[HELP] A few queries! Please help.

[dummifiedme]

1. Can the commands be scheduled? (Crond or something)
2. How to store git credentials locally? Currently I have to put in password every time I push.
3. How to save and execute a script for Picking a folder, then pushing on remote? Can it be run from Shortcuts too?

[holzschu]

Hi,

• commands scheduled: no (it would run against AppStore rules to have a command be executed while the app is in the background. It might be done with the limitation "command is scheduled assuming the app is in the background at the expected time", but I'm not sure what the use case would be).
• git credentials are stored in .gitconfig. It can take name and password from the [user] field:

[user]
        name = yourName
        password = yourPassword

with the warning that you are storing your password unencrypted on your phone. For more security, you can use a SSH key file, with identityFile instead of password (with the usual methods for SSH keys: you'll have to generate them, you'll have to upload and authorize the public key on the github server, etc). By default, SSH keys are assumed to be in ~/Documents/.ssh.

• for the third query, I'm not sure what you are trying to do, and also not sure whether it is possible. You will need to experiment. You can run scripts using Python or Lua (and they can call system commands, including pickFolder). You can call pickFolder from a Shortcut, then call lg2 push. I'm not fully certain it will work because pickFolder is a bit special (it interacts with iOS user interface).

[personalizedrefrigerator]

commands scheduled

Shortcuts > Automation > Personal > Time of Day
might work for this...

Of course, if you want the shortcut to run without prompting the user,

• uncheck "ask before running"
• Set "Open the app to execute the commands" to "run in extension"
  • This limits what can be done. For example, at present, "run in extension" cannot run python scripts.
  • lua and lg2 should both work in extension
  • "cd ~group" to open the folder the extension can write to.

How to store git credentials locally?

Adding on to @ holzschu's explanation,

• note that .gitconfig is in ~/Documents/.
• See https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh for how to generate ssh keypairs.
  • Note that a-Shell does not have ssh-agent, so ignore sections that mention this command.

[dummifiedme]

@holzschu @personalizedrefrigerator
I tried the shortcuts, and as @holzschu mentions, pickFolder is tricky. It always fails with an error.

I use a note-taking software Obsidian, which involves a folder of files. I am syncing this folder using git. Most of my operations is completed via WorkingCopy (free version doesn’t allow push), and for pushing files I use a-shell by pickFoldering the repo folder and simply lg2 git push. I wanted to automate it a bit but couldn’t get the pickFolder command to work via Shortcuts. Though the pickFolder once run the folder is mostly mounted ‘forever’, I just have to push every time without picking again. But when I go via the shortcuts, apparently the folder isn’t mounted up.

Thanks for the ssh for git :)

[holzschu]

If you've used pickFolder once, the folder is stored as a bookmark (use showmarks to list them) and you can get back to it with just the command line using jump bookmarkName or cd ~bookmarkName. This should allow you to automate.

A shortcut running "in Extension" has a different set of bookmarks than a shortcut running "in App", so you probably want to run this "in App". If you need to go back to the Shortcuts app after that, you can use "open shortcuts://"

[dummifiedme]

If you've used pickFolder once, the folder is stored as a bookmark (use showmarks to list them) and you can get back to it with just the command line using jump bookmarkName or cd ~bookmarkName. This should allow you to automate.

A shortcut running "in Extension" has a different set of bookmarks than a shortcut running "in App", so you probably want to run this "in App". If you need to go back to the Shortcuts app after that, you can use "open shortcuts://"

Thanks!
This helps a lot.

Curious to know: how to assign bookmarks in extension mode? Can we do that? That way the a-shell wont have to be opened. NEAT. 😅

[dummifiedme]

@personalizedrefrigerator I tried creating a SSH, but couldn’t understand.

I read through the manual, and generated the SSH Key for myself in a-shell.
But the manual reads, there should be a .ssh folder? Where should it be? In my working directory (the repo folder) or somewhere on the a-shell app space?

and it is suggested that I take a ‘Public’ key and link it to GitHub (or GitLab in my case). I don’t think I can find public key anywhere. A-shell in output gave me a key and a pix-art :D

Can you help me set it up on iPad? Most of the manual talks about windows specific commands (file handling seems different in iOS)

[holzschu]

Running ssh-keygen creates your public and private keys in ~/Documents/.ssh. By default, the private key is called id_rsa and the public key is id_rsa.pub. It is the latter than you need to upload to gitlab and authorize.

[dummifiedme]

There was no option of uploading the .pub file. So I copied the SSH keys in GitLab. Then when I ran the ‘test’ as suggested on GitLab manual: `ssh -T <email>` it took the permission then failed to connect stating `Permission Denied (public key, keyboard-interactive)` I tried to change again, but now it is kind of stuck. I dont know how to come out of this error :D

…

On Tue, 17 Aug 2021 at 6:19 PM, Nicolas Holzschuch ***@***.***> wrote: Running ssh-keygen creates your public and private keys in ~/Documents/.ssh. By default, the private key is called id_rsa and the public key is id_rsa.pub. It is the latter than you need to upload to gitlab and authorize. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#296 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQMZMQNRSLGNDYIGZWUAFB3T5JLEPANCNFSM5CH4GZ2Q> .

[holzschu]

• for security reasons, you should never copy the private key anywhere.

• on gitlab, if you click on "Edit profile" (top right corner), you should see a menu with "Profile/Account/Billing...". Near the bottom, there is "SSH keys". Clicking on it gives you the following interface, with the opportunity to upload your public key.

[dummifiedme]

I did it right here. But to upload? I need to copy and paste right? It’s written right there. So I opened the .pub file in vim, copied and pasted here.

…

On Tue, 17 Aug 2021 at 6:45 PM, Nicolas Holzschuch ***@***.***> wrote: - for security reasons, you should never copy the private key anywhere. - on gitlab, if you click on "Edit profile" (top right corner), you should see a menu with "Profile/Account/Billing...". Near the bottom, there is "SSH keys". Clicking on it gives you the following interface, with the opportunity to upload your public key. [image: image] <https://user-images.githubusercontent.com/8070736/129731957-caea16ed-8a46-4a30-8c5c-d2cb27c7d304.png> — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#296 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQMZMQL2GVB7LM52X3DLLALT5JOHNANCNFSM5CH4GZ2Q> .

[dummifiedme]

I should probably drop it. Considering I am newbie here. I should maybe stick to some manual work :D

…

On Tue, 17 Aug 2021 at 6:46 PM, Dummy ME ***@***.***> wrote: I did it right here. But to upload? I need to copy and paste right? It’s written right there. So I opened the .pub file in vim, copied and pasted here. On Tue, 17 Aug 2021 at 6:45 PM, Nicolas Holzschuch < ***@***.***> wrote: > > - > > for security reasons, you should never copy the private key anywhere. > - > > on gitlab, if you click on "Edit profile" (top right corner), you > should see a menu with "Profile/Account/Billing...". Near the bottom, there > is "SSH keys". Clicking on it gives you the following interface, with the > opportunity to upload your public key. > > [image: image] > <https://user-images.githubusercontent.com/8070736/129731957-caea16ed-8a46-4a30-8c5c-d2cb27c7d304.png> > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <#296 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AQMZMQL2GVB7LM52X3DLLALT5JOHNANCNFSM5CH4GZ2Q> > . >

[personalizedrefrigerator]

Here's how I would set up authentication via SSH:

---

Steps for generating a new keypair

1. Run cd with no arguments (this takes you to ~/Documents/ in a-Shell)
2. ssh-keygen -t ed25519

• ed25519 might be more secure than rsa :)
• This should walk you through creating a new ~/Documents/id_ed25519.pub and ~/Documents/id_ed25519.

For example...

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/private/.../Documents/.ssh/id_ed25519): <Enter> 
Reply is: .
Created directory '/private/var/mobile/.../Documents/.ssh'.
Enter passphrase (empty for no passphrase): pass.wd<Enter>
Enter same passphrase again: pass.wd<Enter>
Your identification has been saved in /private/var/.../Documents/.ssh/id_ed25519
Your public key has been saved in /private/var/.../Documents/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:UUbfBoMEyhCwxu14Riwa5LViIM7QKCVGiik4r/Y9c/o mobile@myPhoneName
The key's randomart image is:
+--[ED25519 256]--+
|*Booo.  .+=.o    |
|/+o+.o . o.. +   |
|X*=.+ o .   . o  |
|o*.=     .   .   |
|. o +   S        |
| . o             |
|..               |
|. . .o .         |
|   . o*E         |
+----[SHA256]-----+
$ 

Here, I used `pass.wd` for the password

• This is not a secure password, but is easy to remember
• We're going to be storing this password as plaintext in a-Shell anyway, so if someone wanted to look for the password, they could.
• We don't have to store the password as plaintext, but the alternative is entering it every time we want to authenticate.
  • This is what the section on ssh-add is about in most guides
  • To my understanding, ssh-add automatically unlocks the ssh key when you log into your computer.
  • a-Shell does not have such a command at present.

In summary, my thinking is this: Having a password at all makes it more difficult for someone to steal ssh credentials.

With a password, a script that steals ssh credentials would need to either try to guess the password (easy for pass.wd) or search for it in other files (also easy, it will be in ~/Documents/.gitconfig).

• Do not share ~/Documents/.ssh/id_ed25519 (the one without the .pub). This is the private key and should remain private.

Adding the key to GitHub

I'm using GitHub as an example here because it's what I'm most familiar with. The steps for configuring ssh authentication for other services should be similar.

1. Copy the public key.

• cat ~/Documents/.ssh/id_ed25519.pub | pbcopy

2. Open settings

3. Open the SSH and GPG keys tab and click "add new"

4. Paste what we copied above (we copied the public key :) ).

5. Click "Add Key"

Testing it out

1. Clone a repository via SSH:
2. Let's use the repository for lg2: https://github.com/holzschu/libgit2 . Open it in Safari.
3. Click "request desktop site"

3. Click "Clone", then "Clone via... SSH"

2. In a-Shell, run,

$ cd ~/tmp/
$ mkdir gitdemo
$ cd gitdemo

We now have a temporary directory in which we can try things out! (Temporary files are only cleared when your phone/iPad is running out of memory).

3. Clone the repository using the URL we obtained earlier

$ lg2 clone git@github.com:holzschu/libgit2.git
Cloning into ./libgit2.git
No user.identityFile found in git config: config value 'user.identityFile' was not found.
SSH keys in /var/mobile/Containers/Data/Application/APP-ID-HERE/Documents/.ssh/:
 1              id_ed25519
Enter the number to the left of the desired key or the path to some other SSH key (the private key).
SSH Key: 1
Password: pass.wd
Consider running,
    lg2 config user.identityFile '/var/mobile/Containers/Data/Application/APP-ID-HERE/Document
s/.ssh/id_ed25519'
    lg2 config user.password 'your_password_here'
to save this username/password pair.
remote: Enumerating objects: 108994, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 108994 (delta 0), reused 0 (delta 0), pack-reused 108991   0% (   0/   0)(null)
Resolving deltas 76808/7680808994)  /  idx  29% (32185/108994)  /  chk   0% (   0/   0)(null)
$ 

Note that I selected our ed25519 key above.

Above, we had to enter the password for our key. Let's make it so we don't have to do that:

1. vim ~/Documents/.gitconfig
2. Add:

[user]
        identityFile = ~/Documents/.ssh/id_ed25519
        password = pass.wd

(only create the [user] section if it doesn't already exist)

Finally, to test it, run:

$ cd libgit2.git/
$ lg2 fetch origin
$ lg2 fetch origin
Fetching origin for repo 0x102134080

Host: github.com
Public key hashes:
MD5: FiespXYoLTZjG1ZN69+mSA==
SHA-1: v2toJdKXfFEaR1u++4iq1UqSrHM=
SHA-256: nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8=
Unable to read known_hosts file: /var/mobile/Containers/Data/Application/34DCDE88-
DBF0-42C9-BBA6-32B6184BA30F/Documents/.ssh/known_hosts. Error: Failed to open file
.
There are 0 known hosts...
No key was found for github.com in /var/mobile/Containers/Data/Application/34DCDE8
8-DBF0-42C9-BBA6-32B6184BA30F/Documents/.ssh/known_hosts.
Would you like to add the following host/key pair to your known_hosts file?
Hostname: github.com
Key: AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHk
ccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzL
QNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+w
eqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/
w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
Add the host/key pair? y/[n] y
SSH authentication: Using private key: ~/Documents/.ssh/id_ed25519
Received 0/0 objects in 0bytes

lg2 may not recognize GitHub the first few times. Verify that the host/key pair are correct (see https://stackoverflow.com/a/47708298) before telling lg2 that "yes, this is really GitHub".

If lg2 fetches successfully, without asking for a password, it should continue to work!

---

If you have additional questions, please ask! I'm sure this discussion can help others with lg2 in the future!

[dummifiedme]

@personalizedrefrigerator thanks for the efforts! I really appreciate it. I managed to get it running up till your walkthrough. And it worked file for the last step too. BUt as soon as I tried it on my repo, it gives an error too many redirects or authentication replays.

Edit:
Oh! I had cloned it via https in WorkingCopy
That might be the issue right? Or it should work either way?
Do I need to clone again? I guess, I will remove this repo locally and clone again with ssh this time.

Edit-2:
I re-did everything from scratch. Managed to make it work. Thanks!! Bookmarked this post. You should maybe publish on a blog somewhere?! It’s highly detailed and understandable for noobs too :)

Only thing now remains is

Curious to know: how to assign bookmarks in extension mode? Can we do that? That way the a-shell wont have to be opened. NEAT.

If the a-shell can run without opening, then its like really smooth. :D

[personalizedrefrigerator]

Curious to know: how to assign bookmarks in extension mode? Can we do that? That way the a-shell wont have to be opened. NEAT.

I would also like to know how to do this!

[holzschu]

I don't think the extension can assign bookmarks. Apple's key principle behind files and folders authorization is that they must be assigned through explicit user interaction (there must be a window showing the file, and the user must click to open). I don't see a way to do this in extension. And since the app and the extension are two different apps, they do not share their stored bookmarks either.

[dummifiedme]

If we have a bash file with commands, can’t we run it from shortcuts in extension mode? Will it work without opening the app?

[holzschu]

That entirely depends on the nature of the commands. If none of the commands require access to configuration files that are stored at the App level or in $HOME, if none of the commands require access to the GUI, if the bash file does not use some bash syntax that is not coded in a-Shell (that happens often), and if the entire set of command can be executed in less than 5 seconds, then it will work.

You can always try: the Shortcuts have an option to force running In Extension. If it works, it works.

[dummifiedme]

I see. I was basically thinking of using the pickFolder option somehow. The bookmarks aren’t accessible in extension, so it won’t be via bash either I guess. And pushing anyway takes more then 5 sec sometimes. *idea dumped*.

…

On Tue, 24 Aug 2021 at 3:06 PM, Nicolas Holzschuch ***@***.***> wrote: That entirely depends on the nature of the commands. If none of the commands require access to configuration files that are stored at the App level or in $HOME, if none of the commands require access to the GUI, if the bash file does not use some bash syntax that is not coded in a-Shell (that happens often), and if the entire set of command can be executed in less than 5 seconds, then it will work. You can always try: the Shortcuts have an option to force running In Extension. If it works, it works. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#296 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQMZMQOTG6BHISNAC2K73BTT6NR25ANCNFSM5CH4GZ2Q> .