pawsen/find_env.sh

## readme.md

      
    Raw
  

              readme.md
            
          
    tl;dr

rage fails when pinentry-emacs is installed AND the key is password protected.
If a pinentry binary is present rage uses it.
rage is a simple, modern, and secure file encryption tool, using the age format.
Test, rage working

> echo "test" > test.txt

> nix shell nixpkgs#rage
> rage -R test-ed25519.pub test.txt -o test.txt.age
❯ rage -d -i test-ed25519 test.txt.age
** write key("test") password **
test

install pinentry-emacs and rage fails when decrypting

> nix shell nixpkgs#pinentry-emacs
> rage -d -i test-ed25519 test.txt.age
stat: No such file or directory
stat: No such file or directory
Error: No matching keys found

[ Did rage not do what you expected? Could an error be more useful? ]
[ Tell us: https://str4d.xyz/rage/report                            ]

How did I know?

pinentry-emacs was installed as a system package, the ssh-key is password protected(
rage only fails when pinentry-emacs is used, ie. ssh key is password protected) and I have
no experience with rage.
First, I have no idea what caused this error. Normally stat: No such file or directory is a indication that a file/dir doesn't exist - but what/which file?.
nix run nixpkgs#rage -- -d -i test-ed25519 test.txt.age
stat: No such file or directory
stat: No such file or directory
Error: No matching keys found

[ Did rage not do what you expected? Could an error be more useful? ]
[ Tell us: https://str4d.xyz/rage/report      

Let's make there's nothing in the enviroment that's causing the error (env -i env shows that the enviroment is cleared)
❯ env -i nix run nixpkgs#rage -- -d -i test-ed25519 test.txt.age
Type passphrase for OpenSSH key '⁨test-ed25519⁩':
test

Ok, let's figure out what wrong with the env


## find_env.sh
# unset a enviroment variable, see if rage works and restore the variable.

# when $PATH is unset all breaks down.
# readlink -f resolves to coreutils
tee=$(readlink $(which tee))
nix=$(readlink $(which nix))
rage_bin="/nix/store/176fb66dbfj3294chdnha0nlqyj3n3ax-rage-0.9.0/bin/rage"
#rage_bin="$nix run nixpkgs#rage --"

cmd="$rage_bin -d -i id_ed25519 test.txt.age"
echo "$cmd"$'\n' | "$tee" "out.txt"

env -0 | while IFS='=' read -r -d '' n v; do
    echo "$n"
    printf "'%s'='%s'\n" "$n" "$v" >> "out.txt"

    unset "$n"
    $cmd >>"out.txt" 2>&1
    status=$?
    [ $status -eq 0 ] && err="successful" || err="failed"
    echo "$err" | "$tee" -a "out.txt"
    echo $'\n' >> "out.txt"
    export "$n"="$v"
done

# not surprisingly it is something(a binary) on $PATH.. Let's find it with set_path.sh

## id_ed25519
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAAuqmF9g
c753uLGIPiATUuAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC9zkwzR/73Lbs9j
F3IJO4GsghIlLoScJvbqz0oZ9RugAAAAkI75kIki4rTJ4MnsXIIwp3REUnPg/UIc7v7ktZ
jgj2S+VOJ9vht9ZJ2+y51frpwjhJnMh/u5Ci050F49VE1GjPsy+2cVQjk9olJ5pImY5NQV
9X9ZsSbf5x/YFI5VHBDx2tvFJ8jk3plbWCXJFruOVGQyvNk+tkBWqH0jAByUeXHSCYHHKw
Iwb/HEbe722Mwyqg==
-----END OPENSSH PRIVATE KEY-----

## id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9zkwzR/73Lbs9jF3IJO4GsghIlLoScJvbqz0oZ9Rug paw@lion

## set_path.sh
# add a directory to PATH and test if rage fails.
# When the right directory is found, copy all symlinks to a local folder
# and remove symlinks one a a time until rage works.
# (or copy symlinks to a local folder on PATH until rage fails.)

# when $PATH is unset all breaks down...
# `readlink -f` resolves to coreutils
tee=$(readlink $(which tee))
nix=$(readlink $(which nix))
# rage is implicit installed. Find the path with `nix-locate /bin/rage`
rage_bin="/nix/store/176fb66dbfj3294chdnha0nlqyj3n3ax-rage-0.9.0/bin/rage"
# or run it without installing. But the former is faster
# rage_bin="$nix run nixpkgs#rage --"

cmd="$rage_bin -d -i id_ed25519 test.txt.age"


# echo $PATH
# PATH=/run/wrappers/bin:/bin:/home/paw/.config/emacs/bin:/home/paw/.local/share/cargo/bin:/nix/store/6607z5svdmqj10j4j53ybcmv3dqnqag6-source/bin:/home/paw/.local/bin:/home/paw/.nix-profile/bin:/etc/profiles/per-user/paw/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
unset PATH
# use your emacs skills to go convert echo $PATH to this
PATH=/run/wrappers/bin
PATH=$PATH:/bin
PATH=$PATH:/home/paw/.config/emacs/bin
PATH=$PATH:/home/paw/.local/share/cargo/bin
PATH=$PATH:/nix/store/6607z5svdmqj10j4j53ybcmv3dqnqag6-source/bin
PATH=$PATH:/home/paw/.local/bin
PATH=$PATH:/home/paw/.nix-profile/bin
#PATH=$PATH:/etc/profiles/per-user/paw/bin  # something in here is preventing rage from working
PATH=$PATH:/nix/var/nix/profiles/default/bin
PATH=$PATH:/run/current-system/sw/bin

# copy to local folder and add it to path.
cp --preserve=links -r /etc/profiles/per-user/paw/bin/ /etc/nixos/secrets/paws_bin
PATH=$PATH:/etc/nixos/secrets/paws_bin/
export PATH=$PATH
echo $PATH


if ! command -v agenix &> /dev/null
then
    echo "agenix not found"
else
    echo "path seems good"
fi

# remove a symlink, see if rage works
for f in paws_bin/*; do
    echo "$f"
    sudo rm "$f"
    $cmd 2> /dev/null
    ret=$?
    [ $ret -eq 0 ] && err="successful" || err="failed"
    echo $err$'\n'

    [ $ret -eq 0 ] && exit
done

## test.txt
test
	# unset a enviroment variable, see if rage works and restore the variable.

	# when $PATH is unset all breaks down.
	# readlink -f resolves to coreutils
	tee=$(readlink $(which tee))
	nix=$(readlink $(which nix))
	rage_bin="/nix/store/176fb66dbfj3294chdnha0nlqyj3n3ax-rage-0.9.0/bin/rage"
	#rage_bin="$nix run nixpkgs#rage --"

	cmd="$rage_bin -d -i id_ed25519 test.txt.age"
	echo "$cmd"$'\n' \| "$tee" "out.txt"

	env -0 \| while IFS='=' read -r -d '' n v; do
	echo "$n"
	printf "'%s'='%s'\n" "$n" "$v" >> "out.txt"

	unset "$n"
	$cmd >>"out.txt" 2>&1
	status=$?
	[ $status -eq 0 ] && err="successful" \|\| err="failed"
	echo "$err" \| "$tee" -a "out.txt"
	echo $'\n' >> "out.txt"
	export "$n"="$v"
	done

	# not surprisingly it is something(a binary) on $PATH.. Let's find it with set_path.sh
	-----BEGIN OPENSSH PRIVATE KEY-----
	b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAAuqmF9g
	c753uLGIPiATUuAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC9zkwzR/73Lbs9j
	F3IJO4GsghIlLoScJvbqz0oZ9RugAAAAkI75kIki4rTJ4MnsXIIwp3REUnPg/UIc7v7ktZ
	jgj2S+VOJ9vht9ZJ2+y51frpwjhJnMh/u5Ci050F49VE1GjPsy+2cVQjk9olJ5pImY5NQV
	9X9ZsSbf5x/YFI5VHBDx2tvFJ8jk3plbWCXJFruOVGQyvNk+tkBWqH0jAByUeXHSCYHHKw
	Iwb/HEbe722Mwyqg==
	-----END OPENSSH PRIVATE KEY-----
	# add a directory to PATH and test if rage fails.
	# When the right directory is found, copy all symlinks to a local folder
	# and remove symlinks one a a time until rage works.
	# (or copy symlinks to a local folder on PATH until rage fails.)

	# when $PATH is unset all breaks down...
	# `readlink -f` resolves to coreutils
	tee=$(readlink $(which tee))
	nix=$(readlink $(which nix))
	# rage is implicit installed. Find the path with `nix-locate /bin/rage`
	rage_bin="/nix/store/176fb66dbfj3294chdnha0nlqyj3n3ax-rage-0.9.0/bin/rage"
	# or run it without installing. But the former is faster
	# rage_bin="$nix run nixpkgs#rage --"

	cmd="$rage_bin -d -i id_ed25519 test.txt.age"


	# echo $PATH
	# PATH=/run/wrappers/bin:/bin:/home/paw/.config/emacs/bin:/home/paw/.local/share/cargo/bin:/nix/store/6607z5svdmqj10j4j53ybcmv3dqnqag6-source/bin:/home/paw/.local/bin:/home/paw/.nix-profile/bin:/etc/profiles/per-user/paw/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
	unset PATH
	# use your emacs skills to go convert echo $PATH to this
	PATH=/run/wrappers/bin
	PATH=$PATH:/bin
	PATH=$PATH:/home/paw/.config/emacs/bin
	PATH=$PATH:/home/paw/.local/share/cargo/bin
	PATH=$PATH:/nix/store/6607z5svdmqj10j4j53ybcmv3dqnqag6-source/bin
	PATH=$PATH:/home/paw/.local/bin
	PATH=$PATH:/home/paw/.nix-profile/bin
	#PATH=$PATH:/etc/profiles/per-user/paw/bin # something in here is preventing rage from working
	PATH=$PATH:/nix/var/nix/profiles/default/bin
	PATH=$PATH:/run/current-system/sw/bin

	# copy to local folder and add it to path.
	cp --preserve=links -r /etc/profiles/per-user/paw/bin/ /etc/nixos/secrets/paws_bin
	PATH=$PATH:/etc/nixos/secrets/paws_bin/
	export PATH=$PATH
	echo $PATH


	if ! command -v agenix &> /dev/null
	then
	echo "agenix not found"
	else
	echo "path seems good"
	fi

	# remove a symlink, see if rage works
	for f in paws_bin/*; do
	echo "$f"
	sudo rm "$f"
	$cmd 2> /dev/null
	ret=$?
	[ $ret -eq 0 ] && err="successful" \|\| err="failed"
	echo $err$'\n'

	[ $ret -eq 0 ] && exit
	done