pythoninthegrass/keychain_phoenix.sh

## keychain_phoenix.sh
#!/usr/bin/env bash


# SOURCE:
# https://gist.github.com/pythoninthegrass/ca8074951cf32a6a064bda7e31b03d60

# activate verbose standard output (stdout)
set -v
# activate debugging (execution shown)
set -x

# logs (DEBUGGING ONLY -- disable as it stores params creds on host machine)
log_time=$(date +%Y%m%d_%H%M%S)
# log_file="/tmp/$(basename "$0" | cut -d. -f1)_$log_time.log" # LOCAL only
log_file="/tmp/reset_keychain_$log_time.log"
exec &> >(tee -a "$log_file")   # redirect standard error (stderr) and stdout to log
# exec 1>> >(tee -a "$log_file")	# redirect stdout to log

# Current user
# Param $3 is logged in user in JSS
logged_in_user=$(logname) # posix alternative to /dev/console
# logged_in_user=$3

# Working directory
# script_dir=$(cd "$(dirname "$0")" && pwd)

# Set $IFS to eliminate whitespace in pathnames
IFS="$(printf '\n\t')"

# Working directory
# scriptDir=$(cd "$(dirname "$0")" && pwd)

# Check for root privileges
if [[ $(whoami) != "root" ]]; then
    echo "Sorry, you need super user privileges to run this script."
    exit 1
fi

# Move existing keychains
cd /Users/$logged_in_user/Library/Keychains/ || exit
if [[ ! -e "/Users/$logged_in_user/Library/Keychains/Old" ]]; then
    mkdir -p /Users/$logged_in_user/Library/Keychains/Old
    echo "Created backup keychain directory successfully."
fi

# Enable glob pattern matching, then move all but the Old keychain directory
shopt -s extglob
mkdir -p "/Users/$logged_in_user/Library/Keychains/Old/Old_Keychain_$log_time" && mv !(Old) "$_"
if [[ $? = 0 ]]; then
    echo "Old keychain was moved successfully."
else
    echo "Resetting keychain failed. Try, try again"
    shopt -u extglob
    exit 1
fi
shopt -u extglob

# deactivate verbose and debugging stdout
set +v
set +x

unset IFS

exit 0

# TODO: switch to jamfHelper prompt; bypassed via restart options in Jamf policy
# Prompt for reboot
# confirm() {
#     # call with a prompt string or use a default
#     read -r -p "${1:-Are you sure? [y/N]} " response
#     case "$response" in
#         [yY][eE][sS]|[yY])
#             true
#             ;;
#         *)
#             false
#             ;;
#     esac
# }
# confirm "Do you want to reboot now to reset the keychain? [Y/n]?" && /usr/bin/sudo sh -c "reboot"
	#!/usr/bin/env bash


	# SOURCE:
	# https://gist.github.com/pythoninthegrass/ca8074951cf32a6a064bda7e31b03d60

	# activate verbose standard output (stdout)
	set -v
	# activate debugging (execution shown)
	set -x

	# logs (DEBUGGING ONLY -- disable as it stores params creds on host machine)
	log_time=$(date +%Y%m%d_%H%M%S)
	# log_file="/tmp/$(basename "$0" \| cut -d. -f1)_$log_time.log" # LOCAL only
	log_file="/tmp/reset_keychain_$log_time.log"
	exec &> >(tee -a "$log_file") # redirect standard error (stderr) and stdout to log
	# exec 1>> >(tee -a "$log_file") # redirect stdout to log

	# Current user
	# Param $3 is logged in user in JSS
	logged_in_user=$(logname) # posix alternative to /dev/console
	# logged_in_user=$3

	# Working directory
	# script_dir=$(cd "$(dirname "$0")" && pwd)

	# Set $IFS to eliminate whitespace in pathnames
	IFS="$(printf '\n\t')"

	# Working directory
	# scriptDir=$(cd "$(dirname "$0")" && pwd)

	# Check for root privileges
	if [[ $(whoami) != "root" ]]; then
	echo "Sorry, you need super user privileges to run this script."
	exit 1
	fi

	# Move existing keychains
	cd /Users/$logged_in_user/Library/Keychains/ \|\| exit
	if [[ ! -e "/Users/$logged_in_user/Library/Keychains/Old" ]]; then
	mkdir -p /Users/$logged_in_user/Library/Keychains/Old
	echo "Created backup keychain directory successfully."
	fi

	# Enable glob pattern matching, then move all but the Old keychain directory
	shopt -s extglob
	mkdir -p "/Users/$logged_in_user/Library/Keychains/Old/Old_Keychain_$log_time" && mv !(Old) "$_"
	if [[ $? = 0 ]]; then
	echo "Old keychain was moved successfully."
	else
	echo "Resetting keychain failed. Try, try again"
	shopt -u extglob
	exit 1
	fi
	shopt -u extglob

	# deactivate verbose and debugging stdout
	set +v
	set +x

	unset IFS

	exit 0

	# TODO: switch to jamfHelper prompt; bypassed via restart options in Jamf policy
	# Prompt for reboot
	# confirm() {
	# # call with a prompt string or use a default
	# read -r -p "${1:-Are you sure? [y/N]} " response
	# case "$response" in
	# [yY][eE][sS]\|[yY])
	# true
	# ;;
	# *)
	# false
	# ;;
	# esac
	# }
	# confirm "Do you want to reboot now to reset the keychain? [Y/n]?" && /usr/bin/sudo sh -c "reboot"