fix(gpg-agent): correctly overwrite `$SSH_AUTH_SOCK` and other improvements (#7059)

plugins/gpg-agent/README.md

@@ -2,7 +2,7 @@
 
 Enables [GPG's gpg-agent](https://www.gnupg.org/documentation/manuals/gnupg/) if it is not running.
 
-To use it, add gpg-agent to the plugins array of your zshrc file:
+To use it, add `gpg-agent` to the plugins array of your zshrc file:
 
 ```zsh
 plugins=(... gpg-agent)

plugins/gpg-agent/gpg-agent.plugin.zsh

@@ -1,16 +1,17 @@
-# Enable gpg-agent if it is not running-
-# --use-standard-socket will work from version 2 upwards
-
-AGENT_SOCK=$(gpgconf --list-dirs | grep agent-socket | cut -d : -f 2)
-
-if [[ ! -S $AGENT_SOCK ]]; then
-  gpg-agent --daemon --use-standard-socket &>/dev/null
-fi
 export GPG_TTY=$TTY
 
-# Set SSH to use gpg-agent if it's enabled
-GNUPGCONFIG="${GNUPGHOME:-"$HOME/.gnupg"}/gpg-agent.conf"
-if [[ -r $GNUPGCONFIG ]] && command grep -q enable-ssh-support "$GNUPGCONFIG"; then
-  export SSH_AUTH_SOCK="$AGENT_SOCK.ssh"
+# Fix for passphrase prompt on the correct tty
+# See https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#option-_002d_002denable_002dssh_002dsupport
+function _gpg-agent_update-tty_preexec {
+  gpg-connect-agent updatestartuptty /bye &>/dev/null
+}
+autoload -U add-zsh-hook
+add-zsh-hook preexec _gpg-agent_update-tty_preexec
+
+# If enable-ssh-support is set, fix ssh agent integration
+if [[ $(gpgconf --list-options gpg-agent | awk -F: '$1=="enable-ssh-support" {print $10}') = 1 ]]; then
   unset SSH_AGENT_PID
+  if [[ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]]; then
+    export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+  fi
 fi