matir/skel
1
0
Fork 0
mirror of https://github.com/Matir/skel.git synced 2026-05-26 05:29:09 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
7444f5b97be66949f198f0389f8bd3b3d46de1cb
skel/dotfiles/shenv
Claude c5e1157f47 Fix shenv clobbering forwarded SSH socket with local agent in tmux 
ssh/rc env changes (including SSH_REMOTE_AUTH_SOCK) are lost because
ssh/rc runs as a sshd child process, not the user's shell. The shell
always receives SSH_AUTH_SOCK set to the raw forwarded socket path.

Fresh SSH login worked fine (step 1 catches the raw socket). The bug
was in tmux new windows: SSH_AUTH_SOCK there is our stable symlink, so
step 1 fails, then steps 2/3 look up the system agent and overwrite the
symlink that ssh/rc just set to the forwarded socket.

Fix: only run the system agent lookup when the stable symlink is already
broken. A valid symlink means ssh/rc (or a previous shenv run) already
set it correctly; don't clobber it.

https://claude.ai/code/session_01RhXaFzxJA5D2BcGcz18ipA
2026-04-19 01:47:36 +00:00

205 lines
6.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Sourced by zshrc as well as bash.
# Should only use POSIX shell constructs.
# shellcheck shell=sh
umask 027
# Paths and preferences
export PYTHONPATH="$HOME/.python:$PYTHONPATH"
export GOPATH="$HOME/go:$HOME/Projects/Go:/usr/share/gocode"
export PATH="$HOME/bin:$HOME/bin/tools:/sbin:/usr/sbin:$PATH:$HOME/go/bin:$HOME/.npm-packages/bin"
export VISUAL=vim
export EDITOR=vim
export DEBEMAIL="david@systemoverlord.com"
export DEBFULLNAME="David Tomaschik"
export LESS="-MR"
export QUOTING_STYLE="literal" # Coreutils quotes
# Fix gnome-terminal
if [ "$TERM" = "xterm" ] && [ "$COLORTERM" = "gnome-terminal" ] ; then
# Requires `ncurses-base` package for terminfo.
export TERM="xterm-256color"
fi
# For virtualenvwrapper
export WORKON_HOME="$HOME/.virtualenvs"
# GPG full key id
export GPG_ID=7FD58D9A196DCEEEAD671F94F4D7A7915DEA789B
# things we need in all interactive shells
case "$-" in
*i*)
# Terminal preferences for i3
if [ -z "${TERMINAL}" ] ; then
for t in urxvt gnome-terminal; do
if TERMINAL=$(command -v ${t}) ; then
export TERMINAL
fi
done
fi
# Browser preferences
if [ -z "${BROWSER}" ] ; then
for t in google-chrome-beta google-chrome firefox ; do
if BROWSER=$(command -v ${t}); then
export BROWSER
break
fi
done
fi
# Setup locale
if test -x /usr/bin/locale ; then
for l in en_US.utf8 en_US.UTF-8 C.UTF-8 C.utf8 C ; do
if /usr/bin/locale -a | grep -q "${l}" ; then
export LC_CTYPE=${l}
export LC_NUMERIC=${l}
export LC_TIME=${l}
export LC_MONETARY=${l}
export LC_MESSAGES=${l}
export LC_PAPER=${l}
export LC_NAME=${l}
export LC_ADDRESS=${l}
export LC_TELEPHONE=${l}
export LC_MEASUREMENT=${l}
export LC_IDENTIFICATION=${l}
break
fi
done
else
export LC_CTYPE=C
export LC_NUMERIC=C
export LC_TIME=C
export LC_MONETARY=C
export LC_MESSAGES=C
export LC_PAPER=C
export LC_NAME=C
export LC_ADDRESS=C
export LC_TELEPHONE=C
export LC_MEASUREMENT=C
export LC_IDENTIFICATION=C
fi
export LC_COLLATE=C
;;
esac
# Opt out of .net telemetry
export DOTNET_CLI_TELEMETRY_OPTOUT=1
# Suppress lvm warnings
export LVM_SUPPRESS_FD_WARNINGS=1
# Default disable SSH forwarding in EARTHLY
export EARTHLY_SSH_AUTH_SOCK=""
# Handle SSH_AUTH_SOCK for tmux consistency
_SSH_AUTH_LINK="${HOME}/.ssh/ssh_auth_sock"
# Helper to check if a path is our link or points to it
_is_link_path() {
[ -z "$1" ] && return 1
[ "$1" = "${_SSH_AUTH_LINK}" ] && return 0
if [ -L "$1" ] && command -v readlink >/dev/null 2>&1; then
_T=$(readlink "$1")
# Handle relative symlinks
case "${_T}" in /*) ;; *) _T="$(dirname "$1")/${_T}" ;; esac
[ "${_T}" = "${_SSH_AUTH_LINK}" ] && return 0
fi
return 1
}
_CANDIDATE=""
# 1. If current environment has a valid socket that is NOT our link, it's a prime candidate
# (e.g. fresh SSH login: sshd sets SSH_AUTH_SOCK to the raw forwarded socket before ssh/rc
# rewrites it to the stable symlink; the shell inherits the original raw path).
if [ -S "${SSH_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_AUTH_SOCK}"; then
_CANDIDATE="${SSH_AUTH_SOCK}"
fi
# 2. Only look for a system agent if the stable link is already broken. If the link is
# valid (e.g. a tmux pane where SSH_AUTH_SOCK points to our symlink which ssh/rc just
# updated to the forwarded socket), leave it alone — don't clobber it with a local agent.
if [ -z "${_CANDIDATE}" ] && [ ! -S "${_SSH_AUTH_LINK}" ]; then
_FOUND=""
if [ "$(uname)" = "Darwin" ]; then
_FOUND=$(launchctl getenv SSH_AUTH_SOCK 2>/dev/null)
elif command -v systemctl >/dev/null 2>&1; then
# Query systemd socket units directly to avoid environment overrides.
for _u in ssh-agent.socket openssh-agent.socket gcr-ssh-agent.socket gpg-agent-ssh.socket; do
_P=$(systemctl --user show "${_u}" -p Listen 2>/dev/null | cut -d= -f2- | cut -d' ' -f1)
if [ -S "${_P}" ]; then
_FOUND="${_P}"
break
fi
done
# Fallback to systemd environment
if [ -z "${_FOUND}" ] || _is_link_path "${_FOUND}"; then
_FOUND=$(systemctl --user show-environment 2>/dev/null | grep "^SSH_AUTH_SOCK=" | cut -d= -f2-)
fi
fi
if [ -S "${_FOUND}" ] && ! _is_link_path "${_FOUND}"; then
_CANDIDATE="${_FOUND}"
fi
fi
# 3. Last resort: search common paths if we still don't have a candidate and the link is broken.
if [ ! -S "${_CANDIDATE}" ] && [ ! -S "${_SSH_AUTH_LINK}" ]; then
_U=$(id -u)
for _p in "/run/user/${_U}/keyring/ssh" "/run/user/${_U}/ssh-agent.socket" "/run/user/${_U}/openssh_agent" "/run/user/${_U}/gnupg/S.gpg-agent.ssh"; do
if [ -S "${_p}" ] && ! _is_link_path "${_p}"; then
_CANDIDATE="${_p}"
break
fi
done
if [ -z "${_CANDIDATE}" ]; then
# Build search path list based on what actually exists
_SEARCH=""
for _d in "/run/user/${_U}" /tmp; do [ -d "${_d}" ] && _SEARCH="${_SEARCH} ${_d}"; done
if [ -n "${_SEARCH}" ]; then
_CANDIDATE=$(find ${_SEARCH} -maxdepth 2 -type s -name 'agent.*' 2>/dev/null | grep -F -v "${_SSH_AUTH_LINK}" | head -n 1)
fi
fi
fi
# 4. Sync the stable link if we found a valid "real" socket.
if [ -S "${_CANDIDATE}" ] && ! _is_link_path "${_CANDIDATE}"; then
mkdir -p "$(dirname "${_SSH_AUTH_LINK}")"
ln -sf "${_CANDIDATE}" "${_SSH_AUTH_LINK}"
export SSH_AUTH_SOCK="${_SSH_AUTH_LINK}"
# Update systemd if present to keep everything in sync
if command -v systemctl >/dev/null 2>&1; then
systemctl --user set-environment SSH_AUTH_SOCK="${_SSH_AUTH_LINK}" 2>/dev/null
fi
elif [ -S "${_SSH_AUTH_LINK}" ]; then
# If we found nothing better but the link is valid, use it.
export SSH_AUTH_SOCK="${_SSH_AUTH_LINK}"
fi
unset _SSH_AUTH_LINK _CANDIDATE _FOUND _T _P _U _u _SEARCH _d
unset -f _is_link_path
# Setup XDG-like dirs on MacOS
# Based on https://leebyron.com/til/mac-xdg/
if [ "$(uname)" = "Darwin" ] ; then
export XDG_BIN_HOME="${XDG_BIN_HOME:-$HOME/.local/bin}"
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/Library/Caches}"
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
# Using id -u for better POSIX compatibility than $UID
export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-$TMPDIR/runtime-$(id -u)}"
export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
export PATH="${HOME}/bin/macos:${PATH}"
fi
if test -e "$HOME/.localenv"; then
# shellcheck source=/dev/null
. "$HOME/.localenv"
else
true
fi
Reference in New Issue View Git Blame Copy Permalink