mirror of
https://github.com/MaksTinyWorkshop/_Assistant_Lead_Tech
synced 2026-04-06 21:41:42 +02:00
refactor(scripts): supprimer expect — passer le mdp via stdin à keepassxc-cli
This commit is contained in:
MaksTinyWorkshop
@@ -13,18 +13,7 @@ _sync_service_secrets() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! command -v expect >/dev/null 2>&1; then
|
||||
echo "expect introuvable" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
local target_file
|
||||
case "$(uname -s)" in
|
||||
Darwin) target_file="$HOME/.config/auto-secrets/service.env" ;;
|
||||
Linux) target_file="$HOME/.config/auto-secrets/service.env" ;;
|
||||
*) echo "OS non supporté" >&2; return 1 ;;
|
||||
esac
|
||||
|
||||
local target_file="$HOME/.config/auto-secrets/service.env"
|
||||
mkdir -p "$(dirname "$target_file")"
|
||||
touch "$target_file"
|
||||
chmod 600 "$target_file"
|
||||
@@ -39,28 +28,12 @@ _sync_service_secrets() {
|
||||
|
||||
echo "Sync des secrets de service..." >&2
|
||||
|
||||
# Export CSV complet — log_file capture tout dès le début du spawn
|
||||
local tmpfile
|
||||
tmpfile=$(mktemp)
|
||||
KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" TMPFILE="$tmpfile" expect <<'EOF'
|
||||
log_user 0
|
||||
log_file -noappend $env(TMPFILE)
|
||||
set timeout 30
|
||||
spawn keepassxc-cli export --format csv $env(SECRETS_KDBX)
|
||||
expect "Saisir le mot de passe pour déverrouiller*"
|
||||
send -- "$env(KDBX_PASSWORD)\r"
|
||||
expect eof
|
||||
catch wait result
|
||||
exit [lindex $result 3]
|
||||
EOF
|
||||
local rc=$?
|
||||
local csv
|
||||
csv=$(cat "$tmpfile")
|
||||
rm -f "$tmpfile"
|
||||
[ $rc -ne 0 ] && { echo "Impossible d'exporter le coffre." >&2; return 1; }
|
||||
csv=$(printf '%s\n' "$KDBX_PASSWORD" | keepassxc-cli export --format csv "$SECRETS_KDBX" 2>/dev/null) || {
|
||||
echo "Impossible d'exporter le coffre." >&2
|
||||
return 1
|
||||
}
|
||||
|
||||
# Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs
|
||||
# On cherche la ligne d'en-tête CSV pour ignorer le bruit du buffer expect
|
||||
local rendered_lines
|
||||
rendered_lines=$(printf '%s' "$csv" | python3 -c "
|
||||
import sys, csv, re, io
|
||||
@@ -69,8 +42,7 @@ raw = sys.stdin.read()
|
||||
start = raw.find('\"Group\"')
|
||||
if start == -1:
|
||||
sys.exit(0)
|
||||
clean = raw[start:]
|
||||
reader = csv.DictReader(io.StringIO(clean))
|
||||
reader = csv.DictReader(io.StringIO(raw[start:]))
|
||||
for row in reader:
|
||||
group = row.get('Group', '')
|
||||
title = row.get('Title', '')
|
||||
@@ -90,7 +62,7 @@ for row in reader:
|
||||
fi
|
||||
|
||||
local loaded
|
||||
loaded=$(echo "$rendered_lines" | grep -c '.')
|
||||
loaded=$(printf '%s' "$rendered_lines" | grep -c '.')
|
||||
|
||||
printf '%s\n' "$rendered_lines" > "$target_file"
|
||||
chmod 600 "$target_file"
|
||||
|
||||
Reference in New Issue
Block a user