From 7909ee2b1895a5430c35c66e24b86de5a2ac36bc Mon Sep 17 00:00:00 2001
From: Anders Montonen <Anders.Montonen@iki.fi>
Date: Fri, 25 Mar 2022 10:40:18 +0100
Subject: [PATCH] kas-container: add '--ssh-agent' option

The option mounts the SSH_AUTH_SOCK ssh agent socket, and sets the
environment variable in the container.

Signed-off-by: Anders Montonen <Anders.Montonen@iki.fi>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 kas-container | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/kas-container b/kas-container
index d9af5f6..32ff12e 100755
--- a/kas-container
+++ b/kas-container
@@ -61,6 +61,7 @@ usage()
 	printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n"
 	printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
 		    "container.\n"
+	printf "%b" "--ssh-agent\t\tForward ssh-agent socket to the container.\n"
 	printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n"
 	printf "%b" "--git-credential-store\tFile path to the git credential " \
 		    "store\n"
@@ -210,6 +211,10 @@ while [ $# -gt 0 ]; do
 		KAS_SSH_DIR="$2"
 		shift 2
 		;;
+	--ssh-agent)
+		KAS_SSH_AUTH_SOCK=$(readlink -f "$SSH_AUTH_SOCK")
+		shift 1
+		;;
 	--aws-dir)
 		[ $# -gt 2 ] || usage
 		KAS_AWS_DIR="$2"
@@ -384,6 +389,15 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
 	set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
 fi
 
+if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
+	if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
+		echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
+		exit 1
+	fi
+	set -- "$@" -v "${KAS_SSH_AUTH_SOCK}":/ssh-agent/ssh-auth-sock \
+		-e SSH_AUTH_SOCK=/ssh-agent/ssh-auth-sock
+fi
+
 if [ -n "${KAS_AWS_DIR}" ] ; then
 	if [ ! -d "${KAS_AWS_DIR}" ]; then
 		echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"