X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=.profile.d%2Fkeychain.sh;h=c5ceb78f29c775263352e8c1fb955db75df96fee;hb=HEAD;hp=436d21fad7d1c1c93cd28b629b0b970d7039596e;hpb=b945ae0f1cf7188deedf6ec623fbc775888df9bd;p=home.git

diff --git a/.profile.d/keychain.sh b/.profile.d/keychain.sh
index 436d21f..c5ceb78 100644
--- a/.profile.d/keychain.sh
+++ b/.profile.d/keychain.sh
@@ -1,4 +1,16 @@
-if type -P keychain >/dev/null ; then
-	[ -e ~/.keychain/${HOSTNAME}-sh ] && source ~/.keychain/${HOSTNAME}-sh
-	[ -e ~/.keychain/${HOSTNAME}-sh-gpg ] && source ~/.keychain/${HOSTNAME}-sh-gpg
+# If an auth sock is already set & available, use it.
+# This way ssh agent forwarding still works.
+if type keychain >/dev/null 2>&1 ; then
+	if [ ! -S "${SSH_AUTH_SOCK}" ] ; then
+		: ${HOSTNAME:=$(hostname)}
+		[ -e ~/.keychain/${HOSTNAME}-sh ] && . ~/.keychain/${HOSTNAME}-sh
+	fi
+	if [ -z "${GPG_AGENT_INFO}" ] ; then
+		: ${HOSTNAME:=$(hostname)}
+		[ -e ~/.keychain/${HOSTNAME}-sh-gpg ] && . ~/.keychain/${HOSTNAME}-sh-gpg
+	fi
 fi
+
+# The agent might try to spawn pinentry on the tty it started
+# on instead of the tty gpg is now running on.
+export GPG_TTY="$(tty)"