keychain/0000755000000000000000000000000012572517126007547 5ustar keychain/COPYING.txt0000644000000000000000000004300112532114140011377 0ustar GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. keychain/ChangeLog0000644000000000000000000005617512532114140011320 0ustar # ChangeLog for Keychain; http://www.funtoo.org # # Copyright 2002-2006 Gentoo Foundation http://www.gentoo.org/ # Copyright 2007 Aron Griffis # Copyright 2009-2015 Funtoo Technolgies, LLC. # lockfile() Copyright 2009 Parallels, Inc. # Distributed under the GNU General Public License version 2 # Originally authored by Daniel Robbins # Maintained August 2002 - April 2003 by Seth Chandler # Maintained and rewritten April 2004 - July 2007 by Aron Griffis # Maintained July 2009 - present by Daniel Robbins * keychain 2.8.1 (29 May 2015) Summary: POSIX compatibility and bug fix release. Only set PATH to a standard value if PATH is not set. Otherwise, do not modify. Makefile Cygwin and RPM spec fixes (thanks Luke Bakken and Ricardo Silva) Confhost fixes. Deprecate in_path. Use command -v instead. Find_pids: Modify "ps" call to work with non-GNU ps. (Bryan Drewery) Re-introduce POSIX compatibility (remove shopt.) (vaeth) * keychain 2.8.0 (21 Mar 2015) Support for OpenSSH 6.8 fingerprints. Support for GnuPG 2.1.0. Handle private keys that are symlinks, even if the associated public key is in the target directory rather than alongside the symlink. Allow private keys to have extensions, such as foo.priv. When looking for matching public keys, look for foo.priv.pub, but also strip extension and look for foo.pub if foo.priv.pub doesn't exist. Initial support for --list/-l option to list SSH keys. Updated docs for fish shell usage. * keychain 2.7.2_beta1 (07 July 2014) Various changes and updates: Fixes for fish from Marc Joliet. Keychain will default to start only ssh-agent unless GPG is explicitly updated using --agents. Write ~/.gpg-agent-info when launching gpg-agent - fix from Thomas Spura. Add support for injecting agents into systemd (Ben Boeckel) Add support for --query option (Ben Boeckel) Add --absolute flag, allowing user to set a full path without getting a .keychain suffix automatically appended. Add --confhost option to scan ~/.ssh/config file to locate private key path specified there. * keychain 2.7.1 (07 May 2010) 07 May 2010; Daniel Robbins : Addition of a "make clean" target. removal of runtests as it is currently broken. 07 May 2010; Daniel Robbins : New release process in Makefile and release.sh - keychain release tarball will now contain pre-generated keychain, keychain.1 and keychain.spec so that users do not need to run "make". Updated README.rst to refer to the "source code" as a "release archive" since it contains both source code and ready-to-go script and man page. 14 Apr 2010; Daniel Robbins : GPG fix from Gentoo bug 203871; from Frederic Bathelery. This fix will fix the issue with pinentry starting in the background and not showing up in the terminal. 20 Feb 2010; Daniel Robbins : MacOS X documentation fix from James Turnbull. * keychain 2.7.0 (23 Oct 2009) 23 Oct 2009; Daniel Robbins : updated README.rst with 2.7.0 and MacOS X package update. 18 Oct 2009; Daniel Robbins : lockfile() replacement from Parallels Inc. OpenVZ code, takelock() rewrite, resulting in ~100 line code savings. Default lock timeout set to 5 seconds, and now keychain will try to forcefully acquire the lock if the timeout aborts, rather than simply failing and aborting. 30 Sep 2009; Daniel Robbins : MacOS X/BSD improvements: fix sed call in Makefile for MacOS X and presumably other *BSD environments, Rename COPYING to COPYING.txt, slight COPYING.txt formatting changes to allow license to display more cleanly from MacOS X .pkg automated install. Fixed POD errors (removed '=end'). 29 Sep 2009; Daniel Robbins : disable "Identity added" messages when --quiet is specified (Gentoo bug #250328, thanks to Richard Laager,) --help will print output to stdout (Gentoo bug #196060, thanks to Elan Ruusame,) output cleanup and colorization changes - moving away from blue and over to cyan as it displays better terminals with black background. Also some additional colorization. Version bump to 2.6.10. * keychain 2.6.9 (26 Jul 2009) 26 Jul 2009; Daniel Robbins : Close Gentoo bug 222953 from Bernd Petrovitsch to fix potential issues with GNU grep, Mac OS X color fix when called with --eval from Aron Griffis , Perl 5.10 Makefile fix from Aron Griffis . Transition README to README.rst (reStructuredText). Updated maintainership information. Simplified default output ( --version or --help now required to show version, copyright and license information.) * keychain 2.6.8 (24 Oct 2006) 24 Oct 2006; Aron Griffis : Save LC_ALL for gpg invocation so that pinentry-curses works. This affected peper and kloeri, though it seems to work for me in any case. * keychain 2.6.7 (24 Oct 2006) 24 Oct 2006; Aron Griffis : Prevent gpg_listmissing from accidentally loading keys * keychain 2.6.6 (08 Sep 2006) 08 Sep 2006; Aron Griffis : Make --lockwait -1 mean forever. Previously 0 meant forever but was undocumented. Add more locking regression tests #137981 * keychain 2.6.5 (08 Sep 2006) 08 Sep 2006; Aron Griffis : Break out of loop when empty lockfile can't be removed #127471. Add locking regression tests: 100_lock_stale 101_lock_held 102_lock_empty 103_lock_empty_cant_remove * keychain 2.6.4 (08 Sep 2006) 08 Sep 2006; Aron Griffis : Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be validated from startagent rather than up front. The advantage is that warning messages aren't emitted unnecessarily when --inherit *-once. Fix --eval for fish, and add new testcases: 053_start_with_--eval_ksh 054_start_with_--eval_fish 055_start_with_--eval_csh * keychain 2.6.3 (07 Sep 2006) 07 Sep 2006; Aron Griffis : Support fish: http://roo.no-ip.org/fish/ Thanks to Ilkka Poutanen for the patch. * keychain 2.6.2 (20 Mar 2006) 20 Mar 2006; Aron Griffis : Add --confirm option and corresponding regression tests for Debian bug 296382. Thanks to Liyang HU for the patch. Also add initialization for $ssh_timeout which was being inherited from the environment and add regression tests for --timeout * keychain 2.6.1 (10 Oct 2005) 10 Oct 2005; Aron Griffis : Change "unset evalopt" to "evalopt=false" and run through *all* the regression tests instead of just the new ones. *sigh* * keychain 2.6.0 (10 Oct 2005) 10 Oct 2005; Aron Griffis : Add the --eval option which makes keychain startup easier. See the man-page for examples. Get rid of the release notes from README, so now this file is where changes are tracked. * keychain 2.5.5 (28 Jul 2005) 28 Jul 2005; Aron Griffis : Add the --env option and automatic reading of .keychain/env. This allows variables such as PATH to be overridden for peculiar environments * keychain 2.5.4.1 (11 May 2005) 11 May 2005; Aron Griffis : A minor bug in 2.5.4 resulted in always exiting with non-zero status. Change back to the correct behavior of zero for success, non-zero for failure * keychain 2.5.4 (11 May 2005) 11 May 2005; Aron Griffis : Fix bug 92316: If any locale variables are set, override them with LC_ALL=C. This fixes a multibyte issue with awk that could keep a running ssh-agent from being found. Fix bug 87340: Use files instead of symlinks for locking, since symlink creation is not atomic on cygwin. * keychain 2.5.3.1 (10 Mar 2005) 10 Mar 2005; Aron Griffis : Fix problem introduced in 2.5.3 wrt adding gpg keys to the agent. Thanks to Azarah for spotting it. * keychain 2.5.3 (09 Mar 2005) 09 Mar 2005; Aron Griffis : Improve handling of DISPLAY by unsetting if blank. Call gpg with --use-agent explicitly. * keychain 2.5.2 (06 Mar 2005) 06 Mar 2005; Aron Griffis : Fix bug 78974 "keychain errors on Big/IP (x86 BSD variant)" by refraining from using ! in conditional expressions. Fix RSA fingerprint extraction on Solaris, reported in email by Travis Fitch. Use $HOSTNAME when possible instead of calling uname -n to improve bash_profile compatibility. * keychain 2.5.1 (12 Jan 2005) 12 Jan 2005; Aron Griffis : Don't accidentally inherit a forwarded agent when inheritwhich=local-once. Move the --stop warning after the version splash. * keychain 2.5.0 (07 Jan 2005) 07 Jan 2005; Aron Griffis : Add inheritance support via --inherit. Add parameters to --stop for more control. Change the default behavior of keychain to inherit if there's no keychain agent running ("--inherit local-once"), and refrain from killing other agents unless "--stop others" is specified. * keychain 2.4.3 (17 Nov 2004) 17 Nov 2004; Aron Griffis : Fix bug 69879: Update findpids to work again on BSD; it has been broken since the changes in version 2.4.2. Now we use OSTYPE (bash) or uname to determine the system type and call ps appropriately. * keychain 2.4.2.1 (30 Sep 2004) 30 Sep 2004; Aron Griffis : Fix minor issues in the test for existing gpg keys wrt DISPLAY * keychain 2.4.2 (29 Sep 2004) 29 Sep 2004; Aron Griffis : Make gpg support more complete. Allow adding keys, clearing the agent, etc. Fix --quick support to work properly again; it was broken since 2.4.0. Change default --attempts to 1 since the progs ask multiple times anyway. * keychain 2.4.1 (22 Sep 2004) 22 Sep 2004; Aron Griffis : Fix bugs 64174 and 64178; support Sun SSH, which is really OpenSSH in disguise and a few critical outputs changed. Thanks to Nathan Bardsley for lots of help debugging on Solaris 9 15 Sep 2004; Aron Griffis : Fix pod2man output so it formats properly on SGI systems. Thanks to Matthew Moore for reporting the problem. * keychain 2.4.0 (09 Sep 2004) 09 Sep 2004; Aron Griffis : Fix bug 26970 with first pass at gpg-agent support Fix Debian bug 269722; don't filter output of ssh-add Fix bug reported by Marko Myllynen regarding keychain and Solaris awk's inability to process -F'[ :]' Fix bug in now_seconds calculation, noticed by me. * keychain 2.3.5 (28 Jul 2004) 28 Jul 2004; Aron Griffis : Fix bug 58623 with patch from Daniel Westermann-Clark; don't put an extra newline in the output of listmissing Generate keychain.spec from keychain.spec.in automatically so that the version can be set appropriately. * keychain 2.3.4 (24 Jul 2004) 24 Jul 2004; Aron Griffis : Fix bug 28599 reported by Bruno Pelaia; ignore defunct processes in ps output * keychain 2.3.3 (30 Jun 2004) 30 Jun 2004; Aron Griffis : Fix bug reported by Matthew S. Moore in email; escape the backticks in --help output Fix bug reported by Herbie Ong in email; set pidf, cshpidf and lockf variables after parsing command-line to honor --dir setting Fix bug reported by Stephan Stahl in email; make spaces in filenames work throughout keychain, even in pure Bourne shell Fix operation on HP-UX with older OpenSSH by interpreting output of ssh-add as well as the error status * keychain 2.3.2 (16 Jun 2004) 16 Jun 2004; Aron Griffis : Fix bug 53837 (keychain needs ssh-askpass) by unsetting SSH_ASKPASS when --nogui is specified * keychain 2.3.1 (03 Jun 2004) 03 Jun 2004; Aron Griffis : Fix bug 52874: problems when the user is running csh * keychain 2.3.0 (14 May 2004) 14 May 2004; Aron Griffis : Rewrite the locking code to avoid procmail * keychain 2.2.2 (03 May 2004) 03 May 2004; Aron Griffis : Call loadagent prior to generating HOSTNAME-csh file so that variables are set. * keychain 2.2.1 (27 Apr 2004) 27 Apr 2004; Aron Griffis : Find running ssh-agent processes by searching for /[s]sh-agen/ instead of /[s]sh-agent/ for the sake of Solaris, which cuts off ps -u output at 8 characters. Thanks to Clay England for reporting the problem and testing the fix. * keychain 2.2.0 (21 Apr 2004) 21 Apr 2004; Aron Griffis : Rewrote most of the code, organized into functions, fixed speed issues involving ps, fixed compatibility issues for various UNIXes, hopefully didn't introduce too many bugs. This version has a --quick option (for me) and a --timeout option (for carpaski). Also added a Makefile and converted the man-page to pod for easier editing. See perlpod(1) for information on the format. Note that the pod is sucked into keychain and colorized when you run make. * keychain 2.0.3 (06 Apr 2003) 06 Apr 2003; Seth Chandler : Added keychain man page, fixed bugs with displaying colors for keychain --help. Also added a $grepopts to fix the grepping for a pid on cygwin Also added a TODO document color fix based on submission by Luke Holden * keychain 2.0.2 (26 Aug 2002) 26 Aug 2002; the Tru64 fix didn't work; it was being caused by "trap - foo" rather than "tail +2 -". Now really fixed. 26 Aug 2002; fixed "ssh-add" call to only redirect stdin (thus enabling ssh-askpass) if ssh_askpass happens to be set; this is to work around a bug in openssh were redirecting stdin will enable ssh-askpass even if ssh_askpass isn't set, which contradicts the openssh 3.4_p1 man page. to enable ssh-askpass, keychain now requires that the ssh_askpass var be set to point to your askpass program. * keychain 2.0.1 (24 Aug 2002) 24 Aug 2002; "--help" fixes; the keychain files were listed as sh-${HOSTNAME} rather than ${HOSTNAME}-sh. Now consistent with the actual program. Thanks to Christian Plessl , others for reporting this issue. 24 Aug 2002; cycloon : "If you add < /dev/null when adding the missingkeys via "ssh-add ${missingkeys}" (at line 454 of version 2.0) so that it reads: "ssh-add ${missingkeys} < /dev/null" then users can use program like x11-ssh-askpass in xfree to type in their passphrase. It then still works for users on shell, depending if $DISPLAY is set." Added. 24 Aug 2002; A fix to calling "tail" that *should* fix things for Tru64 Unix; unfortunately, I have no way to test but the solution should be portable to all other flavors of systems. Thanks to Mark Scarborough for reporting the issue. 24 Aug 2002; Changed around the psopts detection stuff so that "-x -u $me f" is used; this is needed on MacOS X. Thanks to Brian Bergstrand , others for reporting this issue. * keychain 2.0 (17 Aug 2002) 17 Aug 2002; (Many submitters): A fix for keychain when running on HP-UX 10.20. 17 Aug 2002; Patrice DUMAS - DOCT : Now perform help early on to avoid unnecessary processing. Also added --dir option to allow keychain to look in an alternate location for the .keychain directory (use like this: "keychain --dir /var/foo") 17 Aug 2002; Martial MICHEL : Martial also suggested moving help processing to earlier in the script. He also submitted a patch to place .ssh-agent-* files in a ~/.keychain/ directory, which makes sense particularly for NFS users so I integrated the concept into the code. 17 Aug 2002; Fred Carter : Cygwin fix to use proper "ps" options. 17 Aug 2002; Adrian Howard : patch so that lockfile gets removed even if --noask is specified. 17 Aug 2002; Mario Wolff : Replaced an awk dependency with a shell construct for improved performance. 17 Aug 2002; Marcus Stoegbauer , Dmitry Frolov : I (Daniel Robbins) solved problems reported by Marcus and Dmitry (mis-parsed command line issues) by following Dmitry's good suggestion of performing argument parsing all at once at the top of the script. 17 Aug 2002; Brian W. Curry : Added commercial SSH2 client support; improved output readability by initializing myfail=0; integrated Cygwin support into the main keychain script; improved Cygwin support by setting "trap" appropriately. Thanks Brian! * keychain 1.9 (04 Mar 2002) 04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2". 04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to follow this pattern and start building separate, optimized scripts for each platform so they don't get too sluggish. Maybe I could use a C preprocessor for this. 06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched to '-f' * keychain 1.8 (29 Nov 2001) 29 Nov 2001; Philip Hallstrom (philip@adhesivemedia.com) Added a "--local" option for removing the ${HOSTNAME} from the various files that keychain creates. Handy for non-NFS users. 29 Nov 2001; Aron Griffis (agriffis@gentoo.org) Using the Bourne shell "type" builtin rather than using the external "which" command. Should make things a lot more robust and slightly faster. 09 Nov 2001; Mike Briseno (mike@radik.com) Solaris' "which" command outputs "no lockfile in..." to stdout rather than stderr. A one-line fix (test the error condition) has been applied. 09 Nov 2001; lockfile settings tweak 09 Nov 2001; Rewrote how keychain detects failed passphrase attempts. If you stop making progress providing valid passphrases, it's three strikes and you're out. 09 Nov 2001; Constantine P. Sapuntzakis (csapuntz@stanford.edu) Some private keys can't be "ssh-keygen -l -f"'d; this patch causes keychain to look for the corresponding public key if the private key doesn't work. Thanks Constantine! 09 Nov 2001; Victor Leitman (vleitman@yahoo.com) CYAN color misdefined; fixed. 27 Oct 2001; Brian Wellington (bwelling@xbill.org) A "quiet mode" (--quiet) fix; I missed an "echo". 27 Oct 2001; J.A. Neitzel (jan@belvento.org) Missed another "kill -9"; it's now gone. * keychain 1.7 (21 Oct 2001) 21 Oct 2001; Frederic Gobry (frederic.gobry@smartdata.ch) Frederic suggested using procmail's lockfile to serialize the execution of critical parts of keychain, thus avoiding multiple ssh-agent processes being started if you happen to have multiple xterms open automatically when you log in. Initially, I didn't think I could add this, since systems may not have the lockfile command; however, keychain will now auto-detect whether lockfile is installed; if it is, keychain will automatically use it, thus preventing multiple ssh-agent processes from being spawned. 21 Oct 2001; Raymond Wu (ursus@usa.net): --nocolor test is no longer inside the test for whether "echo -e" works. According to Raymond, this works optimally on his Solaris box. 21 Oct 2001; J.A. Neitzel (jan@belvento.org): No longer "kill -9" our ssh-agent processes. SIGTERM should be sufficient and will allow ssh-agent to clean up after itself (this reverses a previously-applied patch). 21 Oct 2001; Thomas Finneid (tfinneid@online.no): Added argument "--quiet | -q" to make the program less intrusive to the user; with it, only error and interactive messages will appear. 21 Oct 2001; Thomas Finneid (tfinneid@online.no): Changed the format of some arguments to bring them more in line with common *nix programs: added "-h" as alias for "--help"; added "-k" as alias for "--stop" 21 Oct 2001; Mark Stosberg (mark@summersault.com): $pidf to "$pidf" fixes to allow keychain to work with paths that include spaces (for Darwin and MacOS X in particular). 21 Oct 2001; Jonathan Wakely (redi@redi.uklinux.net): Small patch to convert "echo -n -e" to "echo -e "\c"" for FreeBSD compatibility. * keychain 1.6 (15 Oct 2001) 13 Oct 2001; Ralf Horstmann (ralf.horstmann@webwasher.com): Add /usr/ucb to path for Solaris systems. 11 Oct 2001; Idea from Joe Reid (jreid@vnet.net): Try to add multiple keys using ssh-add; avoid typing in identical passphrases more than once. Good idea! *keychain 1.5 (21 Sep 2001) 21 Sep 2001; David Hull (hull@paracel.com): misc. compatibility, signal handling, cleanup fixes 21 Sep 2001; "ps" test to find the right one for your OS. 20 Sep 2001; Marko Myllynen (myllynen@lut.fi): "grep [s]sh-agent" to "grep [s]sh-agent" (zsh fix) *keychain 1.4 (20 Sep 2001) 20 Sep 2001; David Hull (hull@paracel.com): "touch $foo" to ">$foo" optimization and other "don't fork" fixes. Converted ${foo#--} to a case statement for Solaris sh compatibility. 20 Sep 2001; Try an alternate "ps" syntax if our default one fails. This should give us Solaris and IRIX (sysV) compatibility without breaking BSD. 20 Sep 2001; Hans Peter Verne (h.p.verne@usit.uio.no); "echo -e" to "echo $E" (for IRIX compatibility with --nocolor), optimization of grep ("grep [s]sh-agent") 17 Sep 2001; Marko Myllynen (myllynen@lut.fi): Various fixes: trap signal 2 if signal INT not supported (NetBSD); handle invalid keys correctly; ancient version of ash didn't support ~, so using $HOME; correct zsh instruction; minor cleanups *keychain 1.3 (12 Sep 2001) 12 Sep 2001; Minor color changes; the cyan was hard to read on xterm-colored terms so it was switched to bold. Additional --help text added. 10 Sep 2001; We now use .ssh-agent-[hostname] instead of .ssh-agent. We now create a .ssh-agent-csh-[hostname] file that can be sourced by csh-compatible shells. We also now kill all our existing ssh-agent processes before starting a new one. 10 Sep 2001; Robert R. Wal (rrw@hell.pl): Very nice NFS fixes, colorization fixes, tcsh redirect -> grep -v fix. Thanks go out to others who sent me similar patches. 10 Sep 2001; Johann Visagie (johann@egenetics.com): "source" to "." shell-compatibility fixes. Thanks for the FreeBSD port. 10 Sep 2001; Marko Myllynen (myllynen@lut.fi): rm -f $pidf after stopping ssh-agent fix *keychain 1.2 09 Sep 2001; README updates to reflect new changes. 09 Sep 2001; Marko Myllynen (myllynen@lut.fi): bash 1/zsh/sh compatibility; now only tries to kill *your* ssh-agent processes, version fix, .ssh-agent file creation error detection. Thanks! *keychain 1.1; fixes for calling "pidof"; README; ChangeLog 07 Sep 2001; Addition of README stating that keychain requires bash 2.0 or greater, as well as quick install directions and web URL. 07 Sep 2001; Explicitly added /sbin and /usr/sbin to path, and then called "pidof". I think that this is a bit more robust. 06 Sep 2001; from John Ellson (ellson@lucent.com): "pidof" changed to "/sbin/pidof", since it's probably not in $PATH 06 Sep 2001; New ChangeLog! :) *keychain 1.0; initial release (Aug 2001) keychain/Makefile0000644000000000000000000000455612532114140011202 0ustar V:=$(shell cat VERSION) D:=$(shell date +'%d %b %Y') RPMDIR:=$(shell rpmbuild -E '%_rpmdir') SRPMDIR:=$(shell rpmbuild -E '%_srcrpmdir') TARBALL_CONTENTS=keychain README.md ChangeLog COPYING.txt keychain.pod keychain.1 \ keychain.spec all: keychain.1 keychain keychain.spec .PHONY : tmpclean tmpclean: rm -rf dist keychain.1.orig keychain.txt .PHONY : clean clean: tmpclean rm -rf keychain.1 keychain keychain.spec keychain.spec: keychain.spec.in keychain.sh sed 's/KEYCHAIN_VERSION/$V/' keychain.spec.in > keychain.spec keychain.1: keychain.pod keychain.sh pod2man --name=keychain --release=$V \ --center='http://www.funtoo.org' \ keychain.pod keychain.1 sed -i.orig -e "s/^'br/.br/" keychain.1 keychain.1.gz: keychain.1 gzip -9 keychain.1 GENKEYCHAINPL = open P, "keychain.txt" or die "cant open keychain.txt"; \ while (

) { \ $$printing = 0 if /^\w/; \ $$printing = 1 if /^(SYNOPSIS|OPTIONS)/; \ $$printing || next; \ s/\$$/\\\$$/g; \ s/\`/\\\`/g; \ s/\\$$/\\\\/g; \ s/\*(\w+)\*/\$${CYAN}$$1\$${OFF}/g; \ s/(^|\s)(-+[-\w]+)/$$1\$${GREEN}$$2\$${OFF}/g; \ $$pod .= $$_; \ }; \ open B, "keychain.sh" or die "cant open keychain.sh"; \ $$/ = undef; \ $$_ = ; \ s/INSERT_POD_OUTPUT_HERE[\r\n]/$$pod/ || die; \ s/\#\#VERSION\#\#/$V/g || die; \ print keychain: keychain.sh keychain.txt perl -e '$(GENKEYCHAINPL)' >keychain || rm -f keychain chmod +x keychain keychain.txt: keychain.pod pod2text keychain.pod keychain.txt keychain-$V.tar.gz: $(TARBALL_CONTENTS) @case $V in *-test*) \ echo "**** Version is $V, please remove -test"; \ exit 1 ;; \ esac @if ! grep -qF '* keychain $V ' ChangeLog; then \ echo "**** Need to update the ChangeLog for version $V"; \ exit 1; \ fi mkdir keychain-$V cp $(TARBALL_CONTENTS) keychain-$V /bin/tar cjvf keychain-$V.tar.bz2 keychain-$V rm -rf keychain-$V ls -l keychain-$V.tar.bz2 # Building noarch.rpm builds src.rpm at the same time. I haven't # found an elegant way yet to prevent parallel builds from messing # this up, so all deps in the Makefile refer only to noarch.rpm keychain-$V-1.noarch.rpm-unsigned: keychain-$V.tar.gz rpmbuild -ta keychain-$V.tar.bz2 mv $(RPMDIR)/noarch/keychain-$V-1.noarch.rpm \ $(SRPMDIR)/keychain-$V-1.src.rpm . keychain-$V-1.noarch.rpm: keychain-$V-1.noarch.rpm-unsigned rpm --addsign keychain-$V-1.noarch.rpm keychain-$V-1.src.rpm keychain/README.md0000644000000000000000000000144612532114140011014 0ustar Introduction to Keychain ======================== **Official documentation for Keychain can be found on [the official Keychain wiki page](http://www.funtoo.org/Keychain).** `Keychain` helps you to manage ssh and GPG keys in a convenient and secure manner. It acts as a frontend to `ssh-agent` and `ssh-add`, but allows you to easily have one long running `ssh-agent` process per system, rather than the norm of one `ssh-agent` per login session. This dramatically reduces the number of times you need to enter your passphrase. With `keychain`, you only need to enter a passphrase once every time your local machine is rebooted. `Keychain` also makes it easy for remote cron jobs to securely "hook in" to a long running `ssh-agent` process, allowing your scripts to take advantage of key-based logins. keychain/VERSION0000644000000000000000000000000612532114140010574 0ustar 2.8.1 keychain/img/0000755000000000000000000000000012532114140010304 5ustar keychain/img/keychain-1.png0000644000000000000000000001276512532114140012756 0ustar PNG  IHDReSIDATxc``Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`9sĉ`$`~p(a ?>1 J7`,ͰL=P-{+ax!= Th Jd 9wP#A@m(0@ heP Rԁu}ڵ`~:gM聗TzQBP1h0PdIC<} .q j{z'~ >` (qB{Ӡv+es0s`jKE +T L؀Rt}d!|f/(maq C KC"DI<,{0fҠ90.0!nz68H'V- hR懆ª_h) r+Q pߛp08.U=D<9 A5 "\>Dl`<.Gه8;4Ual\<4Emc4?%/R\Y;@@. cKaxB `9Hplv10 ^4TB cB?RRGD #KAe=Qs@bDF0ܨU[W H(4 j:G.)aRF FcSDjK%iR #4N)R|S 4" .n@)Q(H{)E(:Rck1E) QW5c8Ja]F1Ka`i}x6sf) ,y"C/M`9E"ku qi<#4q1BF &>+r8ez,,r`L-GD) _[C*(Hjd| ąr@G  R `D5; D #WJTQѻiR :Ev:kMX:8Jv, K#Hcd30(PfMH[pA2" uQ+lvA]VK``ď̎A ̒(3 .r4c Ij3cgQ0 F(`Q0 F(`Q0 F(`Q0 F(`@Cƹb1  8P{(`DR@rtR)\:̡)0|6 F($/\ Fr# ` @VePl.Y]9QKzvqn( qP)\T^\G8t'zDU˿xQ0 #J(8b(* Kia@T Ii\B,qb/5p(Q8m GC-@pR:*Pih0‹Rn J!Fl)كݙQF$AVk8r'1` FKRx0V LW)"j8Ja\G8r'82-GKRxd¨PUh)Tĕ˜@0J1H P 80pNw+qi$I|Q0Z $# &F+1qy0%z:0őEx܉eBeHh)_z.多#py|G=_x/S}&|G=_x|q/[=Z z1G=_x| Vf!Ra|G=_x|as/>棄C£ /_S=~H59`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 #m% ,PܳanorQruBb"dQ0 F/ PT% f )MI?{2B{V8 F(@ H'ڠ*H[t{BJ[pa,P` F=UEEX܉@Ja`@ݨ* 1Qt[q9<m0 C?ryhy8` 6qX܉ c祡7pq&05ztkA5󅑲?.ݎ]EF*$ $vq '[!Y|Ș0.F(Cb= 07. n;'RDb6[b-GKaS Oa;oGK Liu^0 ] 86\d`U(17.wX:z艗'^/@Y,.rb8fWVP|^0dBLm[ٙ+PC#(P8"@d \sh)Vn"Ɲz9X.'@ aw<@(ɟP3Њf$/ VO0=` ;G؎pDAKg h@k>`km<`GO\(}JAp塡5pQSbe>8IrH#H g0f.{O)/qۋ!k S=.wJ?FKU ci C$ 0Zni'1R$+ӱ e)а$\6E{`AbuR0/qۋYpM S8(ygRO:"FO`yB |RKaJDKaQORؔPwc/-KaeH}#"(!hRUPEEx%-Wr/Ra>0!ƖQ CZ)ff.{k:[#a鉓_MheDbF$NnhxQ{EH}#Dy DPB{0A$xJ0\=R$B@BxXG.qT=fYp0mv{q3`O'xXKX*;/E>q$FKQ B@voH@k{?G` 5>(b`Q0 F(`Q0Yݣ8; F(`Q0 F(`Q0 F(@,q; h x;0P@9=ci}hKӈA\tY,ŸZ:znCdjRa8UmΣ%,N, ʠ|RCb:@4h04`~!Q@ (q Cަu 퉠X (EImHPu%0 Ke>r1 Y3p/Z=T/̆!%&ɣtl75OT\N")Gq8XCq|XKa<R*a/V֐!E=N܀*=/01y87yL%*f@Q)jAm@Eq(HɄzjmn<{:x܃3p?.P9BGM=7yğJ9@(Xa)+ T)LL>_h*(\j|jҸ6%!BGM=7&Dw(%b8c qk(aC1"|0|02E7R܃+^p?P1p{[2C 0ĸ'.q'z_nq< ( @@>VqS(IMPc E!K!GT EC#g:k@0:&Ezl_{_88cD3`  anƓ_/q P8(`dsGM=7yd,&Q0 F(`Q0 F(luh(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(qQ0 F(h)w##ȁA]tb4"2ڀ<=jw?MaXURx-GKaKaN0Ξ> EjBVwFa;"7{E0 s11`ϝTh)*n@#8i>B _H+r~90%"& l tPk:>d>r# 8X! Ji$`=K@3iuc _XAm7Nsp`p4)`CCa.}zߔTq W3(pMlUAK"t؜ё4NP&T 5`!(@RWm?r8 TR.(DF[RK1J0X!B*Uh| eEKv(yhMZ̏,|m DQ`7*`k JpB A8.O=)q;0K1!6ML "7oQMxTG֎P nqxs?0P+|X0 Li ,z 2Pp!En7I@h/RP*\i/< 7jUգ:"~tsO`E,&͘)|A)mXbr qHe=S$KP b R^bQ0 ϪCZLQJ@ a0f LXlub_ϰ^nT\Y \' Xgژp5H\G;(n&Mp (|y+|rB.b ƭKي F \—ːG ZR#2=qaCwHCf/|)Q U|Vn.5 fVQNa MK!B"+8& 8 52D\pCCTA[%]=D%6s&̡((QQ0(`Y TVF7lZA'#k( l:Q@]0;9vF(`Q0 F(`Q0 F(`Q0 F(`Q0  <_Ȁ[`| 'G$P eras{plN~ &,r@yEK) 6/I>0|p mٸ/Aы\Zk r@yLh>F149#`G!"$,Yx6EJD 1a̅*@y78g7'aqnqP[T^\)ܰxӝxӿ nRJPBe)=W3օ/٣h-kx _<ҰEUGn)yhnB&s~L艅@%K7M(qËK uzh pp7>p1M\Rq ]xXjj.q/6a$= ;Pݝ㣅h;)R3 8ijnRS!8PLG-1ő'|HU}(mBR _@>2jwW7O1:,3@w۱gBlXGF!O r?ܩ&p1+F(Pa"zf(`\`Q0 F(`Q@ss$wQ0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`Q0 F(`@`Q0 hF w-|G w-|G w(sJ{zP9ZhKz᫶?4)!q }5B*G[-іh˗/u@=| _`4ZhKX`_ Us7-\o*PjpP 90se+؋՝TCOh;Z/q/Q/="SoxdJ@ *[ځ(#H X= OQ^ 6Cjqw-|G _ _Xb6'HPZ1,A\zR EnBFN؆& S<--nocolor --nogui --nolock --quick --quiet --version ]> S<[ --agents I ] [ --attempts I ] [ --dir I ]> S<[ --host I ] [ --lockwait I ]> S<[ --stop I ] [ --timeout I ] [ keys... ]> =head1 DESCRIPTION keychain is a manager for ssh-agent, typically run from ~/.bash_profile. It allows your shells and cron jobs to easily share a single ssh-agent process. By default, the ssh-agent started by keychain is long-running and will continue to run, even after you have logged out from the system. If you want to change this behavior, take a look at the --clear and --timeout options, described below. When keychain is run, it checks for a running ssh-agent, otherwise it starts one. It saves the ssh-agent environment variables to ~/.keychain/${HOSTNAME}-sh, so that subsequent logins and non-interactive shells such as cron jobs can source the file and make passwordless ssh connections. In addition, when keychain runs, it verifies that the key files specified on the command-line are known to ssh-agent, otherwise it loads them, prompting you for a password if necessary. Typically, private key files are specified by filename only, without path, although it is possible to specify an absolute or relative path to the private key file as well. If just a private key filename is used, which is typical usage, keychain will look for the specified private key files in ~/.ssh, ~/.ssh2, or with the -c/--confhost option, inspect the ~/.ssh/config file and use the IdentityFile option to determine the location of the private key. Private keys can be symlinks to the actual private key. Keychain expects associated public key files to exist in the same directory as the private key files, with a .pub extension. If the private key is a symlink, the public key can be found alongside the symlink, or in the same directory as the symlink target (This capability requires the 'readlink' command to be available on the system.) As an additional feature, if a private key has an extension ".ext", keychain will look for privkey.ext.pub first, and if not found, will look for privkeyname.pub. Keychain also supports gpg-agent in the same ways that ssh-agent is supported. By default keychain attempts to start ssh-agent only. You can modify this behavior using the --agents option. Keychain supports most UNIX-like operating systems, including Cygwin. It works with Bourne-compatible, csh-compatible and fish shells. =head1 OPTIONS =over =item B<--agents> I Start the agents listed. By default keychain will start ssh-agent if it is found in your path. The list should be comma-separated, for example "gpg,ssh" =item B<--attempts> I Try num times to add keys before giving up. The default is 1. =item B<--clear> Delete all of ssh-agent's keys. Typically this is used in .bash_profile. The theory behind this is that keychain should assume that you are an intruder until proven otherwise. However, while this option increases security, it still allows your cron jobs to use your ssh keys when you're logged out. =item B<--confhost> By default, keychain will look for key pairs in the ~/.ssh/ directory. The --confhost option will inform keychain to look in ~/.ssh/config for IdentityFile settings defined for particular hosts, and use these paths to locate keys. =item B<--confirm> Keys are subject to interactive confirmation by the SSH_ASKPASS program before being used for authentication. See the -c option for ssh-add(1). =item B<--absolute> Any arguments to "--dir" are interpreted to be absolute. The default behavior is to append "/.keychain" to the argument for backwards compatibility. =item B<--dir> I Keychain will use dirname rather than $HOME/.keychain =item B<--query> Keychain will print lines in KEY=value format representing the values which are set by the agents. =item B<--eval> Keychain will print lines to be evaluated in the shell on stdout. It respects the SHELL environment variable to determine if Bourne shell or C shell output is expected. =item B<--env> I After parsing options, keychain will load additional environment settings from "filename". By default, if "--env" is not given, then keychain will attempt to load from ~/.keychain/[hostname]-env or alternatively ~/.keychain/env. The purpose of this file is to override settings such as PATH, in case ssh is stored in a non-standard place. =item B<-h --help> Show help that looks remarkably like this man-page. As of 2.6.10, help is sent to stdout so it can be easily piped to a pager. =item B<--host> I Set alternate hostname for creation of pidfiles =item B<--ignore-missing> Don't warn if some keys on the command-line can't be found. This is useful for situations where you have a shared .bash_profile, but your keys might not be available on every machine where keychain is run. =item B<--inherit> I Attempt to inherit agent variables from the environment. This can be useful in a variety of circumstances, for example when ssh-agent is started by gdm. The following values are valid for "which": =over 12 =item B Inherit when a pid (e.g. SSH_AGENT_PID) is set in the environment. This disallows inheriting a forwarded agent. =item B Inherit when a sock (e.g. SSH_AUTH_SOCK) is set in the environment. This allows inheriting a forwarded agent. =item B Same as "local", but only inherit if keychain isn't already providing an agent. =item B Same as "any", but only inherit if keychain isn't already providing an agent. =back By default, keychain-2.5.0 and later will behave as if "--inherit local-once" is specified. You should specify "--noinherit" if you want the older behavior. =item B<-l --list> List signatures of all active SSH keys, and exit, similar to "ssh-add -l". =item B<--lockwait> I How long to wait for the lock to become available. Defaults to 5 seconds. Specify a value of zero or more. If the lock cannot be acquired within the specified number of seconds, then this keychain process will forcefully acquire the lock. =item B<--noask> This option tells keychain do everything it normally does (ensure ssh-agent is running, set up the ~/.keychain/[hostname]-{c}sh files) except that it will not prompt you to add any of the keys you specified if they haven't yet been added to ssh-agent. =item B<--nocolor> Disable color hilighting for non ANSI-compatible terms. =item B<--nogui> Don't honor SSH_ASKPASS, if it is set. This will cause ssh-add to prompt on the terminal instead of using a graphical program. =item B<--noinherit> Don't inherit any agent processes, overriding the default "--inherit local-once" =item B<--nolock> Don't attempt to use a lockfile while manipulating files, pids and keys. =item B<-k --stop> I Kill currently running agent processes. The following values are valid for "which": =item B<--systemd> Inject environment variables into the systemd --user session. =over 9 =item all Kill all agent processes and quit keychain immediately. Prior to keychain-2.5.0, this was the behavior of the bare "--stop" option. =item others Kill agent processes other than the one keychain is providing. Prior to keychain-2.5.0, keychain would do this automatically. The new behavior requires that you specify it explicitly if you want it. =item mine Kill keychain's agent processes, leaving other agents alone. =back =item B<-Q --quick> If an ssh-agent process is running then use it. Don't verify the list of keys, other than making sure it's non-empty. This option avoids locking when possible so that multiple terminals can be opened simultaneously without waiting on each other. =item B<-q --quiet> Only print messages in case of warning, error or required interactivity. As of version 2.6.10, this also suppresses "Identities added" messages for ssh-agent. =item B<--timeout> I Set a timeout in minutes on your keys. This is conveyed to ssh-agent which does the actual timing out of keys since keychain doesn't run continuously. =item B<-V --version> Show version information. =back =head1 EXAMPLES This snippet should work in most shells to load two ssh keys and one gpg key: eval `keychain --eval id_rsa id_dsa 0123ABCD` For the fish shell, use the following format: if status --is-interactive keychain --eval --quiet -Q id_rsa | source end If you have trouble with that in csh: setenv SHELL /bin/csh eval `keychain --eval id_rsa id_dsa 0123ABCD` This is equivalent for Bourne shells (including bash and zsh) but doesn't use keychain's --eval feature: keychain id_rsa id_dsa 0123ABCD [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n` [ -f $HOME/.keychain/$HOSTNAME-sh ] && \ . $HOME/.keychain/$HOSTNAME-sh [ -f $HOME/.keychain/$HOSTNAME-sh-gpg ] && \ . $HOME/.keychain/$HOSTNAME-sh-gpg This is equivalent for C shell (including tcsh): keychain id_rsa id_dsa 0123ABCD host=`uname -n` if (-f $HOME/.keychain/$host-csh) then source $HOME/.keychain/$host-csh endif if (-f $HOME/.keychain/$host-csh-gpg) then source $HOME/.keychain/$host-csh-gpg endif To load keychain variables from a script (for example from cron) and abort unless id_dsa is available: # Load keychain variables and check for id_dsa [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n` . $HOME/.keychain/$HOSTNAME-sh 2>/dev/null ssh-add -l 2>/dev/null | grep -q id_dsa || exit 1 =head1 SEE ALSO L =head1 NOTES Keychain was created and is currently maintained by Daniel Robbins. If you need to report a bug or request an enhancement, please post to the Funtoo Linux bug tracker L. For more information about keychain, please visit L. keychain/keychain.sh0000755000000000000000000011506512532114140011672 0ustar #!/bin/sh # Copyright 1999-2005 Gentoo Foundation # Copyright 2007 Aron Griffis # Copyright 2009-2015 Funtoo Technologies, LLC # lockfile() Copyright 2009 Parallels, Inc. # Distributed under the terms of the GNU General Public License v2 # Originally authored by Daniel Robbins # Maintained August 2002 - April 2003 by Seth Chandler # Maintained and rewritten April 2004 - July 2007 by Aron Griffis # Maintained July 2009 - present by Daniel Robbins version=##VERSION## PATH="${PATH:-/usr/bin:/bin:/sbin:/usr/sbin:/usr/ucb}" maintainer="drobbins@funtoo.org" zero=`basename "$0"` unset mesglog unset myaction unset agentsopt havelock=false unset hostopt ignoreopt=false noaskopt=false noguiopt=false nolockopt=false lockwait=5 openssh=unknown sunssh=unknown confhost=unknown sshconfig=false quickopt=false quietopt=false clearopt=false color=true inheritwhich=local-once unset stopwhich unset timeout unset ssh_timeout attempts=1 unset sshavail unset sshkeys unset gpgkeys unset mykeys keydir="${HOME}/.keychain" unset envf evalopt=false queryopt=false confirmopt=false absoluteopt=false systemdopt=false unset ssh_confirm unset GREP_OPTIONS realpath_bin="`command -v realpath`" BLUE="" CYAN="" CYANN="" GREEN="" RED="" PURP="" OFF="" # GNU awk and sed have regex issues in a multibyte environment. If any locale # variables are set, then override by setting LC_ALL unset pinentry_locale lvars=`locale 2>/dev/null | egrep -v '="?(|POSIX|C)"?$' 2>/dev/null` if [ -n "$lvars$LANG$LC_ALL" ]; then # save LC_ALL so that pinentry-curses works right. This has always worked # correctly for me but peper and kloeri had problems with it. pinentry_lc_all="$LC_ALL" LC_ALL=C export LC_ALL fi # synopsis: qprint "message" qprint() { $quietopt || echo "$*" >&2 } # synopsis: mesg "message" # Prettily print something to stderr, honors quietopt mesg() { qprint " ${GREEN}*${OFF} $*" } # synopsis: warn "message" # Prettily print a warning to stderr warn() { echo " ${RED}* Warning${OFF}: $*" >&2 } # synopsis: error "message" # Prettily print an error error() { echo " ${RED}* Error${OFF}: $*" >&2 } # synopsis: die "message" # Prettily print an error, then abort die() { [ -n "$1" ] && error "$*" qprint $evalopt && { echo; echo "false;"; } exit 1 } # synopsis: versinfo # Display the version information versinfo() { qprint qprint " Copyright ${CYANN}2002-2006${OFF} Gentoo Foundation;" qprint " Copyright ${CYANN}2007${OFF} Aron Griffis;" qprint " Copyright ${CYANN}2009-2015${OFF} Funtoo Technologies, LLC;" qprint " lockfile() Copyright ${CYANN}2009${OFF} Parallels, Inc." qprint qprint " Keychain is free software: you can redistribute it and/or modify" qprint " it under the terms of the ${CYANN}GNU General Public License version 2${OFF} as" qprint " published by the Free Software Foundation." qprint } # synopsis: helpinfo # Display the help information. There's no really good way to use qprint for # this... helpinfo() { cat >&1 <&1`" in *OpenSSH*) openssh=true ;; *Sun?SSH*) sunssh=true ;; esac } # synopsis: getuser # Set the global string $me getuser() { # whoami gives euid, which might be different from USER or LOGNAME me=`whoami` || die "Who are you? whoami doesn't know..." } # synopsis: getos # Set the global string $OSTYPE getos() { OSTYPE=`uname` || die 'uname failed' } # synopsis: verifykeydir # Make sure the key dir is set up correctly. Exits on error. verifykeydir() { # Create keydir if it doesn't exist already if [ -f "${keydir}" ]; then die "${keydir} is a file (it should be a directory)" # Solaris 9 doesn't have -e; using -d.... elif [ ! -d "${keydir}" ]; then ( umask 0077 && mkdir "${keydir}"; ) || die "can't create ${keydir}" fi } lockfile() { # This function originates from Parallels Inc.'s OpenVZ vpsreboot script # Description: This function attempts to acquire the lock. If it succeeds, # it returns 0. If it fails, it returns 1. This function retuns immediately # and only tries to acquire the lock once. local tmpfile="$lockf.$$" echo $$ >"$tmpfile" 2>/dev/null || exit if ln "$tmpfile" "$lockf" 2>/dev/null; then rm -f "$tmpfile" havelock=true && return 0 fi if kill -0 `cat $lockf 2>/dev/null` 2>/dev/null; then rm -f "$tmpfile" return 1 fi if ln "$tmpfile" "$lockf" 2>/dev/null; then rm -f "$tmpfile" havelock=true && return 0 fi rm -f "$tmpfile" "$lockf" && return 1 } takelock() { # Description: This function calls lockfile() multiple times if necessary # to try to acquire the lock. It returns 0 on success and 1 on failure. # Change in behavior: if timeout expires, we will forcefully acquire lock. [ "$havelock" = "true" ] && return 0 [ "$nolockopt" = "true" ] && return 0 # First attempt: lockfile && return 0 local counter=0 mesg "Waiting $lockwait seconds for lock..." while [ "$counter" -lt "$(( $lockwait * 2 ))" ] do lockfile && return 0 sleep 0.5; counter=$(( $counter + 1 )) done rm -f "$lockf" && lockfile && return 0 return 1 } # synopsis: droplock # Drops the lock if we're holding it. droplock() { $havelock && [ -n "$lockf" ] && rm -f "$lockf" } # synopsis: findpids [prog] # Returns a space-separated list of agent pids. # prog can be ssh or gpg, defaults to ssh. Note that if another prog is ever # added, need to pay attention to the length for Solaris compatibility. findpids() { fp_prog=${1-ssh} unset fp_psout # Different systems require different invocations of ps. Try to generalize # the best we can. The only requirement is that the agent command name # appears in the line, and the PID is the first item on the line. [ -n "$OSTYPE" ] || getos # Try systems where we know what to do first case "$OSTYPE" in AIX|*bsd*|*BSD*|CYGWIN|darwin*|Linux|linux-gnu|OSF1) fp_psout=`ps x 2>/dev/null` ;; # BSD syntax HP-UX) fp_psout=`ps -u $me 2>/dev/null` ;; # SysV syntax SunOS) case `uname -r` in [56]*) fp_psout=`ps -u $me 2>/dev/null` ;; # SysV syntax *) fp_psout=`ps x 2>/dev/null` ;; # BSD syntax esac ;; GNU|gnu) fp_psout=`ps -g 2>/dev/null` ;; # GNU Hurd syntax esac # If we didn't get a match above, try a list of possibilities... # The first one will probably fail on systems supporting only BSD syntax. if [ -z "$fp_psout" ]; then fp_psout=`UNIX95=1 ps -u $me -o pid,comm 2>/dev/null | grep '^ *[0-9]'` [ -z "$fp_psout" ] && fp_psout=`ps x 2>/dev/null` fi # Return the list of pids; ignore case for Cygwin. # Check only 8 characters since Solaris truncates at that length. # Ignore defunct ssh-agents (bug 28599) if [ -n "$fp_psout" ]; then echo "$fp_psout" | \ awk "BEGIN{IGNORECASE=1} /defunct/{next} /$fp_prog-[a]gen/{print \$1}" | xargs return 0 fi # If none worked, we're stuck error "Unable to use \"ps\" to scan for $fp_prog-agent processes" error "Please report to $maintainer via http://bugs.gentoo.org" return 1 } # synopsis: stopagent [prog] # --stop tells keychain to kill the existing agent(s) # prog can be ssh or gpg, defaults to ssh. stopagent() { stop_prog=${1-ssh} eval stop_except=\$\{${stop_prog}_agent_pid\} stop_mypids=`findpids "$stop_prog"` [ $? = 0 ] || die if [ -z "$stop_mypids" ]; then mesg "No $stop_prog-agent(s) found running" return 0 fi case "$stopwhich" in all) kill $stop_mypids >/dev/null 2>&1 mesg "All ${CYANN}$me${OFF}'s $stop_prog-agents stopped: ${CYANN}$stop_mypids${OFF}" ;; others) # Try to handle the case where we *will* inherit a pid kill -0 $stop_except >/dev/null 2>&1 if [ -z "$stop_except" -o $? != 0 -o \ "$inheritwhich" = local -o "$inheritwhich" = any ]; then if [ "$inheritwhich" != none ]; then eval stop_except=\$\{inherit_${stop_prog}_agent_pid\} kill -0 $stop_except >/dev/null 2>&1 if [ -z "$stop_except" -o $? != 0 ]; then # Handle ssh2 eval stop_except=\$\{inherit_${stop_prog}2_agent_pid\} fi fi fi # Filter out the running agent pid unset stop_mynewpids for stop_x in $stop_mypids; do [ $stop_x -eq $stop_except ] 2>/dev/null && continue stop_mynewpids="${stop_mynewpids+$stop_mynewpids }$stop_x" done if [ -n "$stop_mynewpids" ]; then kill $stop_mynewpids >/dev/null 2>&1 mesg "Other ${CYANN}$me${OFF}'s $stop_prog-agents stopped: ${CYANN}$stop_mynewpids${OFF}" else mesg "No other $stop_prog-agent(s) than keychain's $stop_except found running" fi ;; mine) if [ $stop_except -gt 0 ] 2>/dev/null; then kill $stop_except >/dev/null 2>&1 mesg "Keychain $stop_prog-agents stopped: ${CYANN}$stop_except${OFF}" else mesg "No keychain $stop_prog-agent found running" fi ;; esac # remove pid files if keychain-controlled if [ "$stopwhich" != others ]; then if [ "$stop_prog" != ssh ]; then rm -f "${pidf}-$stop_prog" "${cshpidf}-$stop_prog" "${fishpidf}-$stop_prog" 2>/dev/null else rm -f "${pidf}" "${cshpidf}" "${fishpidf}" 2>/dev/null fi eval unset ${stop_prog}_agent_pid fi } # synopsis: inheritagents # Save agent variables from the environment before they get wiped out inheritagents() { # Verify these global vars are null unset inherit_ssh_auth_sock inherit_ssh_agent_pid unset inherit_ssh2_auth_sock inherit_ssh2_agent_sock unset inherit_gpg_agent_info inherit_gpg_agent_pid # Save variables so we can inherit a running agent if [ "$inheritwhich" != none ]; then if wantagent ssh; then if [ -n "$SSH_AUTH_SOCK" ]; then inherit_ssh_auth_sock="$SSH_AUTH_SOCK" inherit_ssh_agent_pid="$SSH_AGENT_PID" fi if [ -n "$SSH2_AUTH_SOCK" ]; then inherit_ssh2_auth_sock="$SSH2_AUTH_SOCK" inherit_ssh2_agent_pid="$SSH2_AGENT_PID" fi fi if wantagent gpg; then if [ -n "$GPG_AGENT_INFO" ]; then inherit_gpg_agent_info="$GPG_AGENT_INFO" inherit_gpg_agent_pid=`echo "$GPG_AGENT_INFO" | cut -f2 -d:` # GnuPG v.2.1+ removes $GPG_AGENT_INFO elif [ -S "${GNUPGHOME:=$HOME/.gnupg}/S.gpg-agent" ]; then inherit_gpg_agent_pid=$(findpids gpg) inherit_gpg_agent_info="$GNUPGHOME/S.gpg-agent:${inherit_gpg_agent_pid}:1" fi fi fi } # synopsis: validinherit # Test inherit_* variables for validity validinherit() { vi_agent="$1" vi_status=0 if [ "$vi_agent" = ssh ]; then if [ -n "$inherit_ssh_auth_sock" ]; then ls "$inherit_ssh_auth_sock" >/dev/null 2>&1 if [ $? != 0 ]; then warn "SSH_AUTH_SOCK in environment is invalid; ignoring it" unset inherit_ssh_auth_sock inherit_ssh_agent_pid vi_status=1 fi fi if [ -n "$inherit_ssh2_auth_sock" ]; then ls "$inherit_ssh2_auth_sock" >/dev/null 2>&1 if [ $? != 0 ]; then warn "SSH2_AUTH_SOCK in environment is invalid; ignoring it" unset inherit_ssh2_auth_sock inherit_ssh2_agent_pid vi_status=1 fi fi elif [ "$vi_agent" = gpg ]; then if [ -n "$inherit_gpg_agent_pid" ]; then kill -0 "$inherit_gpg_agent_pid" >/dev/null 2>&1 if [ $? != 0 ]; then unset inherit_gpg_agent_pid inherit_gpg_agent_info warn "GPG_AGENT_INFO in environment is invalid; ignoring it" vi_status=1 fi fi fi return $vi_status } # synopsis: catpidf_shell shell agents... # cat the pid files for the given agents. This is used by loadagents and also # for keychain output when --eval is given. catpidf_shell() { case "$1" in */fish|fish) cp_pidf="$fishpidf" ;; *csh) cp_pidf="$cshpidf" ;; *) cp_pidf="$pidf" ;; esac shift for cp_a in "$@"; do case "${cp_a}" in ssh) [ -f "$cp_pidf" ] && cat "$cp_pidf" ;; *) [ -f "${cp_pidf}-$cp_a" ] && cat "${cp_pidf}-$cp_a" ;; esac echo done return 0 } # synopsis: catpidf agents... # cat the pid files for the given agents, appropriate for the current value of # $SHELL. This is used for keychain output when --eval is given. catpidf() { catpidf_shell "$SHELL" "$@" } # synopsis: loadagents agents... # Load agent variables from $pidf and copy implementation-specific environment # variables into generic global strings loadagents() { for la_a in "$@"; do case "$la_a" in ssh) unset SSH_AUTH_SOCK SSH_AGENT_PID SSH2_AUTH_SOCK SSH2_AGENT_PID eval "`catpidf_shell sh $la_a`" if [ -n "$SSH_AUTH_SOCK" ]; then ssh_auth_sock=$SSH_AUTH_SOCK ssh_agent_pid=$SSH_AGENT_PID elif [ -n "$SSH2_AUTH_SOCK" ]; then ssh_auth_sock=$SSH2_AUTH_SOCK ssh_agent_pid=$SSH2_AGENT_PID else unset ssh_auth_sock ssh_agent_pid fi ;; gpg) unset GPG_AGENT_INFO eval "`catpidf_shell sh $la_a`" if [ -n "$GPG_AGENT_INFO" ]; then la_IFS="$IFS" # save current IFS IFS=':' # set IFS to colon to separate PATH set -- $GPG_AGENT_INFO IFS="$la_IFS" # restore IFS gpg_agent_pid=$2 fi ;; *) eval "`catpidf_shell sh $la_a`" ;; esac done return 0 } # synopsis: startagent [prog] # Starts an agent if it isn't already running. # Requires $ssh_agent_pid startagent() { start_prog=${1-ssh} start_proto=${2-${start_prog}} unset start_pid start_inherit_pid=none start_mypids=`findpids "$start_prog"` [ $? = 0 ] || die # Unfortunately there isn't much way to genericize this without introducing # a lot more supporting code/structures. if [ "$start_prog" = ssh ]; then start_pidf="$pidf" start_cshpidf="$cshpidf" start_fishpidf="$fishpidf" start_pid="$ssh_agent_pid" if [ -n "$inherit_ssh_auth_sock" -o -n "$inherit_ssh2_auth_sock" ]; then if [ -n "$inherit_ssh_agent_pid" ]; then start_inherit_pid="$inherit_ssh_agent_pid" elif [ -n "$inherit_ssh2_agent_pid" ]; then start_inherit_pid="$inherit_ssh2_agent_pid" else start_inherit_pid="forwarded" fi fi else start_pidf="${pidf}-$start_prog" start_cshpidf="${cshpidf}-$start_prog" start_fishpidf="${fishpidf}-$start_prog" if [ "$start_prog" = gpg ]; then start_pid="$gpg_agent_pid" if [ -n "$inherit_gpg_agent_pid" ]; then start_inherit_pid="$inherit_gpg_agent_pid" fi else error "I don't know how to start $start_prog-agent (1)" return 1 fi fi [ "$start_pid" -gt 0 ] 2>/dev/null || start_pid=none # This hack makes the case statement easier if [ "$inheritwhich" = any -o "$inheritwhich" = any-once ]; then start_fwdflg=forwarded else unset start_fwdflg fi # Check for an existing agent start_tester="$inheritwhich: $start_mypids $start_fwdflg " case "$start_tester" in none:*" $start_pid "*|*-once:*" $start_pid "*) mesg "Found existing ${start_prog}-agent: ${CYANN}$start_pid${OFF}" return 0 ;; *:*" $start_inherit_pid "*) # This test was postponed until now to prevent generating warnings validinherit "$start_prog" if [ $? != 0 ]; then # inherit_* vars have been removed from the environment. Try # again now startagent "$start_prog" return $? fi mesg "Inheriting ${start_prog}-agent ($start_inherit_pid)" ;; *) # start_inherit_pid might be "forwarded" which we don't allow with, # for example, local-once (the default setting) start_inherit_pid=none ;; esac # Init the bourne-formatted pidfile ( umask 0177 && :> "$start_pidf"; ) if [ $? != 0 ]; then rm -f "$start_pidf" "$start_cshpidf" "$start_fishpidf" 2>/dev/null error "can't create $start_pidf" return 1 fi # Init the csh-formatted pidfile ( umask 0177 && :> "$start_cshpidf"; ) if [ $? != 0 ]; then rm -f "$start_pidf" "$start_cshpidf" "$start_fishpidf" 2>/dev/null error "can't create $start_cshpidf" return 1 fi # Init the fish-formatted pidfile ( umask 0177 && :> "$start_fishpidf"; ) if [ $? != 0 ]; then rm -f "$start_pidf" "$start_cshpidf" "$start_fishpidf" 2>/dev/null error "can't create $start_fishpidf" return 1 fi # Determine content for files unset start_out if [ "$start_inherit_pid" = none ]; then # Start the agent. # Branch again since the agents start differently mesg "Starting ${start_prog}-agent..." if [ "$start_prog" = ssh ]; then start_out=`ssh-agent` elif [ "$start_prog" = gpg ]; then if [ -n "${timeout}" ]; then start_gpg_timeout="--default-cache-ttl `expr $timeout \* 60`" else unset start_gpg_timeout fi # the 1.9.x series of gpg spews debug on stderr start_out=`gpg-agent --daemon --write-env-file $start_gpg_timeout 2>/dev/null` else error "I don't know how to start $start_prog-agent (2)" return 1 fi if [ $? != 0 -a $? != 2 ]; then rm -f "$start_pidf" "$start_cshpidf" "$start_fishpidf" 2>/dev/null error "Failed to start ${start_prog}-agent" return 1 fi elif [ "$start_prog" = ssh -a -n "$inherit_ssh_auth_sock" ]; then start_out="SSH_AUTH_SOCK=$inherit_ssh_auth_sock; export SSH_AUTH_SOCK;" if [ "$inherit_ssh_agent_pid" -gt 0 ] 2>/dev/null; then start_out="$start_out SSH_AGENT_PID=$inherit_ssh_agent_pid; export SSH_AGENT_PID;" fi elif [ "$start_prog" = ssh -a -n "$inherit_ssh2_auth_sock" ]; then start_out="SSH2_AUTH_SOCK=$inherit_ssh2_auth_sock; export SSH2_AUTH_SOCK; SSH2_AGENT_PID=$inherit_ssh2_agent_pid; export SSH2_AGENT_PID;" if [ "$inherit_ssh2_agent_pid" -gt 0 ] 2>/dev/null; then start_out="$start_out SSH2_AGENT_PID=$inherit_ssh2_agent_pid; export SSH2_AGENT_PID;" fi elif [ "$start_prog" = gpg -a -n "$inherit_gpg_agent_info" ]; then start_out="GPG_AGENT_INFO=$inherit_gpg_agent_info; export GPG_AGENT_INFO;" else die "something bad happened" # should never be here fi # Add content to pidfiles. # Some versions of ssh-agent don't understand -s, which means to # generate Bourne shell syntax. It appears they also ignore SHELL, # according to http://bugs.gentoo.org/show_bug.cgi?id=52874 # So make no assumptions. start_out=`echo "$start_out" | grep -v 'Agent pid'` case "$start_out" in setenv*) echo "$start_out" >"$start_cshpidf" echo "$start_out" | awk '{print $2"="$3" export "$2";"}' >"$start_pidf" ;; *) echo "$start_out" >"$start_pidf" echo "$start_out" | sed 's/;.*/;/' | sed 's/=/ /' | sed 's/^/setenv /' >"$start_cshpidf" echo "$start_out" | sed 's/;.*/;/' | sed 's/^\(.*\)=\(.*\);/set -e \1; set -x -U \1 \2;/' >"$start_fishpidf" ;; esac # Hey the agent should be started now... load it up! loadagents "$start_prog" } # synopsis: extract_fingerprints # Extract the fingerprints from standard input, returns space-separated list. # Utility routine for ssh_l and ssh_f extract_fingerprints() { while read ef_line; do case "$ef_line" in *\ *\ [0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:*) # Sun SSH spits out different things depending on the type of # key. For example: # md5 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /home/barney/.ssh/id_dsa(DSA) # 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /home/barney/.ssh/id_rsa.pub echo "$ef_line" | cut -f3 -d' ' ;; *\ [0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]:*) # The more consistent OpenSSH format, we hope # 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /home/barney/.ssh/id_dsa (DSA) echo "$ef_line" | cut -f2 -d' ' ;; *\ SHA256:[0-9a-zA-Z\+\/=]*|*\ MD5:[0-9a-zA-Z\+\/=]*) # The new OpenSSH 6.8+ format, # 1024 SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE /home/barney/.ssh/id_dsa (DSA) echo "$ef_line" | cut -f2 -d' ' ;; *) # Fall back to filename. Note that commercial ssh is handled # explicitly in ssh_l and ssh_f, so hopefully this rule will # never fire. warn "Can't determine fingerprint from the following line, falling back to filename" mesg "$ef_line" basename "$ef_line" | sed 's/[ (].*//' ;; esac done | xargs } # synopsis: ssh_l # Return space-separated list of known fingerprints ssh_l() { sl_mylist=`ssh-add -l 2>/dev/null` sl_retval=$? if $openssh; then # Error codes: # 0 success # 1 OpenSSH_3.8.1p1 on Linux: no identities (not an error) # OpenSSH_3.0.2p1 on HP-UX: can't connect to auth agent # 2 can't connect to auth agent case $sl_retval in 0) echo "$sl_mylist" | extract_fingerprints ;; 1) case "$sl_mylist" in *"open a connection"*) sl_retval=2 ;; esac ;; esac return $sl_retval elif $sunssh; then # Error codes (from http://docs.sun.com/db/doc/817-3936/6mjgdbvio?a=view) # 0 success (even when there are no keys) # 1 error case $sl_retval in 0) echo "$sl_mylist" | extract_fingerprints ;; 1) case "$sl_mylist" in *"open a connection"*) sl_retval=2 ;; esac ;; esac return $sl_retval else # Error codes: # 0 success - however might say "The authorization agent has no keys." # 1 can't connect to auth agent # 2 bad passphrase # 3 bad identity file # 4 the agent does not have the requested identity # 5 unspecified error if [ $sl_retval = 0 ]; then # Output of ssh-add -l: # The authorization agent has one key: # id_dsa_2048_a: 2048-bit dsa, agriffis@alpha.zk3.dec.com, Fri Jul 25 2003 10:53:49 -0400 # Since we don't have a fingerprint, just get the filenames *shrug* echo "$sl_mylist" | sed '2,$s/:.*//' | xargs fi return $sl_retval fi } # synopsis: ssh_f filename # Return fingerprint for a keyfile # Requires $openssh and $sunssh ssh_f() { sf_filename="$1" if $openssh || $sunssh; then # if private key is symlink and symlink to *.pub is missing: if [ -L "$sf_filename" ] && [ ! -z "$realpath_bin" ]; then sf_filename="`$realpath_bin $sf_filename`" fi lsf_filename="$sf_filename.pub" if [ ! -f "$lsf_filename" ]; then # try to remove extension from private key, *then* add .pub, and see if we now find it: if [ -L "$sf_filename" ] && [ ! -z "$realpath_bin" ]; then sf_filename="`$realpath_bin $sf_filename`" fi lsf_filename=`echo "$sf_filename" | sed 's/\.[^\.]*$//'`.pub if [ ! -f "$lsf_filename" ]; then warn "Cannot find public key for $1." return 1 fi fi sf_fing=`ssh-keygen -l -f "$lsf_filename"` || return 1 echo "$sf_fing" | extract_fingerprints else # can't get fingerprint for ssh2 so use filename *shrug* basename "$sf_filename" fi return 0 } # synopsis: gpg_listmissing # Uses $gpgkeys # Returns a newline-separated list of keys found to be missing. gpg_listmissing() { unset glm_missing GPG_TTY=`tty` # Parse $gpgkeys into positional params to preserve spaces in filenames set -f # disable globbing glm_IFS="$IFS" # save current IFS IFS=" " # set IFS to newline set -- $gpgkeys IFS="$glm_IFS" # restore IFS set +f # re-enable globbing for glm_k in "$@"; do # Check if this key is known to the agent. Don't know another way... if echo | env -i GPG_TTY="$GPG_TTY" PATH="$PATH" GPG_AGENT_INFO="$GPG_AGENT_INFO" \ gpg --no-options --use-agent --no-tty --sign --local-user "$glm_k" -o- >/dev/null 2>&1; then # already know about this key mesg "Known gpg key: ${CYANN}${glm_k}${OFF}" continue else # need to add this key if [ -z "$glm_missing" ]; then glm_missing="$glm_k" else glm_missing="$glm_missing $glm_k" fi fi done echo "$glm_missing" } # synopsis: ssh_listmissing # Uses $sshkeys and $sshavail # Returns a newline-separated list of keys found to be missing. ssh_listmissing() { unset slm_missing # Parse $sshkeys into positional params to preserve spaces in filenames set -f # disable globbing slm_IFS="$IFS" # save current IFS IFS=" " # set IFS to newline set -- $sshkeys IFS="$slm_IFS" # restore IFS set +f # re-enable globbing for slm_k in "$@"; do # Fingerprint current user-specified key slm_finger=`ssh_f "$slm_k"` || continue # Check if it needs to be added case " $sshavail " in *" $slm_finger "*) # already know about this key mesg "Known ssh key: ${CYANN}${slm_k}${OFF}" ;; *) # need to add this key if [ -z "$slm_missing" ]; then slm_missing="$slm_k" else slm_missing="$slm_missing $slm_k" fi ;; esac done echo "$slm_missing" } # synopsis: add_gpgkey # Adds a key to $gpgkeys add_gpgkey() { gpgkeys=${gpgkeys+"$gpgkeys "}"$1" } # synopsis: add_sshkey # Adds a key to $sshkeys add_sshkey() { sshkeys=${sshkeys+"$sshkeys "}"$1" } # synopsis: parse_mykeys # Sets $sshkeys and $gpgkeys based on $mykeys parse_mykeys() { # Possible path to the private key: if --confhost variable used. pkeypath="$1" # Parse $mykeys into positional params to preserve spaces in filenames set -f # disable globbing pm_IFS="$IFS" # save current IFS IFS=" " # set IFS to newline set -- $mykeys IFS="$pm_IFS" # restore IFS set +f # re-enable globbing for pm_k in "$@"; do # Check for ssh if wantagent ssh; then if [ -f "$pm_k" ]; then add_sshkey "$pm_k" ; continue elif [ -f "$HOME/.ssh/$pm_k" ]; then add_sshkey "$HOME/.ssh/$pm_k" ; continue elif [ -f "$HOME/.ssh2/$pm_k" ]; then add_sshkey "$HOME/.ssh2/$pm_k" ; continue elif [ -f "$pkeypath" ]; then add_sshkey "$pkeypath"; continue fi fi # Check for gpg if wantagent gpg; then if [ -z "$pm_gpgsecrets" ]; then pm_gpgsecrets="`gpg --list-secret-keys 2>/dev/null | cut -d/ -f2 | cut -d' ' -f1 | xargs`" [ -z "$pm_gpgsecrets" ] && pm_gpgsecrets='/' # arbitrary fi case " $pm_gpgsecrets " in *" $pm_k "*) add_gpgkey "$pm_k" ; continue ;; esac fi $ignoreopt || warn "can't find $pm_k; skipping" continue done return 0 } # synopsis: setaction # Sets $myaction or dies if $myaction is already set setaction() { if [ -n "$myaction" ]; then die "you can't specify --$myaction and $1 at the same time" else myaction="$1" fi } # synopsis: setagents # Check validity of agentsopt setagents() { if [ -n "$agentsopt" ]; then agentsopt=`echo "$agentsopt" | sed 's/,/ /g'` unset new_agentsopt for a in $agentsopt; do if command -v ${a}-agent >/dev/null; then new_agentsopt="${new_agentsopt+$new_agentsopt }${a}" else warn "can't find ${a}-agent, removing from list" fi done agentsopt="${new_agentsopt}" else for a in ssh; do command -v ${a}-agent >/dev/null || continue agentsopt="${agentsopt+$agentsopt }${a}" done fi if [ -z "$agentsopt" ]; then die "no agents available to start" fi } # synopsis: confpath # Return private key path if found in ~/.ssh/config SSH configuration file. # Input: the name of the host we would like to connect to. confpath() { h="" while IFS= read -r line; do # get the Host directives if [[ $line == *"Host "* ]]; then h=$(echo $line | awk '{print $2}') fi if [[ $line == *IdentityFile* ]] && [[ $h == "$1" ]]; then echo $line | awk '{print $2}' break fi done < ~/.ssh/config } # synopsis: wantagent prog # Return 0 (true) or 1 (false) depending on whether prog is one of the agents in # agentsopt wantagent() { case "$agentsopt" in "$1"|"$1 "*|*" $1 "*|*" $1") return 0 ;; *) return 1 ;; esac } # # MAIN PROGRAM # # parse the command-line while [ -n "$1" ]; do case "$1" in --help|-h) setaction help ;; --stop|-k) # As of version 2.5, --stop takes an argument. For the sake of # backward compatibility, only eat the arg if it's one we recognize. if [ "$2" = mine ]; then stopwhich=mine; shift elif [ "$2" = others ]; then stopwhich=others; shift elif [ "$2" = all ]; then stopwhich=all; shift else # backward compat stopwhich=all-warn fi ;; --version|-V) setaction version ;; --agents) shift agentsopt="$1" ;; --attempts) shift if [ "$1" -gt 0 ] 2>/dev/null; then attempts=$1 else die "--attempts requires a numeric argument greater than zero" fi ;; --clear) clearopt=true $quickopt && die "--quick and --clear are not compatible" ;; --confirm) confirmopt=true ;; --absolute) absoluteopt=true ;; --dir) shift case "$1" in */.*) keydir="$1" ;; '') die "--dir requires an argument" ;; *) if $absoluteopt; then keydir="$1" else keydir="$1/.keychain" # be backward-compatible fi ;; esac ;; --env) shift if [ -z "$1" ]; then die "--env requires an argument" else envf="$1" fi ;; --eval) evalopt=true ;; --list|-l) setaction list quietopt=true ;; --query) queryopt=true ;; --host) shift hostopt="$1" ;; --ignore-missing) ignoreopt=true ;; --inherit) shift case "$1" in local|any|local-once|any-once) inheritwhich="$1" ;; *) die "--inherit requires an argument (local, any, local-once or any-once)" ;; esac ;; --noinherit) inheritwhich=none ;; --noask) noaskopt=true ;; --nogui) noguiopt=true ;; --nolock) nolockopt=true ;; --lockwait) shift if [ "$1" -ge 0 ] 2>/dev/null; then lockwait="$1" else die "--lockwait requires an argument zero or greater." fi ;; --quick|-Q) quickopt=true $clearopt && die "--quick and --clear are not compatible" ;; --quiet|-q) quietopt=true ;; --confhost|-c) if [ -e ~/.ssh/config ]; then sshconfig=true confhost="$2" else warn "~/.ssh/config not found; --confhost/-c option ignored." fi ;; --nocolor) color=false ;; --timeout) shift if [ "$1" -gt 0 ] 2>/dev/null; then timeout=$1 else die "--timeout requires a numeric argument greater than zero" fi ;; --systemd) systemdopt=true ;; --) shift IFS=" " mykeys=${mykeys+"$mykeys "}"$*" unset IFS break ;; -*) echo "$zero: unknown option $1" >&2 $evalopt && { echo; echo "false;"; } exit 1 ;; *) mykeys=${mykeys+"$mykeys "}"$1" ;; esac shift done # Set filenames *after* parsing command-line options to allow # modification of $keydir and/or $hostopt # # pidf holds the specific name of the keychain .ssh-agent-myhostname file. # We use the new hostname extension for NFS compatibility. cshpidf is the # .ssh-agent file with csh-compatible syntax. fishpidf is the .ssh-agent # file with fish-compatible syntax. lockf is the lockfile, used # to serialize the execution of multiple ssh-agent processes started # simultaneously [ -z "$hostopt" ] && hostopt="${HOSTNAME}" [ -z "$hostopt" ] && hostopt=`uname -n 2>/dev/null || echo unknown` pidf="${keydir}/${hostopt}-sh" cshpidf="${keydir}/${hostopt}-csh" fishpidf="${keydir}/${hostopt}-fish" olockf="${keydir}/${hostopt}-lock" lockf="${keydir}/${hostopt}-lockf" # Read the env snippet (especially for things like PATH, but could modify # basically anything) if [ -z "$envf" ]; then envf="${keydir}/${hostopt}-env" [ -f "$envf" ] || envf="${keydir}/env" [ -f "$envf" ] || unset envf fi if [ -n "$envf" ]; then . "$envf" fi # Don't use color if there's no terminal on stderr if [ -n "$OFF" ]; then tty <&2 >/dev/null 2>&1 || color=false fi #disable color if necessary, right before our initial newline $color || unset BLUE CYAN CYANN GREEN PURP OFF RED qprint #initial newline mesg "${PURP}keychain ${OFF}${CYANN}${version}${OFF} ~ ${GREEN}http://www.funtoo.org${OFF}" [ "$myaction" = version ] && { versinfo; exit 0; } [ "$myaction" = help ] && { versinfo; helpinfo; exit 0; } # Set up traps # Don't use signal names because they don't work on Cygwin. if $clearopt; then trap '' 2 # disallow ^C until we've had a chance to --clear trap 'droplock; exit 1' 1 15 # drop the lock on signal trap 'droplock; exit 0' 0 # drop the lock on exit else # Don't use signal names because they don't work on Cygwin. trap 'droplock; exit 1' 1 2 15 # drop the lock on signal trap 'droplock; exit 0' 0 # drop the lock on exit fi setagents # verify/set $agentsopt verifykeydir # sets up $keydir wantagent ssh && testssh # sets $openssh and $sunssh getuser # sets $me # Inherit agent info from the environment before loadagents wipes it out. # Always call this since it checks $inheritopt and sets variables accordingly. inheritagents # --stop: kill the existing ssh-agent(s) and quit if [ -n "$stopwhich" ]; then if [ "$stopwhich" = all-warn ]; then warn "--stop without an argument is deprecated; see --help" stopwhich=all fi takelock || die if [ "$stopwhich" = mine -o "$stopwhich" = others ]; then loadagents $agentsopt fi for a in $agentsopt; do stopagent $a done if [ "$stopwhich" != others ]; then qprint exit 0 # stopagent is always successful fi fi # Note regarding locking: if we're trying to be quick, then don't take the lock. # It will be taken later if we discover we can't be quick. if $quickopt; then loadagents $agentsopt # sets ssh_auth_sock, ssh_agent_pid, etc unset nagentsopt for a in $agentsopt; do needstart=true # Trying to be quick has a price... If we discover the agent isn't running, # then we'll have to check things again (in startagent) after taking the # lock. So don't do the initial check unless --quick was specified. if [ $a = ssh ]; then sshavail=`ssh_l` # try to use existing agent # 0 = found keys, 1 = no keys, 2 = no agent if [ $? = 0 -o \( $? = 1 -a -z "$mykeys" \) ]; then mesg "Found existing ssh-agent: ${CYANN}$ssh_agent_pid${OFF}" needstart=false fi elif [ $a = gpg ]; then # not much way to be quick on this if [ -n "$gpg_agent_pid" ]; then case " `findpids gpg` " in *" $gpg_agent_pid "*) mesg "Found existing gpg-agent: ${CYANN}$gpg_agent_pid${OFF}" needstart=false ;; esac fi fi if $needstart; then nagentsopt="$nagentsopt $a" elif $evalopt; then catpidf $a fi done agentsopt="$nagentsopt" fi # If there are no agents remaining, then bow out now... [ -n "$agentsopt" ] || { qprint; exit 0; } # There are agents remaining to start, and we now know we can't be quick. Take # the lock before continuing takelock || die loadagents $agentsopt unset nagentsopt for a in $agentsopt; do if $queryopt; then catpidf_shell sh $a | cut -d\; -f1 elif startagent $a; then nagentsopt="${nagentsopt+$nagentsopt }$a" $evalopt && catpidf $a fi done agentsopt="$nagentsopt" # If we are just querying the services, exit. $queryopt && exit 0 # If there are no agents remaining, then duck out now... [ -n "$agentsopt" ] || { qprint; exit 0; } # --timeout translates almost directly to ssh-add -t, but ssh.com uses # minutes and OpenSSH uses seconds if [ -n "$timeout" ] && wantagent ssh; then ssh_timeout=$timeout if $openssh || $sunssh; then ssh_timeout=`expr $ssh_timeout \* 60` fi ssh_timeout="-t $ssh_timeout" fi # --confirm translates to ssh-add -c if $confirmopt && wantagent ssh; then if $openssh || $sunssh; then ssh_confirm=-c else warn "--confirm only works with OpenSSH" fi fi # --clear: remove all keys from the agent(s) if $clearopt; then for a in ${agentsopt}; do if [ $a = ssh ]; then sshout=`ssh-add -D 2>&1` if [ $? = 0 ]; then mesg "ssh-agent: $sshout" else warn "ssh-agent: $sshout" fi elif [ $a = gpg ]; then kill -1 $gpg_agent_pid 2>/dev/null mesg "gpg-agent: All identities removed." else warn "--clear not supported for ${a}-agent" fi done trap 'droplock' 2 # done clearing, safe to ctrl-c fi if $systemdopt; then for a in $agentsopt; do systemctl --user set-environment $( catpidf_shell sh $a | cut -d\; -f1 ) done fi # --noask: "don't ask for keys", so we're all done $noaskopt && { qprint; exit 0; } # If the --confhost option used, determine the path to the private key as # written in the ~/.ssh/config and add it to ssh-add. if $sshconfig; then pkeypath=$(confpath "$confhost") eval pkeypath=$pkeypath fi # Parse $mykeys into ssh vs. gpg keys; it may be necessary in the future to # differentiate on the cmdline parse_mykeys "$pkeypath" || die # Load ssh keys if wantagent ssh; then sshavail=`ssh_l` # update sshavail now that we're locked if [ "$myaction" = "list" ]; then for key in $sshavail end; do [ "$key" == "end" ] && continue echo "$key" done else sshkeys="`ssh_listmissing`" # cache list of missing keys, newline-separated sshattempts=$attempts savedisplay="$DISPLAY" # Attempt to add the keys while [ -n "$sshkeys" ]; do mesg "Adding ${CYANN}"`echo "$sshkeys" | wc -l`"${OFF} ssh key(s): `echo $sshkeys`" # Parse $sshkeys into positional params to preserve spaces in filenames. # This *must* happen after any calls to subroutines because pure Bourne # shell doesn't restore "$@" following a call. Eeeeek! set -f # disable globbing old_IFS="$IFS" # save current IFS IFS=" " # set IFS to newline set -- $sshkeys IFS="$old_IFS" # restore IFS set +f # re-enable globbing if $noguiopt || [ -z "$SSH_ASKPASS" -o -z "$DISPLAY" ]; then unset DISPLAY # DISPLAY="" can cause problems unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS sshout=`ssh-add ${ssh_timeout} ${ssh_confirm} "$@" 2>&1` else sshout=`ssh-add ${ssh_timeout} ${ssh_confirm} "$@" 2>&1 /dev/null 2>&1 [ $? != 0 ] && tryagain=true done $tryagain || break if [ $gpgattempts = 1 ]; then die "Problem adding (is pinentry installed?); giving up" else warn "Problem adding; trying again" fi # Update the list of missing keys gpgkeys="`gpg_listmissing`" # remember, newline-separated # Decrement the countdown gpgattempts=`expr $gpgattempts - 1` done fi qprint # trailing newline # vim:sw=4 noexpandtab tw=120 keychain/keychain.spec.in0000644000000000000000000000225312532114140012606 0ustar Name: keychain Version: KEYCHAIN_VERSION Release: 1 Summary: agent manager for OpenSSH, ssh.com, Sun SSH, and GnuPG Packager: Daniel Robbins URL: http://www.funtoo.org Source0: %{name}-%{version}.tar.bz2 License: GPL v2 Group: Applications/Internet BuildArch: noarch Requires: /bin/sh sh-utils Prefix: /usr/bin BuildRoot: %{_tmppath}/%{name}-root %description Keychain is a manager for OpenSSH, ssh.com, Sun SSH and GnuPG agents. It acts as a front-end to the agents, allowing you to easily have one long-running agent process per system, rather than per login session. This reduces the number of times you need to enter your passphrase from once per new login session to once every time your local machine is rebooted. %prep %setup -q %build %install [ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/%{_bindir} $RPM_BUILD_ROOT/%{_mandir}/man1 install -m0755 keychain $RPM_BUILD_ROOT/%{_bindir}/keychain install -m0644 keychain.1 $RPM_BUILD_ROOT/%{_mandir}/man1 %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %{_bindir}/* %doc %{_mandir}/*/* %doc ChangeLog COPYING.txt keychain.pod README.md keychain/misc/0000755000000000000000000000000012532114140010463 5ustar keychain/misc/macos-security.sh0000644000000000000000000000015112532114140013763 0ustar security find-generic-password -s SSH | grep "\"acct\"" | sed -e 's/^.*"acct"=\(".*"\)$/\1/' keychain/debian/0000755000000000000000000000000012572512023010760 5ustar keychain/debian/README.Debian0000644000000000000000000000022012572506036013022 0ustar Starting keychain 2.5.5, the debian package doesn't use debconf. This is because Sarge was released and the old warning is not needed anymore. keychain/debian/dirs0000644000000000000000000000001012572506036011642 0ustar usr/bin keychain/debian/copyright0000644000000000000000000000056112572506036012724 0ustar This package was debianized by Cesar Mendoza on Tue, 11 Oct 2011 20:11:23 -0500. It was downloaded from http://www.funtoo.org/wiki/Keychain Upstream Author: Daniel Robbins Copyright: 2001 Gentoo Technologies, Inc.; Distributed under the GPL, v2 or later. A copy of the GPL can be foud in /usr/share/common-licenses/GPL keychain/debian/rules0000755000000000000000000000342112572511305012042 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 configure: configure-stamp configure-stamp: dh_testdir # Add here commands to configure the package. touch configure-stamp build-arch: # We have nothing to do by default. build-indep build: configure-stamp build-stamp build-stamp: dh_testdir # Add here commands to compile the package. $(MAKE) keychain keychain.1 touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. $(MAKE) clean dh_clean install: install-indep install-arch install-arch: build-arch # We have nothing to do by default. install-indep: build-indep dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/keychain. #$(MAKE) install DESTDIR=$(CURDIR)/debian/keychain install -m0755 keychain $(CURDIR)/debian/keychain/usr/bin # Build architecture-independent files here. binary-indep: build-indep install-indep dh_testdir dh_testroot # dh_installdebconf dh_installdocs keychain.pod dh_installexamples # dh_installmenu # dh_installlogrotate # dh_installemacsen # dh_installpam # dh_installmime # dh_installinit # dh_installcron dh_installman keychain.1 # dh_installinfo # dh_undocumented dh_installchangelogs ChangeLog dh_link dh_strip dh_compress dh_fixperms # dh_makeshlibs dh_installdeb # dh_perl dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb # Build architecture-dependent files here. binary-arch: build-arch install-arch # We have nothing to do by default. binary: binary-indep binary-arch .PHONY: build clean build-arch build-indep binary-indep binary-arch binary install configure keychain/debian/keychain.docs0000644000000000000000000000001212572510355013424 0ustar README.md keychain/debian/control0000644000000000000000000000162612572511450012373 0ustar Source: keychain Section: net Priority: extra Maintainer: Cesar Mendoza Build-Depends: debhelper (>= 9) Standards-Version: 3.9.1 Homepage: http://www.funtoo.org/Keychain Package: keychain Architecture: all Depends: openssh-client | ssh-client, ${misc:Depends} Suggests: gnupg-agent, ssh-askpass Description: key manager for OpenSSH Keychain is an OpenSSH key manager, typically run from ~/.bash_profile. When keychain is run, it checks for a running ssh-agent, otherwise it starts one. It saves the ssh-agent environment variables to ~/.keychain/\$\{HOSTNAME\}-sh, so that subsequent logins and non-interactive shells such as cron jobs can source the file and make passwordless ssh connections. In addition, when keychain runs, it verifies that the key files specified on the command-line are known to ssh-agent, otherwise it loads them, prompting you for a password if necessary. keychain/debian/changelog0000644000000000000000000001533012572512017012637 0ustar keychain (2.8.1-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream release. (Closes: #780012) - Supports OpenSSH 6.9 output. (Closes: #796398) * Replace deprecated dh_clean -k with dh_prep * README.examples and keychain.xsession are no longer shipped as upstream has removed them without any apparent replacement. (Closes: #577246) * Remove versioned dependency on grep since it was satisfied in "oldoldstable". * Add a Homepage field to link to the upstream project page. * Add now mandatory build-arch and build-indep targets. * Bump debhelper compat to 9 - none of the compat changes affects the package. -- Niels Thykier Sat, 05 Sep 2015 09:04:43 +0200 keychain (2.7.1-1) unstable; urgency=low * New upstream version. -- Cesar Mendoza Thu, 11 Oct 2011 19:01:34 -0600 keychain (2.6.8-3) unstable; urgency=low * Fixed url in the man page -- Cesar Mendoza Thu, 18 Jun 2009 11:02:00 -0600 keychain (2.6.8-2) unstable; urgency=low * added suggests for package ssh-askpass. Closes: #462080 * superfluous continuation lines in manpage example fixed. Closes: #440128 * Assumes tty uses ANSI escape sequences fixed. Closes: #440129 * Thanks to Gregory Colpart, Trent Buck and Steven Cole for the input. -- Cesar Mendoza Thu, 03 Apr 2008 09:04:28 -0600 keychain (2.6.8-1) unstable; urgency=low * New upstream version. -- Cesar Mendoza Tue, 24 Aug 2007 15:32:54 -0600 keychain (2.6.6-1) unstable; urgency=low * New upstream version. -- Cesar Mendoza Tue, 21 Sep 2006 15:28:05 -0600 keychain (2.6.2-1) unstable; urgency=low * New upstream version. * IGNORECASE removed from awk calls. Closes: #366073 * debconf dependency removed. Closes: #375232 * added example for keychain integration into Xsession. Thanks to Simon McVittie. Closes: #336484 * Confirm patch added to keychain upstream. Thanks to Liyang HU for the patch. Closes: #296382 -- Cesar Mendoza Tue, 9 May 2006 09:09:13 -0600 keychain (2.5.5-5) unstable; urgency=low * the package now suggests gnupg-agent. Closes: #336159 -- Cesar Mendoza Mon, 31 Oct 2005 14:26:34 -0600 keychain (2.5.5-4) unstable; urgency=low * added | debconf-2.0 to Depend field. -- Cesar Mendoza Thu, 28 Sep 2005 14:01:03 -0600 keychain (2.5.5-3) unstable; urgency=low * Fix bugs in handling of DISPLAY and SSH_ASKPASS. Closes: #324950 -- Cesar Mendoza Thu, 25 Aug 2005 15:19:23 -0600 keychain (2.5.5-2) unstable; urgency=low * Now depends on openssh-client | ssh-client. Closes: #281106 -- Cesar Mendoza Tue, 23 Aug 2005 13:26:34 -0600 keychain (2.5.5-1) unstable; urgency=low * New upstream version. Closes: #305281 * Now depends on ssh. Closes: #281106 * Debconf not used anymore. Closes: #235812,#298567 * Translations not needed any more for debconf. Closes: #301473,#312168 * Error in the description fixed. Closes: #285125 -- Cesar Mendoza Tue, 23 Aug 2005 11:33:12 -0600 keychain (2.5.1-1) unstable; urgency=low * New upstream version. Closes: #246967 * l10n changes Closes: #235812,#259567,#262738,#266356,#274900,#192165 -- Cesar Mendoza Mon, 17 Jan 2005 11:40:46 -0600 keychain (2.4.0-1) unstable; urgency=low * New upstream version. * keychain doesn't output ssh-add messages Closes: #269722 -- Cesar Mendoza Tue, 21 Sep 2004 14:08:29 -0600 keychain (2.3.3-1) unstable; urgency=low * using debconf without po-debconf fixed. * New upstream version. * Doesn't suggest procmail anymore -- Cesar Mendoza Thu, 08 Jul 2004 14:31:43 -0600 keychain (2.0.3-2) unstable; urgency=low * keychain dosn't recognise the running ssh-agents again Closes: #223808 -- Cesar Mendoza Fri, 05 Dec 2003 15:30:29 -0600 keychain (2.0.3-1) unstable; urgency=low * New upstream version. -- Cesar Mendoza Fri, 05 Dec 2003 15:25:49 -0600 keychain (2.0.2-4) unstable; urgency=low * keychain dosn't recognise the running ssh-agents Closes: #163339 -- Cesar Mendoza Mon, 28 Oct 2002 10:32:04 -0600 keychain (2.0.2-3) unstable; urgency=low * error on keychain manpage Closes: #166328 -- Cesar Mendoza Mon, 28 Oct 2002 10:32:04 -0600 keychain (2.0.2-2) unstable; urgency=low * keychain 2.0.2 identifies itself as 2.0.1 -- Cesar Mendoza Wed, 26 Sep 2002 09:37:49 -0600 keychain (2.0.2-1) unstable; urgency=low * New upstream version, fixes problems with ssh-askpass -- Cesar Mendoza Wed, 18 Sep 2002 16:07:27 -0600 keychain (2.0.1-2) unstable; urgency=low * removed dependency on ssh-askpass Closes: #161123 * keychain goes to main -- Cesar Mendoza Thu, 17 Sep 2002 09:50:55 -0600 keychain (2.0.1-1) unstable; urgency=low * New upstream version * 2.0 was skiped because of a bug in the documentation -- Cesar Mendoza Mon, 26 Aug 2002 11:05:25 -0600 keychain (1.9-2) unstable; urgency=low * change on grep dependency Closes: #152546 -- Cesar Mendoza Wed, 10 Jul 2002 15:20:58 -0600 keychain (1.9-1) unstable; urgency=low * New upstream version -- Cesar Mendoza Mon, 04 Mar 2002 13:14:25 -0600 keychain (1.8-2) unstable; urgency=low * New new option --local was missing in the man page. -- Cesar Mendoza Thu, 06 Dec 2001 13:12:15 -0600 keychain (1.8-1) unstable; urgency=low * New upstream version -- Cesar Mendoza Thu, 03 Dec 2001 09:37:06 -0600 keychain (1.7-1) unstable; urgency=low * New upstream version * Added suggests procmail because of lockfile, but It will run without it. -- Cesar Mendoza Thu, 24 Oct 2001 17:06:33 -0500 keychain (1.5-1) unstable; urgency=low * New upstream version Closes: #113781 -- Cesar Mendoza Fri, 28 Sep 2001 10:48:40 -0500 keychain (1.4-1) unstable; urgency=low * New upstream version Closes: #112967 -- Cesar Mendoza Wed, 20 Sep 2001 16:28:21 -0500 keychain (1.2-2) unstable; urgency=low * Real Author added to the copyright file * Better dependencies. * now works with ash as sh -- Cesar Mendoza Wed, 12 Sep 2001 09:16:48 -0500 keychain (1.2-1) unstable; urgency=low * Initial Release. Closes: #112020 -- Cesar Mendoza Tue, 11 Sep 2001 09:13:33 -0500 Local variables: mode: debian-changelog End: keychain/debian/compat0000644000000000000000000000000212572511443012163 0ustar 9 keychain/keychain_2.8.1-0.1_all.deb0000644000000000000000000011161612572517051013673 0ustar ! debian-binary 1441436691 0 0 100644 4 ` 2.0 control.tar.gz 1441436691 0 0 100644 961 ` Mo6}֯G[&o(4.ꢽ((XKKJq~u@v{Hi8yŋ";}4# -Eha?ex͍_y>W%tpkwLgi2zh\dc]XީQq`>.i7;@[y`4VZ1~hPXm(qt)`6ݹn{%BOh;t#Xzڷ+Tقݞ9m!9\-UƪAѲ r?׍~^hl9KU' L:cp)>?~^qQc̀Y5sݯ{kI=*NweV={܌7'wthG^:O+==ս1>s뻯~釋۫W[FT;Ug.6z'@ZÆ{ƼC![L #r9G= l'X194fOu1B71!.C@7Kv/jԜ8˽W P)FY0栽 ϩ&fU% pH&G39!T=k4ӄ% hްi*E9,Y.r캆&()sNISQ&,i,;-qDž..oU+KW"Mʤ f\PV)AD1R 3:e|VB?{L>D /KR4$Ô)Kje΋F l*D&i%&Ӣn*7~"$?ZvcDOekN%YJiV$8I0A7BWuSJ*\EHY;/x@ @ @ @ z@( data.tar.xz 1441436691 0 0 100644 36620 ` 7zXZִF!t/?] }J>y&TgeW%@`[X&n4C߬޻H?옧ă=7#L:Ty[@qBKiN!jv]N) rXAz$Dq,lT·n(T;P&&. ![㓋,;џ\Yt,E1LR^ !@CzUV Ȉ { ]yB)ѬZ]+2Qu4F]5;{5鲛Ň4bkӅ0knX<#^K'@%ƱH +3ٶӏ! |s5)z~0?whVm^[Z3ck_k'*O#Ә$5ž~Qw'0oVrp@3 3{-A[=^˸4~\xR_"ʓK\~SFR9g%A֍*ORԓSFM<}hUwRoe"vݰNރ^S|Ry|0QR j#5s5 Yy,o]p6%KPfR]A\"Q,wJ`֓5M'%_I8DA@ށ$TO,|Y#S³ĬٽQ '  Ah^!Dy(:D/K_S(qS)GZTO1OF@Vf+O_\0O^W%G1Y@آgKut~⫊t%uI>PE<%CzYFHiuyu2s/!le2Dd4 ;~:K>B4qpwThUHl~}~:ſ&nZmk!; (;G5lxY9g$C\[ߧ}r=1Ǔ2 {~>1#鿯`d{U҇QҸ&XWc]`bn?[1{E ՘E Pi.:蚼Ȅ2HPR;2.#ﻘ#k$j zS4[HbC4(^'4;qPmxap_:P2O-CJ/ or3(p4žk |li`R;hj#I)2 aߡ`wt?VfF͚]#{d&LŏR/^],H0K,ȌoV'U&MjF3]˺ˤRw)t=NO'Rȋ(Ff{n|35 #wNb,L*߿3(D/*]Xxq]bwfӜ6/ɀK[K͗$)F1%'3iH,nWw*7Z 6O_k̾x&&G"Q&g|G^@F&Hq9wѠu'r&[0Tvy2 #XTQHeLuuG5媢%ND?yFv) slX{J}?5yS^Ǹ,yF0ux~j1:o \jh54bָJw0=QF@^MƈC] &չZmШ G]vqSRdSfQxtĘfâb)t+)mi]"Z(|Է1Շ3  %AkCo$O,|/S#t>]T^cX}-دIg7m{v&dSQ*5|>w6NqR(N)Qb F-J51,ʍM]}:|sdOWsyhu6ŹԔҁ<⪡{Kc~%[V(%Sa&^O&<ܳ yt"m1pv/ϴ2+`ۻwb~ .u0q>6z]TxnP|YPL3dTWS0)%Tg,;IahI7aM0\0m\ЖXL"!KSP$ Gf,$EE}x,L!a C k-0Vhx5>dĬloXAck+vS=0VWxv*#P]ۯ Bg]cm"VS*9Ū%x+h^:ǦzC^ᐠFJm,QO_55Qev`u6@rŴFj%qٝ?rt,a`A78\I䲧/ zUW`a#L~yk]_t"B!mStWzw5Ͷ"cXeʥY L!FIgj;KhSJ/8&AazՒ!VJtǔ͕V\]ah(3&_(31L536#iƎr*ƦqؾjoTiZG<*׏z#/JHP-4U'_إ=~TNJJJ $f._odʤN? SSJ1o@?tMkK`@[QRTZOUu`܉Pb aׇl\Yi4ϻ:=,iOt(.7_͂"꤅LVw; \|R^5σ̇11p,&!ڴ̰CFât@ȝ2> kd __YvS]l,hyY)DD y"zv3 |J]9_ۚ' UvsFa46mBz8tM#RшiQZQECNQ<Ű:RF#Z}dZ L0ʗiƃy^Y*@[ Ii1̧GwluepCZ=tpA%̨Ch(8/(A:fF$u? _SnJ5ѩӑ'4p˕3*|=9ؽHC]. iBZ.%yU@Dm(|ViqFgY>5vQ$;hϘa(Hyt@`pS' л^ɼ |=rKv+f;sv= r y " kOq%.Q_3j=ʴiӛ~yxō@@U /M|>owތT$¥vǕ,!۴ s?Q["7QemC=;!|zoDM۲ݜ؝[pSS߈otFꤗW H/|$sƪĽq= V p[QӔp)BqauF @A|ul(l }JC[ PNo[ZXxU\`o;w+SQ@*Egc){Fת;j]i\uQmBсBëk%Tq,&Elzk>./jG{gE Ygetލ6K,%Ո5qz;~M vvkIҿez.ȣ#Op>M όm2Ul׳7 e+18Sov$)3j^~+Q̟^̼y;Y톅_4H%@tCؒr@.@/l㪸YlDhcG,H.MǓ/лQ)3Hp)ʟ!tMeg\C %}V'J{ad真 xbU _F\H@T:%xlI̎<6vui`EU%X7yWME[tuj_b/ہ00K:es ڻKPq) Y_3>qfZj1 ȤY` \_B=w9% u!%굀$atzq򄕩)۾Cm<$X~рSsA5 `ܧT%/ hMHBzB ?rD47Y(8*{ wc!ҟEh%gB4,ٺ=wH鐜ۧ!aԎX/xyT%oc-hⷭcX"N Sϔ>l1f9').GuY{whNXE%a*[_gHðfQ .^=V{ a~?Zn@MT_:(ϕIl_?!nƇ' #&P/g38>QIͽ՛0-C_A8\V h.NCGrL(d:2T~ȻFc{?k}EvA/- ѓ0, =u(itg->Zn>>$Og.[_5サvHjOlo31Yb&n;r/羵L@=/CIdZ̈op&cLP8=1N:<¥}jgLr.sƂ&y9tZi@S"~jN$WuS";D971BvYM٠ -'OՁ6cO/KSksxX9?skWT3q~%M0)%xaŖyI5KydUK; :HZ't81J>fk ܍70'Tnm!>!6se<=A qS5']'3b~l=Qa)uaƚS9߼ƠV['e ÿoo3$~WlH :H2Kz#I:Ji)CCXjim'!?@DDo'Y`0n#gd SV~;m]gx}¯]Q¹VrY<7SظI%SjH^!vs_\ɵR(bY,49|B.WȔg*ayqޟMRo >"%L[3^#bm^"EЬ^]}@1<+S}|#3g}^R /g-$z)JZ}Vx^gy6^ qPA S{kn]Xe u#>/Xw0DA(,Up(Pg7hF}Uyui0-gI4<[Q5NVG3$H.`0gv w?h \W >.]2\bIxd%lFXl,1K/iSPYH9)mΑH ͕"A$JƝ Ȯ.#}{8 GT V7b뛣l *op9a8mw0C3~ R.~a_x9:f8ֺw S c [*L9wޚih^J`۩ 3[)”piD4K0Qn@ձ{T: Xf\>9T [߈A(!UDkдΪ\B483mZXKZUڔ>CZND-Wn)]+Sוw LgC9{1 د?L |_@0צ>[ˍ sC~ͮ4T{1ڍt:߹@W w& ^.χ\Z^RBii5?ՔB$5T3Cޝ+,J>8}mLpf'~+[0l+}k>̙,}hs7<$oe *O~{;œH9CNwúTqoRES^?etc\O6]j1-cZ(pHK">=SؑzhZ̈W S739_]PB-f O9Qb2NϪW2*/A2;'8LR TˀHV_Z?XANbF=Xl5.XVl' OU ]}n0ML(`/GWXQB./igڍ`D"OvjCmM쀘Dh `íVl|’*U{,ꀸOԫFba''u ʭW[9.? X1sTTeqQC5\0ry5liIAβ9OoALʺIYQ-7!Az=jGG\P<z1`w} c,I= r#1+2r̓Vw3}f$׌I:zΑ.xSJOL@H߂I ${ZLuڡ֊x@P/IDsy' ,{krOxƮoAOj vT2e%nOgZ'e\ڏyO K2sGDr/p]7if"5 z:^qYmhmѤ: :NǺ Šn1%%E@r? MeU%MI6)bV3Fr(pV GFL6Bhp+(AZKo6*}6m!-xB-=-^#6_:a|yXmVϼFXsg gZ6wsnH:K:=|?厽AW5nN.n|gӾݕw,2m.mumLdEw4IZ]060HN .Mhy|wzWXc7<HO:jnIܡ!yVosy%R5 l&!\o.QRvKԮ񑟏:VX4mWԵJ=ȜUÖ Z{’']&ԺNF^5uTg …`*뼆Ϥi_h<$Nf+K6YYZ)_gCͺhǣk\ݰ NZD&huzFEX˦ʸ1YsU6f/0B iȥ+aB< &xKd5gJ5wݾ]gVr/޲d}\jJv?*=0+L>Rc/df >`+ Q@&,.]N%E,q ]Ƃ ,-rS 7 2o*q/0 3OnƺU=c.{d_˨oI)s9 Hn.IIlnƎwO| Kb 4'F* TL}Zco`c71U'8qΛd8DP[Wt^5.!':cx!Lnq3Y yҒ~)k$% sL*LZ&WÞӯ.l ipkh т}m</=Guˣa7<Å*< Bok@>Q<*."wUH7vHd7h=~"TC}lJ’0`)NU+˘&)VRb%p?L4܁I}V,_rcM!L,ˎ4yʕjM` lupe5ϱ{4WAS7/)IjtOuZ]!NؒO:Ѥ0 [PkJB۪*=X>'26/k84{նKg@,I`O Kn}<,EU'f@/ D\O-湕.Ǔg ]*yYhOabyI$H?`Lh1 $8|RGd0W[ /`6aRd5LxdiFgT*Z]44`T}/BYHdhÅvǑ^tB6a" "oEfw'Vqt]7|noҠhSMrpXXj/skXvj,ȲlBʲd~Q<,>p( bX 'hQ`0^r󷨔B># e.lίz.&rpbasCyUғXaoR[;: B.F_C8=T(n F f fc# 5+su _` k ۸A`c8&p?>Z'>;o؛r\c>B8u=K 8cz6h3V;0^KFb#Ӛzç1f0Y*u#bMhkP 8a.uY6->=a ].Ja\Q>L8E3e{d\SP.5}o6%8k;Z%Bc/urp`YSa?)q-eKS\HW:t [Y ;l(b-Ht:7MXqI!),YH&ZNN"}ya-pW=kʁQwrBL{XAZ&Z+:Bp5l rBb+ojmQpy_d~>+%4h ?GN 0Zz[Pu!A^#ƊW>|Q| ^{ʁl*A}݊:NsSXSgm^3-rcQAqJ[Lo7OSgD'F 8GsªuĽCRN**) 6I4Ik<4=NX֯k1kf8ZEy\ԙj=ek@C}jșfٮw)IwuT*Dx+zkтώɼT G3Jf. }ƒFχO UPGc|Z,(֡O%6&pDA6_TɮiM|ƻ9~rY,\"a/ժc6M x(I,W{5%P+Bc7z]CLbc_<(H2tMis[;=mEAeɷFAQ? %`W_1H?c"R``Z .w{1>!?[LC\7\y^]E sB(y \9Yuu{ t L>GZՎ#b&nƦۀ9\|,jJH %ӵ]&-*W'UMhãϧM'T M901`&@hUJ}{#i/؉Wõ d:9ZQ<>)VWn}@+.uPC<ϝCIZ {@mN$AmJҲ[K!<*uJ{͙x?w@L@O!bLqES94$AquUg2m̃'8Sͳo^)ChN(pt.kKcJ i@ۤzQ%Ā0jѪƭɮ7J?jblh|@ʂ>1LA*9 O:!ϛ;;{'Z~]vhWFH赧 Ssl3,{%"76[w}5AiwM9V;Y#$>kKfJNHmb'~S58(44?6sI>)BYSJA8g\]R] 2f߄W}k#(5kh Y"uɳtȯ!KUOv=􉖝3 #Bu 4C:qc#a\>v^ŬZXB&<2~j/SH^W~5F-I.nw.[h,*E;j[yx,DĆi ɆǨ+@ 'M0DMPn9t̻Yݰ˖qz-uVo@EQ1%]4_Vv|ިh"~e'ksѮ.GZ[6s[F>5TV~CpJL`9%| '!SeWs T>{H~>-~j}s!u!pGWFi# 3\oТy9Nت2-u/=3gFm5"YGzF*uc_Y}_Hl1Nd 'je!5)P | HkG૆OGBXPeGHqo*;V4F{,ߘ7b]#$LB4y-*ȶA2ȿ5VyNLo4ٴץU뢥l=F.NԶ1:2YiCµT]wa`urA9Х!*IC1yA@ `I\Y{s#Ϟ2wJ[pqT3Vs.JY#F9NDՅ52%d]cDNQzU(H˦-'j &>Wh+!q%!`9Uʂj#Bzm [.˳zH53C͝j0-rA]4+;;f ėf4`<%+P^2##G}A 00KNV > AArg؍З?-SHS Swa4(P.gOI=hjeUf)n1q X%AM?)RxnX 1(Ogget)30T4LeGW{kW=)p]Jђ("Dh5^vviN7kԐvy & #??̳t].mgܵMipj|Ǔ3v6KZ+ "ET4ۡu"8d.C ;tX T_—ME`DW\T r#AFvNGU4 tf \m@?gֹՇc\&ʒ@/|ZFo C-~/%iẃ{YY4M] _"a|s;nQı׵rr6iYq5Oa}G 2g!ݩE0:ovMjǴ,v[L :usrCra8$MPuVuEJh_s37%K q,M^)O:z/}pE{- {ϫcmd_jFc%W7nO;;9O^Dپ ]qB5V%cݨKf#DUU^ 3yl#YF>_PMdӰiUfӑ? IQ%?x:RFzn~M_ܻ2u9,ww __<ՇNE#t=c@$Y*:5Q&qƖDn웤Ja:2.]q~ueiY4oV!"gZ-B@=(*/-1nI:Ih[Y,G̰%m}#;-Ձ5@V鴾iQ{=|t6ġ"^-Hq^둷"Ttp{h5Vl'!z.:"jD{ [ApkbLyY SeYP*]HyN ajR[qr7)A|qOsgd/CfMho4ؙE?v# FbP#|1WES{O#(c8/H: ^F a6d!h-tbk'Yr-K /G*VPd|5[-b8:=A`|65QhR`ӊxᢽqjxOuLO,Ҏm8|a'Lgg89-yZʐzb,'=a8RA@FLa};~ME(~gdEPB#JKvt/}W蕃?)Qp ;hg*L,bP]rkV󕙮 yH,]z}PSɣmժb8Mi~gH걶$񟠰sܓcY&!x7v ڕo%f(r_ QU0"KayH~Xj+L/Pj#ٶ7;g7幖M7Fn Vͼv+*c,>0ͫfz%J8873\bv v{hyIs]֜%# n^ˮ&ħAǾƥ۟݌ Moq%͛.{w L9ŗ*6DCݳ>w_+088)?f;I 0%Rr㑍IL~-O0/> 櫎{c4%Hq'"lX}=m{ N8_aӅs Ƀ8A9>-oaHR /aLA+W'ڢryTVزQI:/8[{~ ?,w,5+Ljz:'ܺZq߳.&RqA}z q*CCS l/orjW{g𦛒㺫[][k!D DÖcP5<۹ AKH=}~9B!v9s1T+'֏!,_3v@j]9"YPeTJhYZ $pInK$}=LP{7KqsN uRhs衲n&K3&tŪ:Nm˓ ;-hC$& PzCqfF%bh`oS( ';:BwKCk;I}o#,l 6wAg+οMVOW X<$Tٖ$l$?dEEFS 'S2ڦLך}viU)Kκu"fMfFXT|T%RW'_zxvOHxwWN1D(e {Ӕ%@m9i3u[ߐL$"SUcL_q Oh ')+G?rZv`s^h6@(ႁ+D"ѧx(rd mK8>M@yq&5PABVUP#>>k皷5G2öp+-Fe "62!ugpgVj(0ωNަk]vL'r({3Xu׆撿?%qcן| }fâpIt%ʅQS~)Sm }ػaX*ۅ߲z~ZV~7>wY(գXq6҉KfyzQ %r&^͆=#8 F3+zMe\7QuvEA"+`:]vؚAIe@ԫ H*A4 P%Oc[G@9oIX{ݑY$sʔIPEbZZʓXzE ۯ :7Ooo}`6r%ƒeF8(7]7uXK/ 9@(|zL {nMD  +ƍUTˇd! !C}d$}n9z ~/m&ClJJ=xIFt渖Y?&x՘#"aDq˴ǚeffTzyuUXnB\ȶqL+QDkӇ~0⿎J#$n FhnӣvGjvqui:jTPwa  O eBRD Ed-M{Gel>Imfb2a4'A(]2Z"h̯ PWg @;bOVutל烢dOv)b~W~|oBci)FxRGѳdN?0:yzY!H~H5r_-d١An r w:W:>B/3q,'I$X /g < $XK^ uXa늹d p$='俍Yoq8«+x=krKEVw4?3&{rpơ>,HRS!.zW|ܡi;;HVv?^\Eâ.W۰T5~b֓Gc[ww;S姜"GIƁA䗀D"Hl\]8}T 䮓obZ痒,ݮ\G5&zO;O|wR6X#I.3>1P(X PKZGZ 1F#Y,b7y K&g3w Rym&Of(9\E~% \2 '{͝ꡂWxD͕b)yA&7` ̰MG%MlPNXă7{Uz=W9-(Ðgꆌ a==zpꄝ@ۄPXډ{07q*y18\V*q <{ Mt`EQQ ZH;˱ Ï:'hJOԩڮy fظ-,(1S14v@Fu4ef4r0J_atEO$ [nS8R,v)&g QF‹m.c.;\;LSAAJL~ \I#qm$DmdX~<^Pg0,uißFoU= Ѐaez%6'^(¨Xh8bh9y" s w2V^IrIUnYˑ s% |,_<ٙh'ݡn fzҚ"kt0vS;y+?"酧848 "g5T" MW'y(Sb{ mJsJêpCv(.%DۼAXl֚o1ň_z;vGW1I{}+JC"(䰙T}T*@ QXol5޾F̩^-yFWP2$Y$~1-WQԤ%ctvo0XXjliFrдK/D=.SG+V'9|̋ :.u{} ND->؇xbms/8lZkb?U1M Y7SiԉC}_d5%-Cg.c`,zS -{ fl|<)Sqӭ?)Z>7kgfk;cK ‘l"oKbQT8߽sFi&lMzD ]-]sU|ںUPGL -(~W `<5c=Q=#Ix9hw@!F,x>Rb{'d}EZl 0)xZ}x:"<[1iiELa0<hͶU3 PEir=Q5de྄"#†%ۚ-Mލ:{=@DT*ۡ.tVITle\LI-0gNdxNw$q7SRbLwGRd^-[iZ'N'؊G^Xb>\A_9!h;x35[߄ v+ga"3Ud%bl*rGb:Wfrf;W2-3eiM^Cvbz*'d }gЅ d.@x?پUɝڅ)E"pX݄;J`X;N؛ YOeP}hsU}#Qun;،$lri.GxҕЦs(xiwV!V<[p\tW IJA:s,,v!PPY)U4P S6[qȨdPY4)+ht3s=T*֦t"H?p)?"ee]o~l4dBRȠuE[{StPRkdޫAP@)ߒL3)h9E%\Jcݞ( z_T++01JъL-}U,G4[]8{/2i6uW58/o)fv~dJ{uY5`S\$R]YAEcY]aiYUi;5WD'4ʄJZwH(*oᦨ=`(#}:р(wAǢKb5r+OX&=P[h_<>zP*嫩՞%k s̵oH Ib@檝s9}keʳjgZDa Wn#ϙ[_+mRQNm2f-\V̓([ot+(~$i06 #<ah2iVXa$1`&< y/1b킙:2%fci `6|NJ577 ,B[1mkx3?$/{2ʮEmv_ka 2X/?ertȋ};;8,b52K LXyV?hzZԄ 1w4sg\PO̒Ж#S.}73 ogf7~FEѮCO*L;'_6`iĨX->VQ X:uOMx ـ9! vts9P9yuPze_%1.W5ĕCMٟ=эI=! zܾI?b$✠XAcLr|l_1H!0K(N .8 MX[3Pb\gNAN0Xn P&,#.o3% u SJrjgo4ԉ NP# $faT p'{)]%ECj-ͤ@h\U2v<0nW3?IyPZtƜTU3; z|mNk }0)к#Z;M<ab a.?,,ӭam.wY{7Z݄b]FP}_dLsR~xJj}A reF~^'j vSFEA\N nP~Ķ &j aT̟|riPqMS\QN A^=IO7.C͉@=W{ R0 үĽT)qQ#*HW{MKXt.Tjp+8h@Gj% Dp#-VWV4V"̋M*M!6[Gt Z/Bת~I3{g.-3fbl\_ϽA4 97EGC>v}~H+FtՖSfYF"2@Q1=b>>( \Ԏ|@Upsy\Bg6Kθd*1ύ^]g8G6mo]nK1˴K53U$,%ߙ6OG'VS`V ~.U |&l@e;ڭ,qAH&#SDc D#wag dK..! \"zl5W2CĐiV [c_o0Gs hP|h=_ʹ9o0F6 Н=W) P<A$\4dk/¶pFgJU&+GLXiu`N<0֧6 (4 r0ҿ8cb0Ե^1b4cb+ᠹHnwQ/&}_|^z ёu 7&̦0`5;Y%bV=m0U+4-+r[L58p*MFF1Y-6"'ڬMU˫ǴS0J@ Ħ@Eaz10H6st ݐtCwL?"_K 4uӰ+8_ܲȊTԏTĽ9G豛Fh5 B_o4"TU܎2[p'>m 6l5|/NC)K3Y*[)agBl?\.w6/9 wҵH~rjuSt< E,M Í%Di 1@O\SpР27]<̩zĊB 4pAE4:z7V0T&V4Nn_# }}ͱM;fnbP#{mPGHpϫT,'MڤrJ4:@fMrU(|ӈ5NY!lY_R_޽AʽLg4}BtBzӾV1I ÃdBfȼ͝_hNgᾩ0{0בF#A;-ъ+?>E,xRbjkO# CSl1ryw0f6 ⁢;4+LaoT @|&X4BR(b#DŴ\N";nax`< jΤ͜I򘤇Nbo5];#1@&Z_kׂn@CX? TɊ1aѦYbO/eI}{&Ő#&_|Y9!bߔ{ f) /u0"/CD3h?YƆѴ2.tWA |QHm?ulw}Ʉ޿K06oZ=>ҙR'TVL# 3r|< $G>ٟ[Qwr[V$ӔEtVq74dZH!kXU<t~q{Jd`~(EjvKBJWlYdbo(@eCք!L _PS>x{|}sA=( Z21DS0;|}#I"Ԛ6eb]=b+ɭ6BSQ#ҵbjo,D']Id6vzt(y:/ ػWeӲP~bYh.j ,ˉ\ "(IQ,],:<Ҕ R9ёT"( !I%z/bDGxL斓,dv8{#>ӆof&|eVtz4X<ӊm-x:}L&Brx5TV#Kf9uŜ9hq㢜#+jԍt*NrMr2/s5t6 E 4WM9<:[UrF~5™d:(ʩ6kwPfsS[UOvbVy?`;ݰ\~qڦ'8תqlSt隡tgYvK~4qf!AuW0a;I KF7 h@lr ;yxSJy.t B, P(+Q>]Ck[3WȷX,$ @ ah;z \nrSG0jxm]鍏Mڡ.ajkۑH7.XJ p]?ei¥g%,YQ4MhY?zZD (x˜J阨#mzHYܟa1yH#rmR[+gyKuB~-bbmLswf)(ji]e|OYX20W}wRMV^c2Q'ˢoN0se,7м%f уo-\6xW8m+ܴ=6O;{uUy Q*T-aՐYcRk?c_2Bk ({OSG6Ήe_'(p)o2Za0MVK>2ZJk(ѣh9CRR5+%V&dHD#щbը!+(+̾A$VVZ&N׽tp]mN0E([&.c@߃ ~U;jw1%aQ2瘹; l{ڶ*O%VB52ٵn`f";^uI wQ-٭C!l䥤h0DZsѳ(*/pAIiHEkPy\8L>N~{3=;lUtSzոq9 O>Z!^fgB5Vz(^ѹeTf^$SEl1(tSRjȢs 1{Mcc6(,Ltƺ3 ~p594Ev ؓozѮ/0]Vza"JO=_%m:}큜f` (lz_˖8Wl.9\Ow'»}tVi6/J$ hW*rA-4rPF`Ɂ9bro\V/A#39MmfFGÈ$&W>T(iɝH/W`-duQPd,&sQ93TCWE0$0Vz{Ao&É4G]{A ؋֪MHDEbU@w,ԳgR^5 }zfKvkίqs&Sݕ2ʋ2S9x&(j >+?>& `NSt]gҴ%ʲݨk2wOqo fL_S/:|N_h{Rk #Ȕm CTY픘k8OujDtp X&>u4yoL/[f)nhsKR< 6̚~$M!w~WsQ}[xcrJ!x iȘ04\L͐)?\6Ooƣ1oeٿ4Ѫ5/׬[~>aD&ED7q5{ؐYjTvMOޜnp5ռV#n6t, &)eExEysBe[RM>~!dǠ&I-)0 (b%%XTC<-:i8hx(Nv6InʕfI@RĆǨ$c*ƻS~9ƽc&r:BB4ؙ$u]F~]J`om#>\P> ǵR9KF@2^v.4qfJv]9ӈrPA|K 9w!غSD0}9%ٝ"'v־GsPzN(vRʦ/"EM)ux|]U;nYCO΂ \ظܸ,ǏI*@daJDpt)ta(^HM˾cEX͊i%~bA>F@VH&2n )ϽV @bs܆J$+nD+"ML\`AY8[vϳ_WteWQ2\M#Wl+Gtk0H7j+>&lElUo͔tw+dG|C:3H |+m x?a1϶ kPuse8bӘ\3M6(?pfeߌ=kswm3Ʀ{wU%0 cIӤYx; l$NfI / ]zU&'_P_@|kV-[͠f٦>׎\ѫ\qnorTVOJR~DvgqQBntaL|PM;iyj8$F*2) +9D*'?}BP d k6ĮxɿPCp _[3PCN. Mh?1`N3J8ǵz\i*\tA$Fv Hq`.h&Ɉ;dV=&PBkj2^E wifNK*]Lc-kfC9"On9K^w(wuvp0Tw 7k'~ߌ^C%4dq7wJj顫=½\rJ" ~ sHSI- V6_s5wsjLMvh@pT3+~zD ',I}l0'ye޻fN jɫOUykl U(~o&8P\;,"8TOw*r /*:ld,luuXrKx"<( eJÚP7A ̓mO+ XlP@TF8x-v?^g!!0uFde*NוֹD1+2W]#*P\߸xKUe NHC J棯.and~;,O3 ҸB]S9Z[/lQTaC=xqຫu|h~hgö>-(FF ˚'/t78^Q8Kc8KXO7[ջR=֬{BM<5O2֛i⚓PްZ6E.L 6gؐ,~Dy!v aENd%1^wUIA$n10 Ekk<0)UEBONH~aVjM dFnoW,h4@\~#yـ΂ E[˜~vz&ɷӀz7ҒzMp{oYZBИtqhO? )K gLSԺOL4TZK4d\x? SYfan=.L7G>GiSy54ՕFvV1ve!S\v8l}G5FF 6W<} -!+C I4C{fq{nIp VCşDu~IȢwN@S` { ˛ K+@#!ߙѼG]"B&b3S]E (2UZƌǺiD>)zMm3_*9w,jFn@ -in"ߔx̟Gs!_d98t|x<*^Ny7>QGjCn"޾be[WS =t0$#bc"~.;F,iܰew")RpS,n^|"](DOSDs,äO8I wϞ|i,yA@ʻ0/gv(D+ډ*gtnry ]ÿjgOȆ-N9 s[~rQ)sFr-&J[3ނUn1ɆFhGX0]\i[wLzȟ&g dtK{#~jI nBA:ͧO=p.Ft43ϑėEyH>OFM69w1Tj]"Z̛ϧxMQIG?7Σ U1݊Wfq9eWEGR .yD6T+8A}N Ějď!yȑFLq &m$Roh]65˦"hr& D}elP_0Y7FR)ǖt/u+֡9( wsuE9*yM/p茾2T-Prn_!sOS6rz^p5!4_ɳrG:ٔTn zc1]vtXl'\6x>C* t LH0,\f|NQ4}FeoOF0Mr)N'%.iI i1Y\)cK&꘹c5N`Ɉn'yi(]x Jkɼ̦b\lizm r||L LVK%&;/, qruMWwa : JbJx :Is>i* Y>9 vU7] 2mݨPOdE\l觛2%( Z#[^ MfA3":cXWIB#mu;s"wP'Q =G XȞ"=2~3' 2>r@YIZk,n͟r*3O1uv 8}k\}_3'j%D ,nl+rn휪Ҫ?%DʧDV`}iٿtIOK8 s$EX~m=La5b/Ώ -pa>u@-Y^pE6ԃɣf@O3K] ܬ:.Ϝ]sMՄCfD܆qR^ I_9T:#ؤ8A3^r~ʈ)LfFKHalя^&&t"B ۥynhd62@8 ?#zC4rJLWY' b qO0̸A}s@"V1S!>jS{RkSU\ !Dxhv 3{<"jOI2":x u[]]3my˃c2&is\ءmT`}Wm zY`d(wW1ϗ"N0+ \4MlxR?G޷p Yb_M^|$V 1h n0p9Woݦi#>18.7rfCN:,1`>qyH IQ9( cٛj(̿oȡ}:8P;m$ :"ܗd[ F@6 وS9\̒!W4a ƻ;´v%oN5\fۼܨDA6EuN5H7oWa=Vs]$}Z/Th(ihR=і$ZS6Mgy6pK.3@~٤P YOKW)VNr"[v',eqC+Jb \ˠ0cz?RE)s /?mc[C.qr8lSR\Idwiwj LTt]zGc\ ?XC 3ŸU⼙.ά#)죆'xNZqVi9cE"[TSqÉ6OECRך#CUN[dI43@2%BjbHAJ;X >mHէBE`+k`+αA d:K?J46*6?a:N6fܥ?#vS-mSY/5.YinC?s{RP|Ys@W/CN<|h?3NLuϪWa*JШ <J4rNw|eRx;?(P&B2KFV) 4jxz ,P+_B|D< ^( )a,&VKX F흟{O}T3F-Qr7 4rx"Mu%gkbps잟XHGvЏD"ZC`,<%P+Yr?mJEJ~ Bw:~ Ph.F䘈d{@c4g Y*3fM&;ib(j]KY ׋:_޷@ krwMgYZkeychain/keychain_2.8.1-0.1_all.deb.asc0000644000000000000000000000146312572517126014441 0ustar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJV6p5TAAoJEAVLu599gGRCmh0P/iuVglIiWqEDnj3Rnq7z8GvY tRjxEFobmHz8A/v3V/fh8kx+XhbWyC5MdGfsvBLfaxpeNy5Wq4UFSYHMt6mD9ygM kyXEZka+QsExfoMPs5lpqj03mDcaaDVJZNG02Nb0cKuhIrQWagj3U0Hxv97KtqBu sPfzfZEzvTywbzes/Lxc+tB0DAAim1F94XLS/xa3NrS/Gp7rEth6VmoI8ECFCZ/k ohvgNLQFgUh8ZSLpl/4Cnptip/0jwQIa66fAYxaK8ItR4W0+reNzpt4mVSe1gMs2 FF3mFxOhTBisltbvqUjwgGd5ZGXCCwNJEwvKUsSfjRb19vMpzpNEtu63sDNdY2ms LjC5w9pqjskc7R5lo3sUste4xL9pFaw+ibKNCyIlwg/XpL9HBEfQEXgqcfnxx6zU DIc1kbR+bmWk3H4DVdJp7iRDBdYp0WqGel9GiRpEuKG+GPWv1TylbOzlbxgxITTT Qj6VqoVXitEjJ2Oe4P9YpsNQGcLWdB10KOMi/1I1YStEdtIKDJGZXvmlg0/T/Ozd JlvpAmCvyQvTb6ncQjJzCm+lPxS53NZA7sSadRSfBxVOmVJNmMcMhDIQWRTtJgIL ryXuVyM98MuTS3Pf0eGoia9qKX4nH5rHMNCrwlIVAB4FMffemyJTIfm86AmcssEL VhVCfcn9hx7hzIA/ZzR7 =vcqC -----END PGP SIGNATURE-----