forked from diablodale/dp-forwarding
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgpg-forward.sh
More file actions
executable file
·176 lines (156 loc) · 5.53 KB
/
Copy pathgpg-forward.sh
File metadata and controls
executable file
·176 lines (156 loc) · 5.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/usr/bin/env bash
# gpg-forward.sh - A script to forward GPG agent socket from WSL to a remote host
# Copyright (C) Dale Phurrough
# Licensed under the Apache License, Version 2.0
# http://www.apache.org/licenses/LICENSE-2.0
# This script is provided "as-is" without any warranty of any kind.
set -euo pipefail
SOCKET_NAME="S.gpg-agent"
# Check dependencies
function app_version_lt_min() {
if [[ "$(echo -e "$2\n$3" | sort -rV | head -n 1)" != "$2" ]]; then
echo "❌ ERROR: $1 is older than $3, please update it"
exit 1
fi
}
function check_cmd() {
if ! command -v "$1" &>/dev/null; then
echo "❌ ERROR: $1 is not installed"
echo "Please install it with your package manager:"
if [[ "$1" == *".exe" ]]; then
echo " winget install $2"
echo "After installation, make sure it's in your PATH."
else
echo " Ubuntu/Debian: sudo apt install $2"
echo " Fedora: sudo dnf install $2"
echo " Alpine: sudo apk add $2"
echo " Arch: sudo pacman -S $2"
fi
exit 1
fi
if [[ -n "${3-}" && -n "${4-}" ]]; then
app_version_lt_min "$1" "$3" "$4"
fi
}
check_cmd gpg gpg "$(gpg --version | head -n 1 | awk '{print $3}')" "2.3.0"
check_cmd socat socat # developed with 1.8.0.0
check_cmd ssh openssh-client
check_cmd npiperelay.exe albertony.npiperelay "$(npiperelay.exe -v 2>&1 | head -n 1 | awk '{gsub("v","",$2); print $2}')" "1.8.0"
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
--help|-h)
echo "Usage: $0 [--socket-name=SOCKET_NAME] <remote-host>"
echo "Forward GPG agent socket from WSL to a remote host via SSH."
echo "Example: $0 user@remotehost"
echo "Options:"
echo " --socket-name=SOCKET_NAME Specify the GPG agent socket name (default: S.gpg-agent)"
echo " --help, -h Show this help message"
exit 0
;;
--socket-name=*)
# Extract socket name from argument
SOCKET_NAME="${1#*=}"
if [[ -z "$SOCKET_NAME" ]]; then
echo "❌ ERROR: --socket-name cannot be empty"
exit 1
fi
shift # Remove the argument from the list
;;
--socket-name)
# Handle case where --socket-name is used without an argument
if [[ -z "${2:-}" ]]; then
echo "❌ ERROR: --socket-name requires a value"
exit 1
fi
SOCKET_NAME="$2"
shift # Remove the argument from the list
shift # Remove the value from the list
;;
-*)
echo "❌ ERROR: Unknown option $1"
echo "Use --help for usage information."
exit 1
;;
*)
REMOTE_HOST="$1"
shift
;;
esac
done
if [ -z "${REMOTE_HOST:-}" ]; then
echo "Usage: $0 <remote-host>"
exit 1
fi
WIN_SOCKET_DIR="$(gpgconf.exe --list-dirs socketdir | tr -d '\r\n')"
echo "Using Windows GPG agent socket directory: $WIN_SOCKET_DIR"
# Find Windows GPG agent socket path and convert it correctly
ASSUAN_FILE="$(wslpath "$WIN_SOCKET_DIR")/$SOCKET_NAME"
echo "Using GPG agent socket: $ASSUAN_FILE"
if [ ! -e "$ASSUAN_FILE" ]; then
echo "❌ ERROR: GPG agent socket not found at $ASSUAN_FILE"
echo "Please ensure the GPG agent is running in Windows."
exit 1
fi
WIN_ASSUAN_FILE="$(wslpath -m "$ASSUAN_FILE")"
# Verify GPG agent running in Windows
GPG_AGENT_RESPONSE=$(gpg-connect-agent.exe --no-autostart "getinfo version" /bye 2> /dev/null)
if ! echo "$GPG_AGENT_RESPONSE" | grep -q "OK"; then
echo "❌ ERROR: GPG agent is not running in Windows."
echo "Please start Kleopatra or WinGPG and try again."
exit 1
fi
# Setup cleanup function
cleanup() {
echo "Cleaning local resources"
kill ${LOCAL_SOCAT_PID:-} 2>/dev/null || true
echo "Local GPG forwarding stopped"
}
# Register cleanup on script exit and signals
trap 'cleanup; exit 0' INT
trap cleanup EXIT TERM
# Print status
echo "Connect to $REMOTE_HOST and setup remote forwarding"
# Kill any existing socat processes for the chosen port
pkill -f "socat.*$SOCKET_NAME.*npiperelay.*$SOCKET_NAME" || true
LOCAL_UNIX_SOCKET="$HOME/.gnupg/$SOCKET_NAME"
# Start socat for main GPG agent socket - forward Windows socket to TCP port
# properly escape backslashes for socat
echo "Start npiperelay for local named pipe -> TCP socket"
socat "UNIX-LISTEN:$LOCAL_UNIX_SOCKET,fork,unlink-early" \
EXEC:"npiperelay.exe -ei -ep -a \"${WIN_ASSUAN_FILE}\"" &
LOCAL_SOCAT_PID=$!
# Print status
# GPG Agent is now available via TCP at localhost
echo "Connect to $REMOTE_HOST and setup remote forwarding"
# Use ssh remote forwarding with additional options:
# non-forking behavior
# Temporarily disable the "exit on error" behavior
set +e
ssh -N -R "/run/user/1001/gnupg/$SOCKET_NAME:$LOCAL_UNIX_SOCKET" -R "/run/user/1001/gnupg/$SOCKET_NAME.extra:$LOCAL_UNIX_SOCKET" "$REMOTE_HOST"
SSH_EXIT=$?
set -e
# Better handling of SSH errors vs. Ctrl+C
if [ $SSH_EXIT -eq 130 ]; then
# SIGINT (Ctrl+C) - intentional user interruption
echo "GPG forwarding stopped by user (SIGINT)"
FINAL_EXIT=0
elif [ $SSH_EXIT -eq 255 ]; then
# Check if our socat process is still running
if kill -0 $LOCAL_SOCAT_PID 2>/dev/null; then
# Our socat is still running, suggesting this wasn't a normal termination
echo "❌ ERROR: SSH connection failed with code 255"
echo "This may indicate network issues or authentication problems."
FINAL_EXIT=255
else
# socat was terminated, suggesting normal termination via signal
echo "GPG forwarding stopped (connection terminated)"
FINAL_EXIT=0
fi
else
# Any other exit code
echo "SSH connection closed with code $SSH_EXIT"
FINAL_EXIT=$SSH_EXIT
fi
# Exit with the appropriate code
exit $FINAL_EXIT