barrier configuration

0-README-Barrier_Config.md

I try to avoid using the GUI to configure/run barrier so I created a simple bash script barrier-client.sh to launch my barrier client. It reads from a .config/barrier.cfg file I created to determine the client name and server to connect to.

cat ~/.config/barrier.cfg

BARRIER_CLIENT_NAME=${HOSTNAME}
BARRIER_SERVER=gilbert.lan:24800

This expects the client to already be configured to trust the server. That trust is managed by the ~/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt which should have the fingerprint of the server.

I made a barrierc-trust.sh script to do this. Just pass in server:port as first paramter like so:

barrierc-trust.sh server-name:24800

I'm also keen having ability to be seeing messages/attaching directly so I created a tmux launch script barrierc-tmux.sh to auto run barrier-client.sh in a tmux session on login.

The barrierc-tmux.sh is autolaunched by my i3 by having the following line in my .config/i3/config

exec $HOME/.bin/barrierc-tmux.sh &

barrier-client.sh

#!/bin/bash

# BARRIER_CLIENT_NAME=${HOSTNAME}
# BARRIER_SERVER=servername:24800
source $HOME/.config/barrier.cfg
if [ -z "$NAME"  ]; then
  BARRIER_CLIENT_NAME=${HOSTNAME}
fi

if [ -z "$BARRIER_SERVER" ]; then
  echo "Error: BARRIER_SERVER not set"
  exit 1
fi

which barrierc > /dev/null 2>&1
if [ $? -eq 1 ]; then
  echo "Error: barrierc not found - install barrier"
  exit 1
fi

while( true ); do
  echo "killing any existing barrierc clients"
  killall barrierc
  barrierc -f --no-tray --debug INFO --name ${BARRIER_CLIENT_NAME} --enable-crypto ${BARRIER_SERVER}
  echo 'barrierc crashed ... launching in 3'
  sleep 5
done

barrierc-tmux.sh

#!/bin/bash

tmux list-sessions | grep barrierc > /dev/null > /dev/null 2>&1
if [ $? -eq 0 ]; then
  echo "a barrierc session already started - killing it"
  tmux kill-session -t barrierc
fi

tmux new-session -d -s barrierc -n term
tmux send-keys -t barrierc:term "$HOME/.bin/barrier-client.sh" Enter

barrierc-trust.sh

#!/bin/bash

# USAGE: bash barrierc-trust.sh server-ip:24800

TRUSTED=${HOME}/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt

function trust_server 
{
  BARRIER_SERVER=$1
  finger_dir=$(dirname $TRUSTED)
  echo "checking for $finger_dir"
  if [ ! -d $finger_dir ]; then
    echo "creating directory: $finger_dir"
    mkdir -p $finger_dir
  fi
  if [ ! -f $finger_dir/TrustedServers.txt ]; then
    echo "no TrustedServers.txt exists yet"
  else
    echo "warning, an existing TrustedServers.txt file exists - backing up to TrustedServer.txt.backup"
    backup_file=${finger_dir}/TrustedServers.txt.backup
    if [ ! -f $backup_file ]; then
      cp $finger_dir/TrustedServers.txt $backup_file
    else
      echo "Error: A backup file already exists. Move or remove it and re-run to proceed"
      echo "$backup_file"
      echo "not updating the existing TrustedServer.txt file"
      return 1 
    fi
  fi
  SERVER=`echo $BARRIER_SERVER | awk -F ':' '{print $1}'`
  PORT=`echo $BARRIER_SERVER | awk -F ':' '{print $2}'`
  nc -z $SERVER $PORT > /dev/null
  if [ $? -ne 0 ];then
    echo "FATAL: Unable to connect to $SERVER at port $PORT"
    echo "$ nc -z $SERVER $PORT"
    exit
  else
    echo "Verified ability to connect to $SERVER at port $PORT"
  fi
  echo "Getting $BARRIER_SERVER fingerprint and storing into TrustedServer.txt"
  echo -n | openssl s_client -connect $BARRIER_SERVER 2> /dev/null | openssl x509 -noout -fingerprint | cut -f2 -d'=' > $TRUSTED
  if [ $? -eq 0 ]; then
    echo "updated: $TRUSTED with"
    cat $TRUSTED
    return 0
  else
    echo "failed to get fingerprint from $BARRIER_SERVER"
    return 1
  fi
}

if [ ! -d $TRUSTED ]; then
  echo trusting $1
  trust_server $1
fi

Instances of $TRUSTED and derivatives (e.g. $finger_dir) need wrapping in ""
(e.g. "$finger_dir") to work on macOS, since barrierc launched by root looks in path with blank:
"/var/root/Library/Application Support/barrier/SSL/Fingerprints/TrustedServers.txt"