curl-bashenv

#!/bin/bash

#set -v

set -e
set -o pipefail

test -n "$DEBUG" && set -x

# Programs we use

AWK="${AWK:-awk}"
BASENAME="${BASENAME:-basename}"
CAT="${CAT:-cat}"
CP="${CP:-cp}"
CURL="${CURL:-curl}"
GIT="${GIT:-git}"
GREP="${GREP:-grep}"
LS="${LS:-ls}"
LN="${LN:-ln}"
MKDIR="${MKDIR:-mkdir}"
MV="${MV:-mv}"
SCP="${SCP:-scp}"
SED="${SED:-sed}"
SSH="${SSH:-ssh}"
SSH_KEYGEN="${SSH_KEYGEN:-ssh-keygen}"
TR="${TR:-tr}"

# Config vars
CURLBASHENV_ROOT="${CURLBASHENV_ROOT:-$HOME/.curl-bashenv}"
BACKUP_DIR="${BACKUP_DIR:-${CURLBASHENV_ROOT}/backup}"
SETUP_DIR="${SETUP_DIR:-${CURLBASHENV_ROOT}/setup}"

SETUP_STEPS="${SETUP_STEPS:-ssh shdotfiles gitconfig}"
SHDOTFILES="${SHDOTFILES:-bashrc bash_profile}"

# TODO:
# "ALL" handling in the gitrepo case (with directories?)
# "PLUGIN" support

# These args come from:
#   https://stribika.github.io/2015/01/04/secure-secure-shell.html
SSH_KEYGEN_ARGS="${SSH_KEYGEN_ARGS:- -t ed25519 -o -a 100}"
# However, they're not supported (specifically, -o and the elliptical curve
# key types) on current versions of RHEL, Mac OS, and a bunch of other common
# OpenSSH installations, so for now, use the next best thing:
SSH_KEYGEN_ARGS="${SSH_KEYGEN_ARGS:- -t rsa -b 4096 -a 100}"

SOURCE=${SOURCE:-""}
SOURCE_GIT_CLONE_DIR="${SOURCE_GIT_CLONE_DIR:-${SETUP_DIR}/gitrepo}"
GIT_CLONE_ARGS="${GIT_CLONE_ARGS:-}"

# Standard test doesn't work here, since the DOTFILE_PREFIX _could_ (and
# in the way we use it, often is) empty, BUT defined... as empty.
if [ -z ${DOTFILE_PREFIX+x} ]; then
	DOTFILE_PREFIX="."
fi

# BASE_URL="define other steps"

# source: copy source key here
# create: create a local key
# createauthorize: create a local key and copy it to the source

SSH_KEY_MODE=${SSH_KEY_MODE:-create}
SSH_KEY_NAME=${SSH_KEY_NAME:-~/.ssh/id_dsa}
SSH_PUB_KEY_NAME=${SSH_PUB_KEY_NAME:-${SSH_KEY_NAME}.pub}

# Nabbed from: http://stackoverflow.com/questions/1527049/bash-join-elements-of-an-array
function join { local IFS="$1"; shift; echo "$*"; }

function assert() {
	echo "$1" > /dev/stderr
	exit -1
}

function error_out() {
	echo "$1" > /dev/stderr
	test -n "$2" && exit $2
	exit 1
}

# Always assumes the dest_file has a '.'
function symlink_gitrepo_file() {
	test -z "$1" && assert "symlink_gitrepo_file: first arg empty"
	source_file="${SOURCE_GIT_CLONE_DIR}/${DOTFILE_PREFIX}$1"
	dest_file="$HOME/.$1"

	test -e "$dest_file" && $MV "$dest_file" "${BACKUP_DIR}"
	$LN -s "$source_file" "$dest_file"
}

function symlink_sourcehost_file() {
	test -z "$1" && assert "symlink_sourcehost_file: first arg empty"
	source_file="${SETUP_DIR}/$1"
	dest_file="$HOME/$1"
	test -e "$dest_file" && $MV "$dest_file" "${BACKUP_DIR}"
	$LN -s "$source_file" "$dest_file"
}

function setup_sourcehost_ssh() {
	local sshBackupDir="${BACKUP_DIR}/.ssh"

	keyMode=$(echo $SSH_KEY_MODE | $TR "[:upper:]" "[:lower:]")
	if [ "$keyMode" != "create" ] &&
	   [ "$keyMode" != "source" ] &&
	   [ "$keyMode" != "createauthorize" ]; then
		error_out "Invalid SSH_KEY_MODE '$SSH_KEY_MODE'; must be source, create, or createauthorize"
	fi

	local sourceHostname="$(echo $SOURCE | $SED -e 's:\(.*\)@\(.*\):\2:')"
	if test -z "$($GREP "^$sourceHostname" $HOME/.ssh/known_hosts)"; then
		$SSH $SOURCE "bash -c 'for f in /etc/ssh/ssh_host_*_key.pub; do test -f \$f && $SSH_KEYGEN -l -f \$f; done'"
		echo "Validate one of the keys displayed above matches the key you accepted; if not, you were just MITM'd! Use ctrl-c to stop $0"
		read
	fi

	if test -n "$(echo $keyMode | $GREP create)"; then
		test -e $SSH_KEY_NAME || $SSH_KEYGEN $SSH_KEYGEN_ARGS -f $SSH_KEY_NAME
	elif [ "$keyMode" == "source" ]; then
		test -e $SSH_KEY_NAME || $MV $SSH_KEY_NAME $sshBackupDir
		test -e $SSH_PUB_KEY_NAME || $MV $SSH_PUB_KEY_NAME $sshBackupDir
		$SCP $SOURCE:~/.ssh/\{$SSH_KEY_NAME,$SSH_PUB_KEY_NAME\} $SETUP_DIR
		$MV $SETUP_DIR/$($BASENAME $SSH_KEY_NAME) $HOME/.ssh
		$MV $SETUP_DIR/$($BASENAME $SSH_PUB_KEY_NAME) $HOME/.ssh
	else
		assert "setup_ssh(): UNREACHABLE."
	fi

	if [ "$keyMode" == "createauthorize" ]; then
		if ! test -e $SSH_PUB_KEY_NAME; then
			error_out "Couldn't find $SSH_PUB_KEY_NAME; bailing"
		fi
		# Yes, I know ssh-copy-id exists; we do this because for some
		# reason, ssh-copy-id is not available on Macs...
		local ssh_pub_key_contents=$($CAT $SSH_PUB_KEY_NAME)
		$SSH $SOURCE "echo $ssh_pub_key_contents >> ~/.ssh/authorized_keys"
	fi

	# TODO: make this a var too.
	# cp config, known_hosts, authorized keys 
	$SCP ${SOURCE}:~/.ssh/\{config,authorized_keys,known_hosts\} $SETUP_DIR/
	test -d $sshBackupDir || $MKDIR $sshBackupDir
	test -e $HOME/.ssh/config && $MV $HOME/.ssh/config $sshBackupDir

	local sshFiles="$($LS $HOME/.ssh/{authorized_keys,known_hosts} 2> /dev/null)"
	test -n "$sshFiles" && $CP $sshFiles $sshBackupDir
	$MV ${SETUP_DIR}/config $HOME/.ssh
	$CAT ${SETUP_DIR}/authorized_keys >> $HOME/.ssh/authorized_keys
	$CAT ${SETUP_DIR}/known_hosts >> $HOME/.ssh/known_hosts

	return 0
}

function setup_gitrepo_ssh() {
	keyMode=$(echo $SSH_KEY_MODE | $TR "[:upper:]" "[:lower:]")
	if [ "$keyMode" != "create" ] &&
	   [ "$keyMode" != "source" ] &&
	   [ "$keyMode" != "createauthorize" ]; then
		error_out "Invalid SSH_KEY_MODE '$SSH_KEY_MODE'; must be source, create, or createauthorize"
	fi

	clone_source_gitrepo
	repo_ssh_dir="${DOTFILE_PREFIX}ssh"

	if [ -d "$SOURCE_GIT_CLONE_DIR/$repo_ssh_dir" ]; then
		test -e $HOME/.ssh && $MV $HOME/.ssh $BACKUP_DIR
		symlink_gitrepo_file ssh
	else
		echo "SSH config directory $repo_ssh_dir not found in git repo." > /dev/stderr
		return 0
	fi

	if test -n "$(echo $keyMode | $GREP create)"; then
		repo_key_file="$SOURCE_GIT_CLONE_DIR/$repo_ssh_dir/${SSH_KEY_NAME}"
		if test -e "$repo_key_file"; then
			echo "SSH key $repo_file_file exists, but key creation requested; SKIPPING KEY CREATION" > /dev/stderr
			return 1
		fi

		$SSH_KEYGEN $SSH_KEYGEN_ARGS -f $SSH_KEY_NAME
	fi

	if [ "$keyMode" == "createauthorize" ]; then
		if ! test -e $SSH_PUB_KEY_NAME; then
			error_out "Couldn't find $SSH_PUB_KEY_NAME; bailing"
		fi

		auth_host="$(echo $SOURCE | $AWK -F: '{ print $1 }')"

		if test -n "$(echo $auth_host | $GREP -i 'github.com$')"; then
			echo "Trying to publish your public key to github is unlikely to work, but we'll try anyway." > /dev/stderr
		fi

		# Yes, I know ssh-copy-id exists; we do this because for some
		# reason, ssh-copy-id is not available on Macs...
		local ssh_pub_key_contents=$($CAT $SSH_PUB_KEY_NAME)
		$SSH $auth_host "echo $ssh_pub_key_contents >> ~/.ssh/authorized_keys"
	fi
	return 0
}

function setup_sourcehost_shdotfiles() {
	local prefixed_dotfiles=()
	for f in $SHDOTFILES; do
		local prefixed_file=${DOTFILE_PREFIX}$f
		prefixed_dotfiles+=($prefixed_file)
	done

	local dotfile_list=$(join , ${prefixed_dotfiles[*]})
	$SCP $SOURCE:~/{$dotfile_list} ${SETUP_DIR}/

	for f in $prefixed_dotfiles; do
		symlink_sourcehost_file $f
	done

	return 0
}

function setup_sourcehost_gitconfig() {
	$SCP ${SOURCE}:~/.gitconfig ${SETUP_DIR}/
	symlink_sourcehost_file .gitconfig
}

function setup_gitrepo_gitconfig() {
	clone_source_gitrepo
	symlink_gitrepo_file gitconfig
}

function clone_source_gitrepo() {
	if ! test -d "${SOURCE_GIT_CLONE_DIR}/.git"; then
		if test -e "$SOURCE_GIT_CLONE_DIR"; then
			error_out "SOURCE_GIT_CLONE_DIR '${SOURCE_GIT_CLONE_DIR}' exists, but is not a git repository; bailing..."
		fi
		$GIT clone $GIT_CLONE_ARGS $SOURCE $SOURCE_GIT_CLONE_DIR
       fi
}

function setup_gitrepo_shdotfiles() {
	clone_source_gitrepo

	for f in $SHDOTFILES; do
		symlink_gitrepo_file $f
	done
}

test -z "$SOURCE" && error_out "Environment source must be defined."
echo "Environment source: $SOURCE"

# This isn't a very good test to see if $SOURCE is a Git repo; it grabs
# github in the hostname _or_ .git in the path, i.e. mymachine:/myrepo.git
if [ -n "$(echo $SOURCE | $GREP -i github)" ] ||
   [ -n "$(echo $SOURCE | $GREP -i '\.git$')" ]; then
	run_mode="gitrepo"
else
	run_mode="sourcehost"
fi

$MKDIR -p $BACKUP_DIR || true
$MKDIR -p $SETUP_DIR || true

for step in ${SETUP_STEPS}; do
		setup_${run_mode}_${step}
		echo "setup_${run_mode}_${step}: $?"
done