jetpac/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create mrshughes update

Browse Source
This commit is contained in:
Petr Nyc
2026-04-20 17:20:59 +02:00
parent cbce1614ff
commit 4bef91eb1b
2 changed files with 136 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
bin/codex-devops-auth.sh
View File

@@ -7,30 +7,23 @@ TOKEN_HOST="${TOKEN_HOST:-operator-access-token.svc.ad1.r2}"
SSH_CONFIG_FILE="${SSH_CONFIG_FILE:-$HOME/.ssh/config.oci}"
OCI_BIN="${OCI_BIN:-/opt/homebrew/bin/oci}"
OCI_SESSION_REGION="${OCI_SESSION_REGION:-us-chicago-1}"
OCI_PROFILE_NAME="${OCI_PROFILE_NAME:-DEFAULT}"
RESET_AGENT="${RESET_AGENT:-0}"
DEDICATED_AGENT_PID=""
DEDICATED_AGENT_SOCK=""
log() {
print -u2 -- "$@"
}
inherited_agent_likely_rejects_pkcs11() {
[[ -n "${SSH_AUTH_SOCK:-}" ]] || return 1
[[ -z "${SSH_AGENT_PID:-}" ]] || return 1
case "${SSH_AUTH_SOCK}" in
/private/tmp/com.apple.launchd.*/Listeners)
return 0
;;
esac
return 1
cleanup() {
if [[ -n "${DEDICATED_AGENT_PID}" && -n "${DEDICATED_AGENT_SOCK}" ]]; then
SSH_AGENT_PID="${DEDICATED_AGENT_PID}" SSH_AUTH_SOCK="${DEDICATED_AGENT_SOCK}" ssh-agent -k >/dev/null 2>&1 || true
fi
}
cleanup() {
if [[ -n "${DEDICATED_AGENT_PID}" ]]; then
SSH_AGENT_PID="${DEDICATED_AGENT_PID}" ssh-agent -k >/dev/null 2>&1 || true
fi
run_oci() {
"${OCI_BIN}" --profile "${OCI_PROFILE_NAME}" "$@"
}
ensure_oci_session() {
@@ -40,7 +33,7 @@ ensure_oci_session() {
fi
set +e
"${OCI_BIN}" session validate >/dev/null 2>&1
run_oci session validate >/dev/null 2>&1
local validate_rc=$?
set -e
@@ -51,7 +44,7 @@ ensure_oci_session() {
log "OCI CLI session is not valid; attempting refresh."
set +e
"${OCI_BIN}" session refresh >/dev/null 2>&1
run_oci session refresh >/dev/null 2>&1
local refresh_rc=$?
set -e
@@ -60,26 +53,16 @@ ensure_oci_session() {
return 0
fi
log "Running OCI CLI session authenticate for ${OCI_SESSION_REGION}."
"${OCI_BIN}" session authenticate --region "${OCI_SESSION_REGION}"
log "Running OCI CLI session authenticate for ${OCI_SESSION_REGION} with profile ${OCI_PROFILE_NAME}."
"${OCI_BIN}" session authenticate --region "${OCI_SESSION_REGION}" --profile-name "${OCI_PROFILE_NAME}"
}
ensure_ssh_agent() {
if [[ -n "${SSH_AUTH_SOCK:-}" && -S "${SSH_AUTH_SOCK}" ]]; then
set +e
ssh-add -l >/dev/null 2>&1
local rc=$?
set -e
case ${rc} in
0|1)
return 0
;;
esac
fi
log "Starting ssh-agent for Codex."
log "Starting dedicated ssh-agent for Codex."
unset SSH_AUTH_SOCK SSH_AGENT_PID
eval "$(ssh-agent -s)" >/dev/null
DEDICATED_AGENT_PID="${SSH_AGENT_PID:-}"
DEDICATED_AGENT_SOCK="${SSH_AUTH_SOCK:-}"
}
add_pkcs11_provider() {
@@ -88,32 +71,8 @@ add_pkcs11_provider() {
}
prepare_agent() {
local had_inherited_agent=0
if [[ -n "${SSH_AUTH_SOCK:-}" && -S "${SSH_AUTH_SOCK}" ]]; then
had_inherited_agent=1
fi
if inherited_agent_likely_rejects_pkcs11; then
log "Inherited launchd SSH agent is unlikely to support PKCS#11; starting a dedicated ssh-agent for Codex."
unset SSH_AUTH_SOCK SSH_AGENT_PID
had_inherited_agent=0
fi
ensure_ssh_agent
if add_pkcs11_provider; then
return 0
fi
if [[ ${had_inherited_agent} -eq 1 ]]; then
log "Existing SSH agent rejected PKCS#11 provider; starting a dedicated ssh-agent for Codex."
unset SSH_AUTH_SOCK SSH_AGENT_PID
ensure_ssh_agent
add_pkcs11_provider
return 0
fi
return 1
add_pkcs11_provider
}
if [[ ! -f "${SSH_CONFIG_FILE}" ]]; then