >/dev/null 2>&1 [ -z "${P11M+x}" ] && P11M="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
# which dpkg >/dev/null 2>&1 && [ -z "${P11M+x}" ] && P11M="$(dpkg -L p11-kit-modules|grep \/p11-kit-proxy.so\$ | head -1)"
[ -z "${PKCS11_MODULE:+x}" ] && [ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && export PKCS11_MODULE=$(whereis p11-kit-proxy.so|awk '{print $2}' || { echo "p11-kit-proxy not installed, unset KCS11_MODULE"; unset PKCS11_MODULE; })
[ -z "${P11M:+x}" ] && [ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && export P11M=$(whereis p11-kit-proxy.so|awk '{print $2}' || { echo "p11-kit-proxy not forwarded by ssh or installed, unset P11M"; unset P11M; })
# Basics
[ -z "${VISUAL+x}" ] && export VISUAL=vim

8
bin/exif-fixdatetime
View file

@ -2,8 +2,6 @@
[ type loginfo > /dev/null 2>&1 ] || . $(dirname $0)/../logging
export SCRIPT_LOG=./$(basename $0).log
export LOGFILE=./$(basename $0).move.log
[ -z "${move+x}" ] && move=false
[ -z "${forcedate+x}" ] && forcedate=false
[ -z "${setdate+x}" ] && setdate=true
@ -236,6 +234,7 @@ run_fix () {
case $move in
true)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool '-Directory<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m -if '($CreateDate)' "$file" 2>&1 |tee -a ${LOGFILE})"
@ -244,6 +243,7 @@ run_fix () {
fi
;;
copy)
export UMASK=002
echo copy to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -o . '-Directory<DateTimeOriginal' -d ${dest}/${MIMEDEST}/%Y/%Y_%m -if '($datetimeoriginal)' "$file" 2>&1 |tee -a ${LOGFILE})"
@ -262,6 +262,7 @@ run_fix () {
fi
;;
rename)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -v '-FileName<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m/%Y%m%d_%H%M%S%%-c.%%e -if '($CreateDate)' "$file" 2>&1 | tee -a ${LOGFILE})"
@ -270,6 +271,7 @@ run_fix () {
fi
;;
copyrename)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -o . '-FileName<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m/%Y%m%d_%H%M%S%%-c.%%e -if '($CreateDate)' "$file" 2>&1 | tee -a ${LOGFILE})"
@ -327,6 +329,8 @@ else
all=$(find ${maxdepth:+-maxdepth} ${maxdepth:+$maxdepth} -type f |grep -i ".jpg$\|.jpeg$\|.mp4$\|.mov$\|.png$\|.3gp$\|.gif$"|wc -l)
find ${maxdepth:+-maxdepth} ${maxdepth:+$maxdepth} -type f |grep -i ".jpg$\|.jpeg$\|.mp4$\|.mov$\|.png$\|.3gp$\|.gif$"|while read file; do
let "i=i+1"
export SCRIPT_LOG=./$(basename $0).log
export LOGFILE=./$(basename $0).move.log
loginfo "$i/$all"
run_fix "$file"
done

7
bin/git-myshellconfig-checkout
View file

@ -18,7 +18,7 @@
#MSC_LOGFILE="${MSC_LOGDIR}/git.log"
[ -d "${MSC_LOGDIR}" ] || mkdir -p "${MSC_LOGDIR}"
[ -z "${MSC_GIT_REMOTE_NAME+x}" ] && export MSC_GIT_REMOTE_NAME=origin
[ -z "${MSC_GIT_BRANCH+x}" ] && export MSC_GIT_BRANCH=master
[ -z "${MSC_GIT_BRANCH:+x}" ] && export MSC_GIT_BRANCH=master
@ -65,9 +65,7 @@ while [ $# -gt 0 ]; do
esac
done
# If MSC_GIT_TAG is set, checkout is always headless.
logwarn "git PRE: ${PRE}"
[ -z "${MSC_GIT_TAG:+x}" ] || { export MSC_GIT_BRANCH=${MSC_GIT_TAG}; export PRE=""; echo "DEBUG"; }
logwarn "git PRE: ${PRE}"
# Output
#echo -n " remote: ${MSC_GIT_REMOTE_NAME}, branch: ${MSC_GIT_BRANCH}: "
@ -92,6 +90,7 @@ fi
#echo $SGIT fetch ${MSC_GIT_REMOTE_NAME} -p 1>&2
if $dorepoupdate; then
loginfo "fetch repo${dosubmodupdate:+ and submodules}"
#$SGIT fetch ${dosubmodupdate:+--recurse-submodules} ${MSC_GIT_REMOTE_NAME} -p 2>>"${MSC_LOGFILE}"|| { logwarn fetch failed; gitupdateend; exit 1; }
$SGIT fetch ${dosubmodupdate:+--recurse-submodules} ${MSC_GIT_REMOTE_NAME} -p 2>>"${MSC_LOGFILE}"|| { logwarn fetch failed; gitupdateend; exit 1; }
if ${dosubmodupdate:-false}; then
lastupdatesubmodules
@ -101,7 +100,7 @@ if $dorepoupdate; then
if $SGIT diff-index --ignore-submodules --exit-code HEAD -- >> "${MSC_LOGFILE}" ; then
cat << EOF >> "${MSC_LOGFILE}"
no changes in local repo
$SGIT checkout repo ${PRE}${PRE:+/}${MSC_GIT_BRANCH}
$SGIT checkout ${PRE}${PRE:+/}${MSC_GIT_BRANCH}
EOF
$SGIT checkout ${PRE}${PRE:+/}${MSC_GIT_BRANCH} 1>>"${MSC_LOGFILE}" 2>>"${MSC_LOGFILE}"|| { gitupdateend; exit 2; }
$SGIT merge FETCH_HEAD 1>>"${MSC_LOGFILE}" 2>>"${MSC_LOGFILE}"|| { gitupdateend; exit 3; }

7
bin/git-submodule-fix Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
for arg
do
echo $arg
find . -name "`basename $arg`" | grep "$arg\$" | xargs rm -fr
done

12
bin/ssh-init-pkcs11
View file

@ -2,7 +2,9 @@
set -eu
set -x
[ -z "${PKCS11_MODULE+x}" ] && PKCS11_MODULE="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
which dnf >/dev/null 2>&1 [ -z "${P11M+x}" ] && P11M="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
which dpkg >/dev/null 2>&1 && [ -z "${P11M+x}" ] && P11M="$(dpkg -L p11-kit-modules|grep \/p11-kit-proxy.so\$ | head -1)"
echo SSH_AGENT_PID before: $SSH_AGENT_PID
@ -11,13 +13,13 @@ echo SSH_AGENT_PID before: $SSH_AGENT_PID
echo SSH_AGENT_PID after: $SSH_AGENT_PID
#if ssh-add -l | grep -q "${PKCS11_MODULE}"; then
#if ssh-add -l | grep -q "${P11M}"; then
# # Remove any stale loaded keys from token, ssh-agent does not automatically
# # reconnect with the token when you reinsert it.
# ssh-add -e "${PKCS11_MODULE}"
# ssh-add -e "${P11M}"
#fi
ssh-add -e "${PKCS11_MODULE}" 2>/dev/null
ssh-add -e "${P11M}" 2>/dev/null
echo $?
# Tell ssh-agent to use the keys on the token
ssh-add -s "${PKCS11_MODULE}"
ssh-add -s "${P11M}"

72
bin/startagent
View file

@ -117,16 +117,16 @@ while :; do
done
SCRIPTENTRY
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; }
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
logtrace "SSH_AGENTS_DIR: $SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
logtrace " SSH_AGENTS_DIR: $SSH_AGENTS_DIR"
logtrace "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR"
logtrace "SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
logtrace " SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
agent-start-or-restart () {
@ -272,35 +272,49 @@ agent-load-identity-keys () {
# load tokens
for pubkey in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep "pub$\|public$"|grep -v "cert.pub"); do
if $( ls ${pubkey%.pub} 1>/dev/null 2>&1);then
echo "pk1 $pubkey"
echo "pubkey with privkey: $pubkey"
else
echo "pk2 $pubkey"
echo "pubkey without privkey: $pubkey"
pubkeysonly+=($pubkey)
fi
if [ -e "${pubkey%.pub}-cert.pub" ]; then
#logwarn "${pubkey%.pub}-cert.pub: $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}'))"
#logwarn "now: $(date +%s -d NOW)"
cert_exp_date=$(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -gt $(date +%s -d NOW) ] \
[ $(date +%s -d $cert_exp_date) -gt $(date +%s -d NOW) ] \
|| logwarn "CERTIFICATE IS NOT VALID ANYMORE: ${pubkey%.pub}-cert.pub"
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
[ $(date +%s -d $cert_exp_date) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
&& logwarn "CERTIFICATE expires in $(echo "scale=0; ( `date -d $cert_exp_date +%s` - `date -d now +%s`) / (24*3600)" | bc -l) days: ${pubkey%.pub}-cert.pub"
fi
done
loginfo "pubkeysonly: ${pubkeysonly[@]} ${#pubkeysonly[*]}"
if [ ${#pubkeysonly[*]} -gt 0 ] ; then
for p in ${pubkeysonly[@]}; do
ssh-runinagent $agentfile ssh-add -T ${p} 2>&1 || { $remove || readd=true; break; }
done
fi
logdebug "readd: $readd"
loginfo "pubkeysonly: ${pubkeysonly[@]} (count: ${#pubkeysonly[*]})"
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
logdebug "P11M: ${P11M:-not set} - key: $key"
#[ -e "${P11M-x}" ] || [ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
[ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
logdebug "P11M: ${P11M:-not set} - key: $key"
echo "P11M: ${P11M:-not set} - key: $key"
tokenfingerprint="$(ssh-keygen -l -D $key|tr -s ' '|awk '{print $2}')"
if [[ ${fingerprints[*]} =~ "$tokenfingerprint" ]]; then
logdebug "token: $key ($tokenfingerprint) is loaded"
check-pubkeysonly
if $readd || $remove ; then
$readd && logdebug "re-add token $key"
$remove && logdebug "remove token $key"
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${key} 2>&1)"
echo agentfile1 $agentfile \$SSH_ADD_OPTIONS $key >&2
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e "${key}" 2>&1)"
ssh-runinagent $agentfile echo $SSH_AUTH_SOCK >&2
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s "${key}" 2>&1)"
fi
else
logdebug "token: $key is not loaded -> load it"
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
logdebug "$(ssh-runinagent $agentfile ssh-add -v ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${key} 2>&1)"
fi
done
@ -314,6 +328,22 @@ agent-load-identity-keys () {
EXIT
}
function check-pubkeysonly () {
if [ ${#pubkeysonly[*]} -gt 0 ] ; then
for p in ${pubkeysonly[@]}; do
ssh-runinagent $agentfile ssh-add -T ${p} 2>&1 || { $remove || readd=true; break; }
done
else
logwarn "obviously there is no pubkey for the token in ${SSH_IDENTITIES_DIR}/${ssh_identity}/"
logwarn "you can add the pubkey with"
logwarn " ssh-add -L > ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_etoken.pub"
logwarn "make sure, only the token is loaded into ssh-agent with"
logwarn " ssh-add -l"
logwarn "only one line should be the output"
fi
logdebug "readd: $readd"
}
ssh-runinagent () {
ENTRY

60
bin/trashmail
View file

@ -18,10 +18,41 @@ HASHLENGTH_DEFAULT=8
PWOPTS_DEFAULT="-c -n -s"
PWLENGTH_DEFAULT=50
set -- $(getopt -u -o dfhl:nwy --long force,hashed,not-hashed,hashlength:,whole-hash -- "$@" )
show_help () {
cat << EOF
usage: ${0} <OPTIONS> <URL> [<PWLENGTH>]
URL: https://target.domain.tld:8080/path/to/site | target.domain.tld
PWLENGTH: Integer, count characters in generated password
OPTIONS:
--delete delete trashmail from LDAP
-d include domain from <URL> in username: 8ee948ae.target.domain.tld@mydomain.tld
-f|--force force overwrite existing entry in pass
-h|--hashed create hash from domain and linux-login-user (${USER})
--help show this help/usage
-l|--length <INTEGER>|full cut hashed part of username to <INTGER> characters from start (default: ${HASHLENGHT_DEFAULT})
-n|--not-hashed do not hash username from targetdomain and linux-login-user
-w|--full-hash do not cut hash (same as »-l full«)
-y|--symbols same option as in pwgen. Include at least one special character in the password.
EOF
}
# TODO: how exit main-shell from error in subshell???
getopt -u -o dfhl:nwy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols -- "$@" || exit $?
set -- $(getopt -u -o dfhl:nwy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols -- "$@"|| exit $?)
echo @: $@
while : ; do
case $1 in
--delete)
ACTION=delete
shift
;;
-d)
INCLUDE_DOMAIN=true
shift
@ -34,6 +65,10 @@ while : ; do
HASHED=true
shift
;;
--help)
show_help
exit 0
;;
-l|--hashlength)
HASHLENGTH=$2
shift; shift;
@ -55,9 +90,9 @@ while : ; do
break
;;
*)
wrong argument $1 >&2
shift
continue
echo wrong argument $1 >&2
show_help
exit 1
;;
esac
done
@ -122,6 +157,8 @@ echo $TRASHMAIL
PASS_ENTRY="${PASS_PREFIX%/}${PASS_PREFIX:+/}${host}/${TRASHMAIL}"
case ${ACTION:-create} in
create)
#set -x
echo "Add new trashmail to LDAP"
cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1)
@ -180,3 +217,18 @@ fi
#set +x
#pass git commit "${PASS_ENTRY}"
pass -c ${PASS_ENTRY}
;;
delete)
cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1)
dn: dcSubMailAddress=${TARGET_MAIL},ou=mailaccounts,dc=schuerz,dc=at
changetype: modify
delete: dcMailAlternateAddress
dcMailAlternateAddress: ${TRASHMAIL}
EOF
;;
*)
echo action $ACTION not known
exit 1
;;
esac

2
defaults.conf
View file

@ -22,3 +22,5 @@ export PASS_ID_LDAP_ADMIN="LDAP/binddn-admin"
export TRASHMAIL_OWN_DOMAIN_DEFAULT=schuerz.at
export TRASHMAIL_TARGET_MAIL_DEFAULT=wertstoffe@xundeenergie.at
export TRASHMAIL_HASHED_DEFAULT=true
export SSH_CERT_VALIDITY_WARN_SEC="14 days"

2
defaults.conf.sample
View file

@ -22,3 +22,5 @@ export PASS_ID_LDAP_ADMIN="LDAP/binddn-admin"
export TRASHMAIL_OWN_DOMAIN_DEFAULT=example.com
export TRASHMAIL_TARGET_MAIL_DEFAULT=user@example.com
export TRASHMAIL_HASHED_DEFAULT=true
export SSH_CERT_VALIDITY_WARN_SEC="14 days"

59
functions.sh
View file

@ -64,6 +64,7 @@ sudo() {
GIT_COMMITTER_NAME="$GIT_COMMITTER_NAME" \
TMUX="$TMUX" \
SSHS="$SSHS" \
P11M="$P11M" \
SSH_TTY="$SSH_TTY" \
SSH_AUTH_SOCK="$SSH_AUTH_SOCK" \
http_proxy="$http_proxy" \
@ -359,17 +360,17 @@ sshs() {
local TMPBASHCONFIG=$(mktemp -p ${XDG_RUNTIME_DIR} -t bashrc.XXXXXXXX --suffix=.conf)
local FILELIST=( "${MSC_BASE}/functions.sh" "${MSC_BASE}/logging" "${MSC_BASE}/myshell_load_fortmpconfig" $(getbashrcfile) ~/.aliases "${MSC_BASE}/aliases" "${MSC_BASE}/PS1" "${MSC_BASE}/bash_completion.d/*" )
echo "FILELIST: $FILELIST"
logdebug "FILELIST: $FILELIST"
if [ -e "${HOME}/.config/myshellconfig/sshs_addfiles.conf" ] ; then
for f in $(cat "${HOME}/.config/myshellconfig/sshs_addfiles.conf");do
[ -e "$f" ] && {\
echo "add $f to FILELIST"; \
logdebug "add $f to FILELIST"; \
FILELIST+=("$f"); }
done
fi
echo "FILELIST: $FILELIST"
#local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=yes -o ControlPersist=15s -o ControlPath=~/.ssh/ssh-%C"
local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=yes -o ControlPersist=2s -o ControlPath=~/.ssh/ssh-%C"
logdebug "FILELIST: $FILELIST"
local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=auto -o ControlPersist=15s -o ControlPath=~/.ssh/ssh-%C"
#local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=yes -o ControlPersist=10s -o ControlPath=~/.ssh/ssh-%C"
# Read /etc/bashrc or /etc/bash.bashrc (depending on distribution) and /etc/profile.d/*.sh first
cat << EOF >> "${TMPBASHCONFIG}"
[ -e /etc/bashrc ] && BASHRC=/etc/bashrc
@ -397,18 +398,22 @@ EOF
for f in ${FILELIST[*]}; do
if [ -e $f ]; then
echo add $f to tmpconfig
logdebug "add $f to tmpconfig"
cat "$f" >> "${TMPBASHCONFIG}";
fi
done
if [ $# -ge 1 ]; then
if [ -e "${TMPBASHCONFIG}" ] ; then
local RCMD="/bin/bash --noprofile --norc -c "
logdebug "create remote bashrc"
local REMOTETMPBASHCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t bashrc.XXXXXXXX --suffix=.conf"| tr -d '[:space:]' )
logdebug "SSH_OPTS: $SSH_OPTS"
local REMOTETMPBASHCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t bashrc.XXXXXXXX --suffix=.conf" | tr -d '[:space:]' )
logdebug "REMOTETMPBASHCONFIG: $REMOTETMPBASHCONFIG"
logdebug $(ssh -T ${SSH_OPTS} $@ "stat ${REMOTETMPBASHCONFIG}")
logdebug $(ssh -T ${SSH_OPTS} $@ "hostnamectl")
logdebug "create remote vimrc"
local REMOTETMPVIMCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t vimrc.XXXXXXXX --suffix=.conf"| tr -d '[:space:]')
local REMOTETMPVIMCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t vimrc.XXXXXXXX --suffix=.conf" | tr -d '[:space:]' )
logdebug "REMOTETMPVIMCONFIG: $REMOTETMPVIMCONFIG"
# Add additional aliases to bashrc for remote-machine
cat << EOF >> "${TMPBASHCONFIG}"
@ -424,15 +429,17 @@ EOF
logdebug "create fill remote bashrc"
ssh -T ${SSH_OPTS} $@ "cat > ${REMOTETMPBASHCONFIG}" < "${TMPBASHCONFIG}"
logdebug $(ssh -T ${SSH_OPTS} $@ "stat ${REMOTETMPBASHCONFIG}")
logdebug "create fill remote vimrc"
ssh -T ${SSH_OPTS} $@ "cat > ${REMOTETMPVIMCONFIG}" < "${MSC_BASE}/vimrc"
local RCMD="/bin/bash --noprofile --norc -c "
RCMD="
trap \"rm -f ${REMOTETMPBASHCONFIG} ${REMOTETMPVIMCONFIG}\" EXIT " ;
logdebug "run remote shell with temporary config"
ssh -t ${SSH_OPTS} $@ "$RCMD; SSHS=true bash -c \"function bash () { /bin/bash --rcfile ${REMOTETMPBASHCONFIG} -i ; } ; export -f bash; exec bash --rcfile ${REMOTETMPBASHCONFIG}\""
rm "${TMPBASHCONFIG}"
else
loginfo "${TMPBASHCONFIG} does not exist. Use »ssh $@«" >&2
logwarn "${TMPBASHCONFIG} does not exist. Using »ssh -t $@«"
ssh -t "$@"
fi
else
@ -788,7 +795,7 @@ reachable () {
local i
loginfo -n "Try to connect to ${SERVER} (${IP}):${PORT} " >&2
for i in $(seq 1 $SEC); do
logdebug -n "." >&2
loginfo -n "." >&2
if reachable-default ${IP} ${PORT} 2>/dev/null; then
res=0
break
@ -810,14 +817,15 @@ utoken () {
ENTRY
ssh_identity=$1
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
#[ -z "${P11M+x}" ] && { P11M=/usr/lib64/p11-kit-proxy.so; export P11M; }
[ -z "${P11M+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
if [ -n "${ssh_identity+x}" ]; then
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
if [ -e "$agentfile" ]; then
local SSH_AUTH_SOCK
local SSH_AGENT_PID
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; ssh-add -l; ssh-add -e $PKCS11_MODULE; ssh-add -l"
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; ssh-add -l; ssh-add -e $P11M; ssh-add -l"
fi
fi
EXIT
@ -825,23 +833,26 @@ utoken () {
token(){
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
#[ -z "${P11M+x}" ] && { P11M=/usr/lib64/p11-kit-proxy.so; export P11M; }
[ -z "${P11M:+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
tmppubkey="${XDG_RUNTIME_DIR}/token.pub"
loginfo "$(ssh-add -L > $tmppubkey)"
# Usage:
# token <identity> will load token in agent. does nothing, if token is already loaded
# token -r|-f|--reload-token <identity> will remove token from agent and add it again (if plugged off and plugged in again
# startagent -t $@
loadagent $@
loginfo "$(ssh-add -s $PKCS11_MODULE || { ssh-add -e $PKCS11-MODULE; ssh-add -s $PKCS11_MODULE; } )"
# loadagent $@
loginfo "$(ssh-add -T ${tmppubkey} || { ssh-add -e $P11M; ssh-add -s $P11M; } )"
loginfo "$(ssh-add -l)"
}
token-extract-pubkey() {
if pkcs11-tool --module $PKCS11_MODULE --list-token-slots >&2 ;then
ssh-keygen -i -m pkcs8 -f <(pkcs11-tool --module $PKCS11_MODULE -r --type pubkey $1 $2 |openssl rsa -pubin -inform DER )
if pkcs11-tool --module $P11M --list-token-slots >&2 ;then
ssh-keygen -i -m pkcs8 -f <(pkcs11-tool --module $P11M -r --type pubkey $1 $2 |openssl rsa -pubin -inform DER )
if [ $? -gt 0 ] ; then
token-list-objects
fi
@ -854,10 +865,10 @@ token-extract-pubkey() {
token-list-objects() {
case $1 in
--login|-l)
pkcs11-tool --module $PKCS11_MODULE --login --list-objects
pkcs11-tool --module $P11M --login --list-objects
;;
*)
pkcs11-tool --module $PKCS11_MODULE --list-objects
pkcs11-tool --module $P11M --list-objects
;;
esac
@ -985,5 +996,11 @@ convert_to_subvolume () {
set +x
return 0
}
cporig () {
cp -b -i "${1}" "${1}.orig"
}
#EOF

18
myshell_load_defaults
View file

@ -81,18 +81,18 @@ if ! $SSHS; then
#cd ${HOME}
# Start tmux if not defined as STARTTMUX in bashrc
logwarn -n "attach tmux?"
logwarn "TMUX: $TMUX"
logwarn "SSH_TTY: $SSH_TTY"
logwarn "TERM: $TERM"
logwarn "tmux@${USER}: $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? )"
logdebug "attach tmux?"
logdebug "TMUX: $TMUX"
logdebug "SSH_TTY: $SSH_TTY"
logdebug "TERM: $TERM"
logdebug "tmux@${USER}: $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? )"
if test $SSH_TTY; then
logwarn "i am remote"
loginfo "i am remote"
if test ! $TMUX && test $TERM != screen; then
logwarn "no screen"
loginfo "no screen"
# if test $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? ) -eq 0; then
if tmux has-session -t User || tmux has-session -t "${USER}"; then
logwarn "tmux@${USER} is running"
loginfo "tmux@${USER} is running"
STARTTMUXDEFAULT=${STARTTMUXREMOTEDEFAULT}
fi
fi
@ -105,7 +105,7 @@ if ! $SSHS; then
# logwarn "TEST2"
# STARTTMUXDEFAULT=${STARTTMUXREMOTEDEFAULT}
# fi
logwarn "${STARTTMUXDEFAULT}"
logdebug "${STARTTMUXDEFAULT}"
unset -f pathmunge

2
tmux/plugins/tpm

@ -1 +1 @@
Subproject commit 38576cf76ea0d9959dae8bccc77306e70b318f8e
Subproject commit 693e5a2a0f6acfd2666882655d5dfd32e8c6c50b

2
tmux/tmux.conf
View file

@ -177,7 +177,7 @@ source-file "${HOME}/.tmux/plugins/tmux-themepack/powerline/block/green.tmuxthem
# source local tmux.config
source-file -q "${HOME}/.local/share/tmux/tmux.conf"
set -g update-environment "SSH_ASKPASS WINDOWID SSH_CONNECTION XAUTHORITY SSH_TTY SSH_AUTH_SOCK DISPLAY"
set -g update-environment "SSH_ASKPASS WINDOWID SSH_CONNECTION XAUTHORITY SSH_TTY SSH_AUTH_SOCK DISPLAY P11M"
#set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock

2
vim/pack/plugins/start/ctrlp.vim

@ -1 +1 @@
Subproject commit 971c4d41880b72dbbf1620b3ad91418a6a6f6b9c
Subproject commit f68f4d00b9c99d0d711bfde3b071f0dafd249901

2
vim/pack/plugins/start/fzf

@ -1 +1 @@
Subproject commit 6654239c94667fefb38d76cfc47b6abf5ced8149
Subproject commit 3f90fb42d8871920138ace9878502f22a4d91e85

2
vim/pack/plugins/start/fzf.vim

@ -1 +1 @@
Subproject commit 02a192ea0bed22a015e005b281e55e0da2a8e496
Subproject commit b1afeca8cc02030f450bf1feee015d40988f86e3

2
vim/pack/plugins/start/nerdtree

@ -1 +1 @@
Subproject commit 1b19089917cc3e0a81d3294fead2424c419d545c
Subproject commit 0e71462f90fb4bd09121eeba829512cc24ab5c97

2
vim/pack/plugins/start/nerdtree-git-plugin

@ -1 +1 @@
Subproject commit 5fa0e3e1487b17f8a23fc2674ebde5f55ce6a816
Subproject commit e1fe727127a813095854a5b063c15e955a77eafb

2
vim/pack/plugins/start/syntastic

@ -1 +1 @@
Subproject commit d97a664b9adbd1a0a9cba6c1c3baf071a1059d1e
Subproject commit 7414f30365a342e1d89072d474a35913643b6eec

2
vim/pack/plugins/start/vim-airline

@ -1 +1 @@
Subproject commit c01977d027de854c6a85ed5c57915a7e8848f4b9
Subproject commit 0de4c9df21abf9256091d205148601f718d3a12c

2
vim/pack/plugins/start/vim-airline-themes

@ -1 +1 @@
Subproject commit 8f1aa2c7fa44bf33b1fd4678f9c7b40c126b0e2b
Subproject commit 97cf3e6e638f936187d5f6e9b5eb1bdf0a4df256

2
vim/pack/plugins/start/vim-fugitive

@ -1 +1 @@
Subproject commit 8cf0cf5bfb2b858faecf4e0f6c1b8d0948805e5e
Subproject commit d523feebe99bb93a9309ef83cbac2b71ac408c36

2
vim/pack/plugins/start/vim-gitgutter

@ -1 +1 @@
Subproject commit ff9d134f0c69e25d391138036051b2c5e6bac864
Subproject commit 549fb96d5890d5225afda070ca041468c2c770e5

1
vim/pack/plugins/start/vim-soa Submodule

@ -0,0 +1 @@
Subproject commit 429a874ac32d6e3c3cf117b2d83ed70212380ad9

1
vimplugins
View file

@ -17,3 +17,4 @@ install plugins https://github.com/junegunn/fzf.vim.git
install plugins https://github.com/airblade/vim-gitgutter.git
remove plugins https://github.com/Lokaltog/powerline.git
install plugins https://github.com/jamessan/vim-gnupg
install plugins git@git.schuerz.at:/public/vim-soa.git

11
vimrc
View file

@ -468,9 +468,18 @@ let NERDTreeIgnore=['\.pyc$', '\~$'] "ignore files in NERDTree
" write .netrwhist to cache-dir instead of ~/.vim to prevent configcheckout
" problems
let g:netrw_home=$XDG_CACHE_HOME.'/vim'
"let g:nerdtree_tabs_open_on_console_startup=1
let g:nerdtree_tabs_open_on_console_startup=0
" Start NERDTree. If a file is specified, move the cursor to its window.
"autocmd StdinReadPre * let s:std_in=1
"autocmd VimEnter * NERDTree | if argc() > 0 || exists("s:std_in") | wincmd p | endif
" Start NERDTree when Vim is started without file arguments.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * if argc() == 0 && !exists('s:std_in') | NERDTree | endif
let g:NERDTreeGitStatusIndicatorMapCustom= {
\ "Modified" : "✹",
\ "Staged" : "✚",
@ -530,3 +539,5 @@ let g:fzf_layout = { 'window': { 'width': 0.9, 'height': 0.6 } }
" Configure Gitgutter
nmap <Leader>hn <Plug>(GitGutterNextHunk)
nmap <Leader>hp <Plug>(GitGutterPrevHunk)
autocmd BufWritePre /etc/bind/vpn/db.* Soa