]>
Commit | Line | Data |
---|---|---|
79d4a356 | 1 | # NOTE: |
8d4a98e1 | 2 | # our .zprofile can be expensive, so we keep track of what has been run |
3 | # already, and only set up what is necessary. additionally, we want to ensure | |
4 | # that our environment is set up as early as possible, so we also source | |
5 | # .zprofile in .zshenv for new non-login shells. | |
79d4a356 | 6 | # |
7 | # these issues are handled by using these methods: | |
8 | # * the parent shell that starts the user's session after logging in to some | |
9 | # graphical environments may not be a login shell—due to misconfiguration | |
10 | # or otherwise—which means .zprofile is not ran and the environment is not | |
11 | # properly configured for any child processes. | |
12 | # * some desktop environments/graphical terminal emulators will start new | |
13 | # terminal windows with login shells, which runs .zprofile every time and | |
e69caf64 | 14 | # leads to noticably slow startup times if we have not already ran it. |
79d4a356 | 15 | |
6d54344e | 16 | ### cleanup |
17 | # XXX: only call after relevant vars have been set up, defined early so that | |
18 | # below code can utilize it after they do so | |
19 | function _sev_zcleanup { | |
20 | ## gpg forwarding | |
21 | if [[ -d $_sev_gpg_forward_dir && ( -z $1 || $1 == 'gpg-forward' ) ]] { | |
22 | # clean up forward dirs if its session is dead or we ask for it | |
a8dee69a | 23 | find $_sev_gpg_forward_dir -mindepth 1 -maxdepth 1 -type d | |
6d54344e | 24 | while {read -r x} { |
25 | # NOTE: the only way we can get here is if we have not been | |
26 | # forwarded before, if the user asks for it, or during | |
27 | # logout. if our own pid already has a dir, it is most likely | |
28 | # stale, the user wants it removed, or something is very | |
29 | # broken—in all 3 of these cases the best choice is remove it. | |
30 | p=$(basename $x) | |
31 | if {[[ -v _sev_gpg_forward_clean || $$ == $p ]] || | |
8d4a98e1 | 32 | ! kill -0 $p 2>/dev/null} { |
6d54344e | 33 | find $x -mindepth 1 -maxdepth 1 | while {read -r y} { |
34 | # XXX: real dirs will stop unlink, consider it a feature | |
35 | unlink $y | |
36 | } | |
37 | # don't force in case something important is still there | |
38 | rmdir $x | |
39 | } | |
40 | } | |
41 | # reset GNUPGHOME if we removed our own dir | |
4581a6bf | 42 | if [[ $GNUPGHOME =~ '/.ssh_forward/\d+/*$' && ! -e $GNUPGHOME ]] |
43 | GNUPGHOME=${GNUPGHOME%$MATCH} | |
6d54344e | 44 | } |
45 | ||
46 | ## tmp | |
47 | # NOTE: _sev_tmp is not unset so session dirs will not be recreated | |
48 | # NOTE: XDG dirs that use our tmp are not unset here, they are in zlogout | |
49 | if [[ -d $_sev_tmp && ( -z $1 || $1 == 'tmp' ) ]] { | |
50 | # clean up tmp dirs if its session is dead or we ask for it | |
a8dee69a | 51 | find $_sev_tmp -mindepth 1 -maxdepth 1 -name '.session.*' -type d | |
6d54344e | 52 | while {read -r x} { |
53 | # NOTE: same rationale as above | |
54 | p=${$(basename $x)#.session.} | |
55 | if {[[ -v _sev_tmp_clean || $$ == $p ]] || | |
8d4a98e1 | 56 | ! kill -0 $p 2>/dev/null} { |
6d54344e | 57 | rm -rf $x |
58 | } | |
59 | } | |
60 | } | |
61 | ||
62 | unset x p y | |
63 | } | |
64 | ||
833b2af3 | 65 | ### lang |
6d54344e | 66 | export CHARSET=${CHARSET:-UTF-8} |
67 | export LANG=${LANG:-en_US.UTF-8} | |
6d54344e | 68 | |
833b2af3 | 69 | ### path |
79d4a356 | 70 | # NOTE: we utilize the fact that unique arrays keep the first occurrence and |
71 | # remove any further occurences to capture elements from the old PATH | |
72 | # that we did not anticipate and shift them to the front, since they are | |
73 | # probably important to the system | |
74 | if [[ ! -v _sev_setup_path || -o login ]] { | |
79d4a356 | 75 | typeset -U path fpath |
76 | # add as many generic paths as possible to keep the order we want | |
77 | # NOTE: /usr/{local,pkg,games} are unix/bsdisms | |
8d4a98e1 | 78 | # XXX: PREFIX not validated, non-posix but Termux uses it, maybe others |
79 | # XXX: XDG specifies ~/.local/bin as the only user-writable dir for | |
80 | # executables, but we specify more; technically this is against spec | |
79d4a356 | 81 | syspath=("$path[@]") |
8d4a98e1 | 82 | path=(~/{.local/,}{s,}bin |
41c21771 | 83 | {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/sbin |
84 | {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/bin | |
a8dee69a | 85 | /usr/{X11R{7,6}/bin,games}) |
833b2af3 | 86 | ((len=$#path)) |
79d4a356 | 87 | path=("$path[@]" "$syspath[@]") |
88 | # remove nonexistent and duplicate paths | |
89 | for (( i = 1; i <= $#path; i++ )) { | |
90 | if [[ ! -e $path[$i] ]] { | |
91 | path[$i]=() | |
833b2af3 | 92 | ((i <= len)) && ((len--)) |
79d4a356 | 93 | ((i--)) |
94 | continue | |
95 | } | |
79d4a356 | 96 | } |
833b2af3 | 97 | # shift valid system paths to the front if there are any left |
98 | ((len > 0 && len < $#path)) && path=("${(@)path[len + 1, -1]}" "${(@)path[1, len]}") | |
41c21771 | 99 | unset syspath len i |
79d4a356 | 100 | # include our zsh dir in fpath. unlike above, we always prefer our paths |
101 | fpath=(${ZDOTDIR:-~/.zsh}/functions/{*,Completions/*}(N) "$fpath[@]") | |
102 | # FPATH is not exported by default | |
103 | export FPATH | |
104 | typeset +U path fpath | |
105 | export _sev_setup_path= | |
106 | } | |
107 | ||
8d4a98e1 | 108 | ### xdg local dir |
109 | # NOTE: need this for tmp, so confirm it exists. | |
110 | # XXX: perms are not specified for XDG dirs except runtime, but I think 760 | |
111 | # makes the most sense. shouldn't break anything since no one else should | |
112 | # be poking around in our dir. | |
e69caf64 | 113 | [[ -e ${_sev_home:-~}/.local ]] || mkdir -m760 ${_sev_home:-~}/.local |
8d4a98e1 | 114 | |
6d54344e | 115 | ### tmp |
116 | # NOTE: specs say that POSIX tmp and XDG runtime directories should exist | |
117 | # until the last session is logged out (POSIX can exist for longer). | |
118 | # since we can't reliably keep track of sessions in a cross-platform | |
119 | # manner, the current implementation should use a separate directory per | |
120 | # toplevel session (i.e. SHLVL=1). this should placate most applications, | |
121 | # though it is not expressly spec compliant. | |
122 | if [[ ! -v _sev_tmp ]] { | |
e69caf64 | 123 | _sev_tmp=${_sev_home:-~}/.local/tmp |
8d4a98e1 | 124 | # NOTE: race condition/remove in use files |
125 | [[ -h $_sev_tmp ]] && unlink $_sev_tmp 2>/dev/null | |
833b2af3 | 126 | t=${TMPDIR:-${TEMP:-${TMP:-/tmp}}}/.home-$LOGNAME |
8d4a98e1 | 127 | # create personal tmp dir under system tmp |
128 | [[ -e $t ]] || mkdir -m700 $t 2>/dev/null | |
833b2af3 | 129 | if [[ ! -d $t ]] { |
130 | [[ -o interactive ]] && | |
8d4a98e1 | 131 | print -P "%F{orange}*** Can't create TMPDIR $t, using $_sev_tmp%f" |
132 | # fallback bare directory | |
133 | [[ -e $_sev_tmp ]] || mkdir -m700 $_sev_tmp 2>/dev/null | |
134 | if [[ ! -d $_sev_tmp ]] { | |
135 | [[ -o interactive ]] && | |
136 | print -P "%F{red}!!! No usable TMPDIR%f" | |
137 | unset _sev_tmp | |
138 | } else { | |
139 | t=$_sev_tmp | |
140 | } | |
141 | } elif [[ -e $_sev_tmp ]] { | |
142 | [[ -o interactive ]] && | |
143 | print -P "%F{orange}*** $_sev_tmp occluded, can't link to TMPDIR $t%f" | |
144 | _sev_tmp=$t | |
145 | } else { | |
146 | ln -s $t $_sev_tmp 2>/dev/null | |
147 | } | |
148 | if [[ -v _sev_tmp ]] { | |
149 | # ensure dir is clean | |
150 | _sev_zcleanup tmp | |
151 | # finally create our subdir for this session | |
152 | t=$_sev_tmp/.session.$$ | |
153 | if ! mkdir -m700 $t 2>/dev/null; then | |
154 | [[ -o interactive ]] && | |
155 | print -P "%F{red}!!! Can't create session subdir $t, using $_sev_tmp%f" | |
156 | t=$_sev_tmp | |
157 | fi | |
158 | export _sev_tmp TMPDIR=$t TEMP=$t TMP=$t | |
159 | unset t | |
833b2af3 | 160 | } |
833b2af3 | 161 | } |
162 | ||
163 | ### xdg | |
79d4a356 | 164 | if [[ ! -v _sev_setup_xdg ]] { |
8d4a98e1 | 165 | ## merge with any existing dirs and remove duplicates using unique arrays |
166 | # NOTE: we are accepting whatever value might be set for CONFIG and DATA; | |
167 | # if it wasn't set, we just use default and leave it unset | |
833b2af3 | 168 | # NOTE: include and then remove CONFIG_HOME and DATA_HOME to ensure they |
169 | # are not present in the array if it was added before we got to it | |
d23b28eb | 170 | typeset -UT XDG_DATA_DIRS xdg_data_dirs |
8d4a98e1 | 171 | if [[ -v XDG_DATA_HOME ]] { |
172 | export XDG_DATA_HOME | |
173 | } elif [[ ! -e ~/.local/share ]] { | |
174 | mkdir -m760 ~/.local/share | |
175 | } | |
176 | xdg_data_dirs=($XDG_DATA_HOME /{opt,usr/local,usr/pkg,usr}/share | |
79d4a356 | 177 | "${XDG_DATA_DIRS:+${xdg_data_dirs[@]}}") |
8d4a98e1 | 178 | # XXX: if colons are not escaped, could remove unintended part of string |
179 | export XDG_DATA_DIRS=${XDG_DATA_DIRS#$XDG_DATA_HOME:} | |
d23b28eb | 180 | |
8d4a98e1 | 181 | typeset -UT XDG_CONFIG_DIRS xdg_config_dirs |
182 | if [[ -v XDG_CONFIG_HOME ]] { | |
183 | export XDG_CONFIG_HOME | |
184 | } elif [[ ! -e ~/.config ]] { | |
185 | mkdir -m760 ~/.config | |
186 | } | |
187 | # I am of the belief .local should follow FHS /usr/local... | |
188 | [[ -e ~/.local/etc ]] || ln -s ~/.config ~/.local/etc | |
189 | xdg_config_dirs=($XDG_CONFIG_HOME ${XDG_CONFIG_DIRS:+"$xdg_config_dirs[@]"} | |
190 | {/opt,/usr/local,/usr/pkg,}/etc/xdg) | |
191 | # XXX: if colons are not escaped, could remove unintended part of string | |
192 | export XDG_CONFIG_DIRS=${XDG_CONFIG_DIRS#$XDG_CONFIG_HOME:} | |
6d54344e | 193 | |
8d4a98e1 | 194 | if [[ -v XDG_STATE_HOME ]] { |
195 | export XDG_STATE_HOME | |
196 | } elif [[ ! -e ~/.local/state ]] { | |
197 | mkdir -m760 ~/.local/state | |
198 | } | |
d23b28eb | 199 | |
8d4a98e1 | 200 | if [[ ! -v XDG_CACHE_HOME ]] { |
201 | if [[ -v _sev_tmp ]] { | |
202 | export XDG_CACHE_HOME=$_sev_tmp/.xdg.cache | |
203 | [[ -e $XDG_CACHE_HOME ]] || mkdir -m700 $XDG_CACHE_HOME | |
204 | } elif [[ ! -e ~/.cache ]] { | |
205 | mkdir -m700 ~/.cache | |
206 | } | |
207 | } | |
208 | ||
e69caf64 | 209 | if [[ -v XDG_RUNTIME_DIR ]] { |
210 | export XDG_RUNTIME_DIR | |
211 | } else { | |
212 | # make runtime dir in our session-specific tmpdir | |
213 | export XDG_RUNTIME_DIR=$TMPDIR/.xdg.runtime | |
214 | # same as in tmpdir creation, ensure dir doesn't exist | |
215 | if [[ -h $XDG_RUNTIME_DIR ]] { | |
216 | unlink $XDG_RUNTIME_DIR 2>/dev/null | |
217 | } elif [[ -e $XDG_RUNTIME_DIR ]] { | |
218 | rm -rf $XDG_RUNTIME_DIR 2>/dev/null | |
219 | } | |
220 | mkdir -m700 $XDG_RUNTIME_DIR 2>/dev/null | |
6d54344e | 221 | } |
d23b28eb | 222 | |
79d4a356 | 223 | # source user dirs after other vars |
224 | [[ -e $XDG_CONFIG_HOME/user-dirs.dirs ]] && | |
225 | emulate sh -c "source $XDG_CONFIG_HOME/user-dirs.dirs" | |
226 | export _sev_setup_xdg= | |
d569f3f7 | 227 | } |
79d4a356 | 228 | |
6d54344e | 229 | ### dbus |
230 | if [[ ! -v DBUS_SESSION_BUS_ADDRESS && -v commands[dbus-launch] ]] { | |
231 | eval $(dbus-launch) | |
232 | export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID | |
233 | } | |
234 | ||
235 | ### gpg home | |
236 | if [[ ! -v GNUPGHOME ]] { | |
8d4a98e1 | 237 | export GNUPGHOME=${XDG_CONFIG_HOME:-~/.config}/gnupg |
6d54344e | 238 | if [[ -d ~/.gnupg ]] { |
8d4a98e1 | 239 | mv ~/.gnupg ${XDG_CONFIG_HOME:-~/.config}/gnupg |
6d54344e | 240 | } |
241 | } | |
242 | ||
243 | ### gpg agent + forwarding | |
79d4a356 | 244 | # NOTE: while ssh manages its auth sock in its protocol when ForwardSsh is |
245 | # enabled, GPG must be forwarded manually over Unix socket. to support | |
246 | # this, we forward the restricted gpg-agent extra socket to the remote | |
247 | # host with a RemoteForward rule in ~/.ssh/config that uses the | |
248 | # _GNUPG_SOCK_* env vars. to avoid conflicts with other ssh sessions | |
249 | # where the same user is connecting to the same host from different | |
250 | # machines, gpg in each environment should utilize its own forwarded | |
251 | # socket, rather than replace the sockets in GNUPGHOME which will be | |
252 | # overridden on the next connection. previously, you could provide a path | |
253 | # to the agent socket in GPG_AGENT_INFO, but that was deprecated in GPG | |
833b2af3 | 254 | # v2.1. instead, we must clone GNUPGHOME with links and replace the agent |
255 | # sockets there with the forwarded one. | |
79d4a356 | 256 | # NOTE: since Unix sockets are not supported under Windows, this will not work |
833b2af3 | 257 | # under msys, cygwin, mingw, etc., but may work under wsl2. |
79d4a356 | 258 | # HACK: without SendEnv, which is disabled by default in most sshd configs, |
259 | # there is no foolproof way to prevent race conditions via filename | |
260 | # collisions or to pass the desired forward path to the remote host | |
261 | # environment. we just have to guess the path we choose is good on the | |
262 | # desination, and assume the newest matching socket is the correct one | |
263 | # after connecting. in theory, we could occlude the ssh binary on PATH | |
264 | # with an alias or script that would allow us to communicate with the | |
265 | # remote host before opening a shell, so that we can have the host | |
266 | # communicate back to the client where it wants a socket created or ask | |
267 | # the host if the path the client wants to use is writable. however, this | |
8d4a98e1 | 268 | # would open up too many edge cases where it wouldn't work or be too |
269 | # clunky (e.g. asking for password twice) to make it worth it. | |
6d54344e | 270 | function _gpg_socketpath { |
271 | # dirs are percent-encoded: https://stackoverflow.com/a/64312099 | |
272 | echo ${1//(#b)%([[:xdigit:]](#c2))/${(#):-0x$match[1]}} | |
273 | } | |
274 | if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] { | |
8d4a98e1 | 275 | # XXX: assuming /tmo exists and is writable on destination |
6d54344e | 276 | export _GNUPG_SOCK_DEST_BASE=/tmp/.gpg-agent-forward |
277 | export _GNUPG_SOCK_DEST_EXT=$(date +%s).$RANDOM | |
278 | export _GNUPG_SOCK_DEST=$_GNUPG_SOCK_DEST_BASE.$_GNUPG_SOCK_DEST_EXT | |
279 | export _sev_gpg_forward_dir=${GNUPGHOME:-~/.gnupg}/.ssh_forward | |
280 | _sev_zcleanup gpg-forward | |
79d4a356 | 281 | |
6d54344e | 282 | # find our forwarded socket |
283 | s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1])) | |
284 | if [[ -n $s && -v SSH_CLIENT ]] { | |
285 | # create new forward dir | |
286 | export _sev_setup_gpg_forward= | |
287 | h=$_sev_gpg_forward_dir/$$ | |
288 | mkdir -pm700 $h | |
289 | # XXX: is it safe to link scdaemon socket? can its name be changed? | |
d9cf4c48 | 290 | for x (S.scdaemon gpg.conf gpg-agent.conf sshcontrol random_seed |
291 | pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) { | |
6d54344e | 292 | ln -s ${GNUPGHOME:-~/.gnupg}/$x $h |
79d4a356 | 293 | } |
6d54344e | 294 | export GNUPGHOME=$h |
295 | unset h | |
296 | for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do | |
297 | x=$(_gpg_socketpath ${x/#agent-*socket:}) | |
298 | if [[ ! -v orig ]] { | |
299 | # move forwarded socket to first valid agent socket path | |
300 | # XXX: if tmp is on different filesystem this may not work | |
301 | mv $s $x | |
302 | orig=$x | |
303 | } else { | |
304 | # make links to forwarded socket for any others | |
305 | ln -s $orig $x | |
306 | } | |
307 | done | |
308 | unset x orig | |
309 | } | |
310 | unset s | |
79d4a356 | 311 | |
6d54344e | 312 | # what we will forward if we start a new ssh connection |
313 | # NOTE: do this after setting up GNUPGHOME to pick up new socket path; | |
314 | # if already connected over SSH, extra should be the remote one | |
315 | export _GNUPG_SOCK_SRC=$(_gpg_socketpath \ | |
316 | $(gpgconf --list-dirs agent-extra-socket)) | |
317 | } elif [[ ! -v _sev_setup_gpg_forward ]] { | |
318 | # required for RemoteForward to not error out if the vars are unset | |
319 | [[ ! -v _GNUPG_SOCK_SRC ]] && export _GNUPG_SOCK_SRC=/nonexistent | |
320 | [[ ! -v _GNUPG_SOCK_DEST ]] && export _GNUPG_SOCK_DEST=/nonexistent | |
321 | } | |
79d4a356 | 322 | |
6d54344e | 323 | ### gpg agent |
8d4a98e1 | 324 | if [[ -v commands[gpg-connect-agent] && |
325 | ( ! -v _sev_setup_gpgagent || -v _sev_refresh_gpgagent ) ]] { | |
6d54344e | 326 | # avoid printing if we have already set up tty before |
327 | [[ ! -v _sev_setup_gpgagent && -o interactive ]] && p=true || p=false | |
328 | if {$p} { | |
329 | print -nP '%F{blue}>>>%f GPG: ' | |
330 | if [[ -v _sev_setup_gpg_forward ]] { | |
d42865fe | 331 | print -nP '%F{yellow}Forwarded agent ' |
332 | } else { | |
333 | print -nP '%F{green}Agent ' | |
334 | } | |
79d4a356 | 335 | } |
6d54344e | 336 | gpg-connect-agent /bye >/dev/null 2>&1 |
337 | if [[ $? -ne 0 ]] { | |
d42865fe | 338 | $p && print -P '%F{red}communication error' |
6d54344e | 339 | } else { |
d42865fe | 340 | if [[ ! -v _sev_setup_gpg_forward ]] { |
341 | if [[ ${+GPG_TTY} -eq 0 && -o interactive ]] | |
342 | export GPG_TTY=$(tty) | |
343 | if [[ ( -v DISPLAY || -v WAYLAND_DISPLAY ) && | |
344 | ${PINENTRY_USER_DATA/USE_TTY=0} == $PINENTRY_USER_DATA ]] | |
345 | export PINENTRY_USER_DATA=USE_TTY=$(( | |
346 | ${+DISPLAY} + ${+WAYLAND_DISPLAY} == 0)) | |
347 | # XXX: don't know if gpg-agent supports comments after directives | |
348 | # XXX: path could have # | |
54a85d6c | 349 | # XXX: we are assuming this is our pinentry from .local/bin |
d42865fe | 350 | sed -Ei 's#^([[:space:]]*pinentry-program[[:space:]]).*$#\1'${commands[pinentry]:-/dev/null}'#' \ |
54a85d6c | 351 | ${GNUPGHOME:-~/.gnupg}/gpg-agent.conf 2>/dev/null |
d42865fe | 352 | # XXX: could check for changes before doing this to save perf |
353 | gpg-connect-agent RELOADAGENT UPDATESTARTUPTTY /bye >/dev/null 2>&1 | |
354 | if {$p} { | |
355 | gpg-connect-agent /subst /serverpid \ | |
356 | "/echo pid \${get serverpid} on $GPG_TTY" /bye 2>/dev/null | |
357 | print -nP '%f' | |
358 | } | |
359 | } elif {$p} { | |
360 | print -P '%f' | |
361 | } | |
6d54344e | 362 | export _sev_setup_gpgagent= |
79d4a356 | 363 | } |
8d4a98e1 | 364 | unset p _sev_refresh_gpgagent |
6d54344e | 365 | } |
79d4a356 | 366 | |
6d54344e | 367 | ### ssh agent |
368 | if [[ ! -v _sev_setup_ssh ]] { | |
79d4a356 | 369 | # NOTE: preferred order of agents to check: okcagent, gnupg, openssh |
370 | # first block takes care of okcagent and openssh, second gnupg | |
6d54344e | 371 | # XXX: doesn't actually check if ssh is enabled in gpg |
79d4a356 | 372 | [[ -o interactive ]] && print -nP '%F{blue}>>>%f SSH: %F{green}' |
373 | if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] || | |
374 | ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] { | |
375 | okc=${commands[okc-ssh-agent]:+okc-} | |
e6e7ad69 | 376 | e=$_sev_tmp/${okc}ssh-agent-exports |
79d4a356 | 377 | typeset sock= |
378 | typeset -i pid= | |
6d54344e | 379 | if [[ -f $e ]] { |
380 | IFS=$'\0' read -r sock pid <$e | |
79d4a356 | 381 | } |
382 | if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then | |
383 | [[ -o interactive ]] && print -P "Reusing agent PID $pid%f" | |
384 | export SSH_AUTH_SOCK=$sock | |
385 | export SSH_AGENT_PID=$pid | |
386 | else | |
79d4a356 | 387 | # TODO: ensure ssh-agent path looks legit to avoid unsafe eval? |
388 | # XXX: doesn't appear to be any other way to handle redirection. | |
389 | # because eval needs to write to current scope environment | |
390 | # subshells can't be used to capture output and print. | |
e6e7ad69 | 391 | c='TMPDIR=$_sev_tmp ${okc}ssh-agent' |
79d4a356 | 392 | if [[ -o interactive ]] { |
e6e7ad69 | 393 | eval $(eval $=c) |
79d4a356 | 394 | print -nP '%f' |
395 | } else { | |
e6e7ad69 | 396 | eval $(eval $=c) >/dev/null 2>&1 |
79d4a356 | 397 | } |
6d54344e | 398 | echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$e |
e6e7ad69 | 399 | unset c |
79d4a356 | 400 | fi |
e6e7ad69 | 401 | unset okc e sock pid |
79d4a356 | 402 | } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] { |
6d54344e | 403 | # since gpg should have been started above, just export and notify |
79d4a356 | 404 | if [[ -o interactive ]] { |
6d54344e | 405 | if [[ -v _sev_setup_gpg_forward ]] { |
406 | echo 'Forwarded GPG agent' | |
79d4a356 | 407 | } else { |
408 | gpg-connect-agent /subst /serverpid \ | |
6d54344e | 409 | '/echo GPG agent pid ${get serverpid}' /bye |
79d4a356 | 410 | } |
411 | print -nP '%f' | |
412 | } | |
6d54344e | 413 | export SSH_AUTH_SOCK=$(_gpg_socketpath \ |
79d4a356 | 414 | $(gpgconf --list-dirs agent-ssh-socket)) |
415 | } elif [[ -v SSH_AUTH_SOCK ]] { | |
416 | [[ -o interactive ]] && print -P 'Preconfigured agent%f' | |
417 | } else { | |
418 | [[ -o interactive ]] && print -P '%F{red}No agent available%f' | |
419 | } | |
420 | ||
6d54344e | 421 | export _sev_setup_ssh= |
79d4a356 | 422 | } |
6d54344e | 423 | unfunction _gpg_socketpath |
79d4a356 | 424 | |
6d54344e | 425 | ### perl local lib |
426 | [[ -v commands[perl] && -d $XDG_DATA_HOME/perl5/lib/perl5 && | |
427 | ! -v PERL_LOCAL_LIB_ROOT ]] && | |
428 | eval $(perl -I$XDG_DATA_HOME/perl5/lib/perl5 \ | |
833b2af3 | 429 | -Mlocal::lib=$XDG_DATA_HOME/perl5 2>/dev/null) |
79d4a356 | 430 | |
6d54344e | 431 | |
833b2af3 | 432 | ### load site-specific |
8d4a98e1 | 433 | if [[ -f ${ZDOTDIR:-~}/.zprofile.local ]] { source ${ZDOTDIR:-~}/.zprofile.local } |