- # find our forwarded socket
- s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1]))
- if [[ -n $s && -v SSH_CLIENT ]] {
- # create new forward dir
- export _sev_setup_gpg_forward=
- h=$_sev_gpg_forward_dir/$$
- mkdir -pm700 $h
- for x (gpg{,-agent}.conf sshcontrol random_seed
- pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
- ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
- }
- export GNUPGHOME=$h
- unset h
- for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do
- x=$(_gpg_socketpath ${x/#agent-*socket:})
- if [[ ! -v primary ]] {
- # move forwarded socket to first valid agent socket path
- # XXX: if tmp is on different filesystem this may not work
- mv $s $x
- primary=$x
- } else {
- # make links to forwarded socket for any others
- ln -s $primary $x
+ # check for a forwarded socket
+ if [[ -v SSH_CLIENT ]] {
+ # find newest socket owned by us
+ # XXX: race condition
+ s=($_GNUPG_SOCK_DEST_BASE*(N=u[$LOGNAME]oc[1]))
+ if [[ -n $s ]] {
+ # create new forward dir
+ export _sev_setup_gpg_forward=
+ h=$_sev_gpg_forward_dir/$$
+ mkdir -pm700 $h
+ for x (gpg{,-agent}.conf sshcontrol random_seed
+ pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
+ ln -s ${GNUPGHOME:-~/.gnupg}/$x $h