Update bootstrap: 2026-01-20 16:40:01

2026-01-20 16:40:01 +09:00
parent 3050323ff6
commit 664f12656b
3 changed files with 309 additions and 91 deletions
--- a/install.sh
+++ b/install.sh
@@ -27,25 +27,49 @@ if [ ! -f "$NBCRYPT" ]; then
    exit 1
 fi

+# Load SSH Agent environment BEFORE running nbcrypt
+# This ensures nbcrypt can find the Ed25519 key without prompting for BWS token
+AGENT_ENV_FILE="/tmp/.nb_agent_env_${USER:-$(id -un)}"
+if [ -f "$AGENT_ENV_FILE" ]; then
+    # Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
+    # But also verify it actually works with ssh-add -l
+    if [ -n "${SSH_AUTH_SOCK:-}" ] && [ -S "${SSH_AUTH_SOCK}" ]; then
+        # Test if the agent actually works
+        if ssh-add -l >/dev/null 2>&1; then
+            # Agent Forward exists and works, preserve it and skip file loading
+            echo "🔑 Using existing SSH Agent Forward (preserved)"
+        else
+            # Agent Forward exists but doesn't work (stale socket), load from file
+            echo "🔑 Existing SSH Agent Forward is stale, loading from file..."
+            source "$AGENT_ENV_FILE"
+        fi
+    else
+        # No valid agent, safe to load from file
+        echo "🔑 Loading SSH Agent environment..."
+        source "$AGENT_ENV_FILE"
+    fi
+fi
+
+# Ed25519 が無いときは BWS から鍵を取得して ssh-add（--keep でディスクに残す）
+if ! ssh-add -l 2>/dev/null | grep -q ED25519; then
+    "$NBCRYPT" keychain --keep
+    [ -f "$AGENT_ENV_FILE" ] && source "$AGENT_ENV_FILE"
+fi
+
 # Decrypt and execute
 echo "🔐 Decrypting ${TARGET}.sh..."
 TEMP_SCRIPT="/tmp/${TARGET}-$$.sh"

-if "$NBCRYPT" decrypt "$ENC_FILE" "$TEMP_SCRIPT"; then
+if "$NBCRYPT" decfile "$ENC_FILE" "$TEMP_SCRIPT"; then
    chmod +x "$TEMP_SCRIPT"
    
-    # Load SSH Agent environment if it was created by nbcrypt/BWS setup
-    # Only load if we don't already have a valid Agent Forward
-    AGENT_ENV_FILE="/tmp/.nb_agent_env_${USER:-$(id -un)}"
+    # Reload SSH Agent environment if it was updated by nbcrypt/BWS setup
+    # (in case BWS setup created a new agent)
    if [ -f "$AGENT_ENV_FILE" ]; then
        # Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
        if [ -z "${SSH_AUTH_SOCK:-}" ] || [ ! -S "${SSH_AUTH_SOCK}" ]; then
            # No valid agent, safe to load from file
-            echo "🔑 Loading SSH Agent environment..."
            source "$AGENT_ENV_FILE"
-        else
-            # Agent Forward exists, preserve it and skip file loading
-            echo "🔑 Using existing SSH Agent Forward (preserved)"
        fi
    fi