From 429435fc752ebdb77d1792be3e84db6aac220304 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Wed, 14 Aug 2013 11:56:43 -0400
Subject: harden .profile wrt variables and having external programs

---
 .local/lib/xdg.sh | 23 +++++++++++++++++++++++
 .profile          | 51 ++++++++++++++++++++++++++++++++++++---------------
 2 files changed, 59 insertions(+), 15 deletions(-)
 create mode 100644 .local/lib/xdg.sh

diff --git a/.local/lib/xdg.sh b/.local/lib/xdg.sh
new file mode 100644
index 0000000..44aeee2
--- /dev/null
+++ b/.local/lib/xdg.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+# This should be readable by /bin/sh, but I'm going to assume bash.
+
+# Sets up XDG environmental variables, so programs using them don't have to
+# worry about checking if they are set.
+# http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
+
+[[ -n $XDG_DATA_HOME ]] || export XDG_DATA_HOME="$HOME/.local/share"
+[[ -n $XDG_CONFIG_HOME ]] || export XDG_CONFIG_HOME="$HOME/.config"
+[[ -n $XDG_DATA_DIRS ]] || export XDG_DATA_DIRS="/usr/local/share/:/usr/share/"
+[[ -n $XDG_CONFIG_IRS ]] || export XDG_CONFIG_DIRS="/etc/xdg"
+[[ -n $XDG_CACHE_HOME ]] || export XDG_CACHE_HOME="$HOME/.cache"
+
+# Check if XDG_RUNTIME_DIR is set, but has a bogus setting
+if [[ -n $XDG_RUNTIME_DIR ]] && [[ ! -d $XDG_RUNTIME_DIR ]]; then
+	unset XDG_RUNTIME_DIR
+fi
+
+# Set XDG_RUNTIME_DIR if we can
+if [[ -z $XDG_RUNTIME_DIR ]] && [[ -n $TMPDIR ]]; then
+	export XDG_RUNTIME_DIR="$TMPDIR/xdg-runtime"
+	install -dm0700 "$XDG_RUNTIME_DIR"
+fi
diff --git a/.profile b/.profile
index 2d6f370..84103f3 100644
--- a/.profile
+++ b/.profile
@@ -13,24 +13,45 @@ umask 022
 ## Paths #############################################################
 
 # Unix
-bins=($HOME/bin $HOME/.local.`uname -m`/bin $HOME/.local/bin $HOME/.prefix.`uname -m`/bin $HOME/.prefix/bin $HOME/.gem/ruby/*/bin)
-for dir in "${bins[@]}"; do
-	if [ -d "$dir" ]; then
-		export PATH="$dir:$PATH"
+prefixes=(
+	"$HOME"
+	"$HOME/.local.`uname -m`"
+	"$HOME/.local/bin"
+	"$HOME/.prefix.`uname -m`"
+	"$HOME/.prefix"
+	"$HOME"/.gem/ruby/*
+)
+for prefix in "${prefixes[@]}"; do
+	if [[ -d "$prefix/bin" ]]; then
+		export PATH="$prefix/bin:$PATH"
 	fi
 done
 
 # Ruby
-for dir in $HOME/.prefix/lib; do
-	if [ -d "$dir" ]; then
+for dir in "$HOME"/.prefix/lib; do
+	if [[ -d "$dir" ]]; then
 		export RUBYLIB="$dir"
 	fi
 done
+unset prefixes dir prefix
+
+# TMPDIR #############################################################
+
+if [[ ! -d "$HOME/tmp" ]]; then
+	tmp="$(mktemp --tmpdir -d "$USER-tmpdir.XXXXXXXXXXXXXXXXXXX")"
+	ln -sf "$tmp" "$HOME/tmp"
+	unset tmp
+fi
+export TMPDIR="$HOME/tmp"
+
+# XDG ################################################################
+
+. "$HOME/.local/lib/xdg.sh"
 
 # Settings ###########################################################
 
 # Text editor
-if [ -f "$HOME/.selected_editor" ]; then
+if [[ -f "$HOME/.selected_editor" ]]; then
 	. "$HOME/.selected_editor"
 	export SELECTED_EDITOR
 	export ALTERNATE_EDITOR
@@ -39,14 +60,14 @@ if [ -f "$HOME/.selected_editor" ]; then
 fi
 
 # GPG
-if [ -z "$GPGKEY" ] && [ -f "${HOME}/.gnupg/gpg.conf" ]; then
+if [[ -z $GPGKEY ]] && [[ -f "${HOME}/.gnupg/gpg.conf" ]]; then
 	export GPGKEY=`sed -nr 's/^\s*default-key\s+//p' "${HOME}/.gnupg/gpg.conf"`
 fi
-if [ -z "$(pgrep -u `whoami` gpg-agent)" ]; then
-	mkdir -p ${XDG_RUNTIME_DIR}/sessions
+if [[ -z "$(pgrep -u `whoami` gpg-agent)" ]] && [[ -n $XDG_RUNTIME_DIR ]] && type gpg-agent &>/dev/null; then
+	mkdir -p "${XDG_RUNTIME_DIR}/sessions"
 	gpg-agent --daemon --write-env-file "${XDG_RUNTIME_DIR}/sessions/gpg" &>/dev/null
 fi
-if [ -f "${XDG_RUNTIME_DIR}/sessions/gpg" ]; then
+if [[ -f "${XDG_RUNTIME_DIR}/sessions/gpg" ]]; then
 	. "${XDG_RUNTIME_DIR}/sessions/gpg"
 	export GPG_AGENT_INFO
 	#export SSH_AUTH_SOCK
@@ -57,18 +78,18 @@ _JAVA_OPTIONS=''
 _JAVA_OPTIONS+=' -Dawt.useSystemAAFontSettings=on'
 _JAVA_OPTIONS+=' -Dswing.aatext=true'
 _JAVA_OPTIONS+=' -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel'
-if [ -n "$TMPDIR" ]; then
+if [[ -n $TMPDIR ]]; then
 	_JAVA_OPTIONS+=" -Djava.io.tmpdir=$TMPDIR"
 fi
 export _JAVA_OPTIONS
 
 # X11
-if [ -z "$XAUTHORITY" ]; then
+if [[ -z $XAUTHORITY ]]; then
 	export XAUTHORITY=$HOME/.Xauthority
 fi
 
 # D-Bus
-if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+if [[ -z $DBUS_SESSION_BUS_ADDRESS ]] && type dbus-launch &>/dev/null; then
 	# I want a separate instance for each login
 	#dbus-launch > "${HOME}/.cache/sessions/dbus"
 	#. "${HOME}/.cache/sessions/dbus"
@@ -79,6 +100,6 @@ if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
 fi
 
 # Load any box-specific stuff
-if [ -f "$HOME/.profile.local" ]; then
+if [[ -f "$HOME/.profile.local" ]]; then
 	. "$HOME/.profile.local"
 fi
-- 
cgit v1.2.3