Marty/dotfiles
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity

mail: Update mail-check to work with pass-coffin

Browse source 
Updated code to be able to run a password command chosen individually,
as well as a post-password command.

Used in this instance to `pass open` a password store in a coffin/tomb
before actually trying to read passwords out of it.
This commit is contained in:
Marty Oehme 2022-01-28 18:32:06 +01:00
parent 572fa471ae
commit ea95ca7dfa
Signed by: Marty
GPG key ID: B7538B8F50A1C800
2 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
mail/.config/isync/mbsyncrc
View file

@ -3,8 +3,8 @@
IMAPAccount gmail IMAPAccount gmail
# Address to connect to # Address to connect to
Host imap.gmail.com Host imap.gmail.com
UserCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask ~/.local/share/pass/misc/aerc-gmail-app-password.gpg | grep username | cut -d: -f2" UserCmd "pass show misc/aerc-gmail-app-password | grep username | cut -d: -f2"
PassCmd "gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask ~/.local/share/pass/misc/aerc-gmail-app-password.gpg | head -n1" PassCmd "pass show misc/aerc-gmail-app-password | head -n1"
# To store the password in an encrypted file use PassCmd instead of Pass # To store the password in an encrypted file use PassCmd instead of Pass
# PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg" # PassCmd "gpg2 -q --for-your-eyes-only --no-tty -d ~/.mailpass.gpg"
# #

26
mail/.local/bin/mail-check
View file

@ -1,4 +1,4 @@
#!/usr/bin/env sh #!/usr/bin/env bash
# #
# Runs mbsync, with pre-hooks and post-hooks # Runs mbsync, with pre-hooks and post-hooks
# by default, the pre-hook first runs imapfilter # by default, the pre-hook first runs imapfilter
@ -38,7 +38,9 @@
# MBSYNC_NOTIFY=1 # MBSYNC_NOTIFY=1
# MBSYNC_PASSWORD_FILE="/path/to/gpg/file.gpg" # MBSYNC_PASSWORD_FILE="/path/to/gpg/file.gpg"
PASSWORD_FILE="${MBSYNC_PASSWORD_FILE:-$HOME/.local/share/pass/misc/aerc-gmail-app-password.gpg}" # What to run before and after decrypting the password file.
PASSWORD_CMD="pass open -t 1min"
# POST_PASSWORD_CMD=""
prehook() { prehook() {
if [ -n "$MBSYNC_PRE" ]; then if [ -n "$MBSYNC_PRE" ]; then
@ -83,7 +85,7 @@ checkonline() {
# warn user that he has to enter his password in a moment # warn user that he has to enter his password in a moment
# to stop catching him offguard or entering something by accident # to stop catching him offguard or entering something by accident
checkwarnuser() { checkwarnuser() {
agt=$(gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode cancel "$PASSWORD_FILE" 2>&1) enablegpgagent
if echo "$agt" | grep -qE 'No secret key'; then if echo "$agt" | grep -qE 'No secret key'; then
notify "Mail" "Password phrase needed!" notify "Mail" "Password phrase needed!"
sleep 2.5 sleep 2.5
@ -91,10 +93,22 @@ checkwarnuser() {
} }
enablegpgagent() { enablegpgagent() {
## get password from user [ -n "$agt" ] && return
agt=$(gpg2 --decrypt --no-tty --quiet --no-verbose --for-your-eyes-only --pinentry-mode ask "$PASSWORD_FILE" 2>&1)
if [ -n "$PASSWORD_CMD" ]; then
IFS=" " read -r -a PASSWORD_CMD <<<"$PASSWORD_CMD"
# shellcheck disable=SC2068
agt=$(${PASSWORD_CMD[@]})
fi
if [ -n "$POST_PASSWORD_CMD" ]; then
IFS=" " read -r -a POST_PASSWORD_CMD <<<"$POST_PASSWORD_CMD"
"${POST_PASSWORD_CMD[@]}"
fi
## exit program after first failed attempt ## exit program after first failed attempt
if echo "$agt" | grep -qE 'decryption failed'; then if echo "$agt" | grep -qE 'decryption failed' ||
echo "$agt" | grep -qE 'No such file'; then
notify "Mail" "Process aborted." notify "Mail" "Process aborted."
exit 1 exit 1
fi fi