X-Git-Url: https://git.sev.monster/~sev/dotfiles.git/blobdiff_plain/294ed44e1a8dd7a6026213380c41bceb1a4a162a..d2204ed1a0eb3ea915d866ba10b7e36481774f9f:/etc/zsh/.zprofile diff --git a/etc/zsh/.zprofile b/etc/zsh/.zprofile index 5ead916..5b5870f 100644 --- a/etc/zsh/.zprofile +++ b/etc/zsh/.zprofile @@ -81,34 +81,36 @@ if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] { export _sev_gpg_forward_dir=$XDG_RUNTIME_DIR/gnupg/.ssh_forward _sev_zcleanup gpg-forward - # find our forwarded socket - s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1])) - if [[ -n $s && -v SSH_CLIENT ]] { - # create new forward dir - export _sev_setup_gpg_forward= - h=$_sev_gpg_forward_dir/$$ - mkdir -pm700 $h - for x (gpg{,-agent}.conf sshcontrol random_seed - pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) { - ln -s ${GNUPGHOME:-~/.gnupg}/$x $h - } - export GNUPGHOME=$h - unset h - for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do - x=$(_gpg_socketpath ${x/#agent-*socket:}) - if [[ ! -v primary ]] { - # move forwarded socket to first valid agent socket path - # XXX: if tmp is on different filesystem this may not work - mv $s $x - primary=$x - } else { - # make links to forwarded socket for any others - ln -s $primary $x + # check for a forwarded socket + if [[ -v SSH_CLIENT ]] { + s=($_GNUPG_SOCK_DEST_BASE*(N=u[$LOGNAME]oc[1])) + if [[ -n $s ]] { + # create new forward dir + export _sev_setup_gpg_forward= + h=$_sev_gpg_forward_dir/$$ + mkdir -pm700 $h + for x (gpg{,-agent}.conf sshcontrol random_seed + pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) { + ln -s ${GNUPGHOME:-~/.gnupg}/$x $h } - done - unset x primary + export GNUPGHOME=$h + unset h + for x ($(gpgconf --list-dirs | grep 'agent-.*-\?socket:')) { + x=$(_gpg_socketpath ${x/#agent-*socket:}) + if [[ ! -v primary ]] { + # move forwarded socket to first valid agent socket path + # XXX: if tmp is on different filesystem this may not work + mv $s $x + primary=$x + } else { + # make links to forwarded socket for any others + ln -s $primary $x + } + } + unset x primary + } + unset s } - unset s # what we will forward if we start a new ssh connection # NOTE: do this after setting up GNUPGHOME to pick up new socket path; @@ -177,17 +179,18 @@ if [[ ! -v _sev_setup_ssh ]] { if [[ -f $e ]] { IFS=$'\0' read -r sock pid <$e } - if [[ -S $sock && $pid > 0 ]] && kill -0 $pid >/dev/null 2>&1; then + if ([[ -S $sock && $pid > 0 ]] && kill -0 $pid >/dev/null 2>&1) { [[ -o interactive ]] && print -P "Reusing agent PID $pid%f" export SSH_AUTH_SOCK=$sock export SSH_AGENT_PID=$pid - else + } else { # TODO: ensure ssh-agent path looks legit to avoid unsafe eval? # XXX: doesn't appear to be any other way to handle redirection. # because eval needs to write to current scope environment # subshells can't be used to capture output and print. c='TMPDIR=$_sev_tmp ${okc}ssh-agent' if [[ -o interactive ]] { + [[ -n $okc ]] && echo -n 'OKC-' eval $(eval $=c) print -nP '%f' } else { @@ -195,7 +198,7 @@ if [[ ! -v _sev_setup_ssh ]] { } echo -En - $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$e unset c - fi + } unset okc e sock pid } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] { # since gpg should have been started above, just export and notify @@ -220,5 +223,8 @@ if [[ ! -v _sev_setup_ssh ]] { } unfunction _gpg_socketpath +### plugins +load-plugins zprofile + ### load site-specific load-site-dotfile zprofile