unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity
Files
3583d50cb90c0ed5a2adfc2a82c10285ea3d6c68
fedora-OEMDRV/client_software/0010_kwallet/install.sh
T
Daniel Pätzold 3583d50cb9 Kwallet: Create Folder for Wallet if not there
2026-03-29 12:46:19 +02:00

115 lines
4.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Kwallet Setup to Secure Directory
#
# Kwallet will be used for storing passwords for most KDE- Applications, like for Nextcloud- Client, Talk app and many more.
# Usually Kwallet will ask for a password to have good security in your encrypted file, but this will make Logon non Interactive and is annoying for the user.
# Or, even worse, the first time you logon, the wallet will be created with your current password. But when it changes on the Domain, after new logon you will be asked
# and you must enter the OLD password, breaking all apps, that are needing password if the old password was lost. This is a very bad situation.
# Instead we will check to have the Passwords opened without a seperate password set, but to have them encrypted at a secure place by the domain-encryption.
#
# Basically, this script checks, if the Walletfile can be used without password and if it is located in the encrypted directory for security.
# Otherwise it will setup a the Walletfile into the encrypted Data-Directory and make it useable.
#
echo "Setup KWallet Password- Service."
#Check for root
if [ "$EUID" -ne 0 ]; then
echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
exit 1
fi
#Check Token
if [ "${DAVTOKEN_USER}." == "." ]; then
echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit."
exit 1
fi
#Local Vars
#SYNCCMD="$BASECMD --userid ${DAVTOKEN_USER} --apppassword ${DAVTOKEN_PASS} --localdirpath ${CLIENT_DATA_DST} --remotedirpath ${CLIENT_DATA_SRC} --serverurl https://${SERVERFQDN_NC}"
#SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
WALLETNAME="kdewallet"
WALLETFILE="${WALLETNAME}.kwl"
WALLETPATH="${DECRYPTEDDATADIR}/kwallet"
WALLETPATH_CFG="$SUDO_HOME/.local/share/kwalletd"
# At the start of this script, the local wallet-directory should be empty and the encrpted directory should be mount to that path
# if thats not the case, will will move the files an configure them
# Stop the daemon anyway if running
WALLET_PID=$( pgrep -u $USER kwalletd6 )
if [[ ! -z ${WALLET_PID} ]]; then
kill ${WALLET_PID} && sleep 0.5
if [[ $? -ne 0 ]]; then
echo "Kwallet Service could not be stopped, please check why."
exit 1
fi
fi
#Reset mount
umount ${WALLETPATH_CFG} >/dev/null 2>&1
#Setup encrypted path if not existing already
mkdir -p ${WALLETPATH}
chown $SUDO_USER:$SUDO_USER ${WALLETPATH} -R
chmod u=rwX,og-rwx ${WALLETPATH} -R
#Check for existing legacy wallets: should be empty. Otherwise: move them.
PATTERN=(${WALLETPATH_CFG}/*.kwl)
if [ -f ${PATTERN[0]} ]; then
mv ${WALLETPATH_CFG}/*.* ${WALLETPATH}
if [[ $? -ne 0 ]]; then
echo "Legacy wallets could not be moved, please do that manually:"
echo "Move ${WALLETPATH_CFG}/*.kwl to ${WALLETPATH}"
exit 1
fi
else
echo "Found no legacy Files in ${WALLETPATH_CFG}, no migration needed."
fi
#Always restore configuration with defaults
cp -f kwalletrc $HOME/.config/
#Bind mount secure folder to wallet directory
echo "Mounting secure ${WALLETPATH} to wallet-directory ${WALLETPATH_CFG}"
mount --bind ${WALLETPATH} ${WALLETPATH_CFG}
if [[ $? -ne 0 ]]; then
echo "Error bind mounting secure Files to Wallet. Please check what went wrong."
exit 1
fi
PATTERN=(${WALLETPATH_CFG}/${WALLETNAME}.kwl)
if [ ! -f ${PATTERN[0]} ]; then
echo "Wallet ${WALLETNAME} was not found, setting it up from scratch."
cp kdewallet.* ${WALLETPATH}
if [[ $? -ne 0 ]]; then
echo "Error: Copy of files for Wallet ${WALLETNAME} failed."
exit 1
fi
fi
#Restart the service
su -c 'nohup kwalletd6 >/dev/null 2>&1 &' $SUDO_USER
sleep 1
#Check if kwalletd is enabled now
su -c "$(dirname $0)/qbus_wallet_exec.sh reconfigure" $SUDO_USER
QB_RESULT=$( su -c "$(dirname $0)/qbus_wallet_exec.sh isEnabled 2>/dev/null || true" $SUDO_USER )
if [[ "$QB_RESULT" != "true" ]]; then
echo "Error checking if kWallet service is activated. Cannot continue. Return of Check was:"
echo "$QB_RESULT"
exit 1
fi
#It should be possible to open the wallet without having to enter the password now.
echo "Checking if Wallet can be opened by the user. The Program should not ask for a password, maybe for confirmation to access the wallet which is ok."
echo "Please check to NOT have any Password asked now - if so, open kwalletmanager and change the password for wallet ${WALLETNAME} to nothing (by entering nothing when asked for new password)!"
WALLETAPPID="sys_config_wallet_script"
QB_RESULT=$( su -c "$(dirname $0)/qbus_wallet_exec.sh open ${WALLETNAME} 0 $WALLETAPPID" $SUDO_USER )
if [[ $? -ne 0 ]]; then
echo "Some Error opening Wallet ${WALLETNAME}. Please check."
exit 1
fi
echo "Sucessfully opened Wallet ${WALLETNAME} with ID ${QB_RESULT}."
exit 0
View Git Blame Copy Permalink