From 1f2ba0749391b38fae2b604a224f637e8916e2ae Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 11:10:15 -0700 Subject: [PATCH 1/6] Remove redundancies, reorder menu, more restrictive chmod --- README.md | 4 +-- pwd.sh | 82 ++++++++++++++++++++----------------------------------- 2 files changed, 32 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 3dd7da9..4794f38 100644 --- a/README.md +++ b/README.md @@ -63,8 +63,8 @@ tar xvf pwd*tar Several customizable parameters are also available, which can be set in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: - `PWDSH_TIME`: seconds to keep password on clipboard (default: 10) -- `PWDSH_DAILY`: create daily archive on write (default: false) -- `PWDSH_COPY`: keep password on clipboard before write (default: false) +- `PWDSH_DAILY`: create daily archive on write (default: unset) +- `PWDSH_COPY`: keep password on clipboard before write (default: unset) - `PWDSH_LEN`: default password length (default: 14) - `PWDSH_SAFE`: safe directory name (default: safe) - `PWDSH_INDEX`: index file name (default: pwd.index) diff --git a/pwd.sh b/pwd.sh index 225221c..5c6621e 100755 --- a/pwd.sh +++ b/pwd.sh @@ -5,6 +5,7 @@ set -o errtrace set -o nounset set -o pipefail umask 077 +export LC_ALL="C" now="$(date +%s)" today="$(date +%F)" @@ -16,8 +17,8 @@ script="$(basename "${BASH_SOURCE}")" clip_dest="clipboard" # set to 'screen' to print w/o clipboard clip_timeout="${PWDSH_TIME:=10}" # seconds to keep password on clipboard -daily_backup="${PWDSH_DAILY:=false}" # create daily archive on write -pass_copy="${PWDSH_COPY:=false}" # keep password on clipboard before write +daily_backup="${PWDSH_DAILY:=}" # create daily archive on write +pass_copy="${PWDSH_COPY:=}" # keep password on clipboard before write pass_len="${PWDSH_LEN:=14}" # default password length safe_dir="${PWDSH_SAFE:=safe}" # safe directory name safe_ix="${PWDSH_INDEX:=pwd.index}" # index file name @@ -42,7 +43,8 @@ get_pass () { # Prompt for a password. password="" - prompt="${1}" + prompt=" ${1}" + printf "\n" while IFS= read -p "${prompt}" -r -s -n 1 char ; do if [[ ${char} == $'\0' ]] ; then @@ -72,9 +74,8 @@ decrypt () { encrypt () { # Encrypt with GPG. - ${gpg} --armor --batch \ - --comment "${comment}" \ - --symmetric --yes --passphrase-fd 3 --no-symkey-cache \ + ${gpg} --armor --batch --comment "${comment}" \ + --symmetric --yes --passphrase-fd 3 \ --output "${2}" "${3}" 3< <(printf '%s\n' "${1}") 2>/dev/null } @@ -83,16 +84,13 @@ read_pass () { if [[ ! -s ${safe_ix} ]] ; then fail "${safe_ix} not found" ; fi - username="" while [[ -z "${username}" ]] ; do if [[ -z "${2+x}" ]] ; then read -r -p " Username: " username else username="${2}" ; fi done - while [[ -z "${password}" ]] ; do get_pass " - Password to unlock ${safe_ix}: " ; done - printf "\n" + get_pass "Password to unlock ${safe_ix}: " ; printf "\n" spath=$(decrypt "${password}" "${safe_ix}" | \ grep -F "${username}" | tail -1 | cut -d : -f2) || \ @@ -111,28 +109,25 @@ gen_pass () { if [[ ${length} =~ ^[0-9]+$ ]] ; then pass_len=${length} ; fi - LC_LANG=C tr -dc "${pass_chars}" < /dev/urandom | \ + tr -dc "${pass_chars}" < /dev/urandom | \ fold -w "${pass_len}" | head -1 } write_pass () { # Write a password and update the index. - password="" - while [[ -z "${password}" ]] ; do get_pass " - Password to unlock ${safe_ix}: " ; done - printf "\n" + spath="${safe_dir}/$(tr -dc "[:lower:]" < /dev/urandom | \ + fold -w10 | head -1)" + + get_pass "Password to unlock ${safe_ix}: " ; printf "\n" - if [[ "${pass_copy}" = "true" ]] ; then + if [[ -z "${pass_copy}" ]] ; then clip <(printf '%s' "${userpass}") fi - spath="${safe_dir}/$(LC_LANG=C \ - tr -dc "[:lower:]" < /dev/urandom | fold -w10 | head -1)" printf '%s\n' "${userpass}" | \ encrypt "${password}" "${spath}" - || \ fail "Failed to put ${spath}" - userpass="" ( if [[ -f "${safe_ix}" ]] ; then decrypt "${password}" "${safe_ix}" || return ; fi @@ -148,12 +143,8 @@ list_entry () { if [[ ! -s ${safe_ix} ]] ; then fail "${safe_ix} not found" ; fi - while [[ -z "${password}" ]] ; do get_pass " - Password to unlock ${safe_ix}: " ; done - printf "\n\n" - - decrypt "${password}" "${safe_ix}" || \ - fail "Decryption failed" + get_pass "Password to unlock ${safe_ix}: " ; printf "\n\n" + decrypt "${password}" "${safe_ix}" || fail "Decryption failed" } backup () { @@ -176,7 +167,6 @@ clip () { else ${copy} < "${1}" ; fi printf "\n" - shift while [ "${clip_timeout}" -gt 0 ] ; do printf "\r\033[K Password on %s! Clearing in %.d" \ "${clip_dest}" "$((clip_timeout--))" @@ -191,15 +181,14 @@ clip () { new_entry () { # Prompt for username and password. - username="" while [[ -z "${username}" ]] ; do if [[ -z "${2+x}" ]] ; then read -r -p " Username: " username else username="${2}" ; fi done - if [[ -z "${3+x}" ]] ; then get_pass " - Password for \"${username}\" (Enter to generate): " + if [[ -z "${3+x}" ]] ; then + get_pass "Password for \"${username}\" (Enter to generate): " userpass="${password}" fi @@ -212,8 +201,7 @@ new_entry () { print_help () { # Print help text. - printf """ - pwd.sh is a Bash shell script to manage passwords and other text-based secrets. + printf """\npwd.sh is a Bash shell script to manage passwords and other text-based secrets. It uses GnuPG to symmetrically (i.e., using a master password) encrypt and decrypt plaintext files. @@ -242,7 +230,7 @@ print_help () { ./pwd.sh b * Restore an archive from backup: - tar xvf pwd*tar""" + tar xvf pwd*tar\n""" } if [[ -z "${gpg}" && ! -x "${gpg}" ]] ; then fail "GnuPG is not available" ; fi @@ -256,10 +244,9 @@ fi if [[ ! -d "${safe_dir}" ]] ; then mkdir -p "${safe_dir}" ; fi -chmod -R 0600 "${safe_ix}" 2>/dev/null -chmod -R 0700 "${safe_dir}" 2>/dev/null +chmod -R 0700 "${safe_ix}" "${safe_dir}" 2>/dev/null -password="" +username="" action="" if [[ -n "${1+x}" ]] ; then action="${1}" ; fi @@ -269,27 +256,18 @@ while [[ -z "${action}" ]] ; do printf "\n" done -if [[ "${action}" =~ ^([hH])$ ]] ; then - print_help - -elif [[ "${action}" =~ ^([bB])$ ]] ; then - backup - -elif [[ "${action}" =~ ^([lL])$ ]] ; then - list_entry - +if [[ "${action}" =~ ^([rR])$ ]] ; then + read_pass "$@" elif [[ "${action}" =~ ^([wW])$ ]] ; then new_entry "$@" write_pass - - if [[ "${daily_backup}" = "true" ]] ; then - if [[ ! -f ${safe_backup} ]] ; then - backup - fi + if [[ -z "${daily_backup}" && ! -f ${safe_backup} ]] + then backup fi +elif [[ "${action}" =~ ^([lL])$ ]] ; then list_entry +elif [[ "${action}" =~ ^([bB])$ ]] ; then backup +else print_help ; fi -else read_pass "$@" ; fi - -chmod -R 0400 "${safe_ix}" "${safe_dir}" 2>/dev/null +chmod -R 0000 "${safe_ix}" "${safe_dir}" 2>/dev/null tput setaf 2 ; printf "\nDone\n" ; tput sgr0 From 9aa05e1526d16a5a7bfc8c0fdbe6d33452c81c16 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 12:22:22 -0700 Subject: [PATCH 2/6] Support destination and comment options, improve error handling --- README.md | 22 ++++++++++++---------- pwd.sh | 43 +++++++++++++++++++------------------------ 2 files changed, 31 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 4794f38..6a5e6f4 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Read password for `userName`: ./pwd.sh r userName ``` -Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password: +Passwords are stored with an epoch timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password: ```console ./pwd.sh l @@ -60,15 +60,17 @@ Restore an archive from backup: tar xvf pwd*tar ``` -Several customizable parameters are also available, which can be set in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: - -- `PWDSH_TIME`: seconds to keep password on clipboard (default: 10) -- `PWDSH_DAILY`: create daily archive on write (default: unset) -- `PWDSH_COPY`: keep password on clipboard before write (default: unset) -- `PWDSH_LEN`: default password length (default: 14) -- `PWDSH_SAFE`: safe directory name (default: safe) -- `PWDSH_INDEX`: index file name (default: pwd.index) -- `PWDSH_BACKUP`: backup file name (default: pwd.hostname.today.tar) +Several customizable parameters are also available as environment variables, which can be set in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: + +- `PWDSH_TIME`: seconds to keep password on clipboard (default: `10`) +- `PWDSH_COPY`: keep password on clipboard before write (default: `unset`) +- `PWDSH_DAILY`: create daily archive on write (default: `unset`) +- `PWDSH_LEN`: default password length (default: `14`) +- `PWDSH_COMMENT`: *unencrypted* comment to include in index and safe files (default: `unset`) +- `PWDSH_DEST`: password output destination, can be `clipboard` or `screen` (default: `clipboard`) +- `PWDSH_SAFE`: safe directory name (default: `safe`) +- `PWDSH_INDEX`: index file name (default: `pwd.index`) +- `PWDSH_BACKUP`: backup file name (default: `pwd.$hostname.$today.tar`) See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options. diff --git a/pwd.sh b/pwd.sh index 5c6621e..9008e59 100755 --- a/pwd.sh +++ b/pwd.sh @@ -11,20 +11,18 @@ now="$(date +%s)" today="$(date +%F)" copy="$(command -v xclip || command -v pbcopy)" gpg="$(command -v gpg || command -v gpg2)" -gpgconf="${HOME}/.gnupg/gpg.conf" +gpg_conf="${HOME}/.gnupg/gpg.conf" pass_chars="[:alnum:]!?@#$%^&*();:+=" -script="$(basename "${BASH_SOURCE}")" -clip_dest="clipboard" # set to 'screen' to print w/o clipboard +clip_dest="${PWDSH_DEST:=clipboard}" # set to 'screen' to print to stdout clip_timeout="${PWDSH_TIME:=10}" # seconds to keep password on clipboard +comment="${PWDSH_COMMENT:=}" # include *unencrypted* comment in files daily_backup="${PWDSH_DAILY:=}" # create daily archive on write pass_copy="${PWDSH_COPY:=}" # keep password on clipboard before write pass_len="${PWDSH_LEN:=14}" # default password length safe_dir="${PWDSH_SAFE:=safe}" # safe directory name safe_ix="${PWDSH_INDEX:=pwd.index}" # index file name safe_backup="${PWDSH_BACKUP:=pwd.$(hostname).${today}.tar}" -comment="" -#comment="${script} ${now}" # include timestamp in enc. files fail () { # Print an error in red and exit. @@ -121,21 +119,20 @@ write_pass () { get_pass "Password to unlock ${safe_ix}: " ; printf "\n" - if [[ -z "${pass_copy}" ]] ; then + if [[ -n "${pass_copy}" ]] ; then clip <(printf '%s' "${userpass}") fi printf '%s\n' "${userpass}" | \ encrypt "${password}" "${spath}" - || \ - fail "Failed to put ${spath}" + fail "Failed saving ${spath}" ( if [[ -f "${safe_ix}" ]] ; then decrypt "${password}" "${safe_ix}" || return ; fi printf "%s@%s:%s\n" "${username}" "${now}" "${spath}") | \ - encrypt "${password}" "${safe_ix}.${now}" - || \ - fail "Failed to put ${safe_ix}.${now}" - - mv "${safe_ix}.${now}" "${safe_ix}" + encrypt "${password}" "${safe_ix}.${now}" - && \ + mv "${safe_ix}.${now}" "${safe_ix}" || \ + fail "Failed saving ${safe_ix}.${now}" } list_entry () { @@ -151,11 +148,9 @@ backup () { # Archive index, safe and configuration. if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then - cp "${gpgconf}" "gpg.conf.${today}" - tar cf "${safe_backup}" \ - "${safe_ix}" "${safe_dir}" "gpg.conf.${today}" "${script}" && \ - printf "\nArchived %s\n" "${safe_backup}" && \ - rm -f "gpg.conf.${today}" + tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \ + "${BASH_SOURCE}" "${gpg_conf}" > /dev/null && \ + printf "\nArchived %s\n" "${safe_backup}" else fail "Nothing to archive" ; fi } @@ -222,7 +217,7 @@ print_help () { * Read password for userName: ./pwd.sh r userName - * Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password: + * Passwords are stored with an epoch timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password: ./pwd.sh l ./pwd.sh r userName@1574723625 @@ -235,17 +230,17 @@ print_help () { if [[ -z "${gpg}" && ! -x "${gpg}" ]] ; then fail "GnuPG is not available" ; fi -if [[ ! -f "${gpgconf}" ]] ; then fail "GnuPG config is not available" ; fi - -if [[ -z ${copy} && ! -x ${copy} ]] - then warn "Clipboard not available, passwords will print to screen" - clip_dest="screen" -fi +if [[ ! -f "${gpg_conf}" ]] ; then fail "GnuPG config is not available" ; fi if [[ ! -d "${safe_dir}" ]] ; then mkdir -p "${safe_dir}" ; fi chmod -R 0700 "${safe_ix}" "${safe_dir}" 2>/dev/null +if [[ -z ${copy} && ! -x ${copy} ]] ; then + warn "Clipboard not available, passwords will print to screen/stdout!" + clip_dest="screen" +fi + username="" action="" if [[ -n "${1+x}" ]] ; then action="${1}" ; fi @@ -261,7 +256,7 @@ if [[ "${action}" =~ ^([rR])$ ]] ; then elif [[ "${action}" =~ ^([wW])$ ]] ; then new_entry "$@" write_pass - if [[ -z "${daily_backup}" && ! -f ${safe_backup} ]] + if [[ -n "${daily_backup}" && ! -f ${safe_backup} ]] then backup fi elif [[ "${action}" =~ ^([lL])$ ]] ; then list_entry From 00e6f7f68c1c8ccd48b78a27aa95d3bc1e1f5d60 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 12:39:59 -0700 Subject: [PATCH 3/6] table format for config options --- README.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 6a5e6f4..aaafad0 100644 --- a/README.md +++ b/README.md @@ -60,17 +60,21 @@ Restore an archive from backup: tar xvf pwd*tar ``` +# Configure + Several customizable parameters are also available as environment variables, which can be set in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: -- `PWDSH_TIME`: seconds to keep password on clipboard (default: `10`) -- `PWDSH_COPY`: keep password on clipboard before write (default: `unset`) -- `PWDSH_DAILY`: create daily archive on write (default: `unset`) -- `PWDSH_LEN`: default password length (default: `14`) -- `PWDSH_COMMENT`: *unencrypted* comment to include in index and safe files (default: `unset`) -- `PWDSH_DEST`: password output destination, can be `clipboard` or `screen` (default: `clipboard`) -- `PWDSH_SAFE`: safe directory name (default: `safe`) -- `PWDSH_INDEX`: index file name (default: `pwd.index`) -- `PWDSH_BACKUP`: backup file name (default: `pwd.$hostname.$today.tar`) +Variable | Description | Default | Values +-|-|-|- +`PWDSH_TIME` | seconds to keep password on clipboard | `10` | any valid integer +`PWDSH_COPY` | keep password on clipboard before write | unset | `1` or `true` to enable +`PWDSH_DAILY` | create daily backup archive on write | unset | `1` or `true` to enable +`PWDSH_LEN` | generated password length | `14` | any valid integer +`PWDSH_COMMENT` | **unencrypted** comment to include in index and safe files | unset | any valid string +`PWDSH_DEST` | password output destination | `clipboard` | `clipboard` or `screen` +`PWDSH_SAFE` | safe directory name | `safe` | any valid string +`PWDSH_INDEX` | index file name | `pwd.index` | any valid string +`PWDSH_BACKUP` | backup archive file name | `pwd.$hostname.$today.tar` | any valid string See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options. From 3578f5bf143e4d269f31c926bdb7d3c454fcf819 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 13:02:54 -0700 Subject: [PATCH 4/6] copy password to clipboard before unlocking safe --- README.md | 12 ++++++------ pwd.sh | 10 ++++++---- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index aaafad0..cc9b259 100644 --- a/README.md +++ b/README.md @@ -62,16 +62,16 @@ tar xvf pwd*tar # Configure -Several customizable parameters are also available as environment variables, which can be set in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: +Several customizable options and features are also available, and can be configured with environment variables, for example in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file: Variable | Description | Default | Values -|-|-|- -`PWDSH_TIME` | seconds to keep password on clipboard | `10` | any valid integer -`PWDSH_COPY` | keep password on clipboard before write | unset | `1` or `true` to enable -`PWDSH_DAILY` | create daily backup archive on write | unset | `1` or `true` to enable -`PWDSH_LEN` | generated password length | `14` | any valid integer +`PWDSH_TIME` | seconds to clear password from clipboard/screen | `10` | any valid integer +`PWDSH_LEN` | default generated password length | `14` | any valid integer +`PWDSH_COPY` | copy password to clipboard before write | unset (disabled) | `1` or `true` to enable +`PWDSH_DAILY` | create daily backup archive on write | unset (disabled) | `1` or `true` to enable `PWDSH_COMMENT` | **unencrypted** comment to include in index and safe files | unset | any valid string -`PWDSH_DEST` | password output destination | `clipboard` | `clipboard` or `screen` +`PWDSH_DEST` | password output destination, will set to `screen` without clipboard | `clipboard` | `clipboard` or `screen` `PWDSH_SAFE` | safe directory name | `safe` | any valid string `PWDSH_INDEX` | index file name | `pwd.index` | any valid string `PWDSH_BACKUP` | backup archive file name | `pwd.$hostname.$today.tar` | any valid string diff --git a/pwd.sh b/pwd.sh index 9008e59..fab96cf 100755 --- a/pwd.sh +++ b/pwd.sh @@ -117,12 +117,12 @@ write_pass () { spath="${safe_dir}/$(tr -dc "[:lower:]" < /dev/urandom | \ fold -w10 | head -1)" - get_pass "Password to unlock ${safe_ix}: " ; printf "\n" - if [[ -n "${pass_copy}" ]] ; then clip <(printf '%s' "${userpass}") fi + get_pass "Password to unlock ${safe_ix}: " ; printf "\n" + printf '%s\n' "${userpass}" | \ encrypt "${password}" "${spath}" - || \ fail "Failed saving ${spath}" @@ -141,15 +141,17 @@ list_entry () { if [[ ! -s ${safe_ix} ]] ; then fail "${safe_ix} not found" ; fi get_pass "Password to unlock ${safe_ix}: " ; printf "\n\n" - decrypt "${password}" "${safe_ix}" || fail "Decryption failed" + + decrypt "${password}" "${safe_ix}" || fail "${safe_ix} not available" } backup () { # Archive index, safe and configuration. if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then + cp "${gpg_conf}" "gpg.conf.${today}" tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \ - "${BASH_SOURCE}" "${gpg_conf}" > /dev/null && \ + "${BASH_SOURCE}" "gpg.conf.${today}" && \ printf "\nArchived %s\n" "${safe_backup}" else fail "Nothing to archive" ; fi } From b4b39608dc6561f2f715f16e67de1bcb6c1f59f2 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 13:28:08 -0700 Subject: [PATCH 5/6] fix up variable comments --- pwd.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pwd.sh b/pwd.sh index fab96cf..3d4a2ed 100755 --- a/pwd.sh +++ b/pwd.sh @@ -15,11 +15,11 @@ gpg_conf="${HOME}/.gnupg/gpg.conf" pass_chars="[:alnum:]!?@#$%^&*();:+=" clip_dest="${PWDSH_DEST:=clipboard}" # set to 'screen' to print to stdout -clip_timeout="${PWDSH_TIME:=10}" # seconds to keep password on clipboard -comment="${PWDSH_COMMENT:=}" # include *unencrypted* comment in files -daily_backup="${PWDSH_DAILY:=}" # create daily archive on write -pass_copy="${PWDSH_COPY:=}" # keep password on clipboard before write -pass_len="${PWDSH_LEN:=14}" # default password length +clip_timeout="${PWDSH_TIME:=10}" # seconds to clear clipboard/screen +comment="${PWDSH_COMMENT:=}" # *unencrypted* comment in files +daily_backup="${PWDSH_DAILY:=}" # daily backup archive on write +pass_copy="${PWDSH_COPY:=}" # copy password before write +pass_len="${PWDSH_LEN:=14}" # default generated password length safe_dir="${PWDSH_SAFE:=safe}" # safe directory name safe_ix="${PWDSH_INDEX:=pwd.index}" # index file name safe_backup="${PWDSH_BACKUP:=pwd.$(hostname).${today}.tar}" @@ -40,7 +40,6 @@ warn () { get_pass () { # Prompt for a password. - password="" prompt=" ${1}" printf "\n" @@ -153,6 +152,7 @@ backup () { tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \ "${BASH_SOURCE}" "gpg.conf.${today}" && \ printf "\nArchived %s\n" "${safe_backup}" + rm -f "gpg.conf.${today}" else fail "Nothing to archive" ; fi } @@ -244,7 +244,9 @@ if [[ -z ${copy} && ! -x ${copy} ]] ; then fi username="" +password="" action="" + if [[ -n "${1+x}" ]] ; then action="${1}" ; fi while [[ -z "${action}" ]] ; do From d04a580085960493959c2ddc3c6b49b00ee33ce3 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 23 Mar 2024 14:17:06 -0700 Subject: [PATCH 6/6] trap exits and update password clear message --- pwd.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/pwd.sh b/pwd.sh index 3d4a2ed..e9837b4 100755 --- a/pwd.sh +++ b/pwd.sh @@ -24,6 +24,15 @@ safe_dir="${PWDSH_SAFE:=safe}" # safe directory name safe_ix="${PWDSH_INDEX:=pwd.index}" # index file name safe_backup="${PWDSH_BACKUP:=pwd.$(hostname).${today}.tar}" +trap cleanup EXIT INT TERM +cleanup () { + # "Lock" safe on trapped exits. + + ret=$? + chmod -R 0000 "${safe_ix}" "${safe_dir}" 2>/dev/null + exit ${ret} +} + fail () { # Print an error in red and exit. @@ -166,13 +175,14 @@ clip () { printf "\n" while [ "${clip_timeout}" -gt 0 ] ; do printf "\r\033[K Password on %s! Clearing in %.d" \ - "${clip_dest}" "$((clip_timeout--))" - sleep 1 + "${clip_dest}" "$((clip_timeout--))" ; sleep 1 done + printf "\r\033[K Clearing password from %s ..." "${clip_dest}" if [[ "${clip_dest}" = "screen" ]] ; then clear else printf "\n" ; printf "" | ${copy} ; fi + } new_entry () { @@ -249,8 +259,7 @@ action="" if [[ -n "${1+x}" ]] ; then action="${1}" ; fi -while [[ -z "${action}" ]] ; do - read -r -n 1 -p " +while [[ -z "${action}" ]] ; do read -r -n 1 -p " Read or Write (or Help for more options): " action printf "\n" done @@ -267,6 +276,4 @@ elif [[ "${action}" =~ ^([lL])$ ]] ; then list_entry elif [[ "${action}" =~ ^([bB])$ ]] ; then backup else print_help ; fi -chmod -R 0000 "${safe_ix}" "${safe_dir}" 2>/dev/null - tput setaf 2 ; printf "\nDone\n" ; tput sgr0