2
\$\begingroup\$

This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.

This script makes a few assumptions

  1. There is a java keystore stored at ~/.keystore
  2. There is an alias for an entry in that keystore with a value of test
  3. Both the keystore and entry share the same initial password
  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.

#!/bin/bash
keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test
generate_password() {
 local password_length=1ドル
 local password="$(dd if=/dev/urandom bs=$password_length count=1 | base64 -w 0)"
 echo $password
}
set_keystore_password() {
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
 echo $password >> $config_file
 echo $password
}
set_key_password() {
 local keystore_password=1ドル
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
 echo $password >> $config_file
}
initialize_keystore() {
 if [ -f $config_file ]
 then
 rm $config_file
 touch $config_file
 fi
 local keystore_password=$(set_keystore_password)
 set_key_password $keystore_password
}
initialize_keystore
hjpotter92
8,9011 gold badge26 silver badges49 bronze badges
asked Apr 5, 2018 at 0:27
\$\endgroup\$
1
  • 1
    \$\begingroup\$ I generally separate my list w/ code by using --- (horizontal rule) \$\endgroup\$ Commented Apr 5, 2018 at 1:48

2 Answers 2

3
\$\begingroup\$

It is a good practice to have the script tested on shellcheck.net so that you have a convention.

In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:

echo "" > $config_file

The password_length can become a global value instead of being local to set_key_passphrase.

You can avoid the double echo in the set_keystore_password by using tee:

echo "$password" | tee -a "$config_file"
answered Apr 5, 2018 at 2:07
\$\endgroup\$
1
  • \$\begingroup\$ I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry). \$\endgroup\$ Commented Apr 5, 2018 at 18:24
1
\$\begingroup\$

This looks pretty good already. I only have two things to add:

  1. Replace

    rm $config_file
touch $config_file

    with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.

  2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.
answered Apr 5, 2018 at 13:00
\$\endgroup\$

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.