luzifer/cfg
1
0
Fork 0
Code Releases Activity

Throw shfmt against bash scripts

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2018-03-10 12:47:55 +01:00
parent 76b40bb59b
commit efc8bc4f3c
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
25 changed files with 181 additions and 168 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
bin/avhcd2x264
View file

@ -16,22 +16,21 @@ PASSES="2"
### ###
### ###
if ! [ -f "$1" ] if ! [ -f "$1" ]; then
then echo ""$!" is not a file. Nothing to convert."
echo ""$!" is not a file. Nothing to convert." exit
exit
fi fi
trap cleanup EXIT trap cleanup EXIT
cleanup() { cleanup() {
set +e set +e
rm -f "${PASSLOGFILE}-0.log" "${PASSLOGFILE}-0.log.mbtree" "${TEMPFILE}" rm -f "${PASSLOGFILE}-0.log" "${PASSLOGFILE}-0.log.mbtree" "${TEMPFILE}"
} }
# get creation date # get creation date
TIMESTAMP=$(stat -l -t "%Y-%m-%d %H:%M:%S" "$1" | awk '{ print $6" "$7 }') TIMESTAMP=$(stat -l -t "%Y-%m-%d %H:%M:%S" "$1" | awk '{ print $6" "$7 }')
# get betrate # get betrate
BITRATE=$(ffmpeg -i "$1" 2>&1 |grep bitrate | awk '{print $6}') BITRATE=$(ffmpeg -i "$1" 2>&1 | grep bitrate | awk '{print $6}')
# set task priority to low # set task priority to low
NICE="nice -n 19" NICE="nice -n 19"
@ -45,29 +44,27 @@ TEMPFILE="$DIRECTORY/.${FILENAME%.*}_${NOW}_ffmpeg.${EXT}"
#METADATA="-metadata creation_time=\"$TIMESTAMP\"" #METADATA="-metadata creation_time=\"$TIMESTAMP\""
if [ "$PASSES" == "1" ] if [ "$PASSES" == "1" ]; then
then # 1 pass encoding
# 1 pass encoding $NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -acodec libfaac -ab 192k -ar 48000 -sn -metadata creation_time="$TIMESTAMP" -f mp4 -y "${TEMPFILE}"
$NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -acodec libfaac -ab 192k -ar 48000 -sn -metadata creation_time="$TIMESTAMP" -f mp4 -y "${TEMPFILE}"
else else
# 2 pass encoding # 2 pass encoding
PASSLOGFILE="$DIRECTORY/.${FILENAME%.*}_${NOW}_ffmpeg" PASSLOGFILE="$DIRECTORY/.${FILENAME%.*}_${NOW}_ffmpeg"
$NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -pass 1 -passlogfile "$PASSLOGFILE" -an -sn -f rawvideo -y /dev/null $NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -pass 1 -passlogfile "$PASSLOGFILE" -an -sn -f rawvideo -y /dev/null
$NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -pass 2 -passlogfile "$PASSLOGFILE" -acodec libfaac -ab 192k -ar 48000 -sn -metadata creation_time="$TIMESTAMP" -f mp4 -y "${TEMPFILE}" $NICE ffmpeg -i "$1" -threads auto -loglevel "$LOGLEVEL" -vcodec libx264 -b:v "${BITRATE}k" -vf yadif=1 -pass 2 -passlogfile "$PASSLOGFILE" -acodec libfaac -ab 192k -ar 48000 -sn -metadata creation_time="$TIMESTAMP" -f mp4 -y "${TEMPFILE}"
rm "${PASSLOGFILE}-0.log" rm "${PASSLOGFILE}-0.log"
rm "${PASSLOGFILE}-0.log.mbtree" rm "${PASSLOGFILE}-0.log.mbtree"
fi fi
touch -r "$1" "${TEMPFILE}" touch -r "$1" "${TEMPFILE}"
if [ -f "${1%.*}.${EXT}" ] if [ -f "${1%.*}.${EXT}" ]; then
then mv -f "${TEMPFILE}" "${1%.*}_${NOW}.${EXT}"
mv -f "${TEMPFILE}" "${1%.*}_${NOW}.${EXT}" echo
echo echo "File "${1%.*}.${EXT}" already exist, moved to: "${1%.*}_${NOW}.${EXT}""
echo "File "${1%.*}.${EXT}" already exist, moved to: "${1%.*}_${NOW}.${EXT}"" echo
echo
else else
mv -i "${TEMPFILE}" "${1%.*}.${EXT}" mv -i "${TEMPFILE}" "${1%.*}.${EXT}"
fi fi
exit exit

32
bin/backup_gpg
View file

@ -2,26 +2,26 @@
case $1 in case $1 in
backup) backup)
# Backup the trustdb # Backup the trustdb
gpg2 --export-ownertrust > .gnupg/trustdb.txt gpg2 --export-ownertrust >.gnupg/trustdb.txt
# Compile the archive # Compile the archive
tar -cvjf - .gnupg/private-keys-v1.d .gnupg/pubring.gpg .gnupg/trustdb.gpg .gnupg/trustdb.txt | gpg2 --output ${HOME}/gnupg_backup.asc --symmetric --armor tar -cvjf - .gnupg/private-keys-v1.d .gnupg/pubring.gpg .gnupg/trustdb.gpg .gnupg/trustdb.txt | gpg2 --output ${HOME}/gnupg_backup.asc --symmetric --armor
;; ;;
restore) restore)
# Restore the archive # Restore the archive
gpg2 --decrypt ${HOME}/gnupg_backup.asc | tar -xvj gpg2 --decrypt ${HOME}/gnupg_backup.asc | tar -xvj
# Restore the owner-trust # Restore the owner-trust
gpg2 --import-ownertrust < .gnupg/trustdb.txt gpg2 --import-ownertrust <.gnupg/trustdb.txt
;; ;;
*) *)
echo "Call me like this: $0 <backup | restore>" echo "Call me like this: $0 <backup | restore>"
exit 1 exit 1
;; ;;
esac esac

29
bin/check_config
View file

@ -3,46 +3,55 @@ set -euo pipefail
DEBUG=${DEBUG:-false} DEBUG=${DEBUG:-false}
FETCH_INTERVAL=${FETCH_INTERVAL:-3600} FETCH_INTERVAL=${FETCH_INTERVAL:-3600}
REPOS=( public secret ) REPOS=(public secret)
SSH_KEY=${SSH_KEY:-fafnir} SSH_KEY=${SSH_KEY:-fafnir}
# Print debug messages if enabled by ${DEBUG} # Print debug messages if enabled by ${DEBUG}
function debug { function debug() {
[[ "${DEBUG}" = "false" ]] && return [[ ${DEBUG} == "false" ]] && return
echo "$@" >&2 echo "$@" >&2
} }
function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; } function join_by() {
local d=$1
shift
echo -n "$1"
shift
printf "%s" "${@/#/$d}"
}
# Wrap git to work with git-dir and work-tree being in other locations # Wrap git to work with git-dir and work-tree being in other locations
function gwrap { function gwrap() {
hub --git-dir=${HOME}/.cfg/${REPO} --work-tree=${HOME} $@ hub --git-dir=${HOME}/.cfg/${REPO} --work-tree=${HOME} $@
} }
# Ensure we're connected to network before acting # Ensure we're connected to network before acting
if ! ( ping -q -c 1 8.8.8.8 >/dev/null ); then if ! (ping -q -c 1 8.8.8.8 >/dev/null); then
debug "No network connection, not checking" debug "No network connection, not checking"
exit 0 exit 0
fi fi
STAT_PARM="-c %Y" STAT_PARM="-c %Y"
[[ "$(uname -s)" = "Darwin" ]] && STAT_PARM="-f %m" [[ "$(uname -s)" == "Darwin" ]] && STAT_PARM="-f %m"
NEED_UPDATE=() NEED_UPDATE=()
# Check repos for updates # Check repos for updates
for REPO in ${REPOS[@]}; do for REPO in ${REPOS[@]}; do
LAST_FETCH=0 LAST_FETCH=0
[ -f ~/.cfg/${REPO}/FETCH_HEAD ] && LAST_FETCH=$(stat ${STAT_PARM} ~/.cfg/${REPO}/FETCH_HEAD) [ -f ~/.cfg/${REPO}/FETCH_HEAD ] && LAST_FETCH=$(stat ${STAT_PARM} ~/.cfg/${REPO}/FETCH_HEAD)
if [ $(( $(date +%s) - ${LAST_FETCH} )) -gt ${FETCH_INTERVAL} ] || \ if [ $(($(date +%s) - LAST_FETCH)) -gt ${FETCH_INTERVAL} ] ||
[ $(wc -c ~/.cfg/${REPO}/FETCH_HEAD | cut -d' ' -f1) -eq 0 ]; then [ $(wc -c ~/.cfg/${REPO}/FETCH_HEAD | cut -d' ' -f1) -eq 0 ]; then
vault-sshadd ${SSH_KEY} 2>&1 >/dev/null || { echo "Unable to load key ${SSH_KEY}"; exit 1; } vault-sshadd ${SSH_KEY} 2>&1 >/dev/null || {
echo "Unable to load key ${SSH_KEY}"
exit 1
}
gwrap fetch -q origin master gwrap fetch -q origin master
fi fi
LOCAL=$(gwrap rev-parse HEAD) LOCAL=$(gwrap rev-parse HEAD)
REMOTE=$(gwrap rev-parse FETCH_HEAD) REMOTE=$(gwrap rev-parse FETCH_HEAD)
if ! [[ "${LOCAL}" = "${REMOTE}" ]]; then if ! [[ ${LOCAL} == "${REMOTE}" ]]; then
NEED_UPDATE+=("'${REPO}'") NEED_UPDATE+=("'${REPO}'")
fi fi
done done

28
bin/clean-keys
View file

@ -1,16 +1,16 @@
#!/bin/bash #!/bin/bash
# clean_keyring.sh - clean up all the excess keys # clean_keyring.sh - clean up all the excess keys
# my key should probably be the first secret key listed # my key should probably be the first secret key listed
mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20) mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20)
if [ -z "$mykey" ]; then if [ -z "$mykey" ]; then
# exit if no key string # exit if no key string
echo "Can't get user's key ID" echo "Can't get user's key ID"
exit 1 exit 1
fi fi
# all of the people who have signed my key # all of the people who have signed my key
mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u) mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u)
# keep also the keys of persons I'm tracking on keybase.io # keep also the keys of persons I'm tracking on keybase.io
keybase_tracks="" keybase_tracks=""
@ -18,23 +18,23 @@ for person in $(keybase list-tracking); do
id=$(keybase id $person 2>&1 | grep "public key fingerprint" | cut -d ':' -f 2 | cut -c 41-50 | sed "s/ //g") id=$(keybase id $person 2>&1 | grep "public key fingerprint" | cut -d ':' -f 2 | cut -c 41-50 | sed "s/ //g")
keybase_tracks="$keybase_tracks $id" keybase_tracks="$keybase_tracks $id"
done done
# keep all of the signers, plus my key (if I haven't self-signed) # keep all of the signers, plus my key (if I haven't self-signed)
keepers=$(echo $mykey $mysigners $keybase_tracks | tr ' ' '\012' | sort -u) keepers=$(echo $mykey $mysigners $keybase_tracks | tr ' ' '\012' | sort -u)
# the keepers list in egrep syntax: ^(key|key|…) # the keepers list in egrep syntax: ^(key|key|…)
keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;') keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
# show all the keepers as a comment so this script's output is shell-able # show all the keepers as a comment so this script's output is shell-able
echo '# Keepers: ' $keepers echo '# Keepers: ' $keepers
# everyone who isn't on the keepers list is deleted # everyone who isn't on the keepers list is deleted
deleters=$(gpg --list-keys | grep '^pub'| cut -c 13-20 | egrep -v ${keepers_egrep}) deleters=$(gpg --list-keys | grep '^pub' | cut -c 13-20 | egrep -v ${keepers_egrep})
# echo the command if there are any to delete # echo the command if there are any to delete
# command is interactive # command is interactive
if [ -z "$deleters" ]; then if [ -z "$deleters" ]; then
echo "# Nothing to delete!" echo "# Nothing to delete!"
else else
echo 'gpg --delete-keys' $deleters echo 'gpg --delete-keys' $deleters
fi fi

4
bin/docker-clean
View file

@ -4,7 +4,7 @@ set -euo pipefail
if [ -e "${HOME}/bin/script_framework.sh" ]; then if [ -e "${HOME}/bin/script_framework.sh" ]; then
source "${HOME}/bin/script_framework.sh" source "${HOME}/bin/script_framework.sh"
else else
function step { echo $@; } function step() { echo $@; }
fi fi
step "Removing containers created / exited >= ~1h ago..." step "Removing containers created / exited >= ~1h ago..."
@ -14,7 +14,7 @@ CONTAINERS=$(docker ps -a | awk '/(hours?|days?|weeks?|months?) ago\s+(Created|E
step "Untagging all images not used by containers..." step "Untagging all images not used by containers..."
PS_OUTPUT=$(docker ps -a) PS_OUTPUT=$(docker ps -a)
for img in $(docker images | awk '/^[a-z].*(hours?|days?|weeks?|months?) ago/{ print $1":"$2 }' | grep -v '<none>' | sort | uniq); do for img in $(docker images | awk '/^[a-z].*(hours?|days?|weeks?|months?) ago/{ print $1":"$2 }' | grep -v '<none>' | sort | uniq); do
if ! ( echo "${PS_OUTPUT}" | grep -q "\s${img}\s" ) && ! ( echo "${PS_OUTPUT}" | grep -q "\s${img%:latest}\s" ); then if ! (echo "${PS_OUTPUT}" | grep -q "\s${img}\s") && ! (echo "${PS_OUTPUT}" | grep -q "\s${img%:latest}\s"); then
docker rmi --no-prune "${img}" docker rmi --no-prune "${img}"
fi fi
done done

13
bin/ensure-config.sh
View file

@ -26,7 +26,7 @@ while getopts "f" opt; do
esac esac
done done
shift $((OPTIND-1)) shift $((OPTIND - 1))
[ "${1:-}" = "--" ] && shift [ "${1:-}" = "--" ] && shift
# --- OPT parsing --- # --- OPT parsing ---
@ -34,11 +34,14 @@ shift $((OPTIND-1))
if [ -e ${HOME}/bin/script_framework.sh ]; then if [ -e ${HOME}/bin/script_framework.sh ]; then
source ${HOME}/bin/script_framework.sh source ${HOME}/bin/script_framework.sh
else else
function step { echo "$@"; } function step() { echo "$@"; }
function fatal { echo "$@"; exit 1; } function fatal() {
echo "$@"
exit 1
}
fi fi
function config { function config() {
git --git-dir="${HOME}/.cfg/${repo_name}" --work-tree="${HOME}" $@ git --git-dir="${HOME}/.cfg/${repo_name}" --work-tree="${HOME}" $@
} }
@ -57,7 +60,7 @@ for repo_name in "${!REPOS[@]}"; do
config config status.showUntrackedFiles no config config status.showUntrackedFiles no
# Do not overwrite local changes # Do not overwrite local changes
if ( ! config diff --exit-code 2>&1 >/dev/null ) && [ ${FORCE} -eq 0 ]; then if (! config diff --exit-code 2>&1 >/dev/null) && [ ${FORCE} -eq 0 ]; then
fatal "Repo '${REPO}' has unsaved changes and force-flag is not set" fatal "Repo '${REPO}' has unsaved changes and force-flag is not set"
fi fi

2
bin/fix-ssh
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
for host in $@; do for host in $@; do
grep -v ${host} ~/.ssh/known_hosts > ~/.ssh/known_hosts.tmp && mv ~/.ssh/known_hosts.tmp ~/.ssh/known_hosts grep -v ${host} ~/.ssh/known_hosts >~/.ssh/known_hosts.tmp && mv ~/.ssh/known_hosts.tmp ~/.ssh/known_hosts
done done

4
bin/gen-dockerfile-1.6
View file

@ -65,9 +65,9 @@ RUN set -ex \\
EOF EOF
# Allow exposing ports using `-e 3000` # Allow exposing ports using `-e 3000`
( test "EXPOSE" != "${EXPOSE}" ) && echo -e "${EXPOSE}\n" (test "EXPOSE" != "${EXPOSE}") && echo -e "${EXPOSE}\n"
# Allow # Allow
[ -z "${VOLUME}" ] || echo -e "VOLUME [${VOLUME/, /}]\n" [ -z "${VOLUME}" ] || echo -e "VOLUME [${VOLUME/, /}]\n"
# Execution information # Execution information

8
bin/git-autohook
View file

@ -6,10 +6,10 @@ if ! [ -e Makefile ]; then
exit 0 exit 0
fi fi
TARGETS=$(make -pRrq : 2>/dev/null | \ TARGETS=$(make -pRrq : 2>/dev/null |
awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | \ awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' |
sort | egrep -v -e '^[^[:alnum:]]' | sed 's/:$//' | xargs) sort | egrep -v -e '^[^[:alnum:]]' | sed 's/:$//' | xargs)
if ( echo $TARGETS | grep -q "auto-hook-${HOOKTYPE}" ); then if (echo $TARGETS | grep -q "auto-hook-${HOOKTYPE}"); then
exec make "auto-hook-${HOOKTYPE}" exec make "auto-hook-${HOOKTYPE}"
fi fi

4
bin/git-ps
View file

@ -20,12 +20,12 @@ git pull --rebase && git submodule update --init --recursive
step "Cleaning local branches..." step "Cleaning local branches..."
for branch in $(git branch --merged | grep -v '^*'); do for branch in $(git branch --merged | grep -v '^*'); do
# Do not delete master as the main branch # Do not delete master as the main branch
if ( test "${branch}" != "master" ); then if (test "${branch}" != "master"); then
git branch -d ${branch} git branch -d ${branch}
fi fi
done done
step "Removing local branches where remote branch is gone..." step "Removing local branches where remote branch is gone..."
if ( git branch -vv | grep -q ': gone]' ); then if (git branch -vv | grep -q ': gone]'); then
git branch -vv | awk '/: gone]/{print $1}' | xargs git branch -D git branch -vv | awk '/: gone]/{print $1}' | xargs git branch -D
fi fi

18
bin/git_status_recursive
View file

@ -4,13 +4,13 @@
startpath=$(pwd) startpath=$(pwd)
for repo in $(find . -name ".git") for repo in $(find . -name ".git"); do
do repodir=$(dirname $repo)
repodir=$(dirname $repo) reponame=$(basename $repodir)
reponame=$(basename $repodir) cd $repodir
cd $repodir; LANG=C git status | grep -q "nothing to commit" LANG=C git status | grep -q "nothing to commit"
state=$? state=$?
cd $startpath cd $startpath
echo -n "$reponame: " echo -n "$reponame: "
[ $state -eq 0 ] && echo -e "${PR_GREEN}Up-2-date${PR_NC}" || echo -e "${PR_BR_RED}Changes available${PR_NC}" [ $state -eq 0 ] && echo -e "${PR_GREEN}Up-2-date${PR_NC}" || echo -e "${PR_BR_RED}Changes available${PR_NC}"
done done

2
bin/gitignore
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
for i in "$@"; do for i in "$@"; do
echo "$i" >> .gitignore echo "$i" >>.gitignore
done done

20
bin/local-vault-auth
View file

@ -1,10 +1,13 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
function require_gotool { function require_gotool() {
toolname=$(basename $1) toolname=$(basename $1)
if ! ( which ${toolname} >/dev/null 2>&1 ); then if ! (which ${toolname} >/dev/null 2>&1); then
go version || { echo "${basename} not found and no usable go environment"; exit 1; } go version || {
echo "${basename} not found and no usable go environment"
exit 1
}
go get -u $1 go get -u $1
fi fi
} }
@ -15,7 +18,7 @@ source "${HOME}/.config/vault-user-token"
source "${HOME}/bin/script_framework.sh" source "${HOME}/bin/script_framework.sh"
# Check whether a valid token is available # Check whether a valid token is available
( vault token-lookup >/dev/null 2>&1 ) && exit 0 (vault token-lookup >/dev/null 2>&1) && exit 0
step "Vault is not authenticated, trying to authenticate... " step "Vault is not authenticated, trying to authenticate... "
@ -23,7 +26,10 @@ step "Vault is not authenticated, trying to authenticate... "
rm -f "${HOME}/.vault-token" rm -f "${HOME}/.vault-token"
VUT=$(pgrep -f vault-user-token || echo "" | xargs) VUT=$(pgrep -f vault-user-token || echo "" | xargs)
[ -n "$VUT" ] && { step "Killing old vault-user-token processes..."; kill ${VUT}; } [ -n "$VUT" ] && {
step "Killing old vault-user-token processes..."
kill ${VUT}
}
# Start new vault-user-token daemon # Start new vault-user-token daemon
vault-user-token --full-hostname=false >/dev/null 2>&1 & vault-user-token --full-hostname=false >/dev/null 2>&1 &
@ -34,11 +40,11 @@ while ! [ -f "${HOME}/.vault-token" ]; do
# Give the program a moment to get a token # Give the program a moment to get a token
sleep 0.5 sleep 0.5
if ! ( kill -0 $VUT ); then if ! (kill -0 $VUT); then
fail "vault-user-token exitted, giving up." fail "vault-user-token exitted, giving up."
fi fi
done done
( vault token-lookup >/dev/null 2>&1 ) || fail "Vault authentication failed finally" (vault token-lookup >/dev/null 2>&1) || fail "Vault authentication failed finally"
success "Vault token became available and is valid" success "Vault token became available and is valid"

2
bin/ls-unsafe-ssh
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
for key in $(find . -type f | grep -vE "\.(pub|pem)" | grep -vE '(config|authorized_keys|known_hosts)' | sort); do for key in $(find . -type f | grep -vE "\.(pub|pem)" | grep -vE '(config|authorized_keys|known_hosts)' | sort); do
grep -q ENCRYPTED ${key} || echo "Key unsafe: ${key}" grep -q ENCRYPTED ${key} || echo "Key unsafe: ${key}"
done done

2
bin/pwdpwn
View file

@ -8,7 +8,7 @@ source ${HOME}/bin/script_framework.sh
[ $# -lt 1 ] && fail "You need to supply at least password as argument" [ $# -lt 1 ] && fail "You need to supply at least password as argument"
# Check against online API using range request not to disclose the password hash # Check against online API using range request not to disclose the password hash
function check_password { function check_password() {
checksum=$(echo -n "${1}" | sha1sum | tr 'a-z' 'A-Z') checksum=$(echo -n "${1}" | sha1sum | tr 'a-z' 'A-Z')
curl -s https://api.pwnedpasswords.com/range/${checksum:0:5} | curl -s https://api.pwnedpasswords.com/range/${checksum:0:5} |
awk -F: "/${checksum:5:35}/{ print \$2 }" | tr -d '\n\r' awk -F: "/${checksum:5:35}/{ print \$2 }" | tr -d '\n\r'

4
bin/resume
View file

@ -3,11 +3,11 @@
source "${HOME}/bin/script_framework.sh" source "${HOME}/bin/script_framework.sh"
[ -n "${TMUX}" ] && fail "You are already in tmux!" [ -n "${TMUX}" ] && fail "You are already in tmux!"
( which tmux 2>/dev/null ) || fail "No tmux found, can't continue" (which tmux 2>/dev/null) || fail "No tmux found, can't continue"
tmux-agent tmux-agent
if ! ( tmux list-sessions ); then if ! (tmux list-sessions); then
tmux new-session -d tmux new-session -d
tmux split-window -h tmux split-window -h
fi fi

14
bin/script_framework.sh
View file

@ -4,27 +4,27 @@ COLOR_CYAN="\033[0;36m"
COLOR_YELLOW="\033[0;33m" COLOR_YELLOW="\033[0;33m"
COLOR_PLAIN="\033[0m" COLOR_PLAIN="\033[0m"
function error { function error() {
echo -e "${COLOR_RED}$@${COLOR_PLAIN}" echo -e "${COLOR_RED}$@${COLOR_PLAIN}"
} }
function fail { function fail() {
error "$@" error "$@"
exit 1 exit 1
} }
function info { function info() {
echo -e "${COLOR_CYAN}$@${COLOR_PLAIN}" echo -e "${COLOR_CYAN}$@${COLOR_PLAIN}"
} }
function step { function step() {
info "[$(date +%H:%M:%S)] $@" info "[$(date +%H:%M:%S)] $@"
} }
function success { function success() {
echo -e "${COLOR_GREEN}$@${COLOR_PLAIN}" echo -e "${COLOR_GREEN}$@${COLOR_PLAIN}"
} }
function warn { function warn() {
echo -e "${COLOR_YELLOW}$@${COLOR_PLAIN}" echo -e "${COLOR_YELLOW}$@${COLOR_PLAIN}"
} }

10
bin/sslcert
View file

@ -4,19 +4,19 @@ selfsigned=false
while getopts s opt; do while getopts s opt; do
case $opt in case $opt in
s) s)
selfsigned=true selfsigned=true
;; ;;
esac esac
done done
shift $(( OPTIND - 1 )) shift $((OPTIND - 1))
domain=$1 domain=$1
openssl genrsa -out ${domain}.key 2048 openssl genrsa -out ${domain}.key 2048
openssl req -new -sha256 -key ${domain}.key -out ${domain}.csr openssl req -new -sha256 -key ${domain}.key -out ${domain}.csr
if $selfsigned; then if $selfsigned; then
openssl x509 -req -days 365 -in ${domain}.csr -signkey ${domain}.key -out ${domain}.crt openssl x509 -req -days 365 -in ${domain}.csr -signkey ${domain}.key -out ${domain}.crt
fi fi

87
bin/system-audit
View file

@ -5,17 +5,18 @@ set -e
BASE_PATH=/tmp/system-audit BASE_PATH=/tmp/system-audit
GIT_DIR=/var/local/system-audit GIT_DIR=/var/local/system-audit
function collect_hashes { function collect_hashes() {
target=$1; shift target=$1
shift
for dir in $@; do for dir in $@; do
if ! [ -e "${dir}" ]; then if ! [ -e "${dir}" ]; then
echo "${dir}" >> ${BASE_PATH}/missing echo "${dir}" >>${BASE_PATH}/missing
wrap_git add --intent-to-add ${BASE_PATH}/missing wrap_git add --intent-to-add ${BASE_PATH}/missing
continue continue
fi fi
find ${dir} -mindepth 1 \( -type f -or -type l \) -print0 | xargs -0 shasum -a 512 >> ${target} find ${dir} -mindepth 1 \( -type f -or -type l \) -print0 | xargs -0 shasum -a 512 >>${target}
done done
if [ -e ${target} ]; then if [ -e ${target} ]; then
@ -23,7 +24,7 @@ function collect_hashes {
fi fi
} }
function wrap_git { function wrap_git() {
git --work-tree=${BASE_PATH} --git-dir=${GIT_DIR} "$@" git --work-tree=${BASE_PATH} --git-dir=${GIT_DIR} "$@"
return $? return $?
} }
@ -44,51 +45,51 @@ fi
case "$1" in case "$1" in
"collect") "collect")
# Remove old hash-files # Remove old hash-files
rm -rf ${BASE_PATH}/* rm -rf ${BASE_PATH}/*
# [OSX / Linux] Changing this script will cause a different behaviour # [OSX / Linux] Changing this script will cause a different behaviour
# so also this needs to be monitored. # so also this needs to be monitored.
collect_hashes ${BASE_PATH}/script $0 collect_hashes ${BASE_PATH}/script $0
# [OSX only] LaunchAgents and LaunchDaemons can be used to execute # [OSX only] LaunchAgents and LaunchDaemons can be used to execute
# programs on behalf of the user or the root user. They may be used # programs on behalf of the user or the root user. They may be used
# as attack vectors. # as attack vectors.
collect_hashes ${BASE_PATH}/agents_daemons /System/Library/LaunchDaemons /Library/LaunchDaemons /System/Library/LaunchAgents /Library/LaunchAgents ~/Library/LaunchAgents collect_hashes ${BASE_PATH}/agents_daemons /System/Library/LaunchDaemons /Library/LaunchDaemons /System/Library/LaunchAgents /Library/LaunchAgents ~/Library/LaunchAgents
# [OSX / Linux ] /etc (or /private/etc on OSX) does contain configuration # [OSX / Linux ] /etc (or /private/etc on OSX) does contain configuration
# for system applications and might be used to change their behaviour. # for system applications and might be used to change their behaviour.
collect_hashes ${BASE_PATH}/etc /etc /private/etc collect_hashes ${BASE_PATH}/etc /etc /private/etc
# [OSX / Linux] Binary folders do contain the executables used by the # [OSX / Linux] Binary folders do contain the executables used by the
# system itself. Exchanging them can cause harm to the system or leak # system itself. Exchanging them can cause harm to the system or leak
# data. # data.
collect_hashes ${BASE_PATH}/bin /usr/bin /usr/local/bin ~/bin collect_hashes ${BASE_PATH}/bin /usr/bin /usr/local/bin ~/bin
;; ;;
"freeze") "freeze")
wrap_git commit -S -a -m "Status freeze as of $(date)" wrap_git commit -S -a -m "Status freeze as of $(date)"
;; ;;
"check") "check")
$0 collect $0 collect
$0 diff --exit-code $0 diff --exit-code
echo "Everything is still in recorded state" echo "Everything is still in recorded state"
;; ;;
"init") "init")
if [ $($0 log --pretty=format:'%h [%G?]%d %s (%cr) <%an>' --abbrev-commit | wc -l) -gt 0 ]; then if [ $($0 log --pretty=format:'%h [%G?]%d %s (%cr) <%an>' --abbrev-commit | wc -l) -gt 0 ]; then
echo "The status was already initialized. Use 'collect' and 'diff' to review the state and 'freeze' to save it" echo "The status was already initialized. Use 'collect' and 'diff' to review the state and 'freeze' to save it"
exit 1 exit 1
fi fi
$0 collect $0 collect
$0 freeze $0 freeze
;; ;;
*) *)
wrap_git "$@" wrap_git "$@"
;; ;;
esac esac

2
bin/tmphttp
View file

@ -3,7 +3,7 @@
set -e set -e
set -o pipefail set -o pipefail
function unexpose { function unexpose() {
expose -d 8888 expose -d 8888
} }
trap unexpose EXIT trap unexpose EXIT

8
bin/vault-awsenv
View file

@ -1,13 +1,12 @@
#!/bin/bash #!/bin/bash
if ! ( which vault > /dev/null ); then if ! (which vault >/dev/null); then
error "vault is required." error "vault is required."
exit 2 exit 2
fi fi
# If we can list the environments there is no need to unlock the database # If we can list the environments there is no need to unlock the database
if ( awsenv list > /dev/null 2>&1 ); then if (awsenv list >/dev/null 2>&1); then
echo "Database already unlocked." echo "Database already unlocked."
exit 0 exit 0
fi fi
@ -31,11 +30,10 @@ expect eof
EOF EOF
# Check whether awsenv was unlocked # Check whether awsenv was unlocked
if ( awsenv list > /dev/null 2>&1 ); then if (awsenv list >/dev/null 2>&1); then
echo "Database unlocked successfully" echo "Database unlocked successfully"
exit 0 exit 0
else else
echo "Found passphrase but could not unlock database." echo "Found passphrase but could not unlock database."
exit 1 exit 1
fi fi

2
bin/vault-gpg
View file

@ -21,7 +21,7 @@ HEXPWD=$(echo -n "${PWD}" | str2hex)
for KEYGRIP in $(gpg2 --with-keygrip -k ${KEY} | grep Keygrip | cut -d '=' -f 2 | xargs); do for KEYGRIP in $(gpg2 --with-keygrip -k ${KEY} | grep Keygrip | cut -d '=' -f 2 | xargs); do
# Set password for keygrip # Set password for keygrip
if ! ( gpg-connect-agent -q "PRESET_PASSPHRASE ${KEYGRIP} -1 ${HEXPWD}" /bye >/dev/null 2>&1 ); then if ! (gpg-connect-agent -q "PRESET_PASSPHRASE ${KEYGRIP} -1 ${HEXPWD}" /bye >/dev/null 2>&1); then
echo "An error occurred while caching password in GPG agent" echo "An error occurred while caching password in GPG agent"
exit 1 exit 1
fi fi

6
bin/vault-sshadd
View file

@ -5,7 +5,7 @@ set -o pipefail
source "${HOME}/bin/script_framework.sh" source "${HOME}/bin/script_framework.sh"
if ! ( which vault > /dev/null ); then if ! (which vault >/dev/null); then
error "vault is required." error "vault is required."
exit 2 exit 2
fi fi
@ -21,7 +21,7 @@ HELPER=$(mktemp)
chmod 0700 ${HELPER} chmod 0700 ${HELPER}
trap "rm ${HELPER}" EXIT trap "rm ${HELPER}" EXIT
cat -s <<EOF > ${HELPER} cat -s <<EOF >${HELPER}
#!/bin/bash #!/bin/bash
vault read -field=private "/secret/ssh-key/\$1" | exec ssh-add -t 3600 - vault read -field=private "/secret/ssh-key/\$1" | exec ssh-add -t 3600 -
EOF EOF
@ -30,7 +30,7 @@ for KEY_NAME in $@; do
fingerprint=$(vault read -field=public "/secret/ssh-key/$1" | ssh-keygen -l -f -) fingerprint=$(vault read -field=public "/secret/ssh-key/$1" | ssh-keygen -l -f -)
# If this key is already in the agent we don't need to do anything # If this key is already in the agent we don't need to do anything
if ( ssh-add -l | grep -q "${fingerprint}" ); then if (ssh-add -l | grep -q "${fingerprint}"); then
info "[${KEY_NAME}] Key already present." info "[${KEY_NAME}] Key already present."
continue continue
fi fi

1
bin/venv
View file

@ -7,4 +7,3 @@ set -o pipefail
source .venv/bin/activate source .venv/bin/activate
[ -f requirements.txt ] && pip install -r requirements.txt [ -f requirements.txt ] && pip install -r requirements.txt

2
bin/zsh-refresh-godirs
View file

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash
find $HOME -type f -name '.gopath' | sed 's!/.gopath$!!' > /tmp/godirs find $HOME -type f -name '.gopath' | sed 's!/.gopath$!!' >/tmp/godirs
mv /tmp/godirs $HOME/.config/godirs mv /tmp/godirs $HOME/.config/godirs