/.bashrc

Slug: bashrc

Tags: linux>dotfile

60364 characters 7544 words

#Introduction

This guide walks through configuring a robust interactive shell on Debian 11 “Bullseye,” including environment variables (Go, Rust, Python), Flatpak, aliases, and a systemd-user–managed SSH agent. It separates user-level and root-level steps, clarifies placeholders, and includes verification commands.

#1. System Update & Core Utilities

sudo apt update && sudo apt upgrade -y sudo apt install -y \ build-essential git curl wget unzip zip bash-completion \ python3-pip nodejs npm libpulse-dev flatpak swaks

#2. Language Runtimes

#Go (≥1.20)

GO_VER=1.20.5 wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz sudo tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz rm go${GO_VER}.linux-amd64.tar.gz

#Rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

#3. Shell Configuration

#3.1 ~/.bash_profile (User)

# Source ~/.bashrc for interactive login shells if [[ $- == *i* ]]; then source ~/.bashrc fi

#3.2 ~/.bashrc (User)

# 1. Exit if not interactive case "$-" in *i*) ;; *) return;; esac # 2. History HISTCONTROL=ignoreboth # space-prefixed commands and duplicates are not saved shopt -s histappend # Append to history file, don't overwrite HISTSIZE=5000 # Number of commands to keep in memory HISTFILESIZE=10000 # Number of commands to keep in the history file # Save history after each command and reload it to make it available across terminals. # `history -a` appends the current session's history to HISTFILE. # `PROMPT_COMMAND="history -a; ${PROMPT_COMMAND}"` ensures this happens before each prompt. # Rely on histappend for merging on shell exit. PROMPT_COMMAND="history -a; ${PROMPT_COMMAND}" # 3. XDG directories export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}" export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}" export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}" # Ensure critical XDG directories exist mkdir -p "$XDG_CONFIG_HOME" "$XDG_CACHE_HOME" "$XDG_DATA_HOME" # Append Flatpak XDG data dirs to the system default XDG_DATA_DIRS _FLATPAK_USER_DATA_DIR="$XDG_DATA_HOME/flatpak/exports/share" _FLATPAK_SYSTEM_DATA_DIR="/var/lib/flatpak/exports/share" _SYSTEM_XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}" export XDG_DATA_DIRS="${_FLATPAK_USER_DATA_DIR}:${_FLATPAK_SYSTEM_DATA_DIR}:${_SYSTEM_XDG_DATA_DIRS}" # Clean up temporary variables unset _FLATPAK_USER_DATA_DIR _FLATPAK_SYSTEM_DATA_DIR _SYSTEM_XDG_DATA_DIRS # XDG_RUNTIME_DIR is critical and typically set by pam_systemd. # If it's not set, it indicates a problem with the system's session management (e.g., pam_systemd). # Do not attempt to set it manually to a /tmp path here as it can cause issues. if [ -z "$XDG_RUNTIME_DIR" ]; then # Log an error or warning if preferred, but avoid setting a non-standard fallback # echo "Warning: XDG_RUNTIME_DIR is not set. User services may not function correctly." >&2 : # No action, rely on system setup else export XDG_RUNTIME_DIR # Ensure it's exported if set by pam_systemd fi # 4. PATH updates export GOPATH="$HOME/go" _add_to_path_if_missing() { local dir_to_add="$1" local prepend="$2" # "prepend" or "append" if [ -d "$dir_to_add" ]; then case ":$PATH:" in *":$dir_to_add:"*) :;; # Already in PATH *) if [ "$prepend" = "prepend" ]; then PATH="$dir_to_add:$PATH" # Prepend for higher priority else PATH="$PATH:$dir_to_add" # Append fi ;; esac fi } _add_to_path_if_missing "/usr/local/go/bin" "prepend" # Go system binaries _add_to_path_if_missing "$GOPATH/bin" "prepend" # User-installed Go binaries _add_to_path_if_missing "$HOME/.local/bin" "prepend" # User-local pip installs, etc. # Rust path is handled by sourcing .cargo/env, which also prepends. unset _add_to_path_if_missing export PATH # 5. Rust environment [ -f "$HOME/.cargo/env" ] && source "$HOME/.cargo/env" # 6. Bash completion if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then source /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then source /etc/bash_completion fi fi # 7. SSH agent: Prioritize systemd-user, then GNOME Keyring if in desktop session # This logic determines which SSH_AUTH_SOCK to use. # Path for the systemd user ssh-agent socket _SYSTEMD_SSH_AGENT_SOCK="$XDG_RUNTIME_DIR/ssh-agent.sock" if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$_SYSTEMD_SSH_AGENT_SOCK" ]; then # systemd user agent socket exists, use it. export SSH_AUTH_SOCK="$_SYSTEMD_SSH_AGENT_SOCK" elif [ -n "$DESKTOP_SESSION" ] && command -v gnome-keyring-daemon >/dev/null; then # No systemd user agent socket found (or XDG_RUNTIME_DIR not set), # but in a desktop session. Attempt to use/start GNOME Keyring. # GNOME Keyring might already be running via its own systemd user service or XDG autostart. # This eval will set SSH_AUTH_SOCK if gnome-keyring-daemon starts/is running and manages SSH. eval "$(gnome-keyring-daemon --start --components=secrets,ssh)" export SSH_AUTH_SOCK # Ensure it's exported from eval fi unset _SYSTEMD_SSH_AGENT_SOCK # Attempt to add default SSH key (id_rsa) if an agent is running and has no keys. if command -v ssh-add >/dev/null; then if ! ssh-add -l &>/dev/null; then # Check if agent has ANY keys if [ -n "${SSH_AUTH_SOCK}" ] && [ -S "${SSH_AUTH_SOCK}" ] && [ -f "$HOME/.ssh/id_rsa" ]; then # Agent seems to be running (socket exists), but no keys listed. Add id_rsa. # Suppress errors (e.g., passphrase needed but no tty, or key already added by another mechanism). ssh-add "$HOME/.ssh/id_rsa" 2>/dev/null || true fi fi fi # 9. Prompt if [[ "${EUID}" == "0" ]]; then # Root prompt PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else # User prompt PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' fi # 10. Aliases (!!! REVIEW AND REPLACE PLACEHOLDERS !!!) alias ls='ls --color=auto -hF' # Added -h for human-readable sizes, -F for type indicators alias ll='ls -alFh' # Added -h alias la='ls -Ah' # Added -h alias l='ls -CFh' # Added -h alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' # Example ping alias (uses default system ping) alias p='ping -c 4 example.com' # Pings example.com 4 times # Swaks alias for email testing # !!! REPLACE with your actual email, app password, and possibly SMTP server !!! # For Gmail, you'll need an "App Password". See Google's help documentation. # alias Z='swaks -4 -tls -f you@gmail.com -t recipient@example.com -s smtp.gmail.com:587 -au you@gmail.com -ap YOUR_GMAIL_APP_PASSWORD -d' alias Z='echo "Swaks alias Z not configured. Edit ~/.bashrc with your email details and an App Password for services like Gmail."' # Git project aliases # !!! REPLACE 'REPO' with your actual repository directory name if different !!! # And ensure ~/projects/REPO is a git repository. PROJECTS_DIR="$HOME/projects" # Example: alias project1-pull='(cd "$PROJECTS_DIR/my-actual-project" && git pull) || echo "Failed to cd or pull in $PROJECTS_DIR/my-actual-project"' alias pullrepo='(cd "$PROJECTS_DIR/REPO" && git pull) || echo "Failed to cd to $PROJECTS_DIR/REPO or pull"' alias pushrepo='(cd "$PROJECTS_DIR/REPO" && git push) || echo "Failed to cd to $PROJECTS_DIR/REPO or push"' # Update system alias update='sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && echo "System update process completed."' alias f2p='f2p.py --xml --max-depth 9 --include-hidden --ignore-gitignore --output /home/linaro/Downloads/f2put.txt' # Check for listening ports alias listports='sudo ss -tulnp' fix_ownership_preserve_permissions_final() { local home_dir="/home/linaro" local target_user="linaro" local target_group="linaro" # Assuming group is the same as the user local overall_success=true # Flag to track if all critical operations succeeded echo "-----------------------------------------------------------------------------" echo "Home Directory Ownership & Permission Corrector (Preserve & Secure)" echo "-----------------------------------------------------------------------------" echo "This script will perform the following actions within '${home_dir}':" echo "1. Phase 1 (Symbolic Links): Change ownership of symbolic LINKS THEMSELVES to '${target_user}:${target_group}'." echo "2. Phase 2 (All Items): Change ownership of all files, directories, and symlink TARGETS" echo " to '${target_user}:${target_group}' AND re-apply their original permission bits." echo "3. Phase 3 (Security): For '${home_dir}/.ssh' and '${home_dir}/.gnupg', ENFORCE known-good secure permissions." echo "" echo "WARNING:" echo "- This operation uses 'sudo' and modifies file ownership and permissions recursively." echo "- If a non-SSH/GPG file had insecure permissions (e.g., 777) while owned by root," echo " Phase 2 will preserve those permissions under '${target_user}' ownership." echo " Review permissions of sensitive non-SSH/GPG files afterwards." echo "- Ensure you have a backup if you are uncertain about any consequences." echo "-----------------------------------------------------------------------------" read -p "Are you absolutely sure you want to proceed? (Type 'yes' to continue): " confirmation if [[ "$confirmation" != "yes" ]]; then echo "Operation cancelled by user." return 1 fi echo "" echo "Proceeding with ownership and permission changes..." # --- Phase 1: Set ownership of Symbolic Links themselves --- echo "" echo "Phase 1: Setting ownership of symbolic links themselves to '${target_user}:${target_group}'..." sudo find "${home_dir}" -type l -print0 | while IFS= read -r -d $'\0' symlink_item; do echo " Processing symlink: ${symlink_item}" if ! sudo chown -h "${target_user}:${target_group}" "${symlink_item}"; then echo " ERROR: Failed to change ownership of symlink '${symlink_item}'." overall_success=false else echo " Ownership of symlink set." fi done echo "Phase 1 complete." # --- Phase 2: Change ownership and re-apply original permissions for all items --- # For symlinks, this phase will operate on their TARGETS. echo "" echo "Phase 2: Changing ownership to '${target_user}' and re-applying original permissions for all items (including symlink targets)..." sudo find "${home_dir}" -print0 | while IFS= read -r -d $'\0' item; do echo " Processing item: ${item}" item_type=$(sudo stat -L -c "%F" "${item}") # Get type, dereferencing symlink # Get current permissions in octal format (dereferences symlinks by default) current_perms_octal=$(sudo stat -c "%a" "${item}") if [[ -z "$current_perms_octal" ]]; then echo " ERROR: Could not get permissions for '${item}'. Skipping permission change." # Still attempt chown if possible if ! sudo chown "${target_user}:${target_group}" "${item}"; then echo " ERROR: Failed to change ownership for '${item}' as well." overall_success=false fi continue fi echo " Original Permissions (of item/target): ${current_perms_octal}, Type: ${item_type}" # 1. Change ownership to the target user and group (dereferences symlinks by default) if ! sudo chown "${target_user}:${target_group}" "${item}"; then echo " ERROR: Failed to change ownership for '${item}'. Skipping chmod for this item." overall_success=false continue fi echo " Ownership changed to ${target_user}:${target_group}." # 2. Re-apply the original permissions (dereferences symlinks by default) # Skip chmod for symbolic links themselves (their permissions are special: lrwxrwxrwx) # We are interested in the target's permissions, which stat already gave us. if [[ "${item_type}" != "symbolic link" ]]; then # Only chmod non-symlinks directly if ! sudo chmod "${current_perms_octal}" "${item}"; then echo " ERROR: Failed to re-apply original permissions '${current_perms_octal}' to '${item}'." overall_success=false else echo " Original permissions '${current_perms_octal}' re-applied." fi else # For symlinks, we've already processed the target's permissions if 'item' was a symlink. # The link's own permissions (lrwxrwxrwx) are not changed by chmod. echo " Item is a symbolic link. Its target's ownership/permissions handled. Link's own perms (lrwxrwxrwx) unchanged by chmod." fi echo " ---" done echo "Phase 2 complete." # --- Phase 3: Enforce specific secure permissions for critical directories --- echo "" echo "Phase 3: Enforcing specific secure permissions for critical directories..." # For .ssh directory if [ -d "${home_dir}/.ssh" ]; then echo " Enforcing secure permissions for '${home_dir}/.ssh'..." sudo chown -R "${target_user}:${target_group}" "${home_dir}/.ssh" # Robustness sudo chmod 700 "${home_dir}/.ssh" sudo find "${home_dir}/.ssh" -type f \( -name "id_rsa" -o -name "id_dsa" -o -name "id_ecdsa" -o -name "id_ed25519" \) -exec sudo chmod 600 {} \; sudo find "${home_dir}/.ssh" -type f \( -name "*.pub" \) -exec sudo chmod 644 {} \; [ -f "${home_dir}/.ssh/authorized_keys" ] && sudo chmod 600 "${home_dir}/.ssh/authorized_keys" [ -f "${home_dir}/.ssh/known_hosts" ] && sudo chmod 644 "${home_dir}/.ssh/known_hosts" [ -f "${home_dir}/.ssh/config" ] && sudo chmod 600 "${home_dir}/.ssh/config" sudo find "${home_dir}/.ssh" -mindepth 1 -type f \ ! \( -name "id_rsa" -o -name "id_dsa" -o -name "id_ecdsa" -o -name "id_ed25519" \ -o -name "*.pub" -o -name "authorized_keys" -o -name "known_hosts" -o -name "config" \) -exec sudo chmod 600 {} \; sudo find "${home_dir}/.ssh" -mindepth 1 -type d -exec sudo chmod 700 {} \; echo " Permissions for '${home_dir}/.ssh' secured." fi # For .gnupg directory if [ -d "${home_dir}/.gnupg" ]; then echo " Enforcing secure permissions for '${home_dir}/.gnupg'..." sudo chown -R "${target_user}:${target_group}" "${home_dir}/.gnupg" # Robustness sudo chmod 700 "${home_dir}/.gnupg" sudo find "${home_dir}/.gnupg" -type f -exec sudo chmod 600 {} \; sudo find "${home_dir}/.gnupg" -mindepth 1 -type d -exec sudo chmod 700 {} \; echo " Permissions for '${home_dir}/.gnupg' secured." fi echo "Phase 3 complete." echo "-----------------------------------------------------------------------------" if [[ "$overall_success" == true ]]; then echo "Ownership and permission adjustment process completed successfully." else echo "Ownership and permission adjustment process completed with SOME ERRORS (see log above)." fi echo "IMPORTANT: Review permissions of sensitive files outside of .ssh and .gnupg." echo "If they had overly permissive settings, those have been preserved under" echo "'${target_user}' ownership. Adjust manually if needed." echo "Verify that all applications function as expected." echo "-----------------------------------------------------------------------------" if [[ "$overall_success" == true ]]; then return 0 else return 1 fi } # Alias to call the enhanced function alias fixmyhome='fix_ownership_preserve_permissions_final' . "$HOME/.cargo/env" source ~/.bash_completion/alacritty # restic backup function: resto /path/to/backup resto() { # --- Configuration --- local restic_cmd="restic_0.18" local repository_location="rclone:storj:rest-3588" local hardcoded_password="placeholder" # <<< YOUR HARDCODED PASSWORD (QUOTED) # --- Argument Validation --- if [ -z "$1" ]; then echo "Error: You must specify the path to back up." >&2 echo "Usage: resto /path/to/your/data" >&2 return 1 # Return an error code fi # --- Variable Setup --- local backup_path="$1" local current_date_tag current_date_tag=$(date +%Y%m%d) # Generates tag like YYYYMMDD (e.g., 20250516) # --- User Feedback --- echo "--------------------------------------------------" echo "Attempting restic backup:" echo " Source: ${backup_path}" echo " Repository: ${repository_location}" echo " Tag: ${current_date_tag}" echo " Restic cmd: ${restic_cmd}" echo " Auth Method: Hardcoded password (WARNING: SERIOUS SECURITY RISK!)" # Emphasize risk echo "--------------------------------------------------" # --- Command Execution --- # The RESTIC_PASSWORD environment variable is set *only* for this specific command's environment. # It does not persist in the current shell session afterwards. # Quotes around "${hardcoded_password}" are crucial, especially since your password # contains '&', a special shell metacharacter (used for backgrounding processes). # The backslashes (\) at the end of lines are for line continuation, allowing # a single command to be split across multiple lines for readability. RESTIC_PASSWORD="${hardcoded_password}" "${restic_cmd}" \ -r "${repository_location}" \ -o rclone.connections=8 \ backup "${backup_path}" \ --verbose \ --pack-size=60 \ --tag "${current_date_tag}" # --- Post-Execution Feedback --- local exit_status=$? if [ ${exit_status} -eq 0 ]; then echo "--------------------------------------------------" echo "SUCCESS: Backup completed for: ${backup_path}" echo "--------------------------------------------------" else echo "--------------------------------------------------" echo "ERROR: Backup FAILED for: ${backup_path} (Exit status: ${exit_status})" >&2 echo " (Verify repository settings, password, rclone configuration, and target path.)" echo "--------------------------------------------------" fi return ${exit_status} } #!/bin/bash # fpsync wrapper 'cesto' for Debian Bullseye # Designed to maximize fpsync's parallel transfer capabilities by ensuring # fpsync always operates on a directory whose contents can be partitioned by fpart. # # - If a single directory is provided as source, it's passed directly to fpsync. # - If multiple files/directories or a single file are provided as sources, # they are copied into a temporary aggregation directory. This aggregation # directory is then passed to fpsync, allowing fpart to see all individual # items and partition them effectively for parallel rsync workers. cesto() { # --- Argument Validation --- # Ensures at least two arguments: one or more sources, and one destination. if [ "$#" -lt 2 ]; then echo "Error: At least one source item and a destination directory are required." >&2 echo "Usage: cesto <source_item_1> [source_item_2...] <destination_directory/>" >&2 echo " or: cesto <single_source_directory> <destination_directory>" >&2 echo "Example (multiple files for aggregation): cesto report.pdf image.png data_files/*.csv ./backup/aggregated_reports_images_data" >&2 echo "Example (single large directory for direct sync): cesto ./my_entire_dataset/ /mnt/archive/dataset_backup/" >&2 return 1 fi # --- Variable Initialization --- local user_dest_dir="${!#}" # Last argument is the destination directory path provided by the user. local sources_array=("${@:1:$#-1}") # All arguments except the last are considered source items. local num_sources="${#sources_array[@]}" # Count of source items. local num_workers=4 # Number of parallel fpsync workers (as per original alias request). local fpsync_opts="-v" # Default options for fpsync (verbose). # Path for the temporary aggregation directory, if needed. Local to this function call. local tmp_aggregation_dir="" # Setup a 'trap' for robust cleanup of the temporary aggregation directory. # This command executes when the function exits (EXIT signal) or on common interrupt signals. # The command string is in single quotes, so '$tmp_aggregation_dir' is evaluated # *when the trap is triggered*, using its value at that moment. # 'trap - ...' at the end of the trap command aims to make it a self-disabling one-shot trap. trap 'if [ -n "$tmp_aggregation_dir" ] && [ -d "$tmp_aggregation_dir" ]; then echo "INFO: (Trap) Cleaning up temporary aggregation directory: $tmp_aggregation_dir"; rm -rf "$tmp_aggregation_dir"; fi; trap - EXIT HUP INT QUIT TERM' EXIT HUP INT QUIT TERM # --- Destination Path Preparation --- # This section ensures the destination path is an absolute directory path with a trailing slash. echo "INFO: Preparing destination directory: \"$user_dest_dir\"" # 'mkdir -p' creates the directory including any necessary parent directories. # It doesn't error if the directory already exists, making it idempotent. if ! mkdir -p "$user_dest_dir"; then echo "Error: Failed to create or access directory structure for destination \"$user_dest_dir\"." >&2 return 1 fi local abs_dest_dir # Will hold the canonical, absolute path to the destination. # 'readlink -f' resolves all symlinks, '..' and '.', making the path absolute. # This requires the path (or its components up to the symlink target) to exist. abs_dest_dir=$(readlink -f "$user_dest_dir") if [ -z "$abs_dest_dir" ] || [ ! -d "$abs_dest_dir" ]; then echo "Error: Could not resolve destination \"$user_dest_dir\" to an absolute directory path, or it's not a directory after 'mkdir -p'." >&2 return 1 fi # Ensures a single trailing slash, signifying to fpsync/rsync to sync *into* this directory. local final_dest_dir_for_fpsync="${abs_dest_dir%/}/" # --- Source Path Handling --- # This variable will hold the final, absolute source directory path (with trailing slash) for fpsync. local path_to_sync_via_fpsync # Case 1: A single source item is provided by the user. # We check if this single item is a directory. If so, it's used directly. # This is the most straightforward and often most performant case for fpsync. if [ "$num_sources" -eq 1 ]; then local single_src_item_orig="${sources_array[0]}" local single_src_item_abs # Will hold the absolute path of the single source. single_src_item_abs=$(readlink -f "$single_src_item_orig") if [ -z "$single_src_item_abs" ]; then echo "Error: Source \"$single_src_item_orig\" could not be resolved to an absolute path." >&2 return 1 fi if [ -d "$single_src_item_abs" ]; then echo "INFO: Mode: Single source directory detected (\"${single_src_item_abs}\"). Using direct fpsync for maximum parallelism of its contents." path_to_sync_via_fpsync="${single_src_item_abs%/}/" # Ensure trailing slash. # If the single source item is not a directory (e.g., it's a file), # 'path_to_sync_via_fpsync' remains unset. The script will then proceed to the # aggregation logic (Case 2) to handle this single file. fi fi # Case 2: Multiple source items were provided, OR it was a single source item that was not a directory. # (This is triggered if 'path_to_sync_via_fpsync' was not set in Case 1). # In this scenario, all specified source items are copied into a temporary aggregation directory. # This aggregation directory then becomes the source for fpsync. if [ -z "$path_to_sync_via_fpsync" ]; then echo "INFO: Mode: Multiple sources or single file source detected. Aggregating into a temporary directory to enable optimal fpsync parallelism." # Create a unique temporary directory. # Uses $TMPDIR if set (standard practice), otherwise defaults to /tmp. # The XXXXXX template ensures mktemp generates a unique, secure name. # Note: This temporary directory may consume significant disk space if source items are large. tmp_aggregation_dir=$(mktemp -d "/mnt/mSATA/tmp_cesto/cesto_aggregate_src.XXXXXXXXXX") # Check if mktemp was successful and created a directory. if [ $? -ne 0 ] || [ -z "$tmp_aggregation_dir" ] || [ ! -d "$tmp_aggregation_dir" ]; then echo "Error: Failed to create temporary aggregation directory using mktemp." >&2 tmp_aggregation_dir="" # Ensure var is empty for the trap's conditional check. return 1 fi # The trap (set earlier) will now be responsible for cleaning up this specific '$tmp_aggregation_dir' path. local item_copied_successfully=0 # Flag to track if any items were actually copied. echo "INFO: Populating temporary aggregation directory: ${tmp_aggregation_dir}" for src_item_orig in "${sources_array[@]}"; do local src_item_abs # Absolute path of the current source item. src_item_abs=$(readlink -f "$src_item_orig") if [ -z "$src_item_abs" ]; then echo "Warning: Could not resolve source item \"$src_item_orig\" to an absolute path. Skipping." >&2 continue fi if [ ! -e "$src_item_abs" ]; then # Check if the resolved path actually exists. echo "Warning: Source item \"$src_item_orig\" (resolved to \"$src_item_abs\") does not exist. Skipping." >&2 continue fi # Use 'cp -aL' to copy items into the aggregation directory: # -a (archive mode): Equivalent to -dR --preserve=all. # -d: same as --no-dereference --preserve=links (preserves symlinks as symlinks). # -R: copy directories recursively. # --preserve=all: preserves mode, ownership, timestamps, links, context, xattr. # -L (dereference): When copying, if a source argument is a symbolic link, # copy the file or directory it points to, rather than the link itself. # This ensures the actual data/directory structures are placed into the aggregation directory. # If 'src_item_abs' is a directory, it will be copied recursively into 'tmp_aggregation_dir'. echo " Copying \"$src_item_orig\" (as \"$src_item_abs\") into temporary aggregation directory..." if cp -aL "$src_item_abs" "$tmp_aggregation_dir/"; then item_copied_successfully=1 else echo "Warning: Failed to copy \"$src_item_orig\" (resolved to \"$src_item_abs\") to temporary aggregation directory. Skipping." >&2 fi done if [ "$item_copied_successfully" -eq 0 ]; then echo "Error: No source items were successfully copied to the temporary aggregation directory." >&2 # The EXIT trap will handle cleaning up the (empty or partially filled) tmp_aggregation_dir. return 1 fi # The source for fpsync will be this populated temporary aggregation directory. # A trailing slash is crucial for fpsync to synchronize the *contents* of this directory. path_to_sync_via_fpsync="${tmp_aggregation_dir%/}/" fi # --- Execution --- echo "INFO: Running fpsync with source \"${path_to_sync_via_fpsync}\" and destination \"${final_dest_dir_for_fpsync}\"" # fpsync will now operate on 'path_to_sync_via_fpsync'. # If this is a user's single source directory, fpsync processes it directly. # If this is the temporary aggregation directory, fpsync processes all the items copied into it. # In both scenarios, fpart (within fpsync) can see a directory structure containing all # individual files and sub-directories, allowing it to partition the workload effectively # for the parallel rsync workers, thus maximizing parallelism. # rsync (used by fpsync) can also provide benefits like delta-transfer if files are being updated. fpsync -n "${num_workers}" ${fpsync_opts} "${path_to_sync_via_fpsync}" "${final_dest_dir_for_fpsync}" local fpsync_status=$? # Capture the exit status of fpsync for reliable error checking. if [ ${fpsync_status} -ne 0 ]; then echo "Warning: fpsync operation completed with errors (status: ${fpsync_status})." >&2 else echo "INFO: fpsync operation completed successfully." fi # The EXIT trap (if '$tmp_aggregation_dir' was set and points to a created directory) # will automatically clean up the source-side temporary aggregation directory. # The function returns fpsync's exit status, allowing the caller (e.g., another script) # to check for success or failure of the cesto command. return ${fpsync_status} } alias hands='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=aafcjomacmnbaahoofemlheilcimkppb & exit' alias drive='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak & exit' alias gemini='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=caidcmannjgahlnbpmidmiecjcoiiigg & exit' alias openai='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=cfbmnkmmjhboeflpgnckjneljkhagell & exit' alias ide='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=ehjakkgkdlikfiplhaghbilnpdlmfgbo & exit' alias gingko='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=glpafmialolpdohgeinpjffpbnjjfhhc & exit' alias whats='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm & exit' alias devin='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=jeanpambhekpchfnadhifbfdfhfjonag & exit' alias workspace='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=kejlbheaeffmkkfopajhgmefbpmgelfp & exit' alias jules='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=kfhlllhpifmmhopbnlabhbmcmkokpgge & exit' alias github='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=mjoklplbddabcmpepnokjaffbmgbkkgg & exit' alias studio='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=mojogeknlbnppmajemmkcfkilgaapppk & exit' alias khoj='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=oojcbbhlpifpfcefjdoppjkdmljbjnda & exit' alias doc2plan='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=paomcjbhlkmgamkbcllamfnkmiefidhg & exit' alias codespace='/opt/chromium.org/thorium/thorium-browser --profile-directory=Default --app-id=pdeapfppmifikfghhlchhocndoingjbc & exit'

#4. systemd-user SSH Agent Service (User)

Create ~/.config/systemd/user/ssh-agent.service:

[Unit] Description=SSH Agent per user After=network.target [Service] Type=forking Environment=SSH_AUTH_SOCK=%t/ssh-agent.sock ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK [Install] WantedBy=default.target

Enable and start:

systemctl --user daemon-reload systemctl --user enable ssh-agent.service systemctl --user start ssh-agent.service

Verify:

systemctl --user status ssh-agent.service ls -l "$XDG_RUNTIME_DIR/ssh-agent.sock" ssh-add -l

#5. Common SSH Use Cases

  • Passwordless login: Key-based server access.
  • Git over SSH: Seamless git clone/push/pull.
  • Agent forwarding: Secure multi-hop SSH.
  • Hardware tokens: GNOME Keyring integration.

#6. Verification Checklist

go version rustc --version bash --login -ic 'echo interactive' ssh-add -l

#installing the necessary dependencies

This comprehensive guide will walk you through installing and configuring every dependency and necessity to fully implement the features of your provided .bashrc configuration and SSH setup on a Debian 11 “Bullseye” system. It assumes your root user is root and your local user is linaro.

User Account Assumption:

  • Root user: root
  • Local user: linaro

#Prerequisites for linaro User

Before starting, ensure the linaro user has sudo privileges to execute administrative commands. If not, as the root user, run:

# As root user usermod -aG sudo linaro

After running this command, linaro must log out and log back in for the group change to take effect. All commands prefixed with sudo below should be run by the linaro user, leveraging these sudo privileges.

#Part 1: System-Wide Installations and Configurations (executed by linaro using sudo)

These steps involve installing packages and setting up system-level configurations.

#1.1. System Update

First, ensure your system’s package list and installed packages are up-to-date:

sudo apt update && sudo apt upgrade -y
  • What: Updates the local package lists from repositories and upgrades all currently installed packages to their newest versions.
  • Why: Essential for system stability, security, and to ensure compatibility with new software.
  • Verification: The commands complete without errors. You can run sudo apt list --upgradable afterwards; it should show no or very few packages.

#1.2. Core Utilities and Essential Packages

Install the core utilities and packages mentioned in your script, plus a few others that are implicitly needed or highly recommended for the setup:

sudo apt install -y \ build-essential \ git \ curl \ wget \ unzip \ zip \ bash-completion \ python3-pip \ nodejs \ npm \ libpulse-dev \ flatpak \ swaks \ openssh-client \ iputils-ping \ gnome-keyring \ libnss-myhostname \ dbus-user-session

Let’s break down why each of these is needed:

  • build-essential:
    • What: A meta-package that installs GCC (C compiler), make, and other essential tools for compiling software from source.
    • Why: Required by Rust’s installation script (rustup) and potentially for other software you might build.
    • Verify: gcc --version and make --version should display their versions.
  • git:
    • What: A distributed version control system.
    • Why: Needed for the pull and push aliases in your .bashrc (interacting with ~/projects/REPO) and potentially by rustup.
    • Verify: git --version should display the installed version.
  • curl:
    • What: A command-line tool for transferring data using various network protocols.
    • Why: Used to download the Rust installation script (sh.rustup.rs).
    • Verify: curl --version should display its version.
  • wget:
    • What: A command-line tool for downloading files from the web.
    • Why: Used to download the Go language tarball.
    • Verify: wget --version should display its version.
  • unzip & zip:
    • What: Utilities for decompressing and creating ZIP archives, respectively.
    • Why: General-purpose utilities useful for managing compressed files.
    • Verify: unzip -v and zip -v should display their versions.
  • bash-completion:
    • What: Provides programmable command-line completion for the Bash shell.
    • Why: Your .bashrc explicitly sources bash completion scripts, enhancing shell interactivity (e.g., pressing Tab to complete commands or options).
    • Verify: After setting up .bashrc and opening a new terminal, typing a command like apt ins and pressing Tab should offer install as a suggestion.
  • python3-pip:
    • What: The package installer for Python 3.
    • Why: While not directly called by a .bashrc function, it’s useful for Python development. Python scripts installed via pip for the user might go into $HOME/.local/bin, which is added to your PATH.
    • Verify: pip3 --version should display its version.
  • nodejs & npm:
    • What: Node.js is a JavaScript runtime; npm is its package manager.
    • Why: Common tools for web development and various JavaScript-based utilities. Not directly used by .bashrc but good for a development setup.
    • Verify: node --version and npm --version should display their versions.
  • libpulse-dev:
    • What: Development files for PulseAudio, a sound server.
    • Why: Often a dependency for desktop applications or development involving audio. Its inclusion might be related to expectations in a desktop environment where GNOME Keyring is also used.
    • Verify: dpkg -s libpulse-dev | grep Status should show “install ok installed”.
  • flatpak:
    • What: A system for building, distributing, and running sandboxed desktop applications.
    • Why: Your .bashrc modifies XDG_DATA_DIRS to include Flatpak paths, making applications installed via Flatpak discoverable.
    • Verify: flatpak --version should display its version.
  • swaks:
    • What: “Swiss Army Knife for SMTP,” a command-line SMTP testing tool.
    • Why: Used by the Z alias in your .bashrc for sending test emails.
    • Verify: swaks --version should display its version.
  • openssh-client:
    • What: Provides SSH client tools like ssh, scp, ssh-agent, ssh-add, and ssh-keygen.
    • Why: Essential for all SSH functionalities: agent management, key generation, connecting to SSH servers, and for the ssh-add command in .bashrc.
    • Verify: ssh -V should display its version.
  • iputils-ping:
    • What: Provides the ping utility.
    • Why: Required for the p alias in your .bashrc.
    • Verify: ping -V should display its version (use Ctrl+C to stop if it starts pinging).
  • gnome-keyring:
    • What: A daemon that keeps passwords and other secrets for users. It can also manage SSH keys.
    • Why: Your .bashrc includes a fallback mechanism to use gnome-keyring-daemon as an SSH agent if a DESKTOP_SESSION is active.
    • Verify: dpkg -s gnome-keyring | grep Status should show “install ok installed”.
  • libnss-myhostname:
    • What: A plugin for NSS providing hostname resolution for the locally configured system hostname.
    • Why: Crucial for the stability of systemd --user services, ensuring the local hostname is consistently resolvable, preventing potential issues with services that rely on it, especially in minimal or containerized environments.
    • Verify: dpkg -s libnss-myhostname | grep Status should show “install ok installed”.
  • dbus-user-session:
    • What: Provides D-Bus session management for user sessions, often launched via systemd --user.
    • Why: Essential for proper functioning of the systemd user instance (systemd --user), which manages user-specific services like the ssh-agent.service. It ensures the user’s D-Bus is available, which many modern applications and services rely on, and helps manage XDG_RUNTIME_DIR.
    • Verify: dpkg -s dbus-user-session | grep Status should show “install ok installed”.

#1.3. Install Go Language (System Part)

This installs Go into /usr/local/go, accessible by all users. (Assumes linux-amd64 architecture).

# To find the latest Go version, visit https://go.dev/dl/ # As of May 2025, a recent stable version is 1.22.3. Please check for the latest. GO_VER="1.22.3" # Example: Update this to the latest desired stable version. GO_ARCH="amd64" # Adjust if your architecture is different (e.g., arm64) # Download Go binary tarball (as linaro) wget "https://go.dev/dl/go${GO_VER}.linux-${GO_ARCH}.tar.gz" -P /tmp # Extract Go to /usr/local (needs sudo) sudo tar -C /usr/local -xzf "/tmp/go${GO_VER}.linux-${GO_ARCH}.tar.gz" # Remove the downloaded tarball (as linaro) rm "/tmp/go${GO_VER}.linux-${GO_ARCH}.tar.gz"
  • What: Installs the Go programming language binaries.
  • Why: Your .bashrc sets GOPATH and adds /usr/local/go/bin to the PATH for using Go commands.
  • Verification (later, after .bashrc is configured): go version

#Part 2: User-Specific Installations and Configurations (as linaro)

These steps are performed by the linaro user and configure their specific environment.

#2.1. Create User-Specific Directories

Your .bashrc and language tools expect certain directories in linaro’s home.

# For Go development (GOPATH) mkdir -p "$HOME/go/bin" "$HOME/go/pkg" "$HOME/go/src" # For XDG Base Directory Specification & systemd user services mkdir -p "$HOME/.config/systemd/user" chmod 0700 "$HOME/.config" # Ensure parent .config dir is secure chmod 0700 "$HOME/.config/systemd" chmod 0700 "$HOME/.config/systemd/user" # Secure user service definitions mkdir -p "$HOME/.local/share/flatpak/exports/share" # For user-installed Flatpak data mkdir -p "$HOME/.local/bin" # For user-specific executables (pip might install here) # For project alias examples mkdir -p "$HOME/projects/REPO" # Replace REPO with your actual project name if desired # You would then 'git init' or 'git clone' into ~/projects/REPO
  • What: Creates standard directory structures used by Go, XDG-compliant applications, Flatpak, pip, and your example aliases. Ensures correct permissions for systemd user directories.
  • Why: Ensures these tools and configurations function correctly and securely.
  • Verification: ls -ld "$HOME/go", stat -c "%a %n" "$HOME/.config/systemd/user" etc., should show the created directories with appropriate permissions (e.g., 700 for ~/.config/systemd/user).

#2.2. Install Rust Language

Rust is installed per-user using rustup.

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
  • What: Downloads and runs rustup-init.sh, which installs rustup (the Rust toolchain manager) and the latest stable Rust toolchain (compiler rustc, package manager cargo, etc.) into $HOME/.cargo.
  • Why: Your .bashrc sources $HOME/.cargo/env to add Rust tools to your PATH.
  • Verification (later, after .bashrc is configured): rustc --version and cargo --version. You might need to source $HOME/.cargo/env manually for the current session before editing .bashrc: source "$HOME/.cargo/env".

#2.3. Generate SSH Key Pair

If linaro doesn’t already have an SSH key, generate one. This key (~/.ssh/id_rsa) will be added to the SSH agent.

# Check if a key already exists if [ ! -f "$HOME/.ssh/id_rsa" ]; then echo "SSH key not found. Generating a new one..." # Generate with a comment including username and hostname (or 'debian' if hostname fails) ssh-keygen -t rsa -b 4096 -C "linaro@$(hostname || echo debian)" echo "SSH key generated." else echo "SSH key $HOME/.ssh/id_rsa already exists." fi # Ensure correct permissions for .ssh directory and its contents chmod 700 "$HOME/.ssh" [ -f "$HOME/.ssh/id_rsa" ] && chmod 600 "$HOME/.ssh/id_rsa" [ -f "$HOME/.ssh/id_rsa.pub" ] && chmod 644 "$HOME/.ssh/id_rsa.pub" # Apply strict permissions to other common SSH files if they exist [ -f "$HOME/.ssh/authorized_keys" ] && chmod 600 "$HOME/.ssh/authorized_keys" [ -f "$HOME/.ssh/known_hosts" ] && chmod 600 "$HOME/.ssh/known_hosts" [ -f "$HOME/.ssh/config" ] && chmod 600 "$HOME/.ssh/config"
  • What: ssh-keygen creates a private (id_rsa) and public (id_rsa.pub) key pair.
  • Why: The private key is used for authenticating to SSH servers (e.g., for passwordless login, Git operations). The .bashrc script attempts to ssh-add ~/.ssh/id_rsa.
  • During generation: You’ll be asked for a file to save the key (press Enter for default) and a passphrase (optional, but highly recommended for security). The SSH agent will help manage this passphrase so you don’t have to type it repeatedly.
  • Verification: ls -al "$HOME/.ssh/id_rsa" should show the private key file with 600 permissions.

#2.4. Configure ~/.bash_profile

This file ensures .bashrc is loaded for interactive login shells (e.g., when you SSH into the linaro account or log in on the console).

cat << 'EOF' > "$HOME/.bash_profile" # Source ~/.bashrc for interactive login shells # Check if running interactively and if .bashrc exists if [[ $- == *i* && -f "$HOME/.bashrc" ]]; then source "$HOME/.bashrc" fi # Fallback PATH adjustments (though .bashrc should handle these comprehensively) # This ensures .local/bin and .cargo/bin are in PATH even if .bashrc is minimal. _add_to_path_if_missing() { if [ -d "$1" ]; then case ":$PATH:" in *":$1:"*) :;; # Already in PATH *) PATH="$1:$PATH" ;; # Prepend esac fi } _add_to_path_if_missing "$HOME/.local/bin" _add_to_path_if_missing "$HOME/.cargo/bin" # Rustup typically handles this via .profile modification too unset _add_to_path_if_missing export PATH EOF
  • What: Configures Bash to source ~/.bashrc upon login.
  • Why: Makes your aliases, PATH settings, and other .bashrc configurations available immediately after logging in.
  • Verification (later, after full setup): bash --login -ic 'type ll' should show that ll is an alias.

#2.5. Configure ~/.bashrc

Create or replace ~/.bashrc with your provided configuration. Important: Review the aliases section and replace placeholders.

cat << 'EOF' > "$HOME/.bashrc" # 1. Exit if not interactive case "$-" in *i*) ;; *) return;; esac # 2. History HISTCONTROL=ignoreboth # space-prefixed commands and duplicates are not saved shopt -s histappend # Append to history file, don't overwrite HISTSIZE=5000 # Number of commands to keep in memory HISTFILESIZE=10000 # Number of commands to keep in the history file # Save history after each command and reload it to make it available across terminals. # `history -a` appends the current session's history to HISTFILE. # `PROMPT_COMMAND="history -a; ${PROMPT_COMMAND}"` ensures this happens before each prompt. # Rely on histappend for merging on shell exit. PROMPT_COMMAND="history -a; ${PROMPT_COMMAND}" # 3. XDG directories export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}" export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}" export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}" # Ensure critical XDG directories exist mkdir -p "$XDG_CONFIG_HOME" "$XDG_CACHE_HOME" "$XDG_DATA_HOME" # Append Flatpak XDG data dirs to the system default XDG_DATA_DIRS _FLATPAK_USER_DATA_DIR="$XDG_DATA_HOME/flatpak/exports/share" _FLATPAK_SYSTEM_DATA_DIR="/var/lib/flatpak/exports/share" _SYSTEM_XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}" export XDG_DATA_DIRS="${_FLATPAK_USER_DATA_DIR}:${_FLATPAK_SYSTEM_DATA_DIR}:${_SYSTEM_XDG_DATA_DIRS}" # Clean up temporary variables unset _FLATPAK_USER_DATA_DIR _FLATPAK_SYSTEM_DATA_DIR _SYSTEM_XDG_DATA_DIRS # XDG_RUNTIME_DIR is critical and typically set by pam_systemd. # If it's not set, it indicates a problem with the system's session management (e.g., pam_systemd). # Do not attempt to set it manually to a /tmp path here as it can cause issues. if [ -z "$XDG_RUNTIME_DIR" ]; then # Log an error or warning if preferred, but avoid setting a non-standard fallback # echo "Warning: XDG_RUNTIME_DIR is not set. User services may not function correctly." >&2 : # No action, rely on system setup else export XDG_RUNTIME_DIR # Ensure it's exported if set by pam_systemd fi # 4. PATH updates export GOPATH="$HOME/go" _add_to_path_if_missing() { local dir_to_add="$1" local prepend="$2" # "prepend" or "append" if [ -d "$dir_to_add" ]; then case ":$PATH:" in *":$dir_to_add:"*) :;; # Already in PATH *) if [ "$prepend" = "prepend" ]; then PATH="$dir_to_add:$PATH" # Prepend for higher priority else PATH="$PATH:$dir_to_add" # Append fi ;; esac fi } _add_to_path_if_missing "/usr/local/go/bin" "prepend" # Go system binaries _add_to_path_if_missing "$GOPATH/bin" "prepend" # User-installed Go binaries _add_to_path_if_missing "$HOME/.local/bin" "prepend" # User-local pip installs, etc. # Rust path is handled by sourcing .cargo/env, which also prepends. unset _add_to_path_if_missing export PATH # 5. Rust environment [ -f "$HOME/.cargo/env" ] && source "$HOME/.cargo/env" # 6. Bash completion if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then source /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then source /etc/bash_completion fi fi # 7. SSH agent: Prioritize systemd-user, then GNOME Keyring if in desktop session # This logic determines which SSH_AUTH_SOCK to use. # Path for the systemd user ssh-agent socket _SYSTEMD_SSH_AGENT_SOCK="$XDG_RUNTIME_DIR/ssh-agent.sock" if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$_SYSTEMD_SSH_AGENT_SOCK" ]; then # systemd user agent socket exists, use it. export SSH_AUTH_SOCK="$_SYSTEMD_SSH_AGENT_SOCK" elif [ -n "$DESKTOP_SESSION" ] && command -v gnome-keyring-daemon >/dev/null; then # No systemd user agent socket found (or XDG_RUNTIME_DIR not set), # but in a desktop session. Attempt to use/start GNOME Keyring. # GNOME Keyring might already be running via its own systemd user service or XDG autostart. # This eval will set SSH_AUTH_SOCK if gnome-keyring-daemon starts/is running and manages SSH. eval "$(gnome-keyring-daemon --start --components=secrets,ssh)" export SSH_AUTH_SOCK # Ensure it's exported from eval fi unset _SYSTEMD_SSH_AGENT_SOCK # Attempt to add default SSH key (id_rsa) if an agent is running and has no keys. if command -v ssh-add >/dev/null; then if ! ssh-add -l &>/dev/null; then # Check if agent has ANY keys if [ -n "${SSH_AUTH_SOCK}" ] && [ -S "${SSH_AUTH_SOCK}" ] && [ -f "$HOME/.ssh/id_rsa" ]; then # Agent seems to be running (socket exists), but no keys listed. Add id_rsa. # Suppress errors (e.g., passphrase needed but no tty, or key already added by another mechanism). ssh-add "$HOME/.ssh/id_rsa" 2>/dev/null || true fi fi fi # 9. Prompt if [[ "${EUID}" == "0" ]]; then # Root prompt PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else # User prompt PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' fi # 10. Aliases (!!! REVIEW AND REPLACE PLACEHOLDERS !!!) alias ls='ls --color=auto -hF' # Added -h for human-readable sizes, -F for type indicators alias ll='ls -alFh' # Added -h alias la='ls -Ah' # Added -h alias l='ls -CFh' # Added -h alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' # Example ping alias (uses default system ping) alias p='ping -c 4 example.com' # Pings example.com 4 times # Swaks alias for email testing # !!! REPLACE with your actual email, app password, and possibly SMTP server !!! # For Gmail, you'll need an "App Password". See Google's help documentation. # alias Z='swaks -4 -tls -f you@gmail.com -t recipient@example.com -s smtp.gmail.com:587 -au you@gmail.com -ap YOUR_GMAIL_APP_PASSWORD -d' alias Z='echo "Swaks alias Z not configured. Edit ~/.bashrc with your email details and an App Password for services like Gmail."' # Git project aliases # !!! REPLACE 'REPO' with your actual repository directory name if different !!! # And ensure ~/projects/REPO is a git repository. PROJECTS_DIR="$HOME/projects" # Example: alias project1-pull='(cd "$PROJECTS_DIR/my-actual-project" && git pull) || echo "Failed to cd or pull in $PROJECTS_DIR/my-actual-project"' alias pullrepo='(cd "$PROJECTS_DIR/REPO" && git pull) || echo "Failed to cd to $PROJECTS_DIR/REPO or pull"' alias pushrepo='(cd "$PROJECTS_DIR/REPO" && git push) || echo "Failed to cd to $PROJECTS_DIR/REPO or push"' # Update system alias update='sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && echo "System update process completed."' # Check for listening ports alias listports='sudo ss -tulnp' EOF

Key points about this revised .bashrc:

  • Placeholders in Aliases: Critical for Z (swaks) and pullrepo/pushrepo.
  • History: Uses PROMPT_COMMAND="history -a; ${PROMPT_COMMAND}" for immediate availability of commands in other terminals, with shopt -s histappend for merging on exit.
  • XDG Directories: Uses standard defaults if variables are unset. Avoids risky XDG_RUNTIME_DIR fallback.
  • PATH Management: Robustly adds paths, prepending for priority.
  • SSH Agent Logic: Clearly prioritizes the systemd-user agent. If its socket $XDG_RUNTIME_DIR/ssh-agent.sock exists, it’s used. Otherwise, if in a DESKTOP_SESSION, it attempts to use/start gnome-keyring-daemon. Then, it tries to add ~/.ssh/id_rsa if an agent is active but has no keys.
  • Prompt: Colored prompt, different for root and regular users.
  • Aliases: Minor improvements like -h for human-readable sizes in ls.

Apply .bashrc changes: For the current terminal session, source it:

source "$HOME/.bashrc"

New terminals will load it automatically.

#2.6. Configure systemd-user SSH Agent Service

This creates a service that automatically starts ssh-agent for the linaro user upon login.

Create the service file ~/.config/systemd/user/ssh-agent.service: (Ensure ~/.config/systemd/user exists and has 0700 permissions from step 2.1).

cat << 'EOF' > "$HOME/.config/systemd/user/ssh-agent.service" [Unit] Description=SSH Authentication Agent for User Session # This service should start early if it's going to be used. # .bashrc will connect to the socket if this service is running. # It doesn't need to be a hard requirement for default.target if SSH isn't always used # or if another agent (like GNOME Keyring) is preferred in some sessions. Documentation=man:ssh-agent(1) Before=default.target # Requires XDG_RUNTIME_DIR to be available and the user session to be set up. After=network.target systemd-user-sessions.service user@$(id -u).service [Service] Type=forking # The Environment variable defines the socket path for *this* ssh-agent instance. # %t expands to the XDG_RUNTIME_DIR path (e.g., /run/user/1000). Environment=SSH_AUTH_SOCK=%t/ssh-agent.sock # ssh-agent with -a creates the socket and forks into the background. ExecStart=/usr/bin/ssh-agent -a %t/ssh-agent.sock # Restart=always # Optional: uncomment if you want it to try restarting on failure. [Install] WantedBy=default.target EOF

Enable and start the service:

systemctl --user daemon-reload systemctl --user enable ssh-agent.service systemctl --user start ssh-agent.service # Or restart if it was already running: systemctl --user restart ssh-agent.service
  • What: ssh-agent.service defines how systemd manages ssh-agent for user linaro.
  • Why: Provides a reliable, auto-starting SSH agent managed by systemd, independent of graphical sessions (unless GNOME Keyring takes precedence as configured in .bashrc).
  • Verification (after starting):
    systemctl --user status ssh-agent.service # Look for "active (running)" ls -al "$XDG_RUNTIME_DIR/ssh-agent.sock" # Should show the socket file, e.g., srw------- 1 linaro linaro 0 May 8 12:34 /run/user/1000/ssh-agent.sock ssh-add -l # If the .bashrc logic has run and added the key: # Should list your ~/.ssh/id_rsa key or state "The agent has no identities." if .bashrc hasn't run yet in a new shell # or if the key requires a passphrase that hasn't been entered.

#Part 3: Verification Checklist

After completing all steps, and ideally after logging out and logging back in (or rebooting) to ensure all services and profile scripts are loaded correctly:

  1. Go Version:
    go version
    • Expected: go version goX.Y.Z linux/amd64 (your chosen version).
  2. Rust Version:
    rustc --version cargo --version
    • Expected: Shows versions like rustc x.y.z ... and cargo x.y.z ....
  3. Bash Login Shell & .bashrc Sourcing:
    bash --login -ic 'type ll && echo SSH_AUTH_SOCK is $SSH_AUTH_SOCK'
    • Expected:
      • ll is an alias for ls -alFh
      • SSH_AUTH_SOCK is /run/user/$(id -u linaro)/ssh-agent.sock (or a GNOME Keyring path if in a desktop session and it took over).
  4. SSH Agent Status:
    ssh-add -l
    • Expected: Lists your ~/.ssh/id_rsa key (e.g., 4096 SHA256:... linaro@hostname (RSA)).
    • If it says “The agent has no identities.” try opening a new terminal. If your key has a passphrase, the ssh-add in .bashrc (if the terminal is interactive and TTY is available) or the first attempt to use the key (e.g., ssh somehost) should prompt for it. Once entered, the agent remembers it for the session (or longer if integrated with GNOME Keyring and configured to do so).
  5. XDG_RUNTIME_DIR:
    echo "$XDG_RUNTIME_DIR" stat -c "Permissions: %a, Path: %n" "$XDG_RUNTIME_DIR"
    • Expected: A path like /run/user/1000 (where 1000 is linaro’s UID). Permissions should be 700 (drwx——). If empty or permissions are wrong, systemd-user services and other applications might fail. This is normally set up by pam_systemd.
  6. Aliases: Test your aliases:
    ll # Should list files with details p # Should attempt to ping example.com # Z # Test after configuring with your email details # pullrepo # Test after setting up ~/projects/REPO

#Part 4: Understanding Key Features and Use Cases

  • SSH Agent (systemd-user vs. GNOME Keyring):
    • Your setup prioritizes the systemd-user ssh-agent.service. The socket for this is $XDG_RUNTIME_DIR/ssh-agent.sock.
    • If this systemd agent socket isn’t found AND you log into a desktop environment (where DESKTOP_SESSION is set), the .bashrc allows gnome-keyring-daemon to be used for SSH agent functions. GNOME Keyring is often auto-started by the desktop environment (e.g., via its own systemd user service or XDG autostart) and can integrate well with desktop login, potentially unlocking your SSH key automatically.
    • The ssh-add ~/.ssh/id_rsa line in .bashrc attempts to add your default private key to whichever agent’s SSH_AUTH_SOCK is currently active.
  • Passwordless SSH Login:
    1. Generate your key pair (ssh-keygen - done).
    2. Ensure ssh-agent is running and has your key added (ssh-add -l to check - handled by .bashrc and systemd service).
    3. Copy your public key to the remote server: ssh-copy-id user@remote_host.
    4. Now ssh user@remote_host should log you in without a password (it uses the key from the agent). If your key has a passphrase, the agent will prompt for it once per session (or as configured) and then remember it.
  • Git over SSH:
    • Once your SSH agent is working with your key, Git operations (clone, pull, push) with SSH URLs (e.g., git@github.com:user/repo.git) will automatically use the keys from the agent.
  • Agent Forwarding:
    • Allows using your local SSH keys on a remote server to connect to another subsequent server, without your private key ever leaving your local machine.
    • To use: ssh -A user@intermediate_host. From intermediate_host, you can then ssh further_host.
    • Security Note: Only use agent forwarding (-A or ForwardAgent yes) with trusted intermediate hosts.
    • Configure per-host in ~/.ssh/config:
      Host my_intermediate_server HostName server.example.com User your_user ForwardAgent yes
  • Hardware Tokens (e.g., YubiKey for SSH):
    • GNOME Keyring might offer some integration for PKCS#11 devices if supported by your desktop environment.
    • For direct control, typically packages like opensc-pkcs11 are installed, and the SSH client is configured to use the hardware token via its PKCS#11 library (e.g., by setting PKCS11Provider in ~/.ssh/config or using ssh -I /path/to/lib.so). This is an advanced setup.
  • Flatpak Integration (XDG_DATA_DIRS):
    • Adding Flatpak’s exports/share directories to XDG_DATA_DIRS helps your shell and desktop environment discover application metadata (like .desktop files) for Flatpak applications.
  • swaks Alias (Z):
    • This alias is a template for sending test emails. You must configure it with your sender email, recipient, SMTP server details, and an App Password if using services like Gmail with 2-Step Verification.
URL: https://ib.bsb.br/bashrc