### unset unwanted options that could be set in /etc/zshenv unsetopt SH_WORD_SPLIT KSH_ARRAYS ### check if su if [[ -v _sev_olduser && $_sev_olduser != $USERNAME ]] _sev_reset_shell= export _sev_olduser=$USERNAME ### exports for all new shells if [[ -v _sev_reset_shell || $SHLVL == 1 ]] { ## lang export CHARSET=UTF-8 export LANG=en_US.UTF-8 export LC_CTYPE=$LANG ## path typeset -U path fpath if [[ $SHLVL == 1 ]] { # take a backup before any customizations export _sev_sys_PATH=$PATH export _sev_sys_FPATH=$FPATH } # /usr/{pkg,local,games} are unix/bsdisms path=({~/,/,/usr/}sbin {~/,/,/usr/}bin /usr/pkg/{s,}bin /usr/X11R{7,6}/bin /usr/local/{s,}bin /usr/games) PATH=$PATH:$_sev_sys_PATH fpath=(${ZDOTDIR:-$HOME/.zsh}/functions/{*,Completions/*}(N)) #fpath is not exported by default export FPATH=$FPATH:$_sev_sys_FPATH # take another backup, explained in .zprofile typeset -U _backup_path _backup_path=("${path[@]}") ## xdg export XDG_CONFIG_HOME=~/etc export XDG_CONFIG_DIRS=~/.config:/usr/pkg/etc/xdg:/usr/local/etc/xdg:/etc/xdg export XDG_DATA_HOME=~/share export XDG_DATA_DIRS=~/.local/share:/usr/pkg/share:/usr/local/share:/usr/share export XDG_CACHE_HOME=~/tmp export XDG_RUNTIME_DIR=~/tmp ## create tmp link t=${TMPDIR:-/tmp}/home-$LOGNAME h=$HOME/tmp if [[ ! -e $t ]] { mkdir -m 700 $t >/dev/null 2>&1 # TODO: check if dir exists after mkdir } # allow opaque entries to override link creation if [[ ! -e $h ]] { ln -sf $t $h >/dev/null 2>&1 } unset t h ## ssh agents # NOTE: preferred order of agents to check: okcagent, gnupg, openssh # first block takes care of okcagent and openssh, second gnupg print -nP "%F{blue}>>>%f SSH: %F{green}" if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] || ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] { okc=${commands[okc-ssh-agent]:+okc-} agentfile=~/tmp/${okc}ssh-agent-exports typeset sock= typeset -i pid= if [[ -f $agentfile ]] { IFS=$'\0' read -r sock pid <$agentfile } if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then [[ -o interactive ]] && echo "Reusing agent pid $pid" export SSH_AUTH_SOCK=$sock export SSH_AGENT_PID=$pid else # TODO: ensure ssh-agent path looks legit # to avoid unsafe eval? # NOTE: no way around doing redirection like this I think e=${okc}ssh-agent if [[ -o interactive ]] { eval `$e` } else { eval `$e` >/dev/null 2>&1 } echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile fi unset okc agentfile sock pid } elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \ ( ! -v SSH_AUTH_SOCK || -v DISPLAY ) ]] { export GPG_TTY=$(tty) export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY})) gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1 [[ -o interactive ]] && gpg-connect-agent /subst /serverpid \ '/echo GPG agent pid ${get serverpid}' /bye [[ ! -v SSH_AUTH_SOCK ]] && \ export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) } else { [[ -o interactive ]] && echo "Pre-existing or remote agent" } ## gpg ssh forwarding # ssh automatically tunnels SSH_AUTH_SOCK with the right config, but GPG # doesn't—we use a RemoteForward rule in ~/.ssh/config that uses these env # vars to push the gpg extra socket through when connecting via ssh # HACK: this entire thing sucks but there is no other easy way that works # out of the box with other systems if [[ -v commands[gpgconf] ]] { # if already connected over SSH, reuse forwarded socket for future # connections; else use extra socket sock=${SSH_CLIENT:+agent-socket} export _GNUPG_SOCK_SRC=$(gpgconf --list-dirs ${sock:-agent-extra-socket}) unset sock # XXX: multiple SSH sessions to the same host will overwrite this # socket, no way to send unique paths without configuring explicit # SendEnv and AcceptEnv exclusions on client and host respectively export _GNUPG_SOCK_DEST=/tmp/.gpg-agent-forward # if socket exists already, we are on a RemoteForwarded client, so copy # it over so that GPG sees it # XXX: race condition if connecting multiple terminals at once if [[ -S $_GNUPG_SOCK_DEST ]] { unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1 mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null } } } ### load site-specific if [[ -f ~/.zshenv.local ]] { source ~/.zshenv.local } ### source .zprofile # if we used su, without --login, let's run zprofile ourselves # XXX: system zprofile is not run if [[ -v _sev_reset_shell || $SHLVL == 1 ]] source ~/.zprofile # vim: set et sts=4 sw=4 ts=8 tw=79 :