# NOTE: # our .zprofile can be expensive, so we keep track of what has been run # already, and only set up what is necessary. additionally, we want to ensure # that our environment is set up as early as possible, so we also source # .zprofile in .zshenv for new non-login shells. # # these issues are handled by using these methods: # * the parent shell that starts the user's session after logging in to some # graphical environments may not be a login shell—due to misconfiguration # or otherwise—which means .zprofile is not ran and the environment is not # properly configured for any child processes. # * some desktop environments/graphical terminal emulators will start new # terminal windows with login shells, which runs .zprofile every time and # leads to noticably slow startup times if we have not already ran it. ### cleanup # XXX: only call after relevant vars have been set up, defined early so that # below code can utilize it after they do so function _sev_zcleanup { ## gpg forwarding if [[ -d $_sev_gpg_forward_dir && ( -z $1 || $1 == 'gpg-forward' ) ]] { # clean up forward dirs if its session is dead or we ask for it find $_sev_gpg_forward_dir -mindepth 1 -maxdepth 1 -type d | while {read -r x} { # NOTE: the only way we can get here is if we have not been # forwarded before, if the user asks for it, or during # logout. if our own pid already has a dir, it is most likely # stale, the user wants it removed, or something is very # broken—in all 3 of these cases the best choice is remove it. p=$(basename $x) if {[[ -v _sev_gpg_forward_clean || $$ == $p ]] || ! kill -0 $p 2>/dev/null} { find $x -mindepth 1 -maxdepth 1 | while {read -r y} { # XXX: real dirs will stop unlink, consider it a feature unlink $y } # don't force in case something important is still there rmdir $x } } # reset GNUPGHOME if we removed our own dir if [[ $GNUPGHOME =~ '/.ssh_forward/\d+/*$' && ! -e $GNUPGHOME ]] GNUPGHOME=${GNUPGHOME%$MATCH} } ## tmp # NOTE: _sev_tmp is not unset so session dirs will not be recreated # NOTE: XDG dirs that use our tmp are not unset here, they are in zlogout if [[ -d $_sev_tmp && ( -z $1 || $1 == 'tmp' ) ]] { # clean up tmp dirs if its session is dead or we ask for it find $_sev_tmp -mindepth 1 -maxdepth 1 -name '.session.*' -type d | while {read -r x} { # NOTE: same rationale as above p=${$(basename $x)#.session.} if {[[ -v _sev_tmp_clean || $$ == $p ]] || ! kill -0 $p 2>/dev/null} { rm -rf $x } } } unset x p y } ### lang export CHARSET=${CHARSET:-UTF-8} export LANG=${LANG:-en_US.UTF-8} ### path # NOTE: we utilize the fact that unique arrays keep the first occurrence and # remove any further occurences to capture elements from the old PATH # that we did not anticipate and shift them to the front, since they are # probably important to the system if [[ ! -v _sev_setup_path || -o login ]] { typeset -U path fpath # add as many generic paths as possible to keep the order we want # NOTE: /usr/{local,pkg,games} are unix/bsdisms # XXX: PREFIX not validated, non-posix but Termux uses it, maybe others # XXX: XDG specifies ~/.local/bin as the only user-writable dir for # executables, but we specify more; technically this is against spec syspath=("$path[@]") path=(~/{.local/,}{s,}bin {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/sbin {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/bin /usr/{X11R{7,6}/bin,games}) ((len=$#path)) path=("$path[@]" "$syspath[@]") # remove nonexistent and duplicate paths for (( i = 1; i <= $#path; i++ )) { if [[ ! -e $path[$i] ]] { path[$i]=() ((i <= len)) && ((len--)) ((i--)) continue } } # shift valid system paths to the front if there are any left ((len > 0 && len < $#path)) && path=("${(@)path[len + 1, -1]}" "${(@)path[1, len]}") unset syspath len i # include our zsh dir in fpath. unlike above, we always prefer our paths fpath=(${ZDOTDIR:-~/.zsh}/functions/{*,Completions/*}(N) "$fpath[@]") # FPATH is not exported by default export FPATH typeset +U path fpath export _sev_setup_path= } ### xdg local dir # NOTE: need this for tmp, so confirm it exists. # XXX: perms are not specified for XDG dirs except runtime, but I think 760 # makes the most sense. shouldn't break anything since no one else should # be poking around in our dir. [[ -e ${_sev_home:-~}/.local ]] || mkdir -m760 ${_sev_home:-~}/.local ### tmp # NOTE: specs say that POSIX tmp and XDG runtime directories should exist # until the last session is logged out (POSIX can exist for longer). # since we can't reliably keep track of sessions in a cross-platform # manner, the current implementation should use a separate directory per # toplevel session (i.e. SHLVL=1). this should placate most applications, # though it is not expressly spec compliant. if [[ ! -v _sev_tmp ]] { _sev_tmp=${_sev_home:-~}/.local/tmp # NOTE: race condition/remove in use files [[ -h $_sev_tmp ]] && unlink $_sev_tmp 2>/dev/null t=${TMPDIR:-${TEMP:-${TMP:-/tmp}}}/.home-$LOGNAME # create personal tmp dir under system tmp [[ -e $t ]] || mkdir -m700 $t 2>/dev/null if [[ ! -d $t ]] { [[ -o interactive ]] && print -P "%F{orange}*** Can't create TMPDIR $t, using $_sev_tmp%f" # fallback bare directory [[ -e $_sev_tmp ]] || mkdir -m700 $_sev_tmp 2>/dev/null if [[ ! -d $_sev_tmp ]] { [[ -o interactive ]] && print -P "%F{red}!!! No usable TMPDIR%f" unset _sev_tmp } else { t=$_sev_tmp } } elif [[ -e $_sev_tmp ]] { [[ -o interactive ]] && print -P "%F{orange}*** $_sev_tmp occluded, can't link to TMPDIR $t%f" _sev_tmp=$t } else { ln -s $t $_sev_tmp 2>/dev/null } if [[ -v _sev_tmp ]] { # ensure dir is clean _sev_zcleanup tmp # finally create our subdir for this session t=$_sev_tmp/.session.$$ if ! mkdir -m700 $t 2>/dev/null; then [[ -o interactive ]] && print -P "%F{red}!!! Can't create session subdir $t, using $_sev_tmp%f" t=$_sev_tmp fi export _sev_tmp TMPDIR=$t TEMP=$t TMP=$t unset t } } ### xdg if [[ ! -v _sev_setup_xdg ]] { ## merge with any existing dirs and remove duplicates using unique arrays # NOTE: we are accepting whatever value might be set for CONFIG and DATA; # if it wasn't set, we just use default and leave it unset # NOTE: include and then remove CONFIG_HOME and DATA_HOME to ensure they # are not present in the array if it was added before we got to it typeset -UT XDG_DATA_DIRS xdg_data_dirs if [[ -v XDG_DATA_HOME ]] { export XDG_DATA_HOME } elif [[ ! -e ~/.local/share ]] { mkdir -m760 ~/.local/share } xdg_data_dirs=($XDG_DATA_HOME /{opt,usr/local,usr/pkg,usr}/share "${XDG_DATA_DIRS:+${xdg_data_dirs[@]}}") # XXX: if colons are not escaped, could remove unintended part of string export XDG_DATA_DIRS=${XDG_DATA_DIRS#$XDG_DATA_HOME:} typeset -UT XDG_CONFIG_DIRS xdg_config_dirs if [[ -v XDG_CONFIG_HOME ]] { export XDG_CONFIG_HOME } elif [[ ! -e ~/.config ]] { mkdir -m760 ~/.config } # I am of the belief .local should follow FHS /usr/local... [[ -e ~/.local/etc ]] || ln -s ~/.config ~/.local/etc xdg_config_dirs=($XDG_CONFIG_HOME ${XDG_CONFIG_DIRS:+"$xdg_config_dirs[@]"} {/opt,/usr/local,/usr/pkg,}/etc/xdg) # XXX: if colons are not escaped, could remove unintended part of string export XDG_CONFIG_DIRS=${XDG_CONFIG_DIRS#$XDG_CONFIG_HOME:} if [[ -v XDG_STATE_HOME ]] { export XDG_STATE_HOME } elif [[ ! -e ~/.local/state ]] { mkdir -m760 ~/.local/state } if [[ ! -v XDG_CACHE_HOME ]] { if [[ -v _sev_tmp ]] { export XDG_CACHE_HOME=$_sev_tmp/.xdg.cache [[ -e $XDG_CACHE_HOME ]] || mkdir -m700 $XDG_CACHE_HOME } elif [[ ! -e ~/.cache ]] { mkdir -m700 ~/.cache } } if [[ -v XDG_RUNTIME_DIR ]] { export XDG_RUNTIME_DIR } else { # make runtime dir in our session-specific tmpdir export XDG_RUNTIME_DIR=$TMPDIR/.xdg.runtime # same as in tmpdir creation, ensure dir doesn't exist if [[ -h $XDG_RUNTIME_DIR ]] { unlink $XDG_RUNTIME_DIR 2>/dev/null } elif [[ -e $XDG_RUNTIME_DIR ]] { rm -rf $XDG_RUNTIME_DIR 2>/dev/null } mkdir -m700 $XDG_RUNTIME_DIR 2>/dev/null } # source user dirs after other vars [[ -e $XDG_CONFIG_HOME/user-dirs.dirs ]] && emulate sh -c "source $XDG_CONFIG_HOME/user-dirs.dirs" export _sev_setup_xdg= } ### dbus if [[ ! -v DBUS_SESSION_BUS_ADDRESS && -v commands[dbus-launch] ]] { eval $(dbus-launch) export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID } ### gpg home if [[ ! -v GNUPGHOME ]] { export GNUPGHOME=${XDG_CONFIG_HOME:-~/.config}/gnupg if [[ -d ~/.gnupg ]] { mv ~/.gnupg ${XDG_CONFIG_HOME:-~/.config}/gnupg } } ### gpg agent + forwarding # NOTE: while ssh manages its auth sock in its protocol when ForwardSsh is # enabled, GPG must be forwarded manually over Unix socket. to support # this, we forward the restricted gpg-agent extra socket to the remote # host with a RemoteForward rule in ~/.ssh/config that uses the # _GNUPG_SOCK_* env vars. to avoid conflicts with other ssh sessions # where the same user is connecting to the same host from different # machines, gpg in each environment should utilize its own forwarded # socket, rather than replace the sockets in GNUPGHOME which will be # overridden on the next connection. previously, you could provide a path # to the agent socket in GPG_AGENT_INFO, but that was deprecated in GPG # v2.1. instead, we must clone GNUPGHOME with links and replace the agent # sockets there with the forwarded one. # NOTE: since Unix sockets are not supported under Windows, this will not work # under msys, cygwin, mingw, etc., but may work under wsl2. # HACK: without SendEnv, which is disabled by default in most sshd configs, # there is no foolproof way to prevent race conditions via filename # collisions or to pass the desired forward path to the remote host # environment. we just have to guess the path we choose is good on the # desination, and assume the newest matching socket is the correct one # after connecting. in theory, we could occlude the ssh binary on PATH # with an alias or script that would allow us to communicate with the # remote host before opening a shell, so that we can have the host # communicate back to the client where it wants a socket created or ask # the host if the path the client wants to use is writable. however, this # would open up too many edge cases where it wouldn't work or be too # clunky (e.g. asking for password twice) to make it worth it. function _gpg_socketpath { # dirs are percent-encoded: https://stackoverflow.com/a/64312099 echo ${1//(#b)%([[:xdigit:]](#c2))/${(#):-0x$match[1]}} } if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] { # XXX: assuming /tmo exists and is writable on destination export _GNUPG_SOCK_DEST_BASE=/tmp/.gpg-agent-forward export _GNUPG_SOCK_DEST_EXT=$(date +%s).$RANDOM export _GNUPG_SOCK_DEST=$_GNUPG_SOCK_DEST_BASE.$_GNUPG_SOCK_DEST_EXT export _sev_gpg_forward_dir=${GNUPGHOME:-~/.gnupg}/.ssh_forward _sev_zcleanup gpg-forward # find our forwarded socket s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1])) if [[ -n $s && -v SSH_CLIENT ]] { # create new forward dir export _sev_setup_gpg_forward= h=$_sev_gpg_forward_dir/$$ mkdir -pm700 $h # XXX: is it safe to link scdaemon socket? can its name be changed? for x (S.scdaemon gpg.conf gpg-agent.conf sshcontrol random_seed pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) { ln -s ${GNUPGHOME:-~/.gnupg}/$x $h } export GNUPGHOME=$h unset h for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do x=$(_gpg_socketpath ${x/#agent-*socket:}) if [[ ! -v orig ]] { # move forwarded socket to first valid agent socket path # XXX: if tmp is on different filesystem this may not work mv $s $x orig=$x } else { # make links to forwarded socket for any others ln -s $orig $x } done unset x orig } unset s # what we will forward if we start a new ssh connection # NOTE: do this after setting up GNUPGHOME to pick up new socket path; # if already connected over SSH, extra should be the remote one export _GNUPG_SOCK_SRC=$(_gpg_socketpath \ $(gpgconf --list-dirs agent-extra-socket)) } elif [[ ! -v _sev_setup_gpg_forward ]] { # required for RemoteForward to not error out if the vars are unset [[ ! -v _GNUPG_SOCK_SRC ]] && export _GNUPG_SOCK_SRC=/nonexistent [[ ! -v _GNUPG_SOCK_DEST ]] && export _GNUPG_SOCK_DEST=/nonexistent } ### gpg agent if [[ -v commands[gpg-connect-agent] && ( ! -v _sev_setup_gpgagent || -v _sev_refresh_gpgagent ) ]] { # avoid printing if we have already set up tty before [[ ! -v _sev_setup_gpgagent && -o interactive ]] && p=true || p=false if {$p} { print -nP '%F{blue}>>>%f GPG: ' if [[ -v _sev_setup_gpg_forward ]] { print -nP '%F{yellow}Forwarded agent ' } else { print -nP '%F{green}Agent ' } } gpg-connect-agent /bye >/dev/null 2>&1 if [[ $? -ne 0 ]] { $p && print -P '%F{red}communication error' } else { if [[ ! -v _sev_setup_gpg_forward ]] { if [[ ${+GPG_TTY} -eq 0 && -o interactive ]] export GPG_TTY=$(tty) if [[ ( -v DISPLAY || -v WAYLAND_DISPLAY ) && ${PINENTRY_USER_DATA/USE_TTY=0} == $PINENTRY_USER_DATA ]] export PINENTRY_USER_DATA=USE_TTY=$(( ${+DISPLAY} + ${+WAYLAND_DISPLAY} == 0)) # XXX: don't know if gpg-agent supports comments after directives # XXX: path could have # sed -Ei 's#^([[:space:]]*pinentry-program[[:space:]]).*$#\1'${commands[pinentry]:-/dev/null}'#' \ ${GNUPGHOME:-~/.gnupg}/gpg-agent.conf # XXX: could check for changes before doing this to save perf gpg-connect-agent RELOADAGENT UPDATESTARTUPTTY /bye >/dev/null 2>&1 if {$p} { gpg-connect-agent /subst /serverpid \ "/echo pid \${get serverpid} on $GPG_TTY" /bye 2>/dev/null print -nP '%f' } } elif {$p} { print -P '%f' } export _sev_setup_gpgagent= } unset p _sev_refresh_gpgagent } ### ssh agent if [[ ! -v _sev_setup_ssh ]] { # NOTE: preferred order of agents to check: okcagent, gnupg, openssh # first block takes care of okcagent and openssh, second gnupg # XXX: doesn't actually check if ssh is enabled in gpg [[ -o interactive ]] && print -nP '%F{blue}>>>%f SSH: %F{green}' if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] || ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] { okc=${commands[okc-ssh-agent]:+okc-} e=$_sev_tmp/${okc}ssh-agent-exports typeset sock= typeset -i pid= if [[ -f $e ]] { IFS=$'\0' read -r sock pid <$e } if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then [[ -o interactive ]] && print -P "Reusing agent PID $pid%f" export SSH_AUTH_SOCK=$sock export SSH_AGENT_PID=$pid else # TODO: ensure ssh-agent path looks legit to avoid unsafe eval? # XXX: doesn't appear to be any other way to handle redirection. # because eval needs to write to current scope environment # subshells can't be used to capture output and print. c='TMPDIR=$_sev_tmp ${okc}ssh-agent' if [[ -o interactive ]] { eval $(eval $=c) print -nP '%f' } else { eval $(eval $=c) >/dev/null 2>&1 } echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$e unset c fi unset okc e sock pid } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] { # since gpg should have been started above, just export and notify if [[ -o interactive ]] { if [[ -v _sev_setup_gpg_forward ]] { echo 'Forwarded GPG agent' } else { gpg-connect-agent /subst /serverpid \ '/echo GPG agent pid ${get serverpid}' /bye } print -nP '%f' } export SSH_AUTH_SOCK=$(_gpg_socketpath \ $(gpgconf --list-dirs agent-ssh-socket)) } elif [[ -v SSH_AUTH_SOCK ]] { [[ -o interactive ]] && print -P 'Preconfigured agent%f' } else { [[ -o interactive ]] && print -P '%F{red}No agent available%f' } export _sev_setup_ssh= } unfunction _gpg_socketpath ### perl local lib [[ -v commands[perl] && -d $XDG_DATA_HOME/perl5/lib/perl5 && ! -v PERL_LOCAL_LIB_ROOT ]] && eval $(perl -I$XDG_DATA_HOME/perl5/lib/perl5 \ -Mlocal::lib=$XDG_DATA_HOME/perl5 2>/dev/null) ### load site-specific if [[ -f ${ZDOTDIR:-~}/.zprofile.local ]] { source ${ZDOTDIR:-~}/.zprofile.local }