X-Git-Url: https://git.sev.monster/~sev/dotfiles.git/blobdiff_plain/fed9e7dc14a56be1664bfa5cb63fd23a300af5a8..49c6c14fed5169940a4a0f0e37f2e2567358feb2:/base/.zprofile?ds=inline diff --git a/base/.zprofile b/base/.zprofile index 0d64d4f..2a26dbb 100644 --- a/base/.zprofile +++ b/base/.zprofile @@ -44,13 +44,8 @@ function _sev_zcleanup { } } # reset GNUPGHOME if we removed our own dir - if [[ $GNUPGHOME =~ '/.ssh_forward/\d+/*$' && ! -e $GNUPGHOME ]] { - x=$GNUPGHOME - [[ -o GLOB_ASSIGN ]]; y=$? - setopt GLOB_ASSIGN - GNUPGHOME=$GNUPGHOME/../..(:a) - (( y != 0 )) && unsetopt GLOB_ASSIGN - } + if [[ $GNUPGHOME =~ '/.ssh_forward/\d+/*$' && ! -e $GNUPGHOME ]] + GNUPGHOME=${GNUPGHOME%$MATCH} } ## tmp @@ -88,8 +83,9 @@ if [[ ! -v _sev_setup_path || -o login ]] { # NOTE: /usr/{local,pkg,games} are unix/bsdisms # XXX: PREFIX not validated, non-posix but Termux uses it syspath=("$path[@]") - path=({~,~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/sbin - {~,~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/bin + path=(~/{s,}bin + {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/sbin + {~/.local,{$PREFIX,}{,/opt,/usr{,/local,pkg}}}/bin /usr/{X11R{7,6}/bin,games}) ((len=$#path)) path=("$path[@]" "$syspath[@]") @@ -104,7 +100,7 @@ if [[ ! -v _sev_setup_path || -o login ]] { } # shift valid system paths to the front if there are any left ((len > 0 && len < $#path)) && path=("${(@)path[len + 1, -1]}" "${(@)path[1, len]}") - unset syspath len i j + unset syspath len i # include our zsh dir in fpath. unlike above, we always prefer our paths fpath=(${ZDOTDIR:-~/.zsh}/functions/{*,Completions/*}(N) "$fpath[@]") # FPATH is not exported by default @@ -249,8 +245,8 @@ if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] { h=$_sev_gpg_forward_dir/$$ mkdir -pm700 $h # XXX: is it safe to link scdaemon socket? can its name be changed? - for x (S.scdaemon gpg.conf gpg-agent.conf sshcontrol - pubring.kbx trustdb.gpg private-keys-v1.d crls.d) { + for x (S.scdaemon gpg.conf gpg-agent.conf sshcontrol random_seed + pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) { ln -s ${GNUPGHOME:-~/.gnupg}/$x $h } export GNUPGHOME=$h @@ -290,33 +286,39 @@ if [[ -v commands[gpg-connect-agent] && ( ! -v _sev_setup_gpgagent || if {$p} { print -nP '%F{blue}>>>%f GPG: ' if [[ -v _sev_setup_gpg_forward ]] { - a=agent - print -nP '%F{yellow}Forwarded%f ' - } else { a=Agent } - print -nP '%F{green}' + print -nP '%F{yellow}Forwarded agent ' + } else { + print -nP '%F{green}Agent ' + } } gpg-connect-agent /bye >/dev/null 2>&1 if [[ $? -ne 0 ]] { - $p && print -P '%F{red}$a communication error' + $p && print -P '%F{red}communication error' } else { - if [[ ${+GPG_TTY} -eq 0 && -o interactive ]] - export GPG_TTY=$(tty) - if [[ ( -v DISPLAY || -v WAYLAND_DISPLAY ) && - ${PINENTRY_USER_DATA/USE_TTY=0} == $PINENTRY_USER_DATA ]] - export PINENTRY_USER_DATA=USE_TTY=$(( - ${+DISPLAY} + ${+WAYLAND_DISPLAY} == 0)) - # XXX: don't know if gpg-agent supports comments after directives - # XXX: path could have # - sed -Ei 's#^([[:space:]]*pinentry-program[[:space:]]).*$#\1'${commands[pinentry]:-/dev/null}'#' \ - ${GNUPGHOME:-~/.gnupg}/gpg-agent.conf - # XXX: could probably check for changes before doing this to save perf - gpg-connect-agent RELOADAGENT UPDATESTARTUPTTY /bye >/dev/null 2>&1 - $p && gpg-connect-agent /subst /serverpid \ - "/echo $a pid \${get serverpid} on $GPG_TTY" /bye + if [[ ! -v _sev_setup_gpg_forward ]] { + if [[ ${+GPG_TTY} -eq 0 && -o interactive ]] + export GPG_TTY=$(tty) + if [[ ( -v DISPLAY || -v WAYLAND_DISPLAY ) && + ${PINENTRY_USER_DATA/USE_TTY=0} == $PINENTRY_USER_DATA ]] + export PINENTRY_USER_DATA=USE_TTY=$(( + ${+DISPLAY} + ${+WAYLAND_DISPLAY} == 0)) + # XXX: don't know if gpg-agent supports comments after directives + # XXX: path could have # + sed -Ei 's#^([[:space:]]*pinentry-program[[:space:]]).*$#\1'${commands[pinentry]:-/dev/null}'#' \ + ${GNUPGHOME:-~/.gnupg}/gpg-agent.conf + # XXX: could check for changes before doing this to save perf + gpg-connect-agent RELOADAGENT UPDATESTARTUPTTY /bye >/dev/null 2>&1 + if {$p} { + gpg-connect-agent /subst /serverpid \ + "/echo pid \${get serverpid} on $GPG_TTY" /bye 2>/dev/null + print -nP '%f' + } + } elif {$p} { + print -P '%f' + } export _sev_setup_gpgagent= } - $p && print -nP '%f' - unset p a + unset p } ### ssh agent @@ -328,8 +330,7 @@ if [[ ! -v _sev_setup_ssh ]] { if [[ ! -v SSH_AUTH_SOCK && ( -v commands[okc-ssh-agent] || ( -v commands[ssh-agent] && ! -v commands[gpg] ) ) ]] { okc=${commands[okc-ssh-agent]:+okc-} - t=${_sev_tmp:-${TMPDIR:-${TEMP:-${TMP:-/tmp}}}} - e=$t/${okc}ssh-agent-exports + e=$_sev_tmp/${okc}ssh-agent-exports typeset sock= typeset -i pid= if [[ -f $e ]] { @@ -340,20 +341,21 @@ if [[ ! -v _sev_setup_ssh ]] { export SSH_AUTH_SOCK=$sock export SSH_AGENT_PID=$pid else - e='TMPDIR=$t ${okc}ssh-agent' # TODO: ensure ssh-agent path looks legit to avoid unsafe eval? # XXX: doesn't appear to be any other way to handle redirection. # because eval needs to write to current scope environment # subshells can't be used to capture output and print. + c='TMPDIR=$_sev_tmp ${okc}ssh-agent' if [[ -o interactive ]] { - eval $(eval $=e) + eval $(eval $=c) print -nP '%f' } else { - eval $(eval $=e) >/dev/null 2>&1 + eval $(eval $=c) >/dev/null 2>&1 } echo -n $SSH_AUTH_SOCK$'\0'$SSH_AGENT_PID >!$e + unset c fi - unset okc t e sock pid + unset okc e sock pid } elif [[ ! -v SSH_AUTH_SOCK && -v commands[gpg] ]] { # since gpg should have been started above, just export and notify if [[ -o interactive ]] {