From fe6671f16ddaafa72720cceb73d15383daa892d0 Mon Sep 17 00:00:00 2001
From: Miro Hrončok <miro@hroncok.cz>
Date: Nov 01 2024 12:29:34 +0000
Subject: fkinit: Allow to pass the OTP token via $FKINIT_OTP


This allows me to run:

    $ FKINIT_OTP=$(ykman oath accounts code accounts.fedoraproject.org --single) fkinit

I can even alias this:

    $ alias fkinit='FKINIT_OTP=$(ykman oath accounts code accounts.fedoraproject.org --single) fkinit'

And the invocation then looks like this:

    $ fkinit
    Touch your YubiKey...
    🔐 FAS password: (press TAB for no echo)

Signed-off-by: Miro Hrončok <miro@hroncok.cz>

---

diff --git a/src/fkinit b/src/fkinit
index 4ec0766..a8b163a 100755
--- a/src/fkinit
+++ b/src/fkinit
@@ -104,7 +104,7 @@ fi
 kinit -n @$domain -c FILE:$armorcache
 
 F_PASSWORD=$(systemd-ask-password "FAS password:")
-F_OTP=$(systemd-ask-password "FAS OTP (leave blank if not configured):")
+F_OTP=${FKINIT_OTP:-$(systemd-ask-password "FAS OTP (leave blank if not configured):")}
 
 echo -n ${F_PASSWORD}${F_OTP} | kinit -T FILE:$armorcache $_arg_user@$domain >/dev/null
 unset F_PASSWORD