generated from nhcarrigan/template
refactor: reorganise bash scripts into subdirectories and add bash runner support
Move yubikey scripts from bash/ root into bash/yubikey/, move cohort shell scripts from python/cohort/ into bash/cohort/, and update run.sh to support Bash as a third language with category-based script discovery.
This commit is contained in:
Executable
+77
@@ -0,0 +1,77 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Colors for pretty output
|
||||
GREEN='\033[0;32m'
|
||||
RED='\033[0;31m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
echo -e "${YELLOW}🔧 Starting YubiKey WSL Repair...${NC}"
|
||||
|
||||
# 1. CHECK: Is the key actually attached?
|
||||
if ! lsusb -d 1050: > /dev/null; then
|
||||
echo -e "${RED}❌ Error: No YubiKey detected in Linux!${NC}"
|
||||
echo " Please go to Windows PowerShell and run:"
|
||||
echo " usbipd attach --wsl --busid <YOUR_ID>"
|
||||
exit 1
|
||||
fi
|
||||
echo -e "${GREEN}✅ YubiKey Hardware detected.${NC}"
|
||||
|
||||
# 2. PERMISSIONS: The "Nuclear" Polkit Fix
|
||||
# This forces the smart card service to accept connections even if WSL looks "inactive"
|
||||
POLICY_FILE="/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy"
|
||||
|
||||
if [ -f "$POLICY_FILE" ]; then
|
||||
echo " Applying 'Nuclear' permission fix to PC/SC Policy..."
|
||||
# Backup original if not exists
|
||||
if [ ! -f "$POLICY_FILE.bak" ]; then
|
||||
sudo cp "$POLICY_FILE" "$POLICY_FILE.bak"
|
||||
fi
|
||||
# Force permissions to 'yes'
|
||||
sudo sed -i 's/<allow_any>.*<\/allow_any>/<allow_any>yes<\/allow_any>/' "$POLICY_FILE"
|
||||
sudo sed -i 's/<allow_inactive>.*<\/allow_inactive>/<allow_inactive>yes<\/allow_inactive>/' "$POLICY_FILE"
|
||||
sudo sed -i 's/<allow_active>.*<\/allow_active>/<allow_active>yes<\/allow_active>/' "$POLICY_FILE"
|
||||
else
|
||||
echo -e "${YELLOW}⚠️ Warning: Polkit policy file not found. Skipping nuclear fix.${NC}"
|
||||
fi
|
||||
|
||||
# 3. GROUP: Ensure user is in plugdev
|
||||
if ! groups $USER | grep -q "plugdev"; then
|
||||
echo " Adding $USER to plugdev group..."
|
||||
sudo usermod -aG plugdev $USER
|
||||
fi
|
||||
|
||||
# 4. USB NODE: Force read/write permissions on the raw USB device
|
||||
# This fixes the "Failed to connect" error from yubico-piv-tool
|
||||
echo " Forcing permissions on USB device node..."
|
||||
lsusb -d 1050: | while read -r line; do
|
||||
BUS=$(echo "$line" | awk '{print $2}')
|
||||
DEV=$(echo "$line" | awk '{print $4}' | tr -d :)
|
||||
PATH="/dev/bus/usb/$BUS/$DEV"
|
||||
echo " -> Unlocking $PATH"
|
||||
sudo chmod 666 "$PATH"
|
||||
done
|
||||
|
||||
# 5. SERVICES: Restart everything to pick up changes
|
||||
echo " Restarting Smart Card Services..."
|
||||
# Kill any stuck GPG agents that might hog the card
|
||||
gpgconf --kill gpg-agent 2>/dev/null || true
|
||||
# Restart the main daemon
|
||||
sudo systemctl restart polkit
|
||||
sudo systemctl restart pcscd
|
||||
|
||||
# 6. CONFIG CHECK: Warn if SSH config is bad
|
||||
if grep -q "IdentityFile.*yubi" ~/.ssh/config; then
|
||||
echo -e "${YELLOW}⚠️ WARNING: Found 'IdentityFile' pointing to a YubiKey in ~/.ssh/config!${NC}"
|
||||
echo " You should remove that line so SSH doesn't throw 'libcrypto' errors."
|
||||
fi
|
||||
|
||||
# 7. FINAL TEST
|
||||
echo -e "${YELLOW}🔎 Verifying connection...${NC}"
|
||||
if yubico-piv-tool -a status > /dev/null 2>&1; then
|
||||
echo -e "${GREEN}🎉 SUCCESS! Your YubiKey is ready.${NC}"
|
||||
yubico-piv-tool -a status | grep "Serial Number"
|
||||
else
|
||||
echo -e "${RED}❌ Status check failed.${NC}"
|
||||
echo " Try running: yubico-piv-tool -a status"
|
||||
fi
|
||||
Reference in New Issue
Block a user