From 372276b7c479d6d988a881b9b7ef29206e3c391b Mon Sep 17 00:00:00 2001 From: sev Date: Thu, 8 Oct 2020 09:20:14 -0500 Subject: [PATCH 1/1] add gpg, update install.sh, fix .zshenv.local gpg configs added and install.sh updated for them gpg agent started under .zshenv fixed .zshenv.local not being read removed oboslete dabuild references from install.sh --- base/.zshenv | 13 ++++++++++--- gpg/gpg-agent.conf | 3 +++ gpg/gpg.conf | 43 +++++++++++++++++++++++++++++++++++++++++++ install.sh | 21 +++++++++++---------- 4 files changed, 67 insertions(+), 13 deletions(-) create mode 100644 gpg/gpg-agent.conf create mode 100644 gpg/gpg.conf diff --git a/base/.zshenv b/base/.zshenv index 1809f47..46b0e66 100644 --- a/base/.zshenv +++ b/base/.zshenv @@ -23,15 +23,22 @@ export XDG_RUNTIME_DIR=~/tmp export PYTHONSTARTUP=~/.pythonrc ## perl (( ${+commands[perl]} )) && eval $(perl -I $XDG_DATA_HOME/perl5/lib/perl5 -Mlocal::lib=$XDG_DATA_HOME/perl5) +## gpg +export GPG_TTY=$(tty) +if [[ ! -v SSH_AUTH_SOCK ]] { + # set up SSH auth socket and start GPG agent + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +} +gpg-connect-agent updatestartuptty /bye >/dev/null ### freebsd -if [[ "$OSTYPE" =~ "^freebsd" ]]; then +if [[ "$OSTYPE" =~ "^freebsd" ]] { export CLICOLOR= export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=46;34:cd=43;34:su=41;30:sg=46;30:tw=42;30:ow=43;30' -fi +} ### load site-specific -if [[ -e "~/.zshenv.local" ]] && [[ ! -v _ZSHENV_LOADED ]] { +if [[ -f ~/.zshenv.local ]] && [[ ! -v _ZSHENV_LOADED ]] { export _ZSHENV_LOADED= source ~/.zshenv.local } diff --git a/gpg/gpg-agent.conf b/gpg/gpg-agent.conf new file mode 100644 index 0000000..7b6f994 --- /dev/null +++ b/gpg/gpg-agent.conf @@ -0,0 +1,3 @@ +enable-ssh-support +default-cache-ttl 0 +pinentry-program /usr/bin/pinentry-x11 diff --git a/gpg/gpg.conf b/gpg/gpg.conf new file mode 100644 index 0000000..0b30d7a --- /dev/null +++ b/gpg/gpg.conf @@ -0,0 +1,43 @@ +# cryptography preferences +personal-cipher-preferences AES256 AES192 AES +personal-digest-preferences SHA512 SHA384 SHA256 +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +# key signing algo +cert-digest-algo SHA512 +# symmetric operations algos +s2k-digest-algo SHA512 +s2k-cipher-algo AES256 + +# general +expert +charset utf-8 +use-agent +default-key 0x747327ED5BA43ED5 +trusted-key 0x747327ED5BA43ED5 + +# visual +no-greeting +keyid-format 0xlong +list-options show-uid-validity +verify-options show-uid-validity show-keyserver-urls +with-fingerprint +with-keygrip +with-key-origin + +# hardening +# disable caching of passphrase for symmetrical ops +no-symkey-cache +# disable recipient key ID in messages +throw-keyids + +# keyservers +keyserver hkps://keys.openpgp.org +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver hkps://pgp.ocf.berkeley.edu +keyserver hkps://pgp.mit.edu +keyserver hkps://keyring.debian.org +keyserver hkps://keyserver.ubuntu.com +keyserver hkps://attester.flowcrypt.com +keyserver hkps://zimmermann.mayfirst.org +keyserver-options auto-key-retrieve diff --git a/install.sh b/install.sh index 23a1910..25e094a 100755 --- a/install.sh +++ b/install.sh @@ -21,7 +21,7 @@ fi # create preferred folder structure cd ~ -mkdir -p bin etc share share/fonts .urxvt/ext .icons .themes >$devnull 2>&1 +mkdir -p bin etc share share/fonts .urxvt/ext .icons .themes .gnupg >$devnull 2>&1 mkdir -pm 700 var/tmp var/tmp/vim >$devnull 2>&1 cd - >$devnull @@ -47,16 +47,12 @@ l() { find base -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/`basename "$x"`" done -# requires existing source tree and `make dabuild` -for x in dabuild dabuild-admin; do - x="$HOME/src/docker-abuild/$x" - if [ -e "$x" ]; then - l "$HOME/bin/`basename "$x"`" "$x" - fi -done find bin share -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/$x" done +find fonts -mindepth 1 -maxdepth 1 -type d | while read -r x; do + l "$HOME/share/fonts/`basename "$x"`" +done find xdg -mindepth 1 -maxdepth 1 | while read -r x; do l "$HOME/etc/`basename "$x"`" done @@ -74,9 +70,14 @@ done find xorg/themes -mindepth 1 -maxdepth 1 -type d | while read -r x; do l "$HOME/.themes/`basename "$x"`" done -find fonts -mindepth 1 -maxdepth 1 -type d | while read -r x; do - l "$HOME/share/fonts/`basename "$x"`" +find gpg -mindepth 1 -maxdepth 1 \! -name '*.gpg' | while read -r x; do + l "$HOME/.gnupg/`basename "$x"`" done +if which gpg >/dev/null; then + find gpg -mindepth 1 -maxdepth 1 -name '*.gpg' | while read -r x; do + gpg --import "$x" + done +fi # run .zprofile to set up tmp # .zprofile also sources .zshenv for compatibility -- 2.47.0