From: sev <git@sev.monster>
Date: Sat, 14 Dec 2024 22:18:29 +0000 (-0600)
Subject: zsh: gpg forward socket must be same user
X-Git-Url: https://git.sev.monster/~sev/dotfiles.git/commitdiff_plain/c66095e6a204cca299fd1ce129eaa1ea2c773de0?ds=sidebyside

zsh: gpg forward socket must be same user
---

diff --git a/etc/zsh/.zprofile b/etc/zsh/.zprofile
index 38b34c5..c66bfb5 100644
--- a/etc/zsh/.zprofile
+++ b/etc/zsh/.zprofile
@@ -81,34 +81,36 @@ if [[ ! -v _sev_setup_gpg_forward && -v commands[gpg] ]] {
     export _sev_gpg_forward_dir=$XDG_RUNTIME_DIR/gnupg/.ssh_forward
     _sev_zcleanup gpg-forward
 
-    # find our forwarded socket
-    s=($_GNUPG_SOCK_DEST_BASE*(N=oc[1]))
-    if [[ -n $s && -v SSH_CLIENT ]] {
-        # create new forward dir
-        export _sev_setup_gpg_forward=
-        h=$_sev_gpg_forward_dir/$$
-        mkdir -pm700 $h
-        for x (gpg{,-agent}.conf sshcontrol random_seed
-               pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
-            ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
-        }
-        export GNUPGHOME=$h
-        unset h
-        for x in $(gpgconf --list-dirs | grep 'agent-.*-\?socket:'); do
-            x=$(_gpg_socketpath ${x/#agent-*socket:})
-            if [[ ! -v primary ]] {
-                # move forwarded socket to first valid agent socket path
-                # XXX: if tmp is on different filesystem this may not work
-                mv $s $x
-                primary=$x
-            } else {
-                # make links to forwarded socket for any others
-                ln -s $primary $x
+    # check for a forwarded socket
+    if [[ -v SSH_CLIENT ]] {
+        s=($_GNUPG_SOCK_DEST_BASE*(N=u[$LOGNAME]oc[1]))
+        if [[ -n $s ]] {
+            # create new forward dir
+            export _sev_setup_gpg_forward=
+            h=$_sev_gpg_forward_dir/$$
+            mkdir -pm700 $h
+            for x (gpg{,-agent}.conf sshcontrol random_seed
+                   pubring.kbx{,~} trustdb.gpg private-keys-v1.d crls.d) {
+                ln -s ${GNUPGHOME:-~/.gnupg}/$x $h
             }
-        done
-        unset x primary
+            export GNUPGHOME=$h
+            unset h
+            for x ($(gpgconf --list-dirs | grep 'agent-.*-\?socket:')) {
+                x=$(_gpg_socketpath ${x/#agent-*socket:})
+                if [[ ! -v primary ]] {
+                    # move forwarded socket to first valid agent socket path
+                    # XXX: if tmp is on different filesystem this may not work
+                    mv $s $x
+                    primary=$x
+                } else {
+                    # make links to forwarded socket for any others
+                    ln -s $primary $x
+                }
+            }
+            unset x primary
+        }
+        unset s
     }
-    unset s
 
     # what we will forward if we start a new ssh connection
     # NOTE: do this after setting up GNUPGHOME to pick up new socket path;