I have many servers, where I deploy various binaries. For this purpose I use a script that packs them into archives, publishes to the local repository and then ssh-es to the target servers and installs.
For now I have a script that looks like this:
#!/bin/bash
packs=(app1 app2 app3 great_app main_server and_so_on)
for pack in ${packs[@]}; do
cd "$pack"
svn up
make redist-package
SERVER="$(cat ./server)"
ssh "$SERVER" <<< "wget 'http://dev-server/$pack'; install './$pack'" # ssh uses keys to authenticate
cd - &>/dev/null
done
here, install is a special script that unpacks and installs, our hand-made little emerge. I removed all error checking to avoid script complication.
The problem now is: I have to sign all the binaries using bsign. I want a user to enter a password once and then to pass it to bsign. Otherwise it is a pain to enter the same password individually for each of the packages.
Unfortunately, bsign has no ability such as sudo -S to read passwords from stdin. So… I tried using socat without any luck. I used this line from socat's manual, without result:
socat - EXEC:'bsign -si .',pty,setsid,ctty <<< 'My password'
bsign just shows me the password prompt as if there were no socat. After I enter the password, it works.
My guess is that it's because bsign runs gpg that in turn asks a password. Is it possible for socat to affect that gpg as well as bsign?
Update: I found bsign's option -P --passphrase-fd0 which should tell gpg to read password from fd 0 i.e. stdin. Will try it tomorrow.
Update: Failed, -P does not work. It may be caused by a buggy (custom-patched) bsign I have to use, though.
0 Answers