Add accessor key authorization and enhance completion logic

Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details.

scripts/install.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# BackTunnel installer (terminal/TUI service menus)
+# BackTunnel installer (scripts, man page, completions, Dolphin service menus)
 set -euo pipefail
 
 PREFIX=${PREFIX:-/usr}
@@ -12,60 +12,89 @@ KSVC5="$DESTDIR$PREFIX/share/kservices5/ServiceMenus"
 APPDIR="$DESTDIR$PREFIX/share/applications"
 BCOMP="$DESTDIR$PREFIX/share/bash-completion/completions"
 SHARE_DIR="$DESTDIR$PREFIX/share/backtunnel"
+ETC_DIR="$DESTDIR/etc/backtunnel"
 
-say() { printf '[BackTunnel] %s\n' "$*"; }
+say() { printf '[BackTunnel] %s\n' "$@"; }
 
-say "Installing to PREFIX=${PREFIX} DESTDIR=${DESTDIR}"
+# --- Create dirs ---
+install -d -m 755 "$BINDIR" "$MANDIR" "$KIO_SM" "$KSVC5" "$BCOMP" "$SHARE_DIR" "$APPDIR"
+install -d -m 755 "$ETC_DIR"
 
-# --- Binaries (CLI) ---
-install -Dm755 "scripts/backtunnel-share"      "$BINDIR/backtunnel-share"
-install -Dm755 "scripts/backtunnel-access"     "$BINDIR/backtunnel-access"
-install -Dm755 "scripts/backtunnel-auth-setup" "$BINDIR/backtunnel-auth-setup"
-
-# --- GUI wrappers (optional) ---
-install -Dm755 "scripts/backtunnel-share-gui"  "$BINDIR/backtunnel-share-gui"
-install -Dm755 "scripts/backtunnel-access-gui" "$BINDIR/backtunnel-access-gui"
-
-# --- Terminal opener + TUIs (used by service menus) ---
-install -Dm755 "scripts/backtunnel-open-term"  "$BINDIR/backtunnel-open-term"
-install -Dm755 "scripts/backtunnel-share-tui"  "$BINDIR/backtunnel-share-tui"
-install -Dm755 "scripts/backtunnel-access-tui" "$BINDIR/backtunnel-access-tui"
+# --- Install binaries ---
+for f in \
+  scripts/backtunnel-share \
+  scripts/backtunnel-access \
+  scripts/backtunnel-share-gui \
+  scripts/backtunnel-access-gui \
+  scripts/backtunnel-open-term \
+  scripts/backtunnel-share-tui \
+  scripts/backtunnel-access-tui \
+  scripts/backtunnel-keys \
+  scripts/backtunnel-authorize \
+  scripts/backtunnel-auth-setup
+do
+  if [[ -f "$f" ]]; then
+    install -m 755 "$f" "$BINDIR/$(basename "$f")"
+    say "Installed $(basename "$f")"
+  fi
+done
 
 # --- Man page ---
-install -Dm644 "man/backtunnel.1"              "$MANDIR/backtunnel.1"
+if [[ -f man/backtunnel.1 ]]; then
+  install -m 644 man/backtunnel.1 "$MANDIR/backtunnel.1"
+  say "Installed man page"
+fi
 
-# --- Bash completions (install for both command names) ---
-install -Dm644 "completions/backtunnel.bash"   "$BCOMP/backtunnel-share"
-install -Dm644 "completions/backtunnel.bash"   "$BCOMP/backtunnel-access"
+# --- Bash completion (same file serves both commands) ---
+if [[ -f completions/backtunnel.bash ]]; then
+  install -m 644 completions/backtunnel.bash "$BCOMP/backtunnel-share"
+  install -m 644 completions/backtunnel.bash "$BCOMP/backtunnel-access"
+  say "Installed bash completions"
+fi
 
-# --- Dolphin service menus (Plasma 6) ---
-install -Dm644 "servicemenus/backtunnel_share.desktop"  "$KIO_SM/backtunnel_share.desktop"
-install -Dm644 "servicemenus/backtunnel_access.desktop" "$KIO_SM/backtunnel_access.desktop"
-
-# --- Plasma 5 legacy path (harmless if unused) ---
-install -Dm644 "servicemenus/backtunnel_share.desktop"  "$KSVC5/backtunnel_share.desktop"
-install -Dm644 "servicemenus/backtunnel_access.desktop" "$KSVC5/backtunnel_access.desktop"
+# --- Dolphin service menus (Plasma 6 primary, Plasma 5 fallback) ---
+if [[ -f servicemenus/backtunnel_share.desktop ]]; then
+  install -m 644 servicemenus/backtunnel_share.desktop "$KIO_SM/backtunnel_share.desktop"
+  install -m 644 servicemenus/backtunnel_share.desktop "$KSVC5/backtunnel_share.desktop"
+  say "Installed Dolphin: Share"
+fi
+if [[ -f servicemenus/backtunnel_access.desktop ]]; then
+  install -m 644 servicemenus/backtunnel_access.desktop "$KIO_SM/backtunnel_access.desktop"
+  install -m 644 servicemenus/backtunnel_access.desktop "$KSVC5/backtunnel_access.desktop"
+  say "Installed Dolphin: Access"
+fi
 
 # --- Optional desktop launcher ---
-if [[ -f "desktop/backtunnel.desktop" ]]; then
-  install -Dm644 "desktop/backtunnel.desktop"   "$APPDIR/backtunnel.desktop"
+if [[ -f desktop/backtunnel.desktop ]]; then
+  install -m 644 desktop/backtunnel.desktop "$APPDIR/backtunnel.desktop"
+  say "Installed desktop launcher"
 fi
 
-# --- Example profiles (system default + packaged fallback) ---
-install -Dm644 "docs/profiles.ini.example"     "$DESTDIR/etc/backtunnel/profiles.ini"
-install -Dm644 "docs/profiles.ini.example"     "$SHARE_DIR/profiles.ini"
-
-# --- Refresh desktop/KDE cache (best-effort) ---
-if command -v update-desktop-database >/dev/null 2>&1; then
-  say "Refreshing desktop database..."
-  update-desktop-database -q || true
+# --- Profiles defaults ---
+if [[ -f docs/profiles.ini.example ]]; then
+  install -m 644 docs/profiles.ini.example "$SHARE_DIR/profiles.ini"
+  # install system default if not present (don’t overwrite local admin config)
+  if [[ ! -f "$ETC_DIR/profiles.ini" ]]; then
+    install -m 644 docs/profiles.ini.example "$ETC_DIR/profiles.ini"
+    say "Installed default /etc/backtunnel/profiles.ini"
+  else
+    say "Preserved existing /etc/backtunnel/profiles.ini"
+  fi
 fi
-if command -v kbuildsycoca6 >/dev/null 2>&1; then
-  say "Rebuilding KDE sycoca (Plasma 6)..."
-  kbuildsycoca6 --noincremental >/dev/null 2>&1 || true
-elif command -v kbuildsycoca5 >/dev/null 2>&1; then
-  say "Rebuilding KDE sycoca (Plasma 5)..."
-  kbuildsycoca5 --noincremental >/dev/null 2>&1 || true
+
+# --- Refresh desktop/KDE cache (best-effort; skip during DESTDIR packaging) ---
+if [[ -z "${DESTDIR}" ]]; then
+  if command -v update-desktop-database >/dev/null 2>&1; then
+    say "Refreshing desktop database..."
+    update-desktop-database -q || true
+  fi
+  if command -v kbuildsycoca6 >/dev/null 2>&1; then
+    say "Rebuilding KDE sycoca (Plasma 6)..."
+    kbuildsycoca6 --noincremental >/dev/null 2>&1 || true
+  elif command -v kbuildsycoca5 >/dev/null 2>&1; then
+    say "Rebuilding KDE sycoca (Plasma 5)..."
+    kbuildsycoca5 --noincremental >/dev/null 2>&1 || true
+  fi
 fi
 
 say "Install complete."