mirror of
https://github.com/fscotto/infra.git
synced 2026-05-30 15:39:58 +00:00
90 lines
2.2 KiB
Bash
Executable File
90 lines
2.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -eu
|
|
|
|
id_uuid=${1:-}
|
|
device_presentation=${2:-Encrypted disk}
|
|
pinentry_program=pinentry-gtk-2
|
|
|
|
if [ -z "$id_uuid" ]; then
|
|
printf '%s\n' "udiskie-password: missing device UUID" >&2
|
|
exit 1
|
|
fi
|
|
|
|
assuan_escape() {
|
|
python3 -c 'import sys
|
|
value = sys.argv[1]
|
|
value = value.replace("%", "%25").replace("\n", "%0A").replace("\r", "%0D")
|
|
sys.stdout.write(value)' "$1"
|
|
}
|
|
|
|
pinentry_getpin() {
|
|
title=$(assuan_escape "Unlock disk")
|
|
prompt=$(assuan_escape "Passphrase:")
|
|
description=$(assuan_escape "Enter passphrase for $device_presentation")
|
|
response=$(
|
|
{
|
|
printf 'SETTITLE %s\n' "$title"
|
|
printf 'SETPROMPT %s\n' "$prompt"
|
|
printf 'SETDESC %s\n' "$description"
|
|
printf 'GETPIN\n'
|
|
} | "$pinentry_program"
|
|
) || return 1
|
|
|
|
printf '%s\n' "$response" |
|
|
python3 -c 'import sys
|
|
for line in sys.stdin.read().splitlines():
|
|
if line.startswith("D "):
|
|
value = line[2:].replace("%0A", "\n").replace("%0D", "\r")
|
|
i = 0
|
|
out = []
|
|
while i < len(value):
|
|
if value[i] == "%" and i + 2 < len(value):
|
|
out.append(chr(int(value[i + 1:i + 3], 16)))
|
|
i += 3
|
|
else:
|
|
out.append(value[i])
|
|
i += 1
|
|
sys.stdout.write("".join(out))
|
|
break
|
|
else:
|
|
sys.exit(1)'
|
|
}
|
|
|
|
pinentry_confirm_save() {
|
|
title=$(assuan_escape "Save disk password")
|
|
description=$(assuan_escape "Save the unlock passphrase for $device_presentation in GNOME Keyring?")
|
|
button_ok=$(assuan_escape "Save")
|
|
button_cancel=$(assuan_escape "Skip")
|
|
|
|
{
|
|
printf 'SETTITLE %s\n' "$title"
|
|
printf 'SETDESC %s\n' "$description"
|
|
printf 'SETOK %s\n' "$button_ok"
|
|
printf 'SETCANCEL %s\n' "$button_cancel"
|
|
printf 'CONFIRM\n'
|
|
} | "$pinentry_program" >/dev/null 2>&1
|
|
}
|
|
|
|
if password=$(secret-tool lookup app udiskie id_uuid "$id_uuid" 2>/dev/null); then
|
|
if [ -n "$password" ]; then
|
|
printf '%s' "$password"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
password=$(pinentry_getpin) || exit 1
|
|
|
|
if [ -z "$password" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
if pinentry_confirm_save; then
|
|
printf '%s' "$password" | secret-tool store \
|
|
--label="udiskie LUKS $device_presentation" \
|
|
app udiskie \
|
|
id_uuid "$id_uuid" >/dev/null
|
|
fi
|
|
|
|
printf '%s' "$password"
|