mail: Update mail-check to work with pass-coffin
Updated code to be able to run a password command chosen individually, as well as a post-password command. Used in this instance to `pass open` a password store in a coffin/tomb before actually trying to read passwords out of it.
This commit is contained in:
parent
572fa471ae
commit
ea95ca7dfa
GPG key ID:
B7538B8F50A1C800
2 changed files with 22 additions and 8 deletions
|
|
@ -3,8 +3,8 @@
|
|||
IMAPAccount gmail
|
||||
# Address to connect to
|
||||
Host imap.gmail.com
|
||||
UserCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask ~/.local/share/pass/misc/aerc-gmail-app-password.gpg | grep username | cut -d: -f2"
|
||||
PassCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask ~/.local/share/pass/misc/aerc-gmail-app-password.gpg | head -n1"
|
||||
UserCmd "pass show misc/aerc-gmail-app-password | grep username | cut -d: -f2"
|
||||
PassCmd "pass show misc/aerc-gmail-app-password | head -n1"
|
||||
# To store the password in an encrypted file use PassCmd instead of Pass
|
||||
# PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg"
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env sh
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Runs mbsync, with pre-hooks and post-hooks
|
||||
# by default, the pre-hook first runs imapfilter
|
||||
|
|
@ -38,7 +38,9 @@
|
|||
# MBSYNC_NOTIFY=1
|
||||
# MBSYNC_PASSWORD_FILE="/path/to/gpg/file.gpg"
|
||||
|
||||
PASSWORD_FILE="${MBSYNC_PASSWORD_FILE:-$HOME/.local/share/pass/misc/aerc-gmail-app-password.gpg}"
|
||||
# What to run before and after decrypting the password file.
|
||||
PASSWORD_CMD="pass open -t 1min"
|
||||
# POST_PASSWORD_CMD=""
|
||||
|
||||
prehook() {
|
||||
if [ -n "$MBSYNC_PRE" ]; then
|
||||
|
|
@ -83,7 +85,7 @@ checkonline() {
|
|||
# warn user that he has to enter his password in a moment
|
||||
# to stop catching him offguard or entering something by accident
|
||||
checkwarnuser() {
|
||||
agt=$(gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel "$PASSWORD_FILE" 2>&1)
|
||||
enablegpgagent
|
||||
if echo "$agt" | grep -qE 'No secret key'; then
|
||||
notify "Mail" "Password phrase needed!"
|
||||
sleep 2.5
|
||||
|
|
@ -91,10 +93,22 @@ checkwarnuser() {
|
|||
}
|
||||
|
||||
enablegpgagent() {
|
||||
## get password from user
|
||||
agt=$(gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask "$PASSWORD_FILE" 2>&1)
|
||||
[ -n "$agt" ] && return
|
||||
|
||||
if [ -n "$PASSWORD_CMD" ]; then
|
||||
IFS=" " read -r -a PASSWORD_CMD <<<"$PASSWORD_CMD"
|
||||
# shellcheck disable=SC2068
|
||||
agt=$(${PASSWORD_CMD[@]})
|
||||
fi
|
||||
|
||||
if [ -n "$POST_PASSWORD_CMD" ]; then
|
||||
IFS=" " read -r -a POST_PASSWORD_CMD <<<"$POST_PASSWORD_CMD"
|
||||
"${POST_PASSWORD_CMD[@]}"
|
||||
fi
|
||||
|
||||
## exit program after first failed attempt
|
||||
if echo "$agt" | grep -qE 'decryption failed'; then
|
||||
if echo "$agt" | grep -qE 'decryption failed' ||
|
||||
echo "$agt" | grep -qE 'No such file'; then
|
||||
notify "Mail" "Process aborted."
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue