matir/skel
1
0
Fork 0
mirror of https://github.com/Matir/skel.git synced 2026-05-26 05:29:09 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
6b50be84a93a14b3fba14204df73d0369f99b58b
skel/dotfiles/shenv
Claude 6b50be84a9 Fix SSH agent forwarding clobbered by local agent in shenv 
ssh/rc saves the raw forwarded socket in SSH_REMOTE_AUTH_SOCK before
rewriting SSH_AUTH_SOCK to the stable symlink. shenv was ignoring that
variable, so it saw SSH_AUTH_SOCK as "our link" and fell through to the
systemd lookup, which could overwrite the symlink with a local agent
socket and silently drop the forwarded one.

Now shenv checks SSH_REMOTE_AUTH_SOCK first, giving forwarded sockets
priority over any local agent.

https://claude.ai/code/session_01RhXaFzxJA5D2BcGcz18ipA
2026-04-19 01:43:12 +00:00

205 lines
6.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Sourced by zshrc as well as bash.
# Should only use POSIX shell constructs.
# shellcheck shell=sh
umask 027
# Paths and preferences
export PYTHONPATH="$HOME/.python:$PYTHONPATH"
export GOPATH="$HOME/go:$HOME/Projects/Go:/usr/share/gocode"
export PATH="$HOME/bin:$HOME/bin/tools:/sbin:/usr/sbin:$PATH:$HOME/go/bin:$HOME/.npm-packages/bin"
export VISUAL=vim
export EDITOR=vim
export DEBEMAIL="david@systemoverlord.com"
export DEBFULLNAME="David Tomaschik"
export LESS="-MR"
export QUOTING_STYLE="literal" # Coreutils quotes
# Fix gnome-terminal
if [ "$TERM" = "xterm" ] && [ "$COLORTERM" = "gnome-terminal" ] ; then
# Requires `ncurses-base` package for terminfo.
export TERM="xterm-256color"
fi
# For virtualenvwrapper
export WORKON_HOME="$HOME/.virtualenvs"
# GPG full key id
export GPG_ID=7FD58D9A196DCEEEAD671F94F4D7A7915DEA789B
# things we need in all interactive shells
case "$-" in
*i*)
# Terminal preferences for i3
if [ -z "${TERMINAL}" ] ; then
for t in urxvt gnome-terminal; do
if TERMINAL=$(command -v ${t}) ; then
export TERMINAL
fi
done
fi
# Browser preferences
if [ -z "${BROWSER}" ] ; then
for t in google-chrome-beta google-chrome firefox ; do
if BROWSER=$(command -v ${t}); then
export BROWSER
break
fi
done
fi
# Setup locale
if test -x /usr/bin/locale ; then
for l in en_US.utf8 en_US.UTF-8 C.UTF-8 C.utf8 C ; do
if /usr/bin/locale -a | grep -q "${l}" ; then
export LC_CTYPE=${l}
export LC_NUMERIC=${l}
export LC_TIME=${l}
export LC_MONETARY=${l}
export LC_MESSAGES=${l}
export LC_PAPER=${l}
export LC_NAME=${l}
export LC_ADDRESS=${l}
export LC_TELEPHONE=${l}
export LC_MEASUREMENT=${l}
export LC_IDENTIFICATION=${l}
break
fi
done
else
export LC_CTYPE=C
export LC_NUMERIC=C
export LC_TIME=C
export LC_MONETARY=C
export LC_MESSAGES=C
export LC_PAPER=C
export LC_NAME=C
export LC_ADDRESS=C
export LC_TELEPHONE=C
export LC_MEASUREMENT=C
export LC_IDENTIFICATION=C
fi
export LC_COLLATE=C
;;
esac
# Opt out of .net telemetry
export DOTNET_CLI_TELEMETRY_OPTOUT=1
# Suppress lvm warnings
export LVM_SUPPRESS_FD_WARNINGS=1
# Default disable SSH forwarding in EARTHLY
export EARTHLY_SSH_AUTH_SOCK=""
# Handle SSH_AUTH_SOCK for tmux consistency
_SSH_AUTH_LINK="${HOME}/.ssh/ssh_auth_sock"
# Helper to check if a path is our link or points to it
_is_link_path() {
[ -z "$1" ] && return 1
[ "$1" = "${_SSH_AUTH_LINK}" ] && return 0
if [ -L "$1" ] && command -v readlink >/dev/null 2>&1; then
_T=$(readlink "$1")
# Handle relative symlinks
case "${_T}" in /*) ;; *) _T="$(dirname "$1")/${_T}" ;; esac
[ "${_T}" = "${_SSH_AUTH_LINK}" ] && return 0
fi
return 1
}
_CANDIDATE=""
# 1. Highest priority: ssh/rc sets SSH_REMOTE_AUTH_SOCK to the raw forwarded socket before
# rewriting SSH_AUTH_SOCK to the stable symlink, so it survives the rewrite.
if [ -S "${SSH_REMOTE_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_REMOTE_AUTH_SOCK}"; then
_CANDIDATE="${SSH_REMOTE_AUTH_SOCK}"
# If current environment has a valid socket that is NOT our link, it's a prime candidate (e.g. SSH forwarding).
elif [ -S "${SSH_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_AUTH_SOCK}"; then
_CANDIDATE="${SSH_AUTH_SOCK}"
fi
# 2. If no candidate yet, or we're currently using the link, try to find the "real" system agent.
if [ -z "${_CANDIDATE}" ] || _is_link_path "${SSH_AUTH_SOCK:-}"; then
_FOUND=""
if [ "$(uname)" = "Darwin" ]; then
_FOUND=$(launchctl getenv SSH_AUTH_SOCK 2>/dev/null)
elif command -v systemctl >/dev/null 2>&1; then
# Query systemd socket units directly to avoid environment overrides.
for _u in ssh-agent.socket openssh-agent.socket gcr-ssh-agent.socket gpg-agent-ssh.socket; do
_P=$(systemctl --user show "${_u}" -p Listen 2>/dev/null | cut -d= -f2- | cut -d' ' -f1)
if [ -S "${_P}" ]; then
_FOUND="${_P}"
break
fi
done
# Fallback to systemd environment
if [ -z "${_FOUND}" ] || _is_link_path "${_FOUND}"; then
_FOUND=$(systemctl --user show-environment 2>/dev/null | grep "^SSH_AUTH_SOCK=" | cut -d= -f2-)
fi
fi
if [ -S "${_FOUND}" ] && ! _is_link_path "${_FOUND}"; then
_CANDIDATE="${_FOUND}"
fi
fi
# 3. Last resort: search common paths if we still don't have a valid candidate.
if [ ! -S "${_CANDIDATE}" ]; then
_U=$(id -u)
for _p in "/run/user/${_U}/keyring/ssh" "/run/user/${_U}/ssh-agent.socket" "/run/user/${_U}/openssh_agent" "/run/user/${_U}/gnupg/S.gpg-agent.ssh"; do
if [ -S "${_p}" ] && ! _is_link_path "${_p}"; then
_CANDIDATE="${_p}"
break
fi
done
if [ -z "${_CANDIDATE}" ]; then
# Build search path list based on what actually exists
_SEARCH=""
for _d in "/run/user/${_U}" /tmp; do [ -d "${_d}" ] && _SEARCH="${_SEARCH} ${_d}"; done
if [ -n "${_SEARCH}" ]; then
_CANDIDATE=$(find ${_SEARCH} -maxdepth 2 -type s -name 'agent.*' 2>/dev/null | grep -F -v "${_SSH_AUTH_LINK}" | head -n 1)
fi
fi
fi
# 4. Sync the stable link if we found a valid "real" socket.
if [ -S "${_CANDIDATE}" ] && ! _is_link_path "${_CANDIDATE}"; then
mkdir -p "$(dirname "${_SSH_AUTH_LINK}")"
ln -sf "${_CANDIDATE}" "${_SSH_AUTH_LINK}"
export SSH_AUTH_SOCK="${_SSH_AUTH_LINK}"
# Update systemd if present to keep everything in sync
if command -v systemctl >/dev/null 2>&1; then
systemctl --user set-environment SSH_AUTH_SOCK="${_SSH_AUTH_LINK}" 2>/dev/null
fi
elif [ -S "${_SSH_AUTH_LINK}" ]; then
# If we found nothing better but the link is valid, use it.
export SSH_AUTH_SOCK="${_SSH_AUTH_LINK}"
fi
unset _SSH_AUTH_LINK _CANDIDATE _FOUND _T _P _U _u _SEARCH _d
unset -f _is_link_path
# Setup XDG-like dirs on MacOS
# Based on https://leebyron.com/til/mac-xdg/
if [ "$(uname)" = "Darwin" ] ; then
export XDG_BIN_HOME="${XDG_BIN_HOME:-$HOME/.local/bin}"
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/Library/Caches}"
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
# Using id -u for better POSIX compatibility than $UID
export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-$TMPDIR/runtime-$(id -u)}"
export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
export PATH="${HOME}/bin/macos:${PATH}"
fi
if test -e "$HOME/.localenv"; then
# shellcheck source=/dev/null
. "$HOME/.localenv"
else
true
fi
Reference in New Issue View Git Blame Copy Permalink