sway: also bind kp_enter to terminal

[dotfiles.git] / base / .zprofile

diff --git a/base/.zprofile b/base/.zprofile
index acdd19198e4605fcd319624f2aef9aa9bc7f43f8..1abd5b5ca72d6f0997c9d66a1ba0464eaed8b915 100644 (file)
--- a/base/.zprofile
+++ b/base/.zprofile
@@ -1,347 +1,331 @@
-### imports
-source ~/bin/.check-busybox
+# NOTE:
+# our .zprofile is expensive, so we keep track of what has been run already,
+# and only set up what is necessary. additionally, we want to ensure that our
+# environment is set up as early as possible, so we also source .zprofile in
+# .zshenv for new non-login shells.
+#
+# these issues are handled by using these methods:
+#   * the parent shell that starts the user's session after logging in to some
+#     graphical environments may not be a login shell—due to misconfiguration
+#     or otherwise—which means .zprofile is not ran and the environment is not
+#     properly configured for any child processes.
+#   * some desktop environments/graphical terminal emulators will start new
+#     terminal windows with login shells, which runs .zprofile every time and
+#     leads to noticably slow startup times.
+#   * switching users without wiping the environment will result in paths and
+#     variables intended for the old user being used for the new user. while
+#     this may be considered an edge-case that should not be supported, there
+#     are legitimate reasons to want to do this, and in any case the shell
+#     should not choke or cause unexpected problems should it happen anyway.

 
 

-### exports
-## reset PATH to prevent /etc/zprofile from changing it
-# some distros put non-interactive PATH in env and interactive PATH in profile;
-# we want to make sure to always use ours regardless
-if [[ -v _sev_backup_path ]] {
-    path=("${_backup_path[@]}" "${path[@]}")
-    export PATH
-    unset _sev_backup_path
+### lang
+export CHARSET=UTF-8
+export LANG=en_US.UTF-8
+export LC_CTYPE=$LANG
+### path
+# NOTE: we utilize the fact that unique arrays keep the first occurrence and
+#       remove any further occurences to capture elements from the old PATH
+#       that we did not anticipate and shift them to the front, since they are
+#       probably important to the system
+if [[ ! -v _sev_setup_path || -o login ]] {
+    typeset -U path fpath
+    # add as many generic paths as possible to keep the order we want
+    # NOTE: /usr/{local,pkg,games} are unix/bsdisms
+    syspath=("$path[@]")
+    path=({~,~/.local,,/usr,/opt,/usr/local,/usr/pkg}/sbin
+          {~,~/.local,,/usr,/opt,/usr/local,/usr/pkg}/bin
+          /usr/X11R{7,6}/bin /usr/games)
+    ((len=$#path))
+    path=("$path[@]" "$syspath[@]")
+    # remove nonexistent and duplicate paths
+    for (( i = 1; i <= $#path; i++ )) {
+        if [[ ! -e $path[$i] ]] {
+            path[$i]=()
+            ((i <= len)) && ((len--))
+            ((i--))
+            continue
+        }
+    }
+    # shift valid system paths to the front if there are any left
+    ((len > 0 && len < $#path)) && path=("${(@)path[len + 1, -1]}" "${(@)path[1, len]}")
+    unset syspath len i j
+    # include our zsh dir in fpath. unlike above, we always prefer our paths
+    fpath=(${ZDOTDIR:-~/.zsh}/functions/{*,Completions/*}(N) "$fpath[@]")
+    # FPATH is not exported by default
+    export FPATH
+    typeset +U path fpath
+    export _sev_setup_path=

 }
 }

-## common
-export EDITOR=vim
-export PAGER=less
-## grep
-# XXX: deprecated in GNU
-export GREP_OPTIONS=--color=auto
-## histfile
-export HISTFILE=~/.histfile
-export HISTSIZE=1000
-export SAVEHIST=1000
-## python
-export PYTHONSTARTUP=~/.pythonrc
-## perl
-[[ -v commands[perl] ]] && eval $(perl -I $XDG_DATA_HOME/perl5/lib/perl5 -Mlocal::lib=$XDG_DATA_HOME/perl5 2>/dev/null)

 
 

-### ssh agents
-# NOTE: preferred order of agents to check: okcagent, gnupg, openssh
-#       first block takes care of okcagent and openssh, second handles gnupg
-if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] ||
-      ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
-    okc=${commands[okc-ssh-agent]:+okc-}
-    agentfile=~/tmp/${okc}ssh-agent-exports
-    typeset sock=
-    typeset -i pid=
-    if [[ -f "$agentfile" ]] {
-        IFS=$'\0' read -r sock pid <"$agentfile"
+### temp
+# NOTE: it's intentional to separate POSIX tmp for each session (spec says
+#       programs should not expect data there to be long-lived) and to keep the
+#       same runtime dir and not create a new one if a new login shell is
+#       spawned, since the XDG spec calls for the same dir to be utilized for
+#       each "session".
+if [[ ! -v _sev_setup_tmp ]] {
+    t=${TMPDIR:-${TEMP:-${TMP:-/tmp}}}/.home-$LOGNAME
+    h=~/tmp
+    [[ ! -e $t ]] && mkdir -pm700 $t 2>/dev/null
+    if [[ ! -d $t ]] {
+        [[ -o interactive ]] &&
+          print -P "%F{red}!!! Can't create temp dir $t%f"
+        # fallback bare directories
+        [[ -h $h ]] && unlink $h 2>/dev/null
+        [[ ! -e $h ]] && mkdir -m700 $h 2>/dev/null
+    }
+    # [re-]create link to our tmp
+    [[ -h $h || ! -e $h ]] && ln -sfn $t $h 2>/dev/null
+    # finally create our subdir for this session
+    export _sev_tmp=$h/.session.$$
+    # ensure dir doesn't exist. if there is already something there it is
+    # likely a stale directory or something is very broken—assume the former.
+    # the user could also want dirs recreated by unsetting the var.
+    if [[ -h $_sev_tmp ]] {
+        unlink $_sev_tmp 2>/dev/null
+    } elif [[ -e $_sev_tmp ]] {
+        rm -rf $_sev_tmp 2>/dev/null

     }
     }

-    if [[ -S "$sock" && $pid -gt 0 ]] && kill -0 $pid; then
-        echo "Reusing ${okc+okc-ssh-}agent pid $pid"
-        export SSH_AUTH_SOCK="$sock"
-        export SSH_AGENT_PID=$pid
-    else
-        # TODO: ensure ssh-agent path looks legit
-        #       to avoid unsafe eval?
-        eval `${okc}ssh-agent`
-        echo -n "$SSH_AUTH_SOCK"$'\0'$SSH_AGENT_PID >!$agentfile
-    fi
-    unset okc agentfile sock pid
-} elif [[ -v commands[gpg] && ! -S $_GNUPG_SOCK_DEST && \
-          ( ! -v SSH_AUTH_SOCK || -v DISPLAY ) ]] {
-    export GPG_TTY=$(tty)
-    export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
-    gpg-connect-agent UPDATESTARTUPTTY /BYE >/dev/null 2>&1
-    [[ ! -v SSH_AUTH_SOCK ]] && \
-        export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+    mkdir -m700 $_sev_tmp 2>/dev/null
+    export TMPDIR=$_sev_tmp TEMP=$_sev_tmp TMP=$_sev_tmp
+    unset t h
+    export _sev_setup_tmp=

 }
 
 }
 

-### gpg socket
-if [[ -v _GNUPG_SOCK_SRC && -v _GNUPG_SOCK_DEST && -S $_GNUPG_SOCK_DEST ]] {
-    unlink $_GNUPG_SOCK_SRC >/dev/null 2>&1
-    mv $_GNUPG_SOCK_DEST $_GNUPG_SOCK_SRC >/dev/null
-}
+### xdg
+if [[ ! -v _sev_setup_xdg ]] {
+    # merge with any existing dirs and remove duplicates using unique arrays
+    # NOTE: include and then remove CONFIG_HOME and DATA_HOME to ensure they
+    #       are not present in the array if it was added before we got to it
+    typeset -UT XDG_CONFIG_DIRS xdg_config_dirs
+    export XDG_CONFIG_HOME=~/etc
+    mkdir -p $XDG_CONFIG_HOME
+    xdg_config_dirs=($XDG_CONFIG_HOME ~/.config
+      {/opt,/usr/local,/usr/pkg,}/etc/xdg
+      "${XDG_CONFIG_DIRS:+${xdg_config_dirs[@]}}")
+    export XDG_CONFIG_DIRS=${XDG_CONFIG_DIRS#$XDG_CONFIG_HOME}

 
 

-### options
-setopt NO_BEEP NO_CLOBBER
-## cd
-setopt AUTO_CD CDABLE_VARS
-## completion
-setopt GLOB_COMPLETE
-## line
-setopt EXTENDED_GLOB GLOB_DOTS MARK_DIRS NOMATCH NUMERIC_GLOB_SORT
-## prompt
-setopt PROMPT_SUBST
-## jobs
-setopt AUTO_CONTINUE
-## history
-setopt NO_HIST_SAVE_BY_COPY HIST_IGNORE_DUPS SHARE_HISTORY
+    typeset -UT XDG_DATA_DIRS xdg_data_dirs
+    export XDG_DATA_HOME=~/share
+    mkdir -p $XDG_DATA_HOME
+    xdg_data_dirs=($XDG_DATA_HOME ~/.local/share
+      /{opt,usr/local,usr/pkg,usr}/share
+      "${XDG_DATA_DIRS:+${xdg_data_dirs[@]}}")
+    export XDG_DATA_DIRS=${XDG_DATA_DIRS#$XDG_DATA_HOME}

 
 

-### keys
-# TODO: investigate "^[[200~" bracketed-paste
-bindkey -v
-KEYTIMEOUT=10
-## populate key array
-if (( $#terminfo == 0 )) {
-    # terminfo is not set or empty
-    function find_keymap {
-        for f in ${ZDOTDIR:-$HOME}/.zkbd/${TERM}{-${DISPLAY:-${VENDOR}-${OSTYPE}},}
-            [[ -f $f ]] && keymap=$f && break
-    }
-    find_keymap
-    if [[ -z $keymap ]] {
-        if read -q "?Can't read terminfo. Add new zkbd keymap? [y/N]"; then
-            echo
-            autoload -Uz zkbd && zkbd
-            unfunction zkbd
-            find_keymap
+    export XDG_STATE_HOME=~/var/lib
+    mkdir -p $XDG_STATE_HOME
+
+    # use our custom tmp for cache and runtime
+    export XDG_CACHE_HOME=$_sev_tmp/.xdg.cache
+    export XDG_RUNTIME_DIR=$_sev_tmp/.xdg.runtime
+    # create xdg tmp dirs
+    for x in $XDG_CACHE_HOME $XDG_RUNTIME_DIR; do
+        # same as in temp creation, ensure it doesn't exist
+        if [[ -h $x ]]; then
+            unlink $x 2>/dev/null
+        elif [[ -e $x ]]; then
+            rm -rf $x 2>/dev/null

         fi
         fi

-        echo
-    }
-    if [[ -n $keymap ]] {
-        source $keymap
-    } else {
-        echo "Failed to source file $keymap" >&2
-    }
-    unfunction find_keymap; unset keymap
-} else {
-    # activate application mode for zle so terminfo keys work
-    # don't do this for zkbd since application mode shouldn't have ben enabled
-    if [[ -v terminfo[smkx] && -v terminfo[rmkx] ]] {
-        autoload -Uz add-zle-hook-widget
-        function _enter-application-mode { echoti smkx }
-        add-zle-hook-widget line-init _enter-application-mode
-        function _exit-application-mode { echoti rmkx }
-        add-zle-hook-widget line-finish _exit-application-mode
-        trap _exit-application-mode EXIT
-    }
-    # match zkbd hash as best we can to terminfo
-    typeset -gA key
-    key[F1]=$terminfo[kf1]
-    key[F2]=$terminfo[kf2]
-    key[F3]=$terminfo[kf3]
-    key[F4]=$terminfo[kf4]
-    key[F5]=$terminfo[kf5]
-    key[F6]=$terminfo[kf6]
-    key[F7]=$terminfo[kf7]
-    key[F8]=$terminfo[kf8]
-    key[F9]=$terminfo[kf9]
-    key[F10]=$terminfo[kf10]
-    key[F11]=$terminfo[kf11]
-    key[F12]=$terminfo[kf12]
-    key[Backspace]=$terminfo[kbs]
-    key[Insert]=$terminfo[kich1]
-    key[Home]=$terminfo[khome]
-    key[PageUp]=$terminfo[kpp]
-    key[Delete]=$terminfo[kdch1]
-    key[End]=$terminfo[kend]
-    key[PageDown]=$terminfo[knp]
-    key[Up]=$terminfo[kcuu1]
-    key[Down]=$terminfo[kcud1]
-    key[Left]=$terminfo[kcub1]
-    key[Right]=$terminfo[kcuf1]
-    #key[Menu]=$terminfo[] #TODO: not in termcap?
+        # XXX: cache does not have to be 700 according to spec
+        mkdir -m700 $x 2>/dev/null
+    done
+
+    # source user dirs after other vars
+    [[ -e $XDG_CONFIG_HOME/user-dirs.dirs ]] &&
+      emulate sh -c "source $XDG_CONFIG_HOME/user-dirs.dirs"
+    export _sev_setup_xdg=

 }
 
 }
 

-## bind keys in both viins and vicmd modes
-function multibind {
-    local k=$key[$1]
-    if [[ -n $k ]] {
-        bindkey -- $k $2
-        if [[ -v 3 ]] {
-            # - will use same command as viins
-            bindkey -a -- $k ${3:/-/$2}
-        }
+### gpg + ssh + forwarding
+# NOTE: while ssh manages its auth sock in its protocol when ForwardSsh is
+#       enabled, GPG must be forwarded manually over Unix socket. to support
+#       this, we forward the restricted gpg-agent extra socket to the remote
+#       host with a RemoteForward rule in ~/.ssh/config that uses the
+#       _GNUPG_SOCK_* env vars. to avoid conflicts with other ssh sessions
+#       where the same user is connecting to the same host from different
+#       machines, gpg in each environment should utilize its own forwarded
+#       socket, rather than replace the sockets in GNUPGHOME which will be
+#       overridden on the next connection. previously, you could provide a path
+#       to the agent socket in GPG_AGENT_INFO, but that was deprecated in GPG
+#       v2.1. instead, we must clone GNUPGHOME with links and replace the agent
+#       sockets there with the forwarded one.
+# NOTE: since Unix sockets are not supported under Windows, this will not work
+#       under msys, cygwin, mingw, etc., but may work under wsl2.
+# HACK: without SendEnv, which is disabled by default in most sshd configs,
+#       there is no foolproof way to prevent race conditions via filename
+#       collisions or to pass the desired forward path to the remote host
+#       environment. we just have to guess the path we choose is good on the
+#       desination, and assume the newest matching socket is the correct one
+#       after connecting. in theory, we could occlude the ssh binary on PATH
+#       with an alias or script that would allow us to communicate with the
+#       remote host before opening a shell, so that we can have the host
+#       communicate back to the client where it wants a socket created or ask
+#       the host if the path the client wants to use is writable. however, this
+#       would open up too many edge cases where it wouldn't work or be clunky
+#       (e.g. asking for password twice) to make it worth it.
+if [[ ! -v _sev_setup_agents ]] {
+    export GNUPGHOME=~/etc/gnupg
+
+    function _socketpath {
+        # dirs are percent-encoded: https://stackoverflow.com/a/64312099
+        echo ${1//(#b)%([[:xdigit:]](#c2))/${(#):-0x$match[1]}}

     }
     }

-}
-multibind Backspace backward-delete-char vi-backward-char
-multibind Insert    overwrite-mode       vi-insert
-multibind Home      beginning-of-line    -
-multibind PageUp    up-line-or-history   -
-multibind Delete    delete-char          vi-delete-char
-multibind End       end-of-line          -
-multibind PageDown  down-line-or-history -
-multibind Left      backward-char        vi-backward-char
-multibind Right     forward-char         vi-forward-char
-## history search
-autoload -Uz up-line-or-beginning-search down-line-or-beginning-search
-zle -N up-line-or-beginning-search
-multibind Up        up-line-or-beginning-search -
-zle -N down-line-or-beginning-search
-multibind Down      down-line-or-beginning-search -
-unfunction multibind

 
 

-### aliases
-alias h="history -25"
-alias j="jobs -l"
-alias l="ls -AF"
-alias p="${PAGER:-more}" # TODO: make sure more is there or use safe default
-alias e="${EDITOR:-vi}"  # TODO: make sure vi is there or use safe default
-if [[ "$OSTYPE" =~ '^(free|net)bsd' ]] {
-    alias ll="ls -lAFho"
-} else {
-    alias ll="ls -lAFh"
-}
-alias se=sudoedit
-## ps
-local p=
-if which pstree >/dev/null 2>&1 && ! check-busybox pstree; then
-    # use pstree, but NOT busybox pstree because it kinda sucks
-    p="pstree -wg3"
-elif [[ "$OSTYPE" =~ '^freebsd' ]]; then
-    p="ps -aSdfxwwouser=USR -ogroup=GRP -opid,nice=NI \
-       -o%cpu,%mem,tty,stat,start=START -oetime,command"
-elif check-busybox ps; then
-    # busybox compatible
-    p="ps -eouser='USR     ' -ogroup='GRP     ' \
-       -opid='  PID' -onice=' NI' -ovsz=' MEM' \
-       -otty,stat,etime,comm"
-else
-    # XXX: untested, posix
-    # TODO: support gnu ps
-    p="ps -eouser=USR -ogroup=GRP -opid,nice=NI \
-       -opcpu=CPU -ovsz=MEM -otty,stat,etime,comm"
-fi
-if [[ "$(basename "$PAGER")" = "less" ]] {
-    p="$p | less -SE"
-} else {
-    p="$p | \"${PAGER:-more}\""
-}
-alias pa="$p"
-alias spa="sudo $p"
-unset p
-## py venv
-alias va="source bin/activate"
-alias vd="deactivate"
-## be paranoid
-alias cp='cp -ip'
-alias mv='mv -i'
-if [[ "$OSTYPE" =~ '^freebsd' ]] {
-    # don't confirm if only a few files are deleted
-    alias rm='rm -I'
-} else {
-    # TODO: similar behavior for non-freebsd, or impliment in zsh
-    alias rm='rm -i'
-}
-## go up directories
-function up {
-    cd $(printf '../%.0s' {1..${1:-1}})
-}
+    ## gpg forwarding
+    if [[ ! -v _sev_gpg_forwarded && -v commands[gpg] ]] {
+        export _GNUPG_SOCK_DEST_BASE=/tmp/.gpg-agent-forward
+        export _GNUPG_SOCK_DEST_EXT=$(date +%s).$RANDOM
+        export _GNUPG_SOCK_DEST=$_GNUPG_SOCK_DEST_BASE.$_GNUPG_SOCK_DEST_EXT
+        export _sev_gpg_forward_dir=${GNUPGHOME:-~/.gnupg}/.ssh_forward
+        # clean up forward dirs if its session is dead or we ask for it
+        if [[ -d $_sev_gpg_forward_dir ]] {
+            find $_sev_gpg_forward_dir -type d -mindepth 1 -maxdepth 1 |
+              while read -r x; do
+                # NOTE: the only way we can get here is if we have not been
+                #       forwarded before or if the user asks for it. if our own
+                #       pid already has a dir, it is most likely stale, or
+                #       something is very broken—assume the former.
+                p=$(basename $x)
+                if [[ -v _sev_gpg_forward_clean || $$ == $p ]] ||
+                      ! kill -0 $p 2>/dev/null; then
+                    find $x -mindepth 1 -maxdepth 1 | while read -r y; do
+                        unlink $y
+                    done
+                    rmdir $x
+                fi
+            done
+            unset x p y
+        }

 
 

-### hooks
-autoload -Uz add-zsh-hook
-_sev_exectime=
-function sev_precmd {
-    # change terminal title
-    # TODO: update and send BEL when job status changes
-    print -Pn "\e]2;%(1j,%j,)%#${SSH_CLIENT+$USER@$HOST:}%~\e\\"
-    # bell if exec takes 5s
-    if (( SECONDS - _sev_exectime >= 5 )) print "\a"
-    # we could update vcs_info here, but let prompt take care of it
-    # if it doesn't use vcs, it can be ignored safely
-}
-add-zsh-hook precmd sev_precmd
-function sev_preexec {
-    # change terminal title to show command
-    print -Pnf "\e]2;%s\e\\" "%#${SSH_CLIENT+$USER@$HOST:}$1"
-    # save last exec time for bell
-    # XXX: does not run for blank cmdline
-    _sev_exectime=$SECONDS
-}
-add-zsh-hook preexec sev_preexec
-function sev_chpwd {
-    # echo dir on cwd change
-    ls -AF
-}
-add-zsh-hook chpwd sev_chpwd
+        # find our forwarded socket
+        s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1]))
+        if [[ -n $s && -v SSH_CLIENT ]] {
+            # create new forward dir
+            export _sev_gpg_forwarded=
+            mkdir -pm700 $_sev_gpg_forward_dir
+            h=$_sev_gpg_forward_dir/$$
+            mkdir -pm700 $h
+            # XXX: is it safe to link scdaemon socket? can its name be changed?
+            for x in S.scdaemon gpg.conf gpg-agent.conf sshcontrol \
+                     pubring.kbx trustdb.gpg private-keys-v1.d crls.d; do
+                ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
+            done
+            export GNUPGHOME=$h
+            unset h
+            for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do
+                x=$(_socketpath ${x/#agent-*socket:})
+                if [[ ! -v orig ]] {
+                    # move forwarded socket to first valid agent socket path
+                    # XXX: if tmp is on different filesystem this may not work
+                    mv $s $x
+                    orig=$x
+                } else {
+                    # make links to forwarded socket for any others
+                    ln -s $orig $x
+                }
+            done
+            unset x orig
+        }
+        unset s

 
 

-### system-specific configs and aliases
-case "$OSTYPE"; in
-    freebsd*)
-        # colors
-        export CLICOLOR=
-        export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=46;34:cd=43;34:su=41;30:sg=46;30:tw=42;30:ow=43;30'
+        # what we will forward if we start a new ssh connection
+        # NOTE: do this after setting up GNUPGHOME to pick up new socket path;
+        #       if already connected over SSH, extra should be the remote one
+        export _GNUPG_SOCK_SRC=$(_socketpath \
+          $(gpgconf --list-dirs agent-extra-socket))
+    } else {
+        # required for RemoteForward to not error out if the vars are unset
+        [[ ! -v _GNUPG_SOCK_SRC ]] && export _GNUPG_SOCK_SRC=/nonexistent
+        [[ ! -v _GNUPG_SOCK_DEST ]] && export _GNUPG_SOCK_DEST=/nonexistent
+    }

 
 

-        ## sound
-        function s { sysctl hw.snd.default_unit${1:+\=$1} }
-        alias vol mixer
+    ## gpg agent
+    if [[ -v commands[gpg-connect-agent] ]] {
+        [[ -o interactive ]] && print -nP '%F{blue}>>>%f GPG agent: %F{green}'
+        gpg-connect-agent /bye >/dev/null 2>&1
+        if [[ $? -ne 0 ]] {
+            [[ -o interactive ]] &&
+              print -P '%F{red}Error communicating with GPG agent%f'
+        } elif [[ ! -v _sev_gpg_forward && ! -v GPG_TTY &&
+                  ( -o interactive || -v DISPLAY ) ]] {
+            # if we aren't forwarded, set up tty if it isn't and we're
+            # in an interactive session
+            export GPG_TTY=$(tty)
+            export PINENTRY_USER_DATA=USE_TTY=$((!${+DISPLAY}))
+            gpg-connect-agent UPDATESTARTUPTTY /bye >/dev/null 2>&1
+            [[ -o interactive ]] &&
+              print -P "Updated TTY%f"
+        } else {
+            [[ -o interactive ]] &&
+              print -P 'Ready%f'
+        }
+    }

 
 

-        ## install port dependencies from pkg (like pkgsrc `bmake bin-install')
-        # XXX: should probably use package-depends where possible, breaks when
-        #     port name is different to package name
-        #     (eg. graphics/sdl20 == sdl2, devel/glib20 == glib2, etc)
-        function portpkg {
-            case "$1" {
-            build|run)
-                sudo pkg install -AU $(make ${1}-depends-list |
-                           sed 's_/usr/ports/_ _' | tr -d '\n')
-                ;;
-            *)  echo "Usage: \`portpkg <build|run>' in a port directory"
-                return 1;;
+    ## ssh agent
+    # NOTE: preferred order of agents to check: okcagent, gnupg, openssh
+    #       first block takes care of okcagent and openssh, second gnupg
+    [[ -o interactive ]] && print -nP '%F{blue}>>>%f SSH: %F{green}'
+    if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] ||
+          ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] {
+        okc=${commands[okc-ssh-agent]:+okc-}
+        agentfile=~/tmp/${okc}ssh-agent-exports
+        typeset sock=
+        typeset -i pid=
+        if [[ -f $agentfile ]] {
+            IFS=$'\0' read -r sock pid <$agentfile
+        }
+        if [[ -S $sock && $pid > 0 ]] && kill -0 $pid; then
+            [[ -o interactive ]] && print -P "Reusing agent PID $pid%f"
+            export SSH_AUTH_SOCK=$sock
+            export SSH_AGENT_PID=$pid
+        else
+            e=${okc}ssh-agent
+            # TODO: ensure ssh-agent path looks legit to avoid unsafe eval?
+            # XXX: doesn't appear to be any other way to handle redirection.
+            #      because eval needs to write to current scope environment
+            #      subshells can't be used to capture output and print.
+            if [[ -o interactive ]] {
+                eval `$e`
+                print -nP '%f'
+            } else {
+                eval `$e` >/dev/null 2>&1

             }
             }

-        };;
-    netbsd)
-        ## sound
-        function s {
-            if [[ -z "$1" ]] {
-                ll /dev/mixer /dev/sound /dev/audio
-                return
+            echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$agentfile
+        fi
+        unset okc agentfile sock pid
+    } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] {
+        # since gpg agent was started above, we just have to export and notify
+        if [[ -o interactive ]] {
+            if [[ -v _sev_gpg_forwarded ]] {
+                echo 'Remote GPG agent'
+            } else {
+                gpg-connect-agent /subst /serverpid \
+                  '/echo GPG agent PID ${get serverpid}' /bye

             }
             }

-            for x in mixer sound audio; do
-                ln -sf /dev/$x"$1" /dev/$x
-            done
+            print -nP '%f'

         }
         }

-        function vol {
-            if [[ -z "$1" ]] {
-                for x in $(mixerctl -a | grep 'outputs\.master'); do
-                    echo $x
-                done
-                return
-            }
-            mixerctl -w outputs.master"$2"="$1"
-        };;
-    *)
-        ## sound
-        # TODO: test alsa/oss/sndio/portaudio/pulse in order of importance
-        function s {}
-        function vol {}
-esac
+        export SSH_AUTH_SOCK=$(_socketpath \
+          $(gpgconf --list-dirs agent-ssh-socket))
+    } elif [[ -v SSH_AUTH_SOCK ]] {
+        [[ -o interactive ]] && print -P 'Preconfigured agent%f'
+    } else {
+        [[ -o interactive ]] && print -P '%F{red}No agent available%f'
+    }

 
 

-### modules & styles
-## vcs
-zstyle ':vcs_info:*' enable git
-#zstyle ':vcs_info:git*' check-for-changes true #too slow
-zstyle ':vcs_info:git*:dotfiles' check-for-changes true
-zstyle ':vcs_info:git*' check-for-staged-changes true
-autoload -Uz vcs_info
+    ## cleanup
+    unfunction _socketpath

 
 

-## compinit
-zstyle ':completion:*' auto-description '[arg] %d'
-zstyle ':completion:*' expand suffix
-zstyle ':completion:*' format '# %d'
-zstyle ':completion:*' group-name ''
-zstyle ':completion:*' ignore-parents parent
-zstyle ':completion:*' insert-unambiguous false
-zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS}
-zstyle ':completion:*' list-prompt '%B%i%b'
-zstyle ':completion:*' list-suffixes true
-zstyle ':completion:*' matcher-list '' 'm:{[:lower:]}={[:upper:]}' 'm:{[:lower:][:upper:]}={[:upper:][:lower:]} r:|[._-]=* r:|=*' 'm:{[:lower:][:upper:]}={[:upper:][:lower:]} l:|=* r:|=*'
-zstyle ':completion:*' menu select=1
-zstyle ':completion:*' original false
-zstyle ':completion:*' select-prompt '%B%l%b'
-zstyle ':completion:*' verbose true
-autoload -Uz compinit && compinit
+    export _sev_setup_agents=
+}

 
 

-## prompt
-# do this last so prompt can potentially override other settings
-autoload -Uz promptinit && promptinit
-prompt arrows
+## perl local lib
+# TODO: debounce this
+[[ -v commands[perl] && -d $XDG_DATA_HOME/perl5/lib/perl5 ]] &&
+  eval $(perl -I$XDG_DATA_HOME/perl5/lib/perl5
+              -Mlocal::lib=$XDG_DATA_HOME/perl5 2>/dev/null)

 
 ### load site-specific
 if [[ -f ~/.zprofile.local ]] { source ~/.zprofile.local }
 
 
 ### load site-specific
 if [[ -f ~/.zprofile.local ]] { source ~/.zprofile.local }
 

-### unset imports
-unfunction check-busybox
-
-# vim: set et sts=4 sw=4 ts=8 tw=79 :
+# vim: et sts=4 sw=4 ts=8 tw=79