CVS commit: pkgsrc/security/keychain

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/keychain
From: "Paolo Vincenzo Olivo" <vins%netbsd.org@localhost>
Date: Sat, 8 Nov 2025 12:36:14 +0000

Module Name:    pkgsrc
Committed By:   vins
Date:           Sat Nov  8 12:36:14 UTC 2025

Modified Files:
        pkgsrc/security/keychain: Makefile PLIST
Added Files:
        pkgsrc/security/keychain/files: README.pkgsrc startkeychain.sh

Log Message:
security/keychain: add help script to automate usage

Additionally install bash completions.
Bump revision.


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/security/keychain/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/keychain/PLIST
cvs rdiff -u -r0 -r1.1 pkgsrc/security/keychain/files/README.pkgsrc \
    pkgsrc/security/keychain/files/startkeychain.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/keychain/Makefile
diff -u pkgsrc/security/keychain/Makefile:1.46 pkgsrc/security/keychain/Makefile:1.47
--- pkgsrc/security/keychain/Makefile:1.46      Mon Nov  3 16:37:52 2025
+++ pkgsrc/security/keychain/Makefile   Sat Nov  8 12:36:13 2025
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2025/11/03 16:37:52 vins Exp $
+# $NetBSD: Makefile,v 1.47 2025/11/08 12:36:13 vins Exp $
 
 DISTNAME=      keychain-2.9.8
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=funtoo/}
 
@@ -28,7 +29,8 @@ ASKPASS_PROGRAM=      ${PREFIX}/bin/ssh-askpa
 
 MAKE_ENV+=     ASKPASS=${ASKPASS_PROGRAM:Q}
 
-INSTALLATION_DIRS=     bin ${PKGMANDIR}/man1 share/doc/${PKGBASE}
+INSTALLATION_DIRS=     bin ${PKGMANDIR}/man1 share/doc/${PKGBASE} \
+                       share/bash-completion/completions
 
 do-install:
        ${INSTALL_SCRIPT} ${WRKSRC}/keychain ${DESTDIR}${PREFIX}/bin/keychain
@@ -37,4 +39,12 @@ do-install:
        ${INSTALL_DATA} ${WRKSRC}/README.md     \
                ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
 
+post-install:
+       $(INSTALL_DATA) ${WRKSRC}/completions/keychain.bash     \
+               ${DESTDIR}${PREFIX}/share/bash-completion/completions
+       ${INSTALL_SCRIPT} ${FILESDIR}/startkeychain.sh          \
+               ${DESTDIR}${PREFIX}/bin/startkeychain
+       ${INSTALL_DATA} ${FILESDIR}/README.pkgsrc               \
+               ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
+
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/keychain/PLIST
diff -u pkgsrc/security/keychain/PLIST:1.7 pkgsrc/security/keychain/PLIST:1.8
--- pkgsrc/security/keychain/PLIST:1.7  Thu Aug 18 06:09:01 2016
+++ pkgsrc/security/keychain/PLIST      Sat Nov  8 12:36:13 2025
@@ -1,4 +1,7 @@
-@comment $NetBSD: PLIST,v 1.7 2016/08/18 06:09:01 nonaka Exp $
+@comment $NetBSD: PLIST,v 1.8 2025/11/08 12:36:13 vins Exp $
 bin/keychain
+bin/startkeychain
 man/man1/keychain.1
+share/bash-completion/completions/keychain.bash
 share/doc/keychain/README.md
+share/doc/keychain/README.pkgsrc

Added files:

Index: pkgsrc/security/keychain/files/README.pkgsrc
diff -u /dev/null pkgsrc/security/keychain/files/README.pkgsrc:1.1
--- /dev/null   Sat Nov  8 12:36:14 2025
+++ pkgsrc/security/keychain/files/README.pkgsrc        Sat Nov  8 12:36:14 2025
@@ -0,0 +1,46 @@
+
+keychain(1) is a manager for both ssh-agent and gpg-agent. It allows
+your shells and cron jobs to share a single ssh-agent or gpg-agent
+process keychain typically runs from the login shell environment
+setting, i.e ~/.shrc.
+
+The pkgsrc package for keychain includes a `starkeychain' help script
+designed to simplify keychain's usage. The script loads all SSH and GPG
+keys requested by the user, and updates the user environment by sourcing
+the generated files found in the ~/.keychain directory. Before launching
+keychain, the script looks for some user defined environmental
+variables:    
+
+KCHOPTS
+       This variable takes options for keychain like "--nocolor" or
+       "--noask".  Please see the keychain manpage for a full list. By
+       default, startkeychain will pass `--eval --gpg2' to the keychain
+       command line. The script also accepts a number of arguments:
+    
+       * -q  makes keychain only print messages in case of warning, error
+             or required interactivity.
+       * -c  wipes all existing cached keys/passphrases first.
+       * -f  allow keychain to use a forwarded ssh-agent connection.
+       * -h  print usage.
+
+SSHKEYS
+       This variable contains the list of keys to be loaded by their file
+       names. The key list has to be space separated. If SSHKEYS is unset,
+       startkeychain will attempt to load all user's ssh keys found in
+       ~/.ssh/* to an ssh-agent process.
+
+GPGKEYS
+       gpg keys to be loaded by keychain have to be specified by their key
+       ID.  The user can get a full list of keys and IDs in his secret
+       keyring by running `gpg2 --list-secret-keys'. GPGKEYS defines a
+       single key ID or a space separated list of key IDs. If GPGKEYS is
+       unset, startkeychain will not attempt to load any.
+
+Defaults my be overridden by either setting these variable in a local
+session or inside a dedicated ~/.keychainrc configuration file. An
+example ~/.keychainrc may look as follows:
+
+KCHOPTS="--gpg2 --noask"
+SSHKEYS="netbsd_rsa user_ed25519"
+GPGKEYS="user%netbsd.org@localhost"
+
Index: pkgsrc/security/keychain/files/startkeychain.sh
diff -u /dev/null pkgsrc/security/keychain/files/startkeychain.sh:1.1
--- /dev/null   Sat Nov  8 12:36:14 2025
+++ pkgsrc/security/keychain/files/startkeychain.sh     Sat Nov  8 12:36:14 2025
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+[ -n "$HOME" ] || HOME=$(getent passwd "$USER" | cut -d: -f6)
+
+# Load user settings, if found.
+[ -f "$HOME/.keychainrc" ] && . $HOME/.keychainrc
+
+# If SSHKEYS is unset, search for private keys inside the ~/.ssh directory
+[ -n "$SSHKEYS" ] || SSHKEYS=$(find ${HOME}/.ssh ! -name *pub \
+                               -exec grep -l -e '[DRS]S[AH] PRIVATE KEY' {} \; | tr '\n' ' ')
+# If unset, keep GPGKEYS empty.
+[ -n "$GPGKEYS" ] || GPGKEYS=""
+
+# Allow to pass a number of keychain options as first argument.
+# By deafult, use gpg2 and ensure that only the specified keys are loaded.
+
+[ -n "$KCHOPTS" ] || KCHOPTS="--eval --gpg2"
+case $1 in
+    -f) KCHOPTS="$KCHOPTS --ssh-allow-forwarded" ;;
+    -c) KCHOPTS="$KCHOPTS --clear" ;;
+    -q) KCHOPTS="$KCHOPTS --quiet" ;;
+    -h) echo "usage: keychain [-fcq]"
+       exit 0 ;;
+    -*|--*)
+       echo "Unknown option $1"
+       exit 2 ;;
+esac
+
+host   = $(uname -n)
+ssh_env        = ${HOME}/.keychain/${host}-sh
+gpg_env        = ${HOME}/.keychain/${host}-sh-gpg
+
+# Test for SSHKEYS first. If empty, try GPGKEYS as fallback.
+if [ -z "$SSHKEYS" ]; then
+    printf '%s\n' "warning: no private keys found in $HOME/.ssh."
+    if [ -n "$GPGKEYS" ]; then
+       printf '%s\n' "Loading gpg key(s)"
+       keychain $KCHOPTS $GPGKEYS
+        [ -f "$gpg_env" ] && . $gpg_env
+    else
+       # Error out if no loadable keys were specified.
+       printf '%s\n' "warning: empty gpg keys list." \
+       "Use the SSHKEYS and GPGKEYS envinromental variables to specify one or more key to load."
+       exit 1
+    fi
+else
+# Otherwise load both SSHKEYS and GPGKEYS (allow the latter to be empty).
+    keychain $KCHOPTS $SSHKEYS $GPGKEYS
+    for file in ssh_env gpg_env; do
+       [ -f "$file" ] && . $file
+    done
+fi
+
+unset KCHOPTS SSHKEYS GPGKEYS host

Prev by Date: CVS commit: pkgsrc/lang
Next by Date: CVS commit: pkgsrc/security/keychain/files
Previous by Thread: CVS commit: pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/security/keychain/files
Indexes:

Home | Main Index | Thread Index | Old Index