Request for review: keychain opt-in mechanism
Chris Grau
chris at chrisgrau.com
Fri Jul 22 17:12:12 UTC 2005
On Fri, Jul 22, 2005 at 02:17:34PM +0200, Alexander Dalloz wrote:
> Am Mi, den 20.07.2005 schrieb Alexander Dalloz um 18:46:
>
> > http://www.uni-x.org/README.Fedora
>
> > http://www.uni-x.org/keychain.sh
> > http://www.uni-x.org/keychain.csh
>
> > My suggestion now should work with bash, sh, csh, tcsh and zsh. With
> > those I tested myself and didn't found a problem. So far I didn't test
> > with ksh (KornShell) available through Core.
> >
> > Alexander
>
> Unfortunately nobody replied so far and my access_log only shows one
> single access to keychain.sh. So I have to speak to myself and add this
> small comment:
> I meanwhile installed the FC4 ksh rpm and tested my profile scripting
> with a user whose shell was set to /bin/ksh - it works with that shell
> type too. That generally probably was to be expected, as "KornShell
> [...] is upward compatible with "sh" (the Bourne Shell)." (cite from ksh
> rpm %description). I added "ksh" in the keychain.sh in the case routine
> and inside the README.Fedora document.
>
> I still encourage everybody with some interest in the keychain package
> and small spare time to review my profile scripting proposal :)
>
> Thanks for attention.
>
> Alexander
I played around with your opt-in scripts a bit. They worked quite well
and were very unobtrusive in an ordinary terminal. When using Gnome,
keychain appears to have launched a separate ssh-agent process. This
may or may not be a good thing. It would allow me to use one set of
keys for my day-to-day tasks and another for cron jobs. However, I'm
not sure that's the intention and I'm probably just turning a bug into a
feature.
In keychain.sh:
- The introductory comment refers to the script as keychain.csh.
- You quote the arguments to keychain on line 15. This means that if
I set KCHOPTS="--nogui --quiet" in ~/.keychainrc, keychain is passed
the single argument "--nogui --quiet" and doesn't know what to do
with it. The same is true for SSHKEYS and GPGKEYS.
- You use both "source" and "." to source files. I don't know if this
was deliberate or not. I don't know if sh/bash/etc. differ in their
support.
It's been a while since I've coded with csh, but the script looks
correct. It worked in the tests I ran with csh.
In the readme file, at one point you spell Fedora as Fedore. Other than
that, I didn't notice any errors and it was very informative about how I
should use your scripts. Made testing easy.
I noticed that, if I skip entering pass phrases for the ssh keys,
keychain gives up and doesn't prompt for gpg pass phrases. That's a
keychain issue, though, rather than a problem with your scripts.
That's all I have for now. I hope it's helpful. I think keychain is a
wonderful program. It has replaced my own script for doing more or less
the same thing. I'm glad you're packaging it for Extras.
-chris
More information about the fedora-extras-list
mailing list