install.fairie/home/.chezmoiscripts/universal/run_onchange_before_91-configure-gpg.sh.tmpl

59 lines
2.7 KiB
Cheetah
Raw Normal View History

#!/usr/bin/env bash
Update 21 files - /home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_94-bash-it.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_95-bootstrap-zsh-plugins.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_08-install-zx.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_09-node-version.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_10-remove-bloatware.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_91-configure-gpg.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_94-bash-it.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_95-bootstrap-zsh-plugins.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_08-install-zx.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_09-install-go.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_09-node-version.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_10-remove-bloatware.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_91-configure-gpg.sh.tmpl
2023-04-11 20:57:02 -07:00
# @file GPG Configuration
# @brief Imports the public GPG key defined by the variable `KEYID` and then assigns it ultimate trust
# @description
# This script imports your publicly hosted GPG key using `pgp.mit.edu` as the key host. It then assigns it
# the ultimate trust level. It also downloads and configures GPG to use the configuration defined in `.config.gpg`
# in the `home/.chezmoidata.yaml` file.
2023-01-24 20:36:59 -08:00
{{ includeTemplate "universal/profile-before" }}
{{ includeTemplate "universal/logg-before" }}
2023-07-10 23:04:11 -07:00
export KEYID="{{ .user.gpg.id }}"
if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
if [ ! -d "$HOME/.gnupg" ]; then
mkdir "$HOME/.gnupg"
fi
chown "$(whoami)" "$HOME/.gnupg"
chmod 700 "$HOME/.gnupg"
chown -Rf "$(whoami)" "$HOME/.gnupg/"
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
chmod 600 "$HOME/.gnupg/gpg.conf"
fi
KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
2023-07-10 23:04:11 -07:00
LOCAL_KEYID="${KEYID^^}"
LOCAL_KEYID="$(echo "$LOCAL_KEYID" | sed 's/^0X/0x/')"
logg info 'Killing dirmngr instance and reloading daemon with standard-resolver'
sudo pkill dirmngr && dirmngr --daemon --standard-resolver || logg error 'Failed to launch dirmngr with standard-resolver'
if [ -f "$HOME/.gnupg/public/$KEYID.sig" ]; then
gpg --import "$HOME/.gnupg/public/$KEYID.sig"
else
logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
gpg --keyserver https://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
2023-07-10 23:04:11 -07:00
logg info 'Non-zero exit code received when downloading public GPG key'
gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg info 'Non-zero exit code received when trying to retrieve public user GPG key on hkps://pgp.mit.edu'
else
logg success 'Successfully imported configured public user GPG key'
fi
fi
fi
2023-07-10 23:04:11 -07:00
logg info 'Stopping dirmngr'
gpgconf --kill dirmngr && logg info 'Stopped dirmngr' || info warn 'Failed to stop dirmngr'
else
logg info 'Key is already in keyring'
fi
logg 'Ensuring the trust of the provided public GPG key is set to maximum'
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
else
logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
fi