#!/bin/bash # Load helper functions source "$( # The following is done because: # # * `readlink` on OS X outputs a relative path # * `misc.sh` is not publicly exposed # cd "$(dirname "${BASH_SOURCE[0]}")"; cd "$(dirname "$(readlink "${BASH_SOURCE[0]}")")"; pwd )/misc.sh" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - add_ssh_configs() { chmod 600 "$1" \ && printf "%s\n" \ "Host github.com" \ " IdentityFile $1" \ " LogLevel ERROR" \ "Host gitee.com" \ " IdentityFile $1" \ " LogLevel ERROR" \ "Host dns.yufan.me" \ " IdentityFile $1" \ " LogLevel ERROR" \ "Host git.coding.net" \ " IdentityFile $1" \ " LogLevel ERROR" >> ~/.ssh/config ssh-keyscan git.coding.net >> ~/.ssh/known_hosts ssh-keyscan gitee.com >> ~/.ssh/known_hosts ssh-keyscan dns.yufan.me >> ~/.ssh/known_hosts } decrypt_private_ssh_key() { openssl aes-256-cbc \ -K "$1" \ -iv "$2" \ -in "$(pwd)/$3" \ -out "$4" -d } print_help_message() { cat < Specifies the value of the key stored in the "encrypted_XXXXXXXXXXXX_key" envirorment variable. -i, --iv Specifies the value of the IV stored in the "encrypted_XXXXXXXXXXXX_iv" envirorment variable. -p, --path-encrypted-key Specifies the location of the encrypted private key file relative to where the script is executed from. EOF } # ---------------------------------------------------------------------- main() { local iv="" local key="" local pathEncryptedKey="" local sshFileName="" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - while :; do case $1 in -h|--help) print_help_message exit ;; -i|--iv) if [ -n "$2" ]; then iv="$2" shift 2 continue else print_error "ERROR: A non-empty \"-i/--iv \" argument needs to be specified" exit 1 fi ;; -k|--key) if [ -n "$2" ]; then key="$2" shift 2 continue else print_error "ERROR: A non-empty \"-k/--key \" argument needs to be specified" exit 1 fi ;; -p|--path-encrypted-key) if [ -n "$2" ]; then pathEncryptedKey="$2" shift 2 continue else print_error "ERROR: A non-empty \"-p/--path-encrypted-key \" argument needs to be specified" exit 1 fi ;; -?*) printf "WARNING: Unknown option (ignored): %s\n" "$1" >&2;; *) break esac shift done # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Check if all the required options are provided ( check_if_arg_is_provided "$iv" "-i/--iv " check_if_arg_is_provided "$key" "-k/--key " check_if_arg_is_provided "$pathEncryptedKey" "-p/--path-encrypted-key " ) \ || exit 1 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - sshFileName="$(mktemp -u "$HOME/.ssh/XXXXX")" decrypt_private_ssh_key "$key" "$iv" "$pathEncryptedKey" "$sshFileName" \ &> >(print_error_stream) \ 1> /dev/null print_result $? "Decrypt the file containing the private key" \ || exit 1 add_ssh_configs "$sshFileName" \ &> >(print_error_stream) \ 1> /dev/null print_result $? "Add configs to enable SSH authentication" \ || exit 1 return 0 } main "$@" \ &> >(remove_sensitive_information "$GH_USER_EMAIL" "$GH_USER_NAME")