diff options
| -rw-r--r-- | wsl/.config/alacritty/local.yml | 7 | ||||
| -rw-r--r-- | wsl/.gnupg/gpg-agent.conf | 2 | ||||
| -rwxr-xr-x | wsl/.local/bin/gpg-init.sh | 26 | ||||
| -rwxr-xr-x | wsl/.local/bin/wsl-installer.sh | 5 | ||||
| -rw-r--r-- | wsl/.local/share/zsh-wsl/zsh-wsl.plugin.zsh | 21 | ||||
| -rw-r--r-- | yubikey.md | 27 |
6 files changed, 24 insertions, 64 deletions
diff --git a/wsl/.config/alacritty/local.yml b/wsl/.config/alacritty/local.yml index d53da7b..c0df2a8 100644 --- a/wsl/.config/alacritty/local.yml +++ b/wsl/.config/alacritty/local.yml @@ -1,7 +1,12 @@ shell: program: C:\WINDOWS\system32\wsl.exe args: - - "tmux new -As home" + - "--user" + - "root" + # there is a bug that requires launching twice (the first one starts the bus) + # Related-Bug: https://github.com/nullpo-head/wsl-distrod/issues/13 + # Related-Bug: https://github.com/sarim/gbash#known-issue + - "systemd-run --pty --service-type=simple --uid=tobyv --quiet --working-directory=/home/tobyv -p PAMName=login /bin/zsh -l -c 'tmux new -As tobyv'" working_directory: '\\wsl$\Arch\home\tobyv' diff --git a/wsl/.gnupg/gpg-agent.conf b/wsl/.gnupg/gpg-agent.conf deleted file mode 100644 index 52034d5..0000000 --- a/wsl/.gnupg/gpg-agent.conf +++ /dev/null @@ -1,2 +0,0 @@ -enable-ssh-support -enable-putty-support
\ No newline at end of file diff --git a/wsl/.local/bin/gpg-init.sh b/wsl/.local/bin/gpg-init.sh deleted file mode 100755 index 35fb25a..0000000 --- a/wsl/.local/bin/gpg-init.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -# win_home="$(wslpath -u "$(wslvar HOMEDRIVE)$(wslvar HOMEPATH)")" -wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe" -config_path="C\:/Users/$USER/AppData/Local/gnupg" - -if ! test -x "$wsl2_ssh_pageant_bin"; then - echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." -else - gpg-connect-agent.exe /bye >/dev/null 2>&1 - - if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then - rm -f "$SSH_AUTH_SOCK" - (setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpgConfigBasepath ${config_path}" >/dev/null 2>&1 &) - fi - - if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then - rm -rf "$GPG_AGENT_SOCK" - (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpgConfigBasepath ${config_path} -gpg S.gpg-agent" >/dev/null 2>&1 &) - fi - - if ! ss -a | grep -q "${GPG_AGENT_SOCK}.extra"; then - rm -rf "${GPG_AGENT_SOCK}.extra" - (setsid nohup socat UNIX-LISTEN:"${GPG_AGENT_SOCK}.extra,fork" EXEC:"$wsl2_ssh_pageant_bin --gpgConfigBasepath ${config_path} -gpg S.gpg-agent.extra" >/dev/null 2>&1 &) - fi -fi diff --git a/wsl/.local/bin/wsl-installer.sh b/wsl/.local/bin/wsl-installer.sh index 27718fc..c923724 100755 --- a/wsl/.local/bin/wsl-installer.sh +++ b/wsl/.local/bin/wsl-installer.sh @@ -37,11 +37,6 @@ for f in "$HOME"/.config/alacritty/*; do esac done -# install wsl2-ssh-pageant -rm -f "${HOME}"/.ssh/wsl2-ssh-pageant.exe -curl -sL "https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe" >"${HOME}"/.ssh/wsl2-ssh-pageant.exe -chmod +x "${HOME}"/.ssh/wsl2-ssh-pageant.exe - # install xclip/xsel curl -sL "https://raw.githubusercontent.com/Konfekt/win-bash-xclip-xsel/master/clip.sh" >"${HOME}"/.local/bin/xclip curl -sL "https://raw.githubusercontent.com/Konfekt/win-bash-xclip-xsel/master/clip.sh" >"${HOME}"/.local/bin/xsel diff --git a/wsl/.local/share/zsh-wsl/zsh-wsl.plugin.zsh b/wsl/.local/share/zsh-wsl/zsh-wsl.plugin.zsh index c65e64b..247ef3c 100644 --- a/wsl/.local/share/zsh-wsl/zsh-wsl.plugin.zsh +++ b/wsl/.local/share/zsh-wsl/zsh-wsl.plugin.zsh @@ -12,8 +12,8 @@ mkdir -p /tmp/xdg export DISPLAY="$(grep -m 1 nameserver /etc/resolv.conf | awk '{print $2}')":0 export BROWSER=wslview export XDG_RUNTIME_DIR=/tmp/xdg -export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent" -export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock" +# export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent" +# export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock" export GPG_TTY="$(tty)" alias wsl=wsl.exe @@ -60,20 +60,3 @@ scoop() { wsl_cmd_proxy "scoop" "$@"; } alacritty() { wsl_cmd_proxy "alacritty.exe" "$@"; } pwsh() { alacritty --working-directory "c:\\Users\\${USER}" -e "pwsh.exe $@"; } -# Reload -gpg_reset() { - gpg-connect-agent.exe KILLAGENT /bye >/dev/null 2>&1 - - rm -rfv "$GPG_AGENT_SOCK" - rm -rfv "$GPG_AGENT_SOCK.extra" - pkill -f 'socat.*wsl2-ssh-pageant.exe' - gpg-connect-agent.exe /bye >/dev/null 2>&1 - gpg-init.sh -} - -# Relearn card serial number -gpg_learn() { - gpg-connect-agent.exe "scd serialno" "learn --force" /bye -} - -gpg-init.sh @@ -1,4 +1,10 @@ -# WSL2 YubiKey Setup +# WSL2 YubiKey setup + +## UPDATE + +This is no longer necessary due to [usbipd-win](https://github.com/dorssel/usbipd-win) + +I am now using [usbipd-win](https://github.com/dorssel/usbipd-win) to mount the yubikey directly into WSL2, and using [distod](https://github.com/nullpo-head/wsl-distrod) (adds bottled systemd to wsl) to start services as I normally would in linux - [WSL2 YubiKey Setup](#wsl2-yubikey-setup) - [Intro](#Intro) @@ -9,11 +15,11 @@ ## Intro -The following two sections are the result of a painstaking amount of google searches and GitHub issues followed by troubleshooting, tears, and tea breaks. Well, more accurately, the 20% came from the aforementioned alliteration. The 80% came from the following two guides. +The following two sections are the result of a painstaking amount of google searches and GitHub issues followed by troubleshooting, tears, and tea breaks. Well, more accurately, the 20% came from the aforementioned alliteration. The 80% came from the following two guides. - - [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) - - [The ultimate guide to YubiKey on WSL2](https://dev.to/dzerycz/series/11353) - - [Forwarding gpg-agent to a remote system over SSH](https://wiki.gnupg.org/AgentForwarding) +- [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) +- [The ultimate guide to YubiKey on WSL2](https://dev.to/dzerycz/series/11353) +- [Forwarding gpg-agent to a remote system over SSH](https://wiki.gnupg.org/AgentForwarding) The former is an incredibly detailed guide to setting up GPG keys using YubiKey as a smart card. The amount of information drduh has organized in that repository in immense, so I urge you to go star it if you find anything in this section helpful, as he deserves at least that much. @@ -21,13 +27,12 @@ The second guide was used more as a reference/verification source for the first While I went down this rock filled rabbit hole for the purpose of getting my YubiKey working (seamlessly) in WSL2, the majority of this should be helpful even if you don't use a security key, as its specificity deals with getting the respective agents/sockets communicating between WSL2 and Windows. - <!-- TODO ssh/git config to use gpnupg --> <!-- TODO setting up remote gpg/ssh forwarding --> ## Windows -### SSH Agent +### SSH Agent Install [gpg-bridge](https://github.com/BusyJay/gpg-bridge) using cargo @@ -65,7 +70,7 @@ On the windows side the YubiKey is fully accessible, the GPG agent should just w ## In WSL2 -### SSH Agent +### SSH Agent ```sh # Bash @@ -75,7 +80,7 @@ sudo apt install socat iproute2 # Install wsl2-ssh-pageant destination="$HOME/.ssh/wsl2-ssh-pageant.exe" -curl -sL "https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe" -o "$destination" +curl -sL "https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe" -o "$destination" # wget -O "$destination" "https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe" # Set the executable bit. chmod +x "$destination" @@ -83,6 +88,6 @@ chmod +x "$destination" ### GPG Agent -The only setup needed for getting the YubiKey working in WSL2 is to source/copy-paste [gpg.sh](wsl/gpg.sh) in your shell profile. +The only setup needed for getting the YubiKey working in WSL2 is to source/copy-paste [gpg.sh](wsl/gpg.sh) in your shell profile. -Along with the initialization code, I wrote a small function the resets all the related agents/sockets. If you do not attempt to access the YubiKey while it is not inserted, in my experience, GPG works great has no issues once reinserting the YubiKey. It is only (inconsistently) when you try to access a YubiKey that you have removed that puts it in a failed state.
\ No newline at end of file +Along with the initialization code, I wrote a small function the resets all the related agents/sockets. If you do not attempt to access the YubiKey while it is not inserted, in my experience, GPG works great has no issues once reinserting the YubiKey. It is only (inconsistently) when you try to access a YubiKey that you have removed that puts it in a failed state. |