aboutsummaryrefslogtreecommitdiff
path: root/gnupg
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2014-11-13 11:13:20 +1300
committerTom Ryder <tom@sanctum.geek.nz>2014-11-13 11:13:20 +1300
commit91633c46338ddac59e2e4f1ad7f44870d471fce5 (patch)
treece3c1342c9ee870672f16f35bd23915b7e0a8c6a /gnupg
parent98aa4918385d5df1012ce100deb7c85198122454 (diff)
downloaddotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.tar.gz
dotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.zip
Generate gpg.conf from m4 template on make call
We have to do this because gpg.conf doesn't understand tilde or environment variable expansion in the configuration file, and the only reliable way to make the ca-cert-file option work between different implementations of gpg(1) and its cURL link is to explicitly specify the path to the CA file. This is probably a better approach than installing the thing as a trusted system CA anyway, which requires root privileges that I don't really want to assume anyone installing this has. I'm also including the CA, CRL, and .pem for the SKS keyservers in this commit. This seems a lesser evil than trying to pull them with cURL or wget at make(1) time.
Diffstat (limited to 'gnupg')
-rw-r--r--gnupg/gpg.conf.m4 (renamed from gnupg/gpg.conf)2
-rw-r--r--gnupg/sks-keyservers.net/README.markdown10
-rw-r--r--gnupg/sks-keyservers.net/crl.pem26
-rw-r--r--gnupg/sks-keyservers.net/sks-keyservers.netCA.pem32
-rw-r--r--gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc16
5 files changed, 85 insertions, 1 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf.m4
index 2baa68cb..81a95f3d 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf.m4
@@ -26,7 +26,7 @@ keyserver hkps://hkps.pool.sks-keyservers.net
# Retrieve keys automatically; check the keyserver port cert; use whichever
# server is proffered from the pool
-keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url
+keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url ca-certfile=DOTFILES_HOME/.gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
# Include trust/validity for UIDs in listings
list-options show-uid-validity
diff --git a/gnupg/sks-keyservers.net/README.markdown b/gnupg/sks-keyservers.net/README.markdown
new file mode 100644
index 00000000..aca7ac2a
--- /dev/null
+++ b/gnupg/sks-keyservers.net/README.markdown
@@ -0,0 +1,10 @@
+sks-keyservers.net CA, CRL, and signature
+=========================================
+
+These files are downloaded from links on the [sks-keyservers.net][1] overview
+page. I've included both their signature file and the revocation list, but it's
+your responsibility to make sure that everything here is verified to your
+satisfaction.
+
+[1]: https://sks-keyservers.net/overview-of-pools.php
+
diff --git a/gnupg/sks-keyservers.net/crl.pem b/gnupg/sks-keyservers.net/crl.pem
new file mode 100644
index 00000000..43b2560b
--- /dev/null
+++ b/gnupg/sks-keyservers.net/crl.pem
@@ -0,0 +1,26 @@
+-----BEGIN X509 CRL-----
+MIIEczCCAlsCAQEwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCTk8xDTALBgNV
+BAgMBE9zbG8xHjAcBgNVBAoMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTEeMBwGA1UE
+AwwVc2tzLWtleXNlcnZlcnMubmV0IENBFw0xNDEwMTAxNjM5MTdaFw0xNTA0MDgx
+NjM5MTdaMIIBuDASAgEBFw0xMjEwMDkwMTAyMDVaMBICAQIXDTEyMTAwOTAxMDIw
+NVowEgIBAxcNMTQwNTAxMTEyMDU2WjASAgEEFw0xMjEwMDkwMTAyMDVaMBICAQgX
+DTE0MDUwNjE4MjQzMVowEgIBDBcNMTQwNjI4MTI0NTU2WjASAgERFw0xNDA0MjYx
+MjU4MjdaMBICARMXDTEzMTExMzE5MzczM1owEgIBFBcNMTQwNDI5MTczNDA0WjAS
+AgEYFw0xNDA1MDYxODIyMDVaMBICASEXDTE0MDUwMjEyNDQ1MlowEgIBIhcNMTQw
+NDI5MTczNDA0WjASAgEjFw0xMzExMTMxOTM3MzNaMBICASQXDTE0MDUwNzIwMTIy
+OFowEgIBKBcNMTQwNDI5MjAwNjAyWjASAgEpFw0xNDA0MjYxNDI0MjRaMBICASsX
+DTE0MDUwMzE0NDgwNlowEgIBLRcNMTQwNDMwMDgxNTU4WjASAgEuFw0xNDA0MzAw
+ODE2MTdaMBICAS8XDTE0MDQyNjEzMDIxNlowEgIBMxcNMTQwNDI5MTczNjIwWjAS
+AgE0Fw0xNDA1MTIxODQwNThaoA8wDTALBgNVHRQEBAICEBowDQYJKoZIhvcNAQEL
+BQADggIBAAZLkVRNqj9nL6f2Cv/AlDe0pMx2ZLNyIN3/KXSByUoIH4NMSDuPQqec
+ceUq+W5Vrh8EDUC9MbUMA1MSv/DWdG/422to8/iDnC/F423JLfOVwQABR5F37mxF
+MH+6aL9QgEezqHjnMg2MKRukB29TXR9rj3Q2HOhn+MH45Cfw7HDpCA+zaCUAHz1d
+74pyp38hfMT5s3Xm2M2ibtOoHmQYbx4rYra+dwPce41QppF2XnfV++6gxUv5F41U
+t7aouAt1ZsrIdcP+7crh4KbeTUIR3eEO/tHs74HVjhMtdsn1rTM668Dl3eg6rcv7
+CCNMgXbotNUekuWlf8YFM01BOyHUaWrMfpS/1WkKqVR/0BzMuSoPAHehoq5SGm1B
+RkVl9/acH07nvmziQQEnyJDZKaJplnIZ+vgNW07cW8eaeafVXTF8fkornyCVDE92
+YGxLQiUu2lQ4qcbb9OH1ki0LnUvCVo8SbzH913VqcvE6EHhoHyaHtBqswBwP5NZd
+ybC2bxOYhmICVnK8ee/1Yz9dnjtJsMhB3qtW3vkJ6yn7bjRLH01U8wvhJDo8Cjhe
+dyZnT3JE9lzPYb3JqkYIn1YnolUF/zhoVTcUQVSn81u44yx5yrPbsvjIsiSWt4Pd
+Q7y++Yy2Sgh9uApIF/1xqsu+dZnOR/rMQdQXwM4bmXn/6itZ/22l
+-----END X509 CRL-----
diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
new file mode 100644
index 00000000..24a2ad2e
--- /dev/null
+++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
+BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
+ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
+MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
+c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
+cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
+6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
+MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
+45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
+FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
+Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
+aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
+MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
+u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
+p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
+fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
+A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
+TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
+OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
+gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
+X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
+gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
+UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
+lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
+BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
+cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
+f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
+ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
+WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
+-----END CERTIFICATE-----
diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc
new file mode 100644
index 00000000..5f11bc56
--- /dev/null
+++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJUCZzxAAoJEPw7F94F4Tag/Z8P/jUOTbsCYT+bG7L+/D9s1KCz
+G2H9X4fV/fBeeAFWjgV6iNBEzZuFx9FYxmECyR1JzRektfWa3JR+rt2pipGO2UQ2
+Il2Ti6K7mVNyEnsgfq5otky7UDewmW+p5u1I7PNVcnHmArE7EueX5WB1vYhY2faY
+B4xsFuaLacQVIz9JFyKiTGu0WSkpnlByaCoMPJgifwwGhPNK8X23isKDY8U9hahh
+xWHRf/57Z+g407d6dEG/1ax8ELf68KRLGalZv9fOcZfRbFT4JV4bq/rsZuNptAqf
+8A5RDnsgXFyIgDptWnYYpra/HCPNOKdL/TxcASTsEH6s9NNw9mvNpE//JWYMV4FM
+N6h9aTezSEwAnD781JrPPZ8BlpRYWtnd3UaSbBbOdb6mze0Oh39yvYEcEO8edvC1
+RLH5OJyJIIkkO46B8cYBtokjRlcAeBgFf5GLlwdh6zGcERqsTRHtA8FmLbl1v3w1
+Xj1tUAoex27ke+z+QKBOp06t6eeNavDeN0/jDidSPQ4Q6QVy8KP9eeMDAQkd9+1F
+aCMvSxEkbuiy05grzQC0jqOXAIVwfu33kcFr2Z7boxVNEjM/ng6Ty4WXWWWbADaH
+nXGamvmUrCiODMRl4DYTB65H27tSv2J9j8WyA+IiokJOglH63nyJJy+XWbRmlgmI
++ds5RCeuq2/uVOGhSP7t
+=O9Kt
+-----END PGP SIGNATURE-----