6c95c870b0
- /home/.chezmoiscripts/universal/run_onchange_before_91-configure-gpg.tmpl - /home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl - /home/.chezmoiscripts/ubuntu/run_onchange_before_10-install-ubuntu-dependencies.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.tmpl - /home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_10-system-tweaks.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_11-configure-swap.tmpl - /home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl - /home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl - /home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl - /home/.chezmoiscripts/darwin/run_onchange_before_10-install-darwin-dependencies.tmpl - /home/.chezmoiscripts/darwin/run_onchange_before_20-ensure-user-group.tmpl - /home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl - /home/.chezmoiscripts/archlinux/run_onchange_before_10-install-archlinux-dependencies.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_08-install-zx.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_09-ensure-node-version.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_10-remove-bloatware.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_11-install-docker.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_05-install-homebrew.tmpl - /home/.chezmoiscripts/_universal/run_before_01-add-temporary-includes.tmpl - /home/.chezmoitemplates/universal/logg - /home/.chezmoitemplates/universal/profile - /home/.chezmoitemplates/universal/profile-before - /home/.chezmoitemplates/universal/logg-before - /home/.chezmoitemplates/universal/logg-compat - /home/.chezmoitemplates/universal/logg-inline - /home/.chezmoitemplates/universal/profile-inline - /home/.chezmoidata.yaml
49 lines
2 KiB
Bash
49 lines
2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
{{ includeTemplate "universal/profile-bundle" }}
|
|
{{ includeTemplate "universal/logg-bundle" }}
|
|
|
|
KEYID="{{ .user.gpg.id }}"
|
|
|
|
if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
|
|
if [ ! -d "$HOME/.gnupg" ]; then
|
|
mkdir "$HOME/.gnupg"
|
|
fi
|
|
chown -R "$(whoami)" "$HOME/.gnupg/"
|
|
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
|
|
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
|
|
if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
|
|
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
|
|
curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
|
|
chmod 600 "$HOME/.gnupg/gpg.conf"
|
|
fi
|
|
KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
|
|
if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
|
|
logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
|
|
gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
|
|
if [ -n "$EXIT_CODE" ]; then
|
|
logg warn 'Error downloading public GPG key'
|
|
logg info 'Retrying after turning on debug mode and using the standard DNS resolver'
|
|
sudo pkill dirmngr
|
|
dirmngr --debug-all --daemon --standard-resolver
|
|
gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
|
|
if [ -n "$EXIT_CODE" ]; then
|
|
logg error 'Failed to retrieve public user GPG key on hkps://pgp.mit.edu'
|
|
gpgconf --kill dirmngr
|
|
KEYID="${KEYID^^}"
|
|
KEYID="$(echo "$KEYID" | sed 's/^0X/0x/')"
|
|
if [ -f "$HOME/.gnupg/public/$KEYID.sig" ]; then
|
|
gpg --import "$HOME/.gnupg/public/$KEYID.sig"
|
|
fi
|
|
else
|
|
logg success 'Successfully imported configured public user GPG key'
|
|
fi
|
|
fi
|
|
else
|
|
logg info 'Key is already in keyring'
|
|
fi
|
|
logg 'Ensuring the trust of the provided public GPG key is set to maximum'
|
|
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|
|
else
|
|
logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
|
|
fi
|