X-Git-Url: https://git.sev.monster/~sev/dotfiles.git/blobdiff_plain/c66095e6a204cca299fd1ce129eaa1ea2c773de0..bc7442960295bf9f0b7578aa6086fa349570fb22:/etc/zsh/.zprofile

diff --git a/etc/zsh/.zprofile b/etc/zsh/.zprofile
index c66bfb5..3aedb8c 100644
--- a/etc/zsh/.zprofile
+++ b/etc/zsh/.zprofile
@@ -83,6 +83,8 @@ if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] {
 
     # check for a forwarded socket
     if [[ -v SSH_CLIENT ]] {
+        # find newest socket owned by us
+        # XXX: race condition
         s=($_GNUPG_SOCK_DEST_BASE*(N=u[$LOGNAME]oc[1]))
         if [[ -n $s ]] {
             # create new forward dir
@@ -145,11 +147,9 @@ if [[ -v commands[gpg-connect-agent] &&
                 export GPG_TTY=$(tty)
             if [[ ( -v DISPLAY || -v WAYLAND_DISPLAY ) &&
                   ${PINENTRY_USER_DATA/USE_TTY=0} == $PINENTRY_USER_DATA ]]
-                export PINENTRY_USER_DATA=USE_TTY=0
-            # XXX: we are assuming this is our pinentry from .local/bin
-            sed -Ei 's^([[:space:]]*pinentry-program[[:space:]]).*$\1'$HOME'/.local/bin/pinentry' \
+                export PINENTRY_USER_DATA=${${:-${PINENTRY_USER_DATA//USE_TTY=[01] #/} USE_TTY=0}/# ##/}
+            sed -Ei 's^([[:space:]]*pinentry-program[[:space:]]).*/\.local/bin/pinentry$\1'$HOME'/.local/bin/pinentry' \
               ${GNUPGHOME:-~/.gnupg}/gpg-agent.conf 2>/dev/null
-            # XXX: could check for changes before doing this to save perf
             gpg-connect-agent RELOADAGENT UPDATESTARTUPTTY /bye >/dev/null 2>&1
             if {$p} {
                 gpg-connect-agent /subst /serverpid \
@@ -179,14 +179,19 @@ if [[ ! -v _sev_setup_ssh ]] {
         if [[ -f $e ]] {
             IFS=$'\0' read -r sock pid <$e
         }
-        if [[ -S $sock && $pid > 0 ]] && kill -0 $pid >/dev/null 2>&1; then
+        if ([[ -S $sock && $pid > 0 ]] && kill -0 $pid >/dev/null 2>&1) {
             [[ -o interactive ]] && print -P "Reusing agent PID $pid%f"
             export SSH_AUTH_SOCK=$sock
             export SSH_AGENT_PID=$pid
-        else
+        } else {
+            # remove stale socket and dir
+            if [[ -v $sock ]] {
+                [[ -e $sock ]] && rm $sock 2>/dev/null
+                [[ -d ${sock:h} ]] && rmdir ${sock:h} 2>/dev/null
+            }
             # TODO: ensure ssh-agent path looks legit to avoid unsafe eval?
             # XXX: doesn't appear to be any other way to handle redirection.
-            #      because eval needs to write to current scope environment
+            #      because eval needs to write to current environment,
             #      subshells can't be used to capture output and print.
             c='TMPDIR=$_sev_tmp ${okc}ssh-agent'
             if [[ -o interactive ]] {
@@ -198,7 +203,7 @@ if [[ ! -v _sev_setup_ssh ]] {
             }
             echo -En - $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$e
             unset c
-        fi
+        }
         unset okc e sock pid
     } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] {
         # since gpg should have been started above, just export and notify