2
\$\begingroup\$

This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.

This script makes a few assumptions

  1. There is a java keystore stored at ~/.keystore
  2. There is an alias for an entry in that keystore with a value of test
  3. Both the keystore and entry share the same initial password
  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.

#!/bin/bash

keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test

generate_password() {
    local password_length=$1
    local password="$(dd if=/dev/urandom bs=$password_length count=1 | base64 -w 0)"
    echo $password
}

set_keystore_password() {
    local password_length=80
    local password=$(generate_password $password_length)
    keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
    echo $password >> $config_file
    echo $password
}

set_key_password() {
    local keystore_password=$1
    local password_length=80
    local password=$(generate_password $password_length)
    keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
    echo $password >> $config_file
}

initialize_keystore() {
    if [ -f $config_file ]
    then
        rm $config_file
        touch $config_file
    fi

    local keystore_password=$(set_keystore_password)
    set_key_password $keystore_password
}

initialize_keystore
\$\endgroup\$
1
  • 1
    \$\begingroup\$ I generally separate my list w/ code by using --- (horizontal rule) \$\endgroup\$
    – hjpotter92
    Commented Apr 5, 2018 at 1:48

2 Answers 2

Reset to default
3
\$\begingroup\$

It is a good practice to have the script tested on shellcheck.net so that you have a convention.

In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:

echo "" > $config_file

The password_length can become a global value instead of being local to set_key_passphrase.

You can avoid the double echo in the set_keystore_password by using tee:

echo "$password" | tee -a "$config_file"
\$\endgroup\$
1
  • \$\begingroup\$ I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry). \$\endgroup\$
    – Zymus
    Commented Apr 5, 2018 at 18:24
1
\$\begingroup\$

This looks pretty good already. I only have two things to add:

  1. Replace

    rm $config_file
touch $config_file

    with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.

  2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.
\$\endgroup\$

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.