#!/usr/bin/env bash {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} KEYID="{{ .user.gpg.id }}" if [ -n "$KEYID" ] && command -v gpg > /dev/null; then if [ ! -d "$HOME/.gnupg" ]; then mkdir "$HOME/.gnupg" fi chown -R "$(whoami)" "$HOME/.gnupg/" find "$HOME/.gnupg" -type f -exec chmod 600 {} \; find "$HOME/.gnupg" -type d -exec chmod 700 {} \; if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf' curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf" chmod 600 "$HOME/.gnupg/gpg.conf" fi KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')" if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers' gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$? if [ -n "$EXIT_CODE" ]; then logg warn 'Error downloading public GPG key' logg info 'Retrying after turning on debug mode and using the standard DNS resolver' sudo pkill dirmngr dirmngr --debug-all --daemon --standard-resolver gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$? if [ -n "$EXIT_CODE" ]; then logg error 'Failed to retrieve public user GPG key on hkps://pgp.mit.edu' gpgconf --kill dirmngr KEYID="${KEYID^^}" KEYID="$(echo "$KEYID" | sed 's/^0X/0x/')" if [ -f "$HOME/.gnupg/$KEYID.key" ]; then gpg --import "$HOME/.gnupg/$KEYID.key" fi else logg success 'Successfully imported configured public user GPG key' fi fi else logg info 'Key is already in keyring' fi logg 'Ensuring the trust of the provided public GPG key is set to maximum' echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID" else logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?' fi