Allow re-initializing keychain

gocom · Jun 22, 2024 · aaebd21 · aaebd21
1 parent a98eb60
commit aaebd21
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 20 deletions.
diff --git a/bashrc.d/2/wsl.bash b/bashrc.d/2/wsl.bash
@@ -18,15 +18,7 @@ if [ "$DOTFILES_WSL" -eq 1 ]; then
 
   # Use keychain as a secret storage and SSH agent.
   if [ "$(command -v keychain)" ]; then
-    keychain -q --clear 2> /dev/null
-
-    for f in "$HOME/.ssh/id_"*; do
-      if [ -f "$f" ] && [ -f "$f.pub" ]; then
-        wsl-keychain-load "$f" 2> /dev/null
-      fi
-    done
-
-    unset f
+    wsl-keychain-load init 2> /dev/null
 
     if [ -f "$HOME/.keychain/$HOSTNAME-sh" ]; then
       . "$HOME/.keychain/$HOSTNAME-sh"

diff --git a/docs/man/man1/wsl-keychain-load.1.md b/docs/man/man1/wsl-keychain-load.1.md
@@ -1,14 +1,14 @@
 % WSL-KEYCHAIN-LOAD(1)
 % Jukka Svahn
-% October 2022
+% June 2024
 
 # NAME
 
 wsl-keychain-load -- Store SSH key passphrases in Windows Credential Manager
 
 # SYNOPSIS
 
-**wsl-keychain-load** [*options*] `<`*filename*`>`
+**wsl-keychain-load** [*command*] [*options*]
 
 # DESCRIPTION
 
@@ -35,6 +35,12 @@ The **Internet or network address** used in Credential Manager would be:
 If the used Distribution was Ubuntu. Within WSL, you can ask use `wslpath`
 to help to translate Linux paths to Windows' paths.
 
+For Keychain to pass the credentials to the SSH key agent, make sure you have
+sourced keychain initialization script in your active shell session.
+To automate this, you can do the following to your bash profile:
+
+    . "$HOME/.keychain/$HOSTNAME-sh"
+
 # OPTIONS
 
 `-h`, `--help`
@@ -43,7 +49,12 @@ to help to translate Linux paths to Windows' paths.
 `-v`, `--version`
 : Print version number.
 
-*filename*
+# COMMANDS
+
+`init`
+: Loads all SSH key passphrases.
+
+`load` `<`*filename*`>`
 : Path to SSH private key to be loaded. The given path should
 be absolute path as seen from Linux, rather than Windows-side mount path.
 

diff --git a/platform/wsl/bin/wsl-keychain-load b/platform/wsl/bin/wsl-keychain-load
@@ -7,27 +7,68 @@ usage () {
   cat <<EOF
 Loads SSH key passphrases from Windows Credential Manager to Keychain.
 
+For Keychain to pass the credentials to the SSH key agent, make sure you have
+sourced keychain initialization script in your active shell session.
+To automate this, you can do the following to your bash profile:
+
+  . "$HOME/.keychain/$HOSTNAME-sh"
+
 Usage:
-  $ $app_name [options] <filename>
+  $ $app_name <command> [options]
+
+Commands:
+  $ $app_name init
+  Loads all SSH key passphrases.
+
+  $ $app_name load <filename>
+  Loads passphrases for the given SSH key.
 
 Options:
   -h, --help     Print this message
   -v, --version  Print version number
 
 Example:
-  $ $app_name "$HOME/.ssh/id_rsa"
+  $ $app_name init
+  $ $app_name load "$HOME/.ssh/id_rsa"
 EOF
 }
 
-main() {
+depends () {
+  local name
+
+  for name in "cat" "chmod" "keychain" "pwsh.exe" "rm" "wslpath" "wsl-credential-manager.ps1"; do
+    if ! [ "$(command -v "$name")" ]; then
+      echo "Dependency missing: $name" >&1
+      exit 1
+    fi
+  done
+}
+
+init () {
+  local file
+
+  depends
+
+  keychain -q --clear 2> /dev/null
+
+  for file in "$HOME/.ssh/id_"*; do
+    if [ -f "$file" ] && [ -f "$file.pub" ]; then
+      load "$file"
+    fi
+  done
+}
+
+load() {
   local credential status filename script password
 
+  depends
+
   script="/tmp/keychain-load-ssh-askpass"
   filename="${1:-}"
 
-  if ! [ "$filename" ]; then
+  if ! [ "$filename" ] || ! [ -f "$filename" ]; then
     echo "SSH key filename required." >&2
-    exit 1
+    return 1
   fi
 
   credential="$(wslpath -w "$filename")"
@@ -40,7 +81,7 @@ main() {
     echo ""
 
     keychain -q --nogui "$filename" || exit 1
-    exit 0
+    return 0
   fi
 
   cat > "$script" <<EOL || exit 1
@@ -57,11 +98,12 @@ EOL
 
   rm -f "$script" || exit 1
 
-  exit "${status:-0}"
+  return "${status:-0}"
 }
 
 case "${1:-}" in
   ""|-h|--help) usage ;;
   -v|--version) echo "$app_version" ;;
-  *) main "$@" ;;
+  init) init ;;
+  *) load "$@" ;;
 esac
diff --git a/platform/wsl/share/.bash_completion.d/wsl-keychain-load b/platform/wsl/share/.bash_completion.d/wsl-keychain-load
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+_wsl-keychain-load () {
+  local cur prev words cword
+
+  _init_completion || return
+
+  case "$cur" in
+    -*)
+      COMPREPLY=($(compgen -W '$( _parse_help "$1" )' -- "$cur"))
+      return
+      ;;
+  esac
+
+  if [ "$cword" -eq 1 ]; then
+    COMPREPLY=($(compgen -W 'init load' -- "$cur"))
+  fi
+} && complete -F _wsl-keychain-load wsl-keychain-load