feat: PATH shadow detection, locale fix, better install messaging

NLPSoftwareDemo · NLPSoftwareDemo · commit 9fc2b69d1885 · 2026-03-20T22:06:20.000+01:00
- update.sh: add _check_path_shadows — always runs at end (read-only);
  detects older/duplicate binaries at higher-priority PATH dirs that
  shadow /usr/local/bin managed tools (nvim, xcape)
- modules/neovim.sh: add _nvim_warn_shadows helper; called at install
  time and on the skip-already-current path via direct file probes
  (bypasses install-time bash PATH ambiguity)
- lib/utils.sh: add _ver_older_than using sort -V for correct semver
  comparison (e.g. 0.9.0 &lt; 0.10.4)
- modules/base.sh: add locales package + locale-gen en_US.UTF-8 to fix
  Perl locale warning on Ctrl+R (fzf history widget) on fresh Ubuntu
- install.sh + modules/zsh.sh: post-install message reflects actual
  shell change outcome via _SHELL_IS_ZSH flag; clarifies exec zsh vs
  new terminal behaviour
- bump version to 1.2.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.2.0] - 2026-03-20
+
+### Added
+- `lib/utils.sh`: `_ver_older_than` — version comparison helper using `sort -V`
+  (GNU coreutils); returns true when `$1 < $2`, false when either arg is empty
+- `modules/neovim.sh`: `_nvim_warn_shadows` — detects pre-existing `nvim` copies
+  at `~/.local/bin/nvim` or `~/bin/nvim` that shadow the managed install at
+  `/usr/local/bin/nvim`; runs at both install time and on the skip-already-current
+  path so a shadow is never silently missed
+- `update.sh`: `_check_path_shadows` — PATH shadow check that always runs at the
+  end of `update.sh` (read-only, no side effects); walks PATH dirs before
+  `/usr/local/bin`, reports older/duplicate/newer shadows for each managed tool
+  (`nvim`, `xcape`); skipped with an informational message if `/usr/local/bin` is
+  not in PATH at all
+
+### Fixed
+- `modules/base.sh`: add `locales` package and `locale-gen en_US.UTF-8` to
+  `install_base` — on fresh minimal Ubuntu images the locale data is absent,
+  causing Perl to warn on every `Ctrl+R` invocation (fzf's history widget invokes
+  `perl` for multi-line deduplication); idempotent (`locale -a` check guards re-run)
+- `install.sh` + `modules/zsh.sh`: post-install message now correctly reflects
+  whether the default shell change succeeded or failed; uses `_SHELL_IS_ZSH` flag
+  set by `_set_default_shell`; clarifies that `exec zsh` activates the shell
+  immediately without a re-login
+
 ## [1.1.3] - 2026-03-18
 
 ### Fixed
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.3
+1.2.0
diff --git a/git/.gitconfig b/git/.gitconfig
@@ -51,3 +51,6 @@
 
 [include]
     path = ~/.gitconfig.local
+[credential "https://gitlab.gnome.org"]
+	helper = 
+	helper = !/usr/bin/glab auth git-credential
diff --git a/install.sh b/install.sh
@@ -111,9 +111,14 @@ echo ""
 echo "  Next steps:"
 case "$PROFILE" in
     minimal|workstation)
-        echo "    • Switch to zsh now:  exec zsh"
-        echo "    • (Or start a new terminal session)"
-        echo "    • Run p10k configure to customise your prompt"
+        if ${_SHELL_IS_ZSH:-false}; then
+            echo "    • Default shell set to zsh — new terminals will open in zsh automatically"
+        else
+            echo "    • Default shell change failed — new terminals will still use bash"
+            echo "    • To fix permanently: chsh -s $(command -v zsh)  then re-login"
+        fi
+        echo "    • Activate zsh right now (no re-login needed):  exec zsh"
+        echo "    • Once in zsh:  p10k configure   to choose your prompt style"
         echo ""
         echo "  Font (run on your LOCAL machine, not here if this is a remote/server):"
         echo "    • ./scripts/install-fonts.sh   — installs MesloLGS NF (required for icons)"
diff --git a/lib/utils.sh b/lib/utils.sh
@@ -251,6 +251,19 @@ _download_tar_bin() {
     rm -rf "$tmp"
 }
 
+# Return 0 (true) if version string $1 is strictly older than $2.
+# Uses sort -V (GNU coreutils version sort, available on Ubuntu 20.04+).
+# Returns 1 (false) if either argument is empty — treats unknown as non-older.
+# Usage: _ver_older_than "0.9.0" "0.10.4"
+_ver_older_than() {
+    local a="${1:-}" b="${2:-}"
+    [ -z "$a" ] && return 1
+    [ -z "$b" ] && return 1
+    local lower
+    lower=$(printf '%s\n%s\n' "$a" "$b" | sort -V | head -1)
+    [ "$lower" = "$a" ] && [ "$a" != "$b" ]
+}
+
 # Verify the installed binary at DEST is what the shell will actually resolve.
 # Usage: _verify_dest BINARY_NAME DEST
 _verify_dest() {
diff --git a/modules/base.sh b/modules/base.sh
@@ -10,6 +10,7 @@ install_base() {
 
     if $CAN_SUDO; then
         local -a _pkgs=(
+            locales
             git curl wget
             zsh tmux neovim
             ranger jq
@@ -22,6 +23,14 @@ install_base() {
         $SUDO apt-get -yq update
         apt_install "${_pkgs[@]}"
 
+        # Ensure en_US.UTF-8 locale is generated — without this, Perl (and tools
+        # that shell out to it) will warn whenever LANG=en_US.UTF-8 is set but the
+        # locale data isn't present (e.g. on fresh minimal Ubuntu installs).
+        if ! locale -a 2>/dev/null | grep -q 'en_US.utf8'; then
+            log_info "Generating locale: en_US.UTF-8"
+            $SUDO locale-gen en_US.UTF-8
+        fi
+
         # fd is installed as 'fdfind' on Debian/Ubuntu — add a shim if fd is missing
         if ! has fd && has fdfind; then
             ln -sf "$(command -v fdfind)" ~/.local/bin/fd
diff --git a/modules/neovim.sh b/modules/neovim.sh
@@ -3,6 +3,25 @@
 # Falls back to apt if GitHub is unreachable or arch is unsupported.
 # Idempotent: skips install when the installed version already matches latest.
 
+# Probe ~/.local/bin/nvim and ~/bin/nvim for older copies that would shadow
+# CANONICAL (/usr/local/bin/nvim). Warns with a fix command for each found.
+# Uses direct path probes — not `command -v` — so install-time bash PATH
+# differences don't mask the shadow.
+_nvim_warn_shadows() {
+    local canonical="$1"
+    local _cv _sv _shadow
+    _cv=$(_cmd_version "$canonical" --version) || _cv=""
+    [ -z "$_cv" ] && return 0  # canonical unreadable — nothing useful to compare
+    for _shadow in "$HOME/.local/bin/nvim" "$HOME/bin/nvim"; do
+        [ -e "$_shadow" ] || continue
+        _sv=$(_cmd_version "$_shadow" --version) || _sv=""
+        if _ver_older_than "$_sv" "$_cv"; then
+            log_warn "neovim: $_shadow ($_sv) will shadow $canonical ($_cv)"
+            log_warn "  Fix: rm $_shadow"
+        fi
+    done
+}
+
 # Link nvim config from dotfiles repo
 link_nvim_config() {
     log_step "nvim config"
@@ -79,6 +98,10 @@ install_neovim() {
         current=$(nvim --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
         if [ "$current" = "$latest" ]; then
             log_ok "neovim $latest_tag already installed — skipping"
+            # Shadow check still needed: `nvim` above may have resolved to a
+            # user-local copy (e.g. ~/.local/bin/nvim) that shadows an existing
+            # /usr/local/bin/nvim at the same version.
+            if $CAN_SUDO; then _nvim_warn_shadows /usr/local/bin/nvim; fi
             return
         fi
         log_info "neovim: upgrading $current → $latest (installing to $prefix)"
@@ -120,7 +143,10 @@ install_neovim() {
         cp -r "$extracted"/. "$prefix/"
     fi
 
-    log_ok "neovim installed → $prefix ($(nvim --version 2>/dev/null | head -1))"
+    # Use the full path so the version shown is always the binary we just
+    # installed, not whatever `nvim` resolves to in the install-time bash PATH.
+    log_ok "neovim installed → $prefix ($($prefix/bin/nvim --version 2>/dev/null | head -1))"
+    if $CAN_SUDO; then _nvim_warn_shadows /usr/local/bin/nvim; fi
 }
 
 _neovim_apt() {
diff --git a/modules/zsh.sh b/modules/zsh.sh
@@ -78,6 +78,9 @@ _link_zshrc() {
     log_ok "~/.zshrc → dotfiles/zsh/.zshrc"
 }
 
+# Set by _set_default_shell; read by install.sh's "next steps" section.
+_SHELL_IS_ZSH=false
+
 _set_default_shell() {
     log_step "Default shell"
     local zsh_path
@@ -88,6 +91,7 @@ _set_default_shell() {
     fi
     if [ "${SHELL:-}" = "$zsh_path" ]; then
         log_ok "zsh is already the default shell"
+        _SHELL_IS_ZSH=true
         return
     fi
     if $CAN_SUDO; then
@@ -98,10 +102,13 @@ _set_default_shell() {
         [ -n "${SUDO:-}" ] && sudo -v 2>/dev/null || true
         $SUDO usermod -s "$zsh_path" "$(id -un)"
         log_ok "Default shell set to zsh (restart your session)"
+        _SHELL_IS_ZSH=true
     elif chsh -s "$zsh_path" 2>/dev/null; then
         log_ok "Default shell set to zsh (restart your session)"
+        _SHELL_IS_ZSH=true
     else
         log_warn "Could not change shell — run: chsh -s $zsh_path"
+        _SHELL_IS_ZSH=false
     fi
 }
 
diff --git a/update.sh b/update.sh
@@ -11,10 +11,14 @@
 #   apt  omz  tmux-plugins  zsh-plugins  fzf  rg  fd  shellcheck
 #   zoxide  delta  eza  uv  ruff  neovim  cheat  pre-commit  xcape
 #
+# A PATH shadow check always runs at the end (read-only). It detects older
+# binaries at higher-priority PATH locations that would hide managed versions
+# installed to /usr/local/bin (e.g. nvim, xcape).
+#
 # Examples:
-#   ./update.sh --check              # check all versions
-#   ./update.sh --check neovim fzf  # check only neovim and fzf
-#   ./update.sh neovim              # update only neovim
+#   ./update.sh --check              # check all versions + shadow report
+#   ./update.sh --check neovim fzf  # check only neovim and fzf (+ shadow report)
+#   ./update.sh neovim              # update only neovim (+ shadow report)
 #   NOSUDO=1 ./update.sh            # skip apt upgrade, skip all sudo operations
 
 set -euo pipefail
@@ -179,6 +183,80 @@ _do_update_neovim() {
     _verify_dest nvim "$nvim_dest"
 }
 
+# ── PATH shadow check ─────────────────────────────────────────────────────────
+# Detect binaries at higher-priority PATH locations that shadow dotfiles-managed
+# versions at /usr/local/bin. Runs always (read-only, no side effects).
+#
+# Only /usr/local/bin tools need this check — tools at ~/.local/bin are already
+# at the highest dotfiles-managed PATH priority and cannot be shadowed by the
+# installer itself.
+_check_path_shadows() {
+    log_step "PATH shadow check"
+
+    # Collect PATH dirs that appear before /usr/local/bin.
+    # These are the only locations that can shadow /usr/local/bin binaries.
+    local -a _before=() _all_dirs=()
+    local _dir _found_usr_local=false
+    IFS=: read -ra _all_dirs <<< "${PATH:-}"
+    for _dir in "${_all_dirs[@]}"; do
+        if [ "$_dir" = "/usr/local/bin" ]; then
+            _found_usr_local=true
+            break
+        fi
+        _before+=("$_dir")
+    done
+
+    # If /usr/local/bin is not in PATH at all, the check is meaningless —
+    # managed binaries there are unreachable regardless of shadows.
+    if ! $_found_usr_local; then
+        log_info "PATH shadow check: /usr/local/bin not in PATH — skipping (run from zsh after exec zsh)"
+        return 0
+    fi
+
+    if [ ${#_before[@]} -eq 0 ]; then
+        log_ok "/usr/local/bin is first in PATH — no shadow risk"
+        return 0
+    fi
+
+    local _any_issue=false _any_checked=false _tool _canonical _shadow _cv _sv
+    for _tool in nvim xcape; do
+        _canonical="/usr/local/bin/$_tool"
+        [ -x "$_canonical" ] || continue  # not installed at /usr/local/bin
+        _any_checked=true
+
+        _shadow=""
+        for _dir in "${_before[@]}"; do
+            [ -x "$_dir/$_tool" ] && _shadow="$_dir/$_tool" && break
+        done
+
+        [ -z "$_shadow" ] && continue  # no shadow for this tool — silent in clean case
+
+        _cv=$(_cmd_version "$_canonical" --version) || _cv=""
+        _sv=$(_cmd_version "$_shadow" --version) || _sv=""
+
+        if [ -z "$_cv" ] || [ -z "$_sv" ]; then
+            log_warn "$_tool: $_shadow shadows /usr/local/bin/$_tool (cannot read versions — inspect manually)"
+            _any_issue=true
+        elif _ver_older_than "$_sv" "$_cv"; then
+            log_warn "$_tool: $_shadow ($_sv) shadows /usr/local/bin/$_tool ($_cv)"
+            log_warn "  Fix: rm $_shadow"
+            _any_issue=true
+        elif [ "$_sv" = "$_cv" ]; then
+            log_warn "$_tool: duplicate at $_shadow — same version as /usr/local/bin/$_tool"
+            log_warn "  Consider: rm $_shadow"
+            _any_issue=true
+        else
+            log_info "$_tool: $_shadow ($_sv) supersedes /usr/local/bin/$_tool ($_cv) — custom newer version"
+        fi
+    done
+
+    if ! $_any_checked; then
+        log_info "No tools installed at /usr/local/bin — shadow check not applicable"
+    elif ! $_any_issue; then
+        log_ok "No PATH shadows detected for /usr/local/bin tools"
+    fi
+}
+
 # ── System packages ────────────────────────────────────────────────────────────
 log_info "Checking sudo access…"
 detect_sudo
@@ -453,6 +531,9 @@ if _should_run pre-commit; then
     fi
 fi
 
+# ── PATH shadow check (always runs — read-only) ───────────────────────────────
+_check_path_shadows
+
 echo ""
 if $CHECK_ONLY; then
     log_ok "Check complete"
