[dotfiles.git] / base / .zshenv

### unset unwanted options that could be set in /etc/zshenv
unsetopt SH_WORD_SPLIT KSH_ARRAYS

### check if su
if [[ -v _sev_olduser && $_sev_olduser != $USERNAME ]] _sev_reset_shell=
export _sev_olduser=$USERNAME

### exports for all new shells
if [[ -v _sev_reset_shell || $SHLVL == 1 ]] {
    ## lang
    export CHARSET=UTF-8
    export LANG=en_US.UTF-8
    export LC_CTYPE=$LANG

    ## path
    typeset -U path fpath
    if [[ $SHLVL  == 1 ]] {
        # take a backup before any customizations
        export _sev_sys_PATH=$PATH
        export _sev_sys_FPATH=$FPATH
    }
    # /usr/{pkg,local,games} are unix/bsdisms
    path=({~/,/,/usr/}sbin {~/,/,/usr/}bin /usr/pkg/{s,}bin /usr/X11R{7,6}/bin
          /usr/local/{s,}bin /usr/games)
    PATH=$PATH:$_sev_sys_PATH
    fpath=(${ZDOTDIR:-$HOME/.zsh}/functions/{*,Completions/*}(N))
    FPATH=$FPATH:$_sev_sys_FPATH
    # take another backup, explained in .zprofile
    typeset -U _backup_path
    _backup_path=("${path[@]}")

    ## xdg
    export XDG_CONFIG_HOME=~/etc
    export XDG_CONFIG_DIRS=~/.config:/usr/pkg/etc/xdg:/usr/local/etc/xdg:/etc/xdg
    export XDG_DATA_HOME=~/share
    export XDG_DATA_DIRS=~/.local/share:/usr/pkg/share:/usr/local/share:/usr/share
    export XDG_CACHE_HOME=~/tmp
    export XDG_RUNTIME_DIR=~/tmp

    ## create tmp link
    t=${TMPDIR:-/tmp}/home-$LOGNAME
    h=$HOME/tmp
    if [[ ! -e $t ]] {
        mkdir -m 700 $t > /dev/null 2>&1
        # TODO: check if dir exists after mkdir
    }
    # allow opaque entries to override link creation
    if [[ ! -e $h ]] {
        ln -sf $t $h > /dev/null 2>&1
    }
    unset t h

    ## ssh agents
    # NOTE: preferred order of agents to check: okcagent, gnupg, openssh
    #       first block takes care of okcagent and openssh, second gnupg
    print -nP "%F{blue}>>>%f SSH: %F{green}"
    if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] ||
          ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
        okc=${commands[okc-ssh-agent]:+okc-}
        agentfile=~/tmp/${okc}ssh-agent-exports
        typeset sock=
        typeset -i pid=
        if [[ -f $agentfile ]] {
            IFS=$'\0' read -r sock pid <$agentfile
        }
        if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then
            echo "Reusing agent pid $pid"
            export SSH_AUTH_SOCK=$sock
            export SSH_AGENT_PID=$pid
        else
            # TODO: ensure ssh-agent path looks legit
            #       to avoid unsafe eval?
            eval `${okc}ssh-agent`
            echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile
        fi
        unset okc agentfile sock pid
    } elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \
              ( ! -v SSH_AUTH_SOCK || -v DISPLAY ) ]] {
        export GPG_TTY=$(tty)
        export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
        gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1
        gpg-connect-agent /subst /serverpid \
            '/echo GPG agent pid ${get serverpid}' /bye
        [[ ! -v SSH_AUTH_SOCK ]] && \
            export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
    } else {
        echo "Pre-existing or remote agent"
    }

    ## gpg ssh forwarding
    # ssh automatically tunnels SSH_AUTH_SOCK with the right config, but GPG
    # doesn't—we use a RemoteForward rule in ~/.ssh/config that uses these env
    # vars to push the gpg extra socket through when connecting via ssh
    # HACK: this entire thing sucks but there is no other easy way that works
    #       out of the box with other systems
    if [[ -v commands[gpgconf] ]] {
        # if already connected over SSH, reuse forwarded socket for future
        # connections; else use extra socket
        sock=${SSH_CLIENT:+agent-socket}
        export _GNUPG_SOCK_SRC=$(gpgconf --list-dirs ${sock:-agent-extra-socket})
        unset sock
        # XXX: multiple SSH sessions to the same host will overwrite this
        #      socket, no way to send unique paths without configuring explicit
        #      SendEnv and AcceptEnv exclusions on client and host respectively
        export _GNUPG_SOCK_DEST=/tmp/.gpg-agent-forward
        # if socket exists already, we are on a RemoteForwarded client, so copy
        # it over so that GPG sees it
        # XXX: race condition if connecting multiple terminals at once
        if [[ -S $_GNUPG_SOCK_DEST ]] {
            unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1
            mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null
        }
    }
}

### load site-specific
if [[ -f ~/.zshenv.local ]] { source ~/.zshenv.local }

### source .zprofile
# if we used su, without --login, let's run zprofile ourselves
# XXX: system zprofile is not run
if [[ -v _sev_reset_shell || $SHLVL == 1 ]] source ~/.zprofile

# vim: set et sts=4 sw=4 ts=8 tw=79 :
Commit	Line	Data
f11fbf9e	1	### unset unwanted options that could be set in /etc/zshenv
	2	unsetopt SH_WORD_SPLIT KSH_ARRAYS
	3
	4	### check if su
	5	if [[ -v _sev_olduser && $_sev_olduser != $USERNAME ]] _sev_reset_shell=
	6	export _sev_olduser=$USERNAME
	7
	8	### exports for all new shells
	9	if [[ -v _sev_reset_shell \|\| $SHLVL == 1 ]] {
b133dc92	10	## lang
b133dc92	11	export CHARSET=UTF-8
f11fbf9e	12	export LANG=en_US.UTF-8
f11fbf9e	13	export LC_CTYPE=$LANG
b133dc92	14
b133dc92	15	## path
f11fbf9e	16	typeset -U path fpath
	17	if [[ $SHLVL == 1 ]] {
	18	# take a backup before any customizations
	19	export _sev_sys_PATH=$PATH
	20	export _sev_sys_FPATH=$FPATH
	21	}
b133dc92	22	# /usr/{pkg,local,games} are unix/bsdisms
b133dc92	23	path=({~/,/,/usr/}sbin {~/,/,/usr/}bin /usr/pkg/{s,}bin /usr/X11R{7,6}/bin
f11fbf9e	24	/usr/local/{s,}bin /usr/games)
	25	PATH=$PATH:$_sev_sys_PATH
	26	fpath=(${ZDOTDIR:-$HOME/.zsh}/functions/{,Completions/}(N))
	27	FPATH=$FPATH:$_sev_sys_FPATH
	28	# take another backup, explained in .zprofile
	29	typeset -U _backup_path
	30	_backup_path=("${path[@]}")
b133dc92	31
	32	## xdg
	33	export XDG_CONFIG_HOME=~/etc
	34	export XDG_CONFIG_DIRS=~/.config:/usr/pkg/etc/xdg:/usr/local/etc/xdg:/etc/xdg
	35	export XDG_DATA_HOME=~/share
	36	export XDG_DATA_DIRS=~/.local/share:/usr/pkg/share:/usr/local/share:/usr/share
	37	export XDG_CACHE_HOME=~/tmp
	38	export XDG_RUNTIME_DIR=~/tmp
	39
f11fbf9e	40	## create tmp link
	41	t=${TMPDIR:-/tmp}/home-$LOGNAME
	42	h=$HOME/tmp
	43	if [[ ! -e $t ]] {
	44	mkdir -m 700 $t > /dev/null 2>&1
b133dc92	45	# TODO: check if dir exists after mkdir
	46	}
	47	# allow opaque entries to override link creation
f11fbf9e	48	if [[ ! -e $h ]] {
f11fbf9e	49	ln -sf $t $h > /dev/null 2>&1
b133dc92	50	}
b133dc92	51	unset t h
b133dc92	52
f11fbf9e	53	## ssh agents
	54	# NOTE: preferred order of agents to check: okcagent, gnupg, openssh
	55	# first block takes care of okcagent and openssh, second gnupg
	56	print -nP "%F{blue}>>>%f SSH: %F{green}"
	57	if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] \|\|
	58	( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
	59	okc=${commands[okc-ssh-agent]:+okc-}
	60	agentfile=~/tmp/${okc}ssh-agent-exports
	61	typeset sock=
	62	typeset -i pid=
	63	if [[ -f $agentfile ]] {
	64	IFS=$'\0' read -r sock pid <$agentfile
	65	}
	66	if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then
	67	echo "Reusing agent pid $pid"
	68	export SSH_AUTH_SOCK=$sock
	69	export SSH_AGENT_PID=$pid
	70	else
	71	# TODO: ensure ssh-agent path looks legit
	72	# to avoid unsafe eval?
	73	eval `${okc}ssh-agent`
	74	echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile
	75	fi
	76	unset okc agentfile sock pid
	77	} elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \
	78	( ! -v SSH_AUTH_SOCK \|\| -v DISPLAY ) ]] {
	79	export GPG_TTY=$(tty)
	80	export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
	81	gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1
	82	gpg-connect-agent /subst /serverpid \
	83	'/echo GPG agent pid ${get serverpid}' /bye
	84	[[ ! -v SSH_AUTH_SOCK ]] && \
	85	export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
	86	} else {
	87	echo "Pre-existing or remote agent"
	88	}
	89
	90	## gpg ssh forwarding
	91	# ssh automatically tunnels SSH_AUTH_SOCK with the right config, but GPG
	92	# doesn't—we use a RemoteForward rule in ~/.ssh/config that uses these env
	93	# vars to push the gpg extra socket through when connecting via ssh
	94	# HACK: this entire thing sucks but there is no other easy way that works
	95	# out of the box with other systems
	96	if [[ -v commands[gpgconf] ]] {
	97	# if already connected over SSH, reuse forwarded socket for future
	98	# connections; else use extra socket
	99	sock=${SSH_CLIENT:+agent-socket}
	100	export _GNUPG_SOCK_SRC=$(gpgconf --list-dirs ${sock:-agent-extra-socket})
	101	unset sock
	102	# XXX: multiple SSH sessions to the same host will overwrite this
	103	# socket, no way to send unique paths without configuring explicit
	104	# SendEnv and AcceptEnv exclusions on client and host respectively
	105	export _GNUPG_SOCK_DEST=/tmp/.gpg-agent-forward
	106	# if socket exists already, we are on a RemoteForwarded client, so copy
	107	# it over so that GPG sees it
	108	# XXX: race condition if connecting multiple terminals at once
	109	if [[ -S $_GNUPG_SOCK_DEST ]] {
	110	unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1
	111	mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null
	112	}
	113	}
b133dc92	114	}
b133dc92	115
f7960c69	116	### load site-specific
81c3957e	117	if [[ -f ~/.zshenv.local ]] { source ~/.zshenv.local }
81c3957e	118
f11fbf9e	119	### source .zprofile
	120	# if we used su, without --login, let's run zprofile ourselves
	121	# XXX: system zprofile is not run
	122	if [[ -v _sev_reset_shell \|\| $SHLVL == 1 ]] source ~/.zprofile
	123
81c3957e	124	# vim: set et sts=4 sw=4 ts=8 tw=79 :