Skip to content

Commit 0052180

Browse files
danielrobbinsdanielrobbins
committed
Fix #159 -- get --timeout option working again. This bug was due
to some IFS code I changed. I have now fully documented it and addressed it. Also fix an issue where an existing gpg-agent with an SSH socket wasn't adopted when it should have been, and explicitly clean stale pidfiles.
1 parent 698a47e commit 0052180

File tree

1 file changed

+12
-20
lines changed

1 file changed

+12
-20
lines changed

keychain.sh

+12-20
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ versinfo() {
1515

1616
NEWLINE="
1717
"
18-
IFS="$NEWLINE"
1918
version=##VERSION##
2019
PATH="${PATH}${PATH:+:}/usr/bin:/bin:/sbin:/usr/sbin:/usr/ucb"
2120
unset pidfile_out
@@ -304,8 +303,7 @@ catpidf_shell() {
304303
*csh) cp_pidf="$cshpidf" ;;
305304
*) cp_pidf="$pidf" ;;
306305
esac
307-
shift
308-
[ ! -f "$cp_pidf" ] && return 1
306+
[ ! -f "$cp_pidf" ] && debug "pidfile doesn't exist" && return 1
309307
[ -f "$cp_pidf" ] && cat "${cp_pidf}" && echo && return 0
310308
}
311309

@@ -315,8 +313,9 @@ startagent_gpg() {
315313
else
316314
gpg_started=true
317315
fi
318-
if gpg_agent_sock="$( echo "GETINFO socket_name" | gpg-connect-agent --no-autostart 2>/dev/null | head -n1 | sed -n 's/^D //;1p' )" && [ -S "$gpg_agent_sock" ]; then
316+
if gpg_agent_sock="$( echo "GETINFO socket_name" | gpg-connect-agent --no-autostart | head -n1 | sed -n 's/^D //;1p' )" && [ -S "$gpg_agent_sock" ]; then
319317
mesg "Using existing gpg-agent: ${CYANN}$gpg_agent_sock${OFF}"
318+
pidfile_out="SSH_AUTH_SOCK=\"$gpg_agent_sock\"; export SSH_AUTH_SOCK" # make sure we adopt it
320319
else
321320
gpg_opts="--daemon"
322321
[ -n "${timeout}" ] && gpg_opts="$gpg_opts --default-cache-ttl $(( timeout * 60 )) --max-cache-ttl $(( timeout * 60 ))"
@@ -352,7 +351,7 @@ ssh_envcheck() {
352351

353352
# There are some cases where we can accept a socket without an associated SSH_AGENT_PID:
354353

355-
if gpg_socket="$( echo "GETINFO ssh_socket_name" | gpg-connect-agent --no-autostart 2>/dev/null | head -n1 | sed -n 's/^D //;1p' )"; then
354+
if gpg_socket="$(echo "GETINFO ssh_socket_name" | gpg-connect-agent --no-autostart 2>/dev/null | head -n1 | sed -n 's/^D //;1p' )"; then
356355
if [ "$gpg_socket" = "$SSH_AUTH_SOCK" ]; then
357356
if $ssh_allow_gpg; then
358357
mesg "Using ssh-agent ($1): ${CYANN}$gpg_socket${OFF} (GnuPG)" && return 0
@@ -405,6 +404,7 @@ SSH_AGENT_PID=$SSH_AGENT_PID; export SSH_AGENT_PID"
405404
fi
406405
fi
407406
else # spawn, we must...
407+
rm -f "${pidf}" "${cshpidf}" "${fishpidf}" 2>/dev/null # pidfile is either non-existant or invalid
408408
if $ssh_spawn_gpg; then
409409
startagent_gpg ssh # this function will set pidfile_out itself
410410
return $?
@@ -589,14 +589,9 @@ $glm_k"
589589
echo "$glm_missing"
590590
}
591591

592-
# synopsis: ssh_listmissing
593-
# Reads stdin for newline-separated list of keyfiles. Returns a newline-separated list of keys found to be missing.
594592
ssh_listmissing() {
595593
unset slm_missing
596-
# Update the list of missing keys
597594
sshavail=$(ssh_l)
598-
# || die "problem running ssh-add -l"
599-
600595
while IFS= read -r slm_k; do
601596
[ -z "$slm_k" ] && continue
602597
# Fingerprint current user-specified key
@@ -609,8 +604,6 @@ ssh_listmissing() {
609604
warn "Unable to extract exactly one key fingerprint from keyfile ${slm_k}.pub, got $slm_wordcount instead, skipping"
610605
continue
611606
fi
612-
613-
# Check if it needs to be added
614607
# shellcheck disable=SC2031
615608
case " $sshavail " in
616609
*" $slm_finger "*)
@@ -734,8 +727,6 @@ get_all_extkeys() {
734727
fi
735728
}
736729

737-
# synopsis: setaction
738-
# Sets $myaction or dies if $myaction is already set
739730
setaction() {
740731
if [ -n "$myaction" ]; then
741732
die "you can't specify --$myaction and $1 at the same time"
@@ -1010,29 +1001,30 @@ fi
10101001
$noaskopt && { qprint; exit 0; }
10111002
$quickopt && { qprint; exit 0; }
10121003

1013-
# This is where we load keys as needed:
1014-
10151004
load_ssh_keys() {
10161005
missing="$(echo "${sshkeys}" | ssh_listmissing)"
10171006
savedisplay="$DISPLAY"
1018-
# --confirm translates to ssh-add -c
10191007
if $confirmopt; then
10201008
if $openssh || $sunssh; then
10211009
ssh_confirm=-c
10221010
else
10231011
warn "--confirm only works with OpenSSH"
10241012
fi
10251013
fi
1026-
# shellcheck disable=SC2086 # put $missing into args to access $# and other goodies. IFS is set to newline globally:
1014+
# Put $missing into args to access $# and other goodies. Since $missing is a line-delimited
1015+
# list of files with (potentially) spaces, we must do an IFS hack to get each file in
1016+
# $1, $2, $3, etc. For Bourne-shell compatibility, we don't have another good option:
1017+
IFS_BAK="$IFS"; IFS="$NEWLINE"
1018+
# shellcheck disable=SC2086
10271019
set -- $missing
1020+
IFS="$IFS_BAK"
10281021
[ $# -eq 0 ] && return
10291022
mesg "Adding ${CYANN}$#${OFF} ssh key(s): ${CYANN}$*${OFF}"
1030-
10311023
if $noguiopt || [ -z "$SSH_ASKPASS" ] || [ -z "$DISPLAY" ]; then
10321024
unset DISPLAY # DISPLAY="" can cause problems
10331025
unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS
10341026
fi
1035-
# shellcheck disable=SC2086 # this is intentional:
1027+
# shellcheck disable=SC2086
10361028
sshout=$(ssh-add ${ssh_timeout} ${ssh_confirm} "$@" 2>&1)
10371029
ret=$?
10381030
if [ $ret = 0 ]; then

0 commit comments

Comments
 (0)