pass now used for password management
This commit is contained in:
parent
5aef2f37f4
commit
c65a5cc723
@ -31,6 +31,7 @@ Install these required programs:
|
|||||||
- `neomutt` - the email client.
|
- `neomutt` - the email client.
|
||||||
- `isync` - downloads and syncs the mail.
|
- `isync` - downloads and syncs the mail.
|
||||||
- `msmtp` - sends the email.
|
- `msmtp` - sends the email.
|
||||||
|
- `pass` - safely encrypts passwords
|
||||||
|
|
||||||
You also need a GPG key pair to encrypt passwords.
|
You also need a GPG key pair to encrypt passwords.
|
||||||
If you don't know what that is, just run `gpg --full-gen-key` (or `gpg2 --full-gen-key`) to get one.
|
If you don't know what that is, just run `gpg --full-gen-key` (or `gpg2 --full-gen-key`) to get one.
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
GPG="gpg"; command -v gpg >/dev/null || GPG="gpg2"
|
|
||||||
pass=$(printf '%q' "$("$GPG" --decrypt --quiet "$HOME/.local/share/muttwizard/$1.gpg")")
|
|
||||||
echo "set smtp_pass=\"$pass\""
|
|
||||||
echo "set imap_pass=\"$pass\""
|
|
52
mw
52
mw
@ -2,15 +2,12 @@
|
|||||||
muttdir="$HOME/.config/mutt" # Main mutt config location
|
muttdir="$HOME/.config/mutt" # Main mutt config location
|
||||||
accdir="$muttdir/accounts" # Directory for account settings
|
accdir="$muttdir/accounts" # Directory for account settings
|
||||||
maildir="$HOME/.local/share/mail" # Location of mail storage
|
maildir="$HOME/.local/share/mail" # Location of mail storage
|
||||||
creddir="$HOME/.local/share/muttwizard" # Location of encrypted credentials
|
|
||||||
bindir="$HOME/.config/mutt/bin" # Location of scripts run by mutt or the wizard
|
bindir="$HOME/.config/mutt/bin" # Location of scripts run by mutt or the wizard
|
||||||
namere="^[a-z_][a-z0-9_-]*$" # Regex to ensure viable username
|
namere="^[a-z_][a-z0-9_-]*$" # Regex to ensure viable username
|
||||||
emailre=".\+@.\+\\..\+" # Regex to confirm valid email address
|
emailre=".\+@.\+\\..\+" # Regex to confirm valid email address
|
||||||
mbsyncrc="$HOME/.mbsyncrc"
|
mbsyncrc="$HOME/.mbsyncrc"
|
||||||
[ ! -f "$muttdir/domains.csv" ] || [ ! -d "$bindir" ] && printf "Read the README. Be sure to put the repo in the right place before running.\\n" && exit 1
|
[ ! -f "$muttdir/domains.csv" ] || [ ! -d "$bindir" ] && printf "Read the README. Be sure to put the repo in the right place before running.\\n" && exit 1
|
||||||
gpgemail="$(grep "$emailre" "$creddir/gpgemail" 2>/dev/null)" # Get previously set gpg email address
|
|
||||||
tmpdir="$(mktemp -d)"
|
tmpdir="$(mktemp -d)"
|
||||||
GPG="gpg"; command -v gpg >/dev/null || GPG="gpg2" # Ensure proper gpg command
|
|
||||||
|
|
||||||
# Get certificate location depending on OS. Linux is elsewhere condition.
|
# Get certificate location depending on OS. Linux is elsewhere condition.
|
||||||
case "$(uname)" in
|
case "$(uname)" in
|
||||||
@ -34,13 +31,13 @@ host $smtp
|
|||||||
port $sport
|
port $sport
|
||||||
from $login
|
from $login
|
||||||
user $login
|
user $login
|
||||||
passwordeval \"$GPG -d --quiet --for-your-eyes-only --no-tty $creddir/$title.gpg | sed -e '\$a\\'\"
|
passwordeval \"pass mutt-wizard-$title\"
|
||||||
"
|
"
|
||||||
mbsync_profile="IMAPAccount $title
|
mbsync_profile="IMAPAccount $title
|
||||||
Host $imap
|
Host $imap
|
||||||
User $login
|
User $login
|
||||||
Port $iport
|
Port $iport
|
||||||
PassCmd \"gpg -q --for-your-eyes-only --no-tty -d ~/.local/share/muttwizard/$title.gpg\"
|
PassCmd \"pass mutt-wizard-$title\"
|
||||||
SSLType IMAPS
|
SSLType IMAPS
|
||||||
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
@ -72,7 +69,8 @@ set folder = \"$maildir/$title\"
|
|||||||
set header_cache = $accdir/$title/cache/headers
|
set header_cache = $accdir/$title/cache/headers
|
||||||
set message_cachedir = $accdir/$title/cache/bodies
|
set message_cachedir = $accdir/$title/cache/bodies
|
||||||
set certificate_file = $accdir/$title/certificates
|
set certificate_file = $accdir/$title/certificates
|
||||||
source \"$bindir/getmuttpass $title |\"
|
set imap_pass = \`pass mutt-wizard-$title\`
|
||||||
|
set smtp_pass = \`pass mutt-wizard-$title\`
|
||||||
|
|
||||||
alias me $realname <$fulladdr>
|
alias me $realname <$fulladdr>
|
||||||
|
|
||||||
@ -177,39 +175,7 @@ EOF
|
|||||||
[ "$accounttype" = "offline" ] || sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc"
|
[ "$accounttype" = "offline" ] || sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc"
|
||||||
}
|
}
|
||||||
|
|
||||||
getpass() { \
|
getpass() { pass rm -f "mutt-wizard-$title" 2>/dev/null ; pass insert "mutt-wizard-$title" ;}
|
||||||
printf "Now enter your password for the \"%s\" account. Don't worry, this will be encrypted and only you with your GPG key can view it.\\n\tPassword: " "$title"
|
|
||||||
stty -echo
|
|
||||||
read -r password
|
|
||||||
stty echo
|
|
||||||
echo "$password" > "$tmpdir/$title"
|
|
||||||
printf "Encrypting your password with %s..." "$GPG"
|
|
||||||
"$GPG" -r "$gpgemail" --encrypt "$tmpdir/$title"
|
|
||||||
printf "DONE\\nShredding all memory of your password for safety's sake..."
|
|
||||||
unset password
|
|
||||||
shred -u "$tmpdir/$title"
|
|
||||||
mkdir -p "$creddir"
|
|
||||||
mv "$tmpdir/$title.gpg" "$creddir/"
|
|
||||||
printf "DONE.\\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
askgpg() { \
|
|
||||||
printf "To safely encrypt passwords, mutt-wizard requires that you have a GPG public/private key pair.\\n\\nPlease input the email address of your GPG key pair below.\\nEmail: \033[36m\t"
|
|
||||||
read -r gpgemail
|
|
||||||
printf "\033[0m"
|
|
||||||
while ! echo "$gpgemail" | grep "$emailre" >/dev/null; do
|
|
||||||
printf "That is not a valid email address. Please try again.\\nEmail: \033[36m\t"
|
|
||||||
read -r gpgemail
|
|
||||||
printf "\033[0m"
|
|
||||||
done
|
|
||||||
if "$GPG" -K | grep "<$gpgemail>" >/dev/null; then
|
|
||||||
mkdir -p "$creddir"
|
|
||||||
echo "$gpgemail" > "$creddir/gpgemail"
|
|
||||||
else
|
|
||||||
printf "You do not appear to have a private key associated with \033[33m%s\033[0m.\\nPlease generate a GPG key pair by running \`\033[32m%s --full-gen-key\033[0m\` and rerun the wizard.\\n" "$gpgemail" "$GPG"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
formatShortcut() { \
|
formatShortcut() { \
|
||||||
while read -r data; do { echo "macro index,pager g$1 \"<change-folder>$data<enter>\" \"Go to $2.\" # autogenerated"
|
while read -r data; do { echo "macro index,pager g$1 \"<change-folder>$data<enter>\" \"Go to $2.\" # autogenerated"
|
||||||
@ -277,7 +243,7 @@ pick() { numbered="$(ls $accdir/*muttrc | sed "s/.*\///;s/\..*//" | nl)"
|
|||||||
return 0 ;}
|
return 0 ;}
|
||||||
|
|
||||||
delete() { sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc"
|
delete() { sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc"
|
||||||
rm -rf "${accdir:?}/${title:?}" "$creddir/$title.gpg" "$accdir/$title.muttrc"
|
rm -rf "${accdir:?}/${title:?}" "$accdir/$title.muttrc"
|
||||||
sed -i "/$title.muttrc/d" "$muttdir/personal.muttrc"
|
sed -i "/$title.muttrc/d" "$muttdir/personal.muttrc"
|
||||||
sed -i "/account $title/,/^\(\s*$\|account\)/d" "$HOME/.config/msmtp/config"
|
sed -i "/account $title/,/^\(\s*$\|account\)/d" "$HOME/.config/msmtp/config"
|
||||||
#confirm "delete the local mail repository as well?" && rm -rf "${maildir:?}/${title:?}"
|
#confirm "delete the local mail repository as well?" && rm -rf "${maildir:?}/${title:?}"
|
||||||
@ -326,8 +292,8 @@ addtype() { \
|
|||||||
|
|
||||||
main() { \
|
main() { \
|
||||||
while : ; do
|
while : ; do
|
||||||
[ -z "$gpgemail" ] && askgpg
|
[ ! -f "$HOME/.password-store/.gpg-id" ] && printf "\`pass\` must be installed and initialized to encrypt passwords.\\nBe sure it is installed and run \`pass init <yourgpgemail>\`.\\nIf you don't have a GPG public private key pair, run \`gpg --full-gen-key\` first.\\n" && exit
|
||||||
printf "Current GPG key email: %s\\n\033[34m" "$gpgemail"
|
printf "Welcome to:\\n\033[34m"
|
||||||
cat << "EOF"
|
cat << "EOF"
|
||||||
_ __ ___ _ _| |_| |_ __ _(_)______ _ _ __ __| |
|
_ __ ___ _ _| |_| |_ __ _(_)______ _ _ __ __| |
|
||||||
| '_ ` _ \| | | | __| __|___\ \ /\ / / |_ / _` | '__/ _` |
|
| '_ ` _ \| | | | __| __|___\ \ /\ / / |_ / _` | '__/ _` |
|
||||||
@ -354,7 +320,7 @@ Input a number to continue or press ctrl-c.\\n"
|
|||||||
2) pick "change the password of" && confirm "change the password of" && getpass ;;
|
2) pick "change the password of" && confirm "change the password of" && getpass ;;
|
||||||
3) pick delete && confirm "delete the \`$title\` profile" && delete ;;
|
3) pick delete && confirm "delete the \`$title\` profile" && delete ;;
|
||||||
4) askgpg ;;
|
4) askgpg ;;
|
||||||
5) confirm "delete all account data" && rm -ri "$mbsyncrc" "$accdir" "$creddir" "$muttdir/personal.muttrc" && echo "All configs and account settings have been purged." ;;
|
5) confirm "delete all account data" && rm -ri "$mbsyncrc" "$accdir" "$muttdir/personal.muttrc" && echo "All configs and account settings have been purged." ;;
|
||||||
6) choosecron ;;
|
6) choosecron ;;
|
||||||
0) break ;;
|
0) break ;;
|
||||||
*) printf "Invalid input.\\n"
|
*) printf "Invalid input.\\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user