From: sev Date: Thu, 8 Oct 2020 14:20:14 +0000 (-0500) Subject: add gpg, update install.sh, fix .zshenv.local X-Git-Url: https://git.sev.monster/~sev/dotfiles.git/commitdiff_plain/372276b7c479d6d988a881b9b7ef29206e3c391b add gpg, update install.sh, fix .zshenv.local gpg configs added and install.sh updated for them gpg agent started under .zshenv fixed .zshenv.local not being read removed oboslete dabuild references from install.sh --- diff --git a/base/.zshenv b/base/.zshenv index 1809f47..46b0e66 100644 --- a/base/.zshenv +++ b/base/.zshenv @@ -23,15 +23,22 @@ export XDG_RUNTIME_DIR=~/tmp export PYTHONSTARTUP=~/.pythonrc ## perl (( ${+commands[perl]} )) && eval $(perl -I $XDG_DATA_HOME/perl5/lib/perl5 -Mlocal::lib=$XDG_DATA_HOME/perl5) +## gpg +export GPG_TTY=$(tty) +if [[ ! -v SSH_AUTH_SOCK ]] { + # set up SSH auth socket and start GPG agent + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +} +gpg-connect-agent updatestartuptty /bye >/dev/null ### freebsd -if [[ "$OSTYPE" =~ "^freebsd" ]]; then +if [[ "$OSTYPE" =~ "^freebsd" ]] { export CLICOLOR= export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=46;34:cd=43;34:su=41;30:sg=46;30:tw=42;30:ow=43;30' -fi +} ### load site-specific -if [[ -e "~/.zshenv.local" ]] && [[ ! -v _ZSHENV_LOADED ]] { +if [[ -f ~/.zshenv.local ]] && [[ ! -v _ZSHENV_LOADED ]] { export _ZSHENV_LOADED= source ~/.zshenv.local } diff --git a/gpg/gpg-agent.conf b/gpg/gpg-agent.conf new file mode 100644 index 0000000..7b6f994 --- /dev/null +++ b/gpg/gpg-agent.conf @@ -0,0 +1,3 @@ +enable-ssh-support +default-cache-ttl 0 +pinentry-program /usr/bin/pinentry-x11 diff --git a/gpg/gpg.conf b/gpg/gpg.conf new file mode 100644 index 0000000..0b30d7a --- /dev/null +++ b/gpg/gpg.conf @@ -0,0 +1,43 @@ +# cryptography preferences +personal-cipher-preferences AES256 AES192 AES +personal-digest-preferences SHA512 SHA384 SHA256 +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +# key signing algo +cert-digest-algo SHA512 +# symmetric operations algos +s2k-digest-algo SHA512 +s2k-cipher-algo AES256 + +# general +expert +charset utf-8 +use-agent +default-key 0x747327ED5BA43ED5 +trusted-key 0x747327ED5BA43ED5 + +# visual +no-greeting +keyid-format 0xlong +list-options show-uid-validity +verify-options show-uid-validity show-keyserver-urls +with-fingerprint +with-keygrip +with-key-origin + +# hardening +# disable caching of passphrase for symmetrical ops +no-symkey-cache +# disable recipient key ID in messages +throw-keyids + +# keyservers +keyserver hkps://keys.openpgp.org +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver hkps://pgp.ocf.berkeley.edu +keyserver hkps://pgp.mit.edu +keyserver hkps://keyring.debian.org +keyserver hkps://keyserver.ubuntu.com +keyserver hkps://attester.flowcrypt.com +keyserver hkps://zimmermann.mayfirst.org +keyserver-options auto-key-retrieve diff --git a/install.sh b/install.sh index 23a1910..25e094a 100755 --- a/install.sh +++ b/install.sh @@ -21,7 +21,7 @@ fi # create preferred folder structure cd ~ -mkdir -p bin etc share share/fonts .urxvt/ext .icons .themes >$devnull 2>&1 +mkdir -p bin etc share share/fonts .urxvt/ext .icons .themes .gnupg >$devnull 2>&1 mkdir -pm 700 var/tmp var/tmp/vim >$devnull 2>&1 cd - >$devnull @@ -47,16 +47,12 @@ l() { find base -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/`basename "$x"`" done -# requires existing source tree and `make dabuild` -for x in dabuild dabuild-admin; do - x="$HOME/src/docker-abuild/$x" - if [ -e "$x" ]; then - l "$HOME/bin/`basename "$x"`" "$x" - fi -done find bin share -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/$x" done +find fonts -mindepth 1 -maxdepth 1 -type d | while read -r x; do + l "$HOME/share/fonts/`basename "$x"`" +done find xdg -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/etc/`basename "$x"`" done @@ -74,9 +70,14 @@ done find xorg/themes -mindepth 1 -maxdepth 1 -type d | while read -r x; do l "$HOME/.themes/`basename "$x"`" done -find fonts -mindepth 1 -maxdepth 1 -type d | while read -r x; do - l "$HOME/share/fonts/`basename "$x"`" +find gpg -mindepth 1 -maxdepth 1 \! -name '*.gpg' | while read -r x; do + l "$HOME/.gnupg/`basename "$x"`" done +if which gpg >/dev/null; then + find gpg -mindepth 1 -maxdepth 1 -name '*.gpg' | while read -r x; do + gpg --import "$x" + done +fi # run .zprofile to set up tmp # .zprofile also sources .zshenv for compatibility