nhcarrigan/ephemere
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Releases Activity
Files
1fb18f95b85a19f894a2929fd26ac58dc8e930f1
ephemere/bash/yubikey/fix-yubikey-perms.sh
T
hikari ec58c9c843
CI / dependency-pin-check-typescript (push) Successful in 5s
Details
CI / dependency-pin-check-python (push) Successful in 4s
Details
CI / python (push) Successful in 9m28s
Details
CI / typescript (push) Successful in 9m42s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m39s
Details
feat: reorganise bash scripts and add comprehensive documentation (#6) 
## Summary

This PR completes the bash script restructuring and adds comprehensive documentation across all script categories.

### Bash Restructuring

- Moved cohort shell scripts (`remove_github_members.sh`, `update_github_teams.sh`) from `python/cohort/` into a new `bash/cohort/` directory
- Moved existing bash utilities (`add-keys-to-git.sh`, `fix-yubikey-perms.sh`, `list-yubikey-ssh-keys.sh`) into a new `bash/yubikey/` subdirectory
- Updated `run.sh` to support **Bash** as a third language option alongside TypeScript and Python
  - Bash scripts are run directly (no 1Password secret injection needed)
  - Category discovery and script listing works the same as for TS/Python
  - Removed dead "Root Scripts" logic that was no longer needed

### Documentation

Added `README.md` files for all script categories that were missing them:

- `bash/cohort/README.md` — cohort GitHub team management scripts
- `bash/yubikey/README.md` — YubiKey SSH key and permission utilities
- `typescript/src/crowdin/README.md` — Crowdin translation management scripts
- `typescript/src/discord/README.md` — Discord bot utility scripts
- `typescript/src/discourse/README.md` — Discourse forum management scripts
- `typescript/src/gitea/README.md` — Gitea bulk repository operation scripts
- `typescript/src/github/README.md` — GitHub API interaction scripts
- `typescript/src/music/README.md` — Music file metadata tools
- `typescript/src/s3/README.md` — S3-compatible object storage scripts
- `typescript/src/security/README.md` — Security analysis and reporting scripts
- `python/cohort/README.md` — Updated to remove moved shell scripts, fix usage commands

Also updated project-level docs:

- **`README.md`** — Corrected project structure, fixed running instructions (removed references to non-existent `make run-ts`/`make run-py` targets), added Bash prerequisites
- **`CLAUDE.md`** — Updated project overview, structure, development standards, and script-adding guides to reflect the current state of the project

 This PR was created with help from Hikari~ 🌸

Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Reviewed-on: #6
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>
2026-02-23 20:18:41 -08:00

77 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Colors for pretty output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${YELLOW}🔧 Starting YubiKey WSL Repair...${NC}"
# 1. CHECK: Is the key actually attached?
if ! lsusb -d 1050: > /dev/null; then
echo -e "${RED}❌ Error: No YubiKey detected in Linux!${NC}"
echo " Please go to Windows PowerShell and run:"
echo " usbipd attach --wsl --busid <YOUR_ID>"
exit 1
fi
echo -e "${GREEN}✅ YubiKey Hardware detected.${NC}"
# 2. PERMISSIONS: The "Nuclear" Polkit Fix
# This forces the smart card service to accept connections even if WSL looks "inactive"
POLICY_FILE="/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy"
if [ -f "$POLICY_FILE" ]; then
echo " Applying 'Nuclear' permission fix to PC/SC Policy..."
# Backup original if not exists
if [ ! -f "$POLICY_FILE.bak" ]; then
sudo cp "$POLICY_FILE" "$POLICY_FILE.bak"
fi
# Force permissions to 'yes'
sudo sed -i 's/<allow_any>.*<\/allow_any>/<allow_any>yes<\/allow_any>/' "$POLICY_FILE"
sudo sed -i 's/<allow_inactive>.*<\/allow_inactive>/<allow_inactive>yes<\/allow_inactive>/' "$POLICY_FILE"
sudo sed -i 's/<allow_active>.*<\/allow_active>/<allow_active>yes<\/allow_active>/' "$POLICY_FILE"
else
echo -e "${YELLOW}⚠️ Warning: Polkit policy file not found. Skipping nuclear fix.${NC}"
fi
# 3. GROUP: Ensure user is in plugdev
if ! groups $USER | grep -q "plugdev"; then
echo " Adding $USER to plugdev group..."
sudo usermod -aG plugdev $USER
fi
# 4. USB NODE: Force read/write permissions on the raw USB device
# This fixes the "Failed to connect" error from yubico-piv-tool
echo " Forcing permissions on USB device node..."
lsusb -d 1050: | while read -r line; do
BUS=$(echo "$line" | awk '{print $2}')
DEV=$(echo "$line" | awk '{print $4}' | tr -d :)
PATH="/dev/bus/usb/$BUS/$DEV"
echo " -> Unlocking $PATH"
sudo chmod 666 "$PATH"
done
# 5. SERVICES: Restart everything to pick up changes
echo " Restarting Smart Card Services..."
# Kill any stuck GPG agents that might hog the card
gpgconf --kill gpg-agent 2>/dev/null || true
# Restart the main daemon
sudo systemctl restart polkit
sudo systemctl restart pcscd
# 6. CONFIG CHECK: Warn if SSH config is bad
if grep -q "IdentityFile.*yubi" ~/.ssh/config; then
echo -e "${YELLOW}⚠️ WARNING: Found 'IdentityFile' pointing to a YubiKey in ~/.ssh/config!${NC}"
echo " You should remove that line so SSH doesn't throw 'libcrypto' errors."
fi
# 7. FINAL TEST
echo -e "${YELLOW}🔎 Verifying connection...${NC}"
if yubico-piv-tool -a status > /dev/null 2>&1; then
echo -e "${GREEN}🎉 SUCCESS! Your YubiKey is ready.${NC}"
yubico-piv-tool -a status | grep "Serial Number"
else
echo -e "${RED}❌ Status check failed.${NC}"
echo " Try running: yubico-piv-tool -a status"
fi
Reference in New Issue View Git Blame Copy Permalink