diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2014-11-13 11:13:20 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2014-11-13 11:13:20 +1300 |
commit | 91633c46338ddac59e2e4f1ad7f44870d471fce5 (patch) | |
tree | ce3c1342c9ee870672f16f35bd23915b7e0a8c6a | |
parent | Don't use Pathogen if Vim is ancient (diff) | |
download | dotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.tar.gz dotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.zip |
Generate gpg.conf from m4 template on make call
We have to do this because gpg.conf doesn't understand tilde or
environment variable expansion in the configuration file, and the only
reliable way to make the ca-cert-file option work between different
implementations of gpg(1) and its cURL link is to explicitly specify the
path to the CA file.
This is probably a better approach than installing the thing as a
trusted system CA anyway, which requires root privileges that I don't
really want to assume anyone installing this has.
I'm also including the CA, CRL, and .pem for the SKS keyservers in this
commit. This seems a lesser evil than trying to pull them with cURL or
wget at make(1) time.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 29 | ||||
-rw-r--r-- | gnupg/gpg.conf.m4 (renamed from gnupg/gpg.conf) | 2 | ||||
-rw-r--r-- | gnupg/sks-keyservers.net/README.markdown | 10 | ||||
-rw-r--r-- | gnupg/sks-keyservers.net/crl.pem | 26 | ||||
-rw-r--r-- | gnupg/sks-keyservers.net/sks-keyservers.netCA.pem | 32 | ||||
-rw-r--r-- | gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc | 16 |
7 files changed, 108 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..7959a35a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +gnupg/gpg.conf @@ -1,4 +1,8 @@ -.PHONY: install \ +.PHONY: all \ + clean \ + distclean \ + gnupg \ + install \ install-bash \ install-bin \ install-curl \ @@ -30,14 +34,22 @@ test-bash \ test-bin \ test-sh \ - test-urxvt \ - usage + test-urxvt -usage : - @echo "tejr/dotfiles: Nothing to do." +all : gnupg @echo "Run make -n install, and read the output carefully." @echo "If you're happy with what it'll do, then run make install." +clean : + rm -f gnupg/gpg.conf + +distclean : clean + +gnupg : gnupg/gpg.conf + +gnupg/gpg.conf : + m4 -D DOTFILES_HOME="$(HOME)" gnupg/gpg.conf.m4 > gnupg/gpg.conf + install : install-bash \ install-curl \ install-dircolors \ @@ -74,9 +86,12 @@ install-dircolors : install-git : install -m 0644 -- git/gitconfig "$(HOME)"/.gitconfig -install-gnupg : - install -m 0700 -d -- "$(HOME)"/.gnupg +install-gnupg : gnupg/gpg.conf + install -m 0700 -d -- \ + "$(HOME)"/.gnupg \ + "$(HOME)"/.gnupg/sks-keyservers.net install -m 0600 -- gnupg/*.conf "$(HOME)"/.gnupg + install -m 0644 -- gnupg/sks-keyservers.net/* "$(HOME)"/.gnupg/sks-keyservers.net install-i3 : install-x install -m 0755 -d -- "$(HOME)"/.i3 diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf.m4 index 2baa68cb..81a95f3d 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf.m4 @@ -26,7 +26,7 @@ keyserver hkps://hkps.pool.sks-keyservers.net # Retrieve keys automatically; check the keyserver port cert; use whichever # server is proffered from the pool -keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url +keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url ca-certfile=DOTFILES_HOME/.gnupg/sks-keyservers.net/sks-keyservers.netCA.pem # Include trust/validity for UIDs in listings list-options show-uid-validity diff --git a/gnupg/sks-keyservers.net/README.markdown b/gnupg/sks-keyservers.net/README.markdown new file mode 100644 index 00000000..aca7ac2a --- /dev/null +++ b/gnupg/sks-keyservers.net/README.markdown @@ -0,0 +1,10 @@ +sks-keyservers.net CA, CRL, and signature +========================================= + +These files are downloaded from links on the [sks-keyservers.net][1] overview +page. I've included both their signature file and the revocation list, but it's +your responsibility to make sure that everything here is verified to your +satisfaction. + +[1]: https://sks-keyservers.net/overview-of-pools.php + diff --git a/gnupg/sks-keyservers.net/crl.pem b/gnupg/sks-keyservers.net/crl.pem new file mode 100644 index 00000000..43b2560b --- /dev/null +++ b/gnupg/sks-keyservers.net/crl.pem @@ -0,0 +1,26 @@ +-----BEGIN X509 CRL----- +MIIEczCCAlsCAQEwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCTk8xDTALBgNV +BAgMBE9zbG8xHjAcBgNVBAoMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTEeMBwGA1UE +AwwVc2tzLWtleXNlcnZlcnMubmV0IENBFw0xNDEwMTAxNjM5MTdaFw0xNTA0MDgx +NjM5MTdaMIIBuDASAgEBFw0xMjEwMDkwMTAyMDVaMBICAQIXDTEyMTAwOTAxMDIw +NVowEgIBAxcNMTQwNTAxMTEyMDU2WjASAgEEFw0xMjEwMDkwMTAyMDVaMBICAQgX +DTE0MDUwNjE4MjQzMVowEgIBDBcNMTQwNjI4MTI0NTU2WjASAgERFw0xNDA0MjYx +MjU4MjdaMBICARMXDTEzMTExMzE5MzczM1owEgIBFBcNMTQwNDI5MTczNDA0WjAS +AgEYFw0xNDA1MDYxODIyMDVaMBICASEXDTE0MDUwMjEyNDQ1MlowEgIBIhcNMTQw +NDI5MTczNDA0WjASAgEjFw0xMzExMTMxOTM3MzNaMBICASQXDTE0MDUwNzIwMTIy +OFowEgIBKBcNMTQwNDI5MjAwNjAyWjASAgEpFw0xNDA0MjYxNDI0MjRaMBICASsX +DTE0MDUwMzE0NDgwNlowEgIBLRcNMTQwNDMwMDgxNTU4WjASAgEuFw0xNDA0MzAw +ODE2MTdaMBICAS8XDTE0MDQyNjEzMDIxNlowEgIBMxcNMTQwNDI5MTczNjIwWjAS +AgE0Fw0xNDA1MTIxODQwNThaoA8wDTALBgNVHRQEBAICEBowDQYJKoZIhvcNAQEL +BQADggIBAAZLkVRNqj9nL6f2Cv/AlDe0pMx2ZLNyIN3/KXSByUoIH4NMSDuPQqec +ceUq+W5Vrh8EDUC9MbUMA1MSv/DWdG/422to8/iDnC/F423JLfOVwQABR5F37mxF +MH+6aL9QgEezqHjnMg2MKRukB29TXR9rj3Q2HOhn+MH45Cfw7HDpCA+zaCUAHz1d +74pyp38hfMT5s3Xm2M2ibtOoHmQYbx4rYra+dwPce41QppF2XnfV++6gxUv5F41U +t7aouAt1ZsrIdcP+7crh4KbeTUIR3eEO/tHs74HVjhMtdsn1rTM668Dl3eg6rcv7 +CCNMgXbotNUekuWlf8YFM01BOyHUaWrMfpS/1WkKqVR/0BzMuSoPAHehoq5SGm1B +RkVl9/acH07nvmziQQEnyJDZKaJplnIZ+vgNW07cW8eaeafVXTF8fkornyCVDE92 +YGxLQiUu2lQ4qcbb9OH1ki0LnUvCVo8SbzH913VqcvE6EHhoHyaHtBqswBwP5NZd +ybC2bxOYhmICVnK8ee/1Yz9dnjtJsMhB3qtW3vkJ6yn7bjRLH01U8wvhJDo8Cjhe +dyZnT3JE9lzPYb3JqkYIn1YnolUF/zhoVTcUQVSn81u44yx5yrPbsvjIsiSWt4Pd +Q7y++Yy2Sgh9uApIF/1xqsu+dZnOR/rMQdQXwM4bmXn/6itZ/22l +-----END X509 CRL----- diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem new file mode 100644 index 00000000..24a2ad2e --- /dev/null +++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc new file mode 100644 index 00000000..5f11bc56 --- /dev/null +++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJUCZzxAAoJEPw7F94F4Tag/Z8P/jUOTbsCYT+bG7L+/D9s1KCz +G2H9X4fV/fBeeAFWjgV6iNBEzZuFx9FYxmECyR1JzRektfWa3JR+rt2pipGO2UQ2 +Il2Ti6K7mVNyEnsgfq5otky7UDewmW+p5u1I7PNVcnHmArE7EueX5WB1vYhY2faY +B4xsFuaLacQVIz9JFyKiTGu0WSkpnlByaCoMPJgifwwGhPNK8X23isKDY8U9hahh +xWHRf/57Z+g407d6dEG/1ax8ELf68KRLGalZv9fOcZfRbFT4JV4bq/rsZuNptAqf +8A5RDnsgXFyIgDptWnYYpra/HCPNOKdL/TxcASTsEH6s9NNw9mvNpE//JWYMV4FM +N6h9aTezSEwAnD781JrPPZ8BlpRYWtnd3UaSbBbOdb6mze0Oh39yvYEcEO8edvC1 +RLH5OJyJIIkkO46B8cYBtokjRlcAeBgFf5GLlwdh6zGcERqsTRHtA8FmLbl1v3w1 +Xj1tUAoex27ke+z+QKBOp06t6eeNavDeN0/jDidSPQ4Q6QVy8KP9eeMDAQkd9+1F +aCMvSxEkbuiy05grzQC0jqOXAIVwfu33kcFr2Z7boxVNEjM/ng6Ty4WXWWWbADaH +nXGamvmUrCiODMRl4DYTB65H27tSv2J9j8WyA+IiokJOglH63nyJJy+XWbRmlgmI ++ds5RCeuq2/uVOGhSP7t +=O9Kt +-----END PGP SIGNATURE----- |