export _sev_gpg_forward_dir=$XDG_RUNTIME_DIR/gnupg/.ssh_forward
_sev_zcleanup gpg-forward
- # find our forwarded socket
- s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1]))
- if [[ -n $s && -v SSH_CLIENT ]] {
- # create new forward dir
- export _sev_setup_gpg_forward=
- h=$_sev_gpg_forward_dir/$$
- mkdir -pm700 $h
- for x (gpg{,-agent}.conf sshcontrol random_seed
- pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
- ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
- }
- export GNUPGHOME=$h
- unset h
- for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do
- x=$(_gpg_socketpath ${x/#agent-*socket:})
- if [[ ! -v primary ]] {
- # move forwarded socket to first valid agent socket path
- # XXX: if tmp is on different filesystem this may not work
- mv $s $x
- primary=$x
- } else {
- # make links to forwarded socket for any others
- ln -s $primary $x
+ # check for a forwarded socket
+ if [[ -v SSH_CLIENT ]] {
+ s=($_GNUPG_SOCK_DEST_BASE*(N=u[$LOGNAME]oc[1]))
+ if [[ -n $s ]] {
+ # create new forward dir
+ export _sev_setup_gpg_forward=
+ h=$_sev_gpg_forward_dir/$$
+ mkdir -pm700 $h
+ for x (gpg{,-agent}.conf sshcontrol random_seed
+ pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
+ ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
}
- done
- unset x primary
+ export GNUPGHOME=$h
+ unset h
+ for x ($(gpgconf --list-dirs | grep 'agent-.*-\?socket:')) {
+ x=$(_gpg_socketpath ${x/#agent-*socket:})
+ if [[ ! -v primary ]] {
+ # move forwarded socket to first valid agent socket path
+ # XXX: if tmp is on different filesystem this may not work
+ mv $s $x
+ primary=$x
+ } else {
+ # make links to forwarded socket for any others
+ ln -s $primary $x
+ }
+ }
+ unset x primary
+ }
+ unset s
}
- unset s
# what we will forward if we start a new ssh connection
# NOTE: do this after setting up GNUPGHOME to pick up new socket path;
projects / sev's projects / dotfiles.git / commitdiff