[dotfiles.git] / base / .zshenv

### unset unwanted options that could be set in /etc/zshenv
unsetopt SH_WORD_SPLIT KSH_ARRAYS

### check if su
if [[ -v _sev_olduser && $_sev_olduser != $USERNAME ]] _sev_reset_shell=
export _sev_olduser=$USERNAME

### exports for all new shells
if [[ -v _sev_reset_shell || $SHLVL == 1 ]] {
    ## lang
    export CHARSET=UTF-8
    export LANG=en_US.UTF-8
    export LC_CTYPE=$LANG

    ## path
    typeset -U path fpath
    if [[ $SHLVL  == 1 ]] {
        # take a backup before any customizations
        export _sev_sys_PATH=$PATH
        export _sev_sys_FPATH=$FPATH
    }
    # /usr/{pkg,local,games} are unix/bsdisms
    path=({~/,/,/usr/}sbin {~/,/,/usr/}bin /usr/pkg/{s,}bin /usr/X11R{7,6}/bin
          /usr/local/{s,}bin /usr/games)
    PATH=$PATH:$_sev_sys_PATH
    fpath=(${ZDOTDIR:-$HOME/.zsh}/functions/{*,Completions/*}(N))
    #fpath is not exported by default
    export FPATH=$FPATH:$_sev_sys_FPATH
    # take another backup, explained in .zprofile
    typeset -U _backup_path
    _backup_path=("${path[@]}")

    ## xdg
    export XDG_CONFIG_HOME=~/etc
    export XDG_CONFIG_DIRS=~/.config:/usr/pkg/etc/xdg:/usr/local/etc/xdg:/etc/xdg
    export XDG_DATA_HOME=~/share
    export XDG_DATA_DIRS=~/.local/share:/usr/pkg/share:/usr/local/share:/usr/share
    export XDG_CACHE_HOME=~/tmp
    export XDG_RUNTIME_DIR=~/tmp
    if [[ -e $XDG_CONFIG_HOME/user-dirs.dirs ]] {
        source $XDG_CONFIG_HOME/user-dirs.dirs
    }

    ## create tmp link
    t=${TMPDIR:-/tmp}/home-$LOGNAME
    if [[ ! -e $t ]] {
        mkdir -m 700 $t >/dev/null 2>&1
        # TODO: check if dir exists after mkdir
    }
    # allow opaque entries to override link creation
    if [[ ! -e $XDG_RUNTIME_DIR ]] {
        ln -sf $t $XDG_RUNTIME_DIR >/dev/null 2>&1
    }
    unset t

    ## ssh agents
    # NOTE: preferred order of agents to check: okcagent, gnupg, openssh
    #       first block takes care of okcagent and openssh, second gnupg
    [[ -o interactive ]] && print -nP "%F{blue}>>>%f SSH: %F{green}"
    if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] ||
          ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
        okc=${commands[okc-ssh-agent]:+okc-}
        agentfile=~/tmp/${okc}ssh-agent-exports
        typeset sock=
        typeset -i pid=
        if [[ -f $agentfile ]] {
            IFS=$'\0' read -r sock pid <$agentfile
        }
        if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then
            [[ -o interactive ]] && echo "Reusing agent pid $pid"
            export SSH_AUTH_SOCK=$sock
            export SSH_AGENT_PID=$pid
        else
            # TODO: ensure ssh-agent path looks legit
            #       to avoid unsafe eval?
            # NOTE: no way around doing redirection like this I think
            e=${okc}ssh-agent
            if [[ -o interactive ]] {
                eval `$e`
            } else {
                eval `$e` >/dev/null 2>&1
            }
            echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile
        fi
        unset okc agentfile sock pid
    } elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \
              ( ! -v SSH_AUTH_SOCK || -v DISPLAY ) ]] {
        export GPG_TTY=$(tty)
        export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
        gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1
        [[ -o interactive ]] && gpg-connect-agent /subst /serverpid \
            '/echo GPG agent pid ${get serverpid}' /bye
        [[ ! -v SSH_AUTH_SOCK ]] && \
            export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
    } else {
        [[ -o interactive ]] && echo "Pre-existing or remote agent"
    }

    ## gpg ssh forwarding
    # ssh automatically tunnels SSH_AUTH_SOCK with the right config, but GPG
    # doesn't—we use a RemoteForward rule in ~/.ssh/config that uses these env
    # vars to push the gpg extra socket through when connecting via ssh
    # HACK: this entire thing sucks but there is no other easy way that works
    #       out of the box with other systems
    if [[ -v commands[gpgconf] ]] {
        # if already connected over SSH, reuse forwarded socket for future
        # connections; else use extra socket
        sock=${SSH_CLIENT:+agent-socket}
        export _GNUPG_SOCK_SRC=$(gpgconf --list-dirs ${sock:-agent-extra-socket})
        unset sock
        # XXX: multiple SSH sessions to the same host will overwrite this
        #      socket, no way to send unique paths without configuring explicit
        #      SendEnv and AcceptEnv exclusions on client and host respectively
        export _GNUPG_SOCK_DEST=/tmp/.gpg-agent-forward
        # if socket exists already, we are on a RemoteForwarded client, so copy
        # it over so that GPG sees it
        # XXX: race condition if connecting multiple terminals at once
        if [[ -S $_GNUPG_SOCK_DEST ]] {
            unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1
            mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null
        }
    }
}

### load site-specific
if [[ -f ~/.zshenv.local ]] { source ~/.zshenv.local }

### source .zprofile
# if we used su, without --login, let's run zprofile ourselves
# XXX: system zprofile is not run
if [[ -v _sev_reset_shell || $SHLVL == 1 ]] source ~/.zprofile

# vim: set et sts=4 sw=4 ts=8 tw=79 :
Commit	Line	Data
c3608beb	1	### unset unwanted options that could be set in /etc/zshenv
	2	unsetopt SH_WORD_SPLIT KSH_ARRAYS
	3
	4	### check if su
	5	if [[ -v _sev_olduser && $_sev_olduser != $USERNAME ]] _sev_reset_shell=
	6	export _sev_olduser=$USERNAME
	7
	8	### exports for all new shells
	9	if [[ -v _sev_reset_shell \|\| $SHLVL == 1 ]] {
d569f3f7	10	## lang
d569f3f7	11	export CHARSET=UTF-8
c3608beb	12	export LANG=en_US.UTF-8
c3608beb	13	export LC_CTYPE=$LANG
d569f3f7	14
d569f3f7	15	## path
c3608beb	16	typeset -U path fpath
	17	if [[ $SHLVL == 1 ]] {
	18	# take a backup before any customizations
	19	export _sev_sys_PATH=$PATH
	20	export _sev_sys_FPATH=$FPATH
	21	}
d569f3f7	22	# /usr/{pkg,local,games} are unix/bsdisms
d569f3f7	23	path=({~/,/,/usr/}sbin {~/,/,/usr/}bin /usr/pkg/{s,}bin /usr/X11R{7,6}/bin
c3608beb	24	/usr/local/{s,}bin /usr/games)
	25	PATH=$PATH:$_sev_sys_PATH
	26	fpath=(${ZDOTDIR:-$HOME/.zsh}/functions/{,Completions/}(N))
1118e1ee	27	#fpath is not exported by default
1118e1ee	28	export FPATH=$FPATH:$_sev_sys_FPATH
c3608beb	29	# take another backup, explained in .zprofile
	30	typeset -U _backup_path
	31	_backup_path=("${path[@]}")
d569f3f7	32
	33	## xdg
	34	export XDG_CONFIG_HOME=~/etc
	35	export XDG_CONFIG_DIRS=~/.config:/usr/pkg/etc/xdg:/usr/local/etc/xdg:/etc/xdg
	36	export XDG_DATA_HOME=~/share
	37	export XDG_DATA_DIRS=~/.local/share:/usr/pkg/share:/usr/local/share:/usr/share
	38	export XDG_CACHE_HOME=~/tmp
	39	export XDG_RUNTIME_DIR=~/tmp
c0b3d4b6	40	if [[ -e $XDG_CONFIG_HOME/user-dirs.dirs ]] {
	41	source $XDG_CONFIG_HOME/user-dirs.dirs
	42	}
d569f3f7	43
c3608beb	44	## create tmp link
c3608beb	45	t=${TMPDIR:-/tmp}/home-$LOGNAME
c3608beb	46	if [[ ! -e $t ]] {
f520c79a	47	mkdir -m 700 $t >/dev/null 2>&1
d569f3f7	48	# TODO: check if dir exists after mkdir
	49	}
	50	# allow opaque entries to override link creation
496de37b	51	if [[ ! -e $XDG_RUNTIME_DIR ]] {
496de37b	52	ln -sf $t $XDG_RUNTIME_DIR >/dev/null 2>&1
d569f3f7	53	}
496de37b	54	unset t
d569f3f7	55
c3608beb	56	## ssh agents
	57	# NOTE: preferred order of agents to check: okcagent, gnupg, openssh
	58	# first block takes care of okcagent and openssh, second gnupg
3cec0481	59	[[ -o interactive ]] && print -nP "%F{blue}>>>%f SSH: %F{green}"
c3608beb	60	if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] \|\|
	61	( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
	62	okc=${commands[okc-ssh-agent]:+okc-}
	63	agentfile=~/tmp/${okc}ssh-agent-exports
	64	typeset sock=
	65	typeset -i pid=
	66	if [[ -f $agentfile ]] {
	67	IFS=$'\0' read -r sock pid <$agentfile
	68	}
	69	if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then
f520c79a	70	[[ -o interactive ]] && echo "Reusing agent pid $pid"
c3608beb	71	export SSH_AUTH_SOCK=$sock
	72	export SSH_AGENT_PID=$pid
	73	else
	74	# TODO: ensure ssh-agent path looks legit
	75	# to avoid unsafe eval?
f520c79a	76	# NOTE: no way around doing redirection like this I think
	77	e=${okc}ssh-agent
	78	if [[ -o interactive ]] {
	79	eval `$e`
	80	} else {
	81	eval `$e` >/dev/null 2>&1
	82	}
c3608beb	83	echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile
	84	fi
	85	unset okc agentfile sock pid
	86	} elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \
	87	( ! -v SSH_AUTH_SOCK \|\| -v DISPLAY ) ]] {
	88	export GPG_TTY=$(tty)
	89	export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
	90	gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1
f520c79a	91	[[ -o interactive ]] && gpg-connect-agent /subst /serverpid \
c3608beb	92	'/echo GPG agent pid ${get serverpid}' /bye
	93	[[ ! -v SSH_AUTH_SOCK ]] && \
	94	export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
	95	} else {
f520c79a	96	[[ -o interactive ]] && echo "Pre-existing or remote agent"
c3608beb	97	}
	98
	99	## gpg ssh forwarding
	100	# ssh automatically tunnels SSH_AUTH_SOCK with the right config, but GPG
	101	# doesn't—we use a RemoteForward rule in ~/.ssh/config that uses these env
	102	# vars to push the gpg extra socket through when connecting via ssh
	103	# HACK: this entire thing sucks but there is no other easy way that works
	104	# out of the box with other systems
	105	if [[ -v commands[gpgconf] ]] {
	106	# if already connected over SSH, reuse forwarded socket for future
	107	# connections; else use extra socket
	108	sock=${SSH_CLIENT:+agent-socket}
	109	export _GNUPG_SOCK_SRC=$(gpgconf --list-dirs ${sock:-agent-extra-socket})
	110	unset sock
	111	# XXX: multiple SSH sessions to the same host will overwrite this
	112	# socket, no way to send unique paths without configuring explicit
	113	# SendEnv and AcceptEnv exclusions on client and host respectively
	114	export _GNUPG_SOCK_DEST=/tmp/.gpg-agent-forward
	115	# if socket exists already, we are on a RemoteForwarded client, so copy
	116	# it over so that GPG sees it
	117	# XXX: race condition if connecting multiple terminals at once
	118	if [[ -S $_GNUPG_SOCK_DEST ]] {
	119	unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1
	120	mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null
	121	}
	122	}
d569f3f7	123	}
d569f3f7	124
ff1a2414	125	### load site-specific
8eb81f95	126	if [[ -f ~/.zshenv.local ]] { source ~/.zshenv.local }
8eb81f95	127
c3608beb	128	### source .zprofile
	129	# if we used su, without --login, let's run zprofile ourselves
	130	# XXX: system zprofile is not run
	131	if [[ -v _sev_reset_shell \|\| $SHLVL == 1 ]] source ~/.zprofile
	132
8eb81f95	133	# vim: set et sts=4 sw=4 ts=8 tw=79 :