aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2014-11-13 11:13:20 +1300
committerTom Ryder <tom@sanctum.geek.nz>2014-11-13 11:13:20 +1300
commit91633c46338ddac59e2e4f1ad7f44870d471fce5 (patch)
treece3c1342c9ee870672f16f35bd23915b7e0a8c6a
parentDon't use Pathogen if Vim is ancient (diff)
downloaddotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.tar.gz
dotfiles-91633c46338ddac59e2e4f1ad7f44870d471fce5.zip
Generate gpg.conf from m4 template on make call
We have to do this because gpg.conf doesn't understand tilde or environment variable expansion in the configuration file, and the only reliable way to make the ca-cert-file option work between different implementations of gpg(1) and its cURL link is to explicitly specify the path to the CA file. This is probably a better approach than installing the thing as a trusted system CA anyway, which requires root privileges that I don't really want to assume anyone installing this has. I'm also including the CA, CRL, and .pem for the SKS keyservers in this commit. This seems a lesser evil than trying to pull them with cURL or wget at make(1) time.
-rw-r--r--.gitignore1
-rw-r--r--Makefile29
-rw-r--r--gnupg/gpg.conf.m4 (renamed from gnupg/gpg.conf)2
-rw-r--r--gnupg/sks-keyservers.net/README.markdown10
-rw-r--r--gnupg/sks-keyservers.net/crl.pem26
-rw-r--r--gnupg/sks-keyservers.net/sks-keyservers.netCA.pem32
-rw-r--r--gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc16
7 files changed, 108 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..7959a35a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+gnupg/gpg.conf
diff --git a/Makefile b/Makefile
index 9855f46b..3524a6a0 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,8 @@
-.PHONY: install \
+.PHONY: all \
+ clean \
+ distclean \
+ gnupg \
+ install \
install-bash \
install-bin \
install-curl \
@@ -30,14 +34,22 @@
test-bash \
test-bin \
test-sh \
- test-urxvt \
- usage
+ test-urxvt
-usage :
- @echo "tejr/dotfiles: Nothing to do."
+all : gnupg
@echo "Run make -n install, and read the output carefully."
@echo "If you're happy with what it'll do, then run make install."
+clean :
+ rm -f gnupg/gpg.conf
+
+distclean : clean
+
+gnupg : gnupg/gpg.conf
+
+gnupg/gpg.conf :
+ m4 -D DOTFILES_HOME="$(HOME)" gnupg/gpg.conf.m4 > gnupg/gpg.conf
+
install : install-bash \
install-curl \
install-dircolors \
@@ -74,9 +86,12 @@ install-dircolors :
install-git :
install -m 0644 -- git/gitconfig "$(HOME)"/.gitconfig
-install-gnupg :
- install -m 0700 -d -- "$(HOME)"/.gnupg
+install-gnupg : gnupg/gpg.conf
+ install -m 0700 -d -- \
+ "$(HOME)"/.gnupg \
+ "$(HOME)"/.gnupg/sks-keyservers.net
install -m 0600 -- gnupg/*.conf "$(HOME)"/.gnupg
+ install -m 0644 -- gnupg/sks-keyservers.net/* "$(HOME)"/.gnupg/sks-keyservers.net
install-i3 : install-x
install -m 0755 -d -- "$(HOME)"/.i3
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf.m4
index 2baa68cb..81a95f3d 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf.m4
@@ -26,7 +26,7 @@ keyserver hkps://hkps.pool.sks-keyservers.net
# Retrieve keys automatically; check the keyserver port cert; use whichever
# server is proffered from the pool
-keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url
+keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url ca-certfile=DOTFILES_HOME/.gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
# Include trust/validity for UIDs in listings
list-options show-uid-validity
diff --git a/gnupg/sks-keyservers.net/README.markdown b/gnupg/sks-keyservers.net/README.markdown
new file mode 100644
index 00000000..aca7ac2a
--- /dev/null
+++ b/gnupg/sks-keyservers.net/README.markdown
@@ -0,0 +1,10 @@
+sks-keyservers.net CA, CRL, and signature
+=========================================
+
+These files are downloaded from links on the [sks-keyservers.net][1] overview
+page. I've included both their signature file and the revocation list, but it's
+your responsibility to make sure that everything here is verified to your
+satisfaction.
+
+[1]: https://sks-keyservers.net/overview-of-pools.php
+
diff --git a/gnupg/sks-keyservers.net/crl.pem b/gnupg/sks-keyservers.net/crl.pem
new file mode 100644
index 00000000..43b2560b
--- /dev/null
+++ b/gnupg/sks-keyservers.net/crl.pem
@@ -0,0 +1,26 @@
+-----BEGIN X509 CRL-----
+MIIEczCCAlsCAQEwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCTk8xDTALBgNV
+BAgMBE9zbG8xHjAcBgNVBAoMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTEeMBwGA1UE
+AwwVc2tzLWtleXNlcnZlcnMubmV0IENBFw0xNDEwMTAxNjM5MTdaFw0xNTA0MDgx
+NjM5MTdaMIIBuDASAgEBFw0xMjEwMDkwMTAyMDVaMBICAQIXDTEyMTAwOTAxMDIw
+NVowEgIBAxcNMTQwNTAxMTEyMDU2WjASAgEEFw0xMjEwMDkwMTAyMDVaMBICAQgX
+DTE0MDUwNjE4MjQzMVowEgIBDBcNMTQwNjI4MTI0NTU2WjASAgERFw0xNDA0MjYx
+MjU4MjdaMBICARMXDTEzMTExMzE5MzczM1owEgIBFBcNMTQwNDI5MTczNDA0WjAS
+AgEYFw0xNDA1MDYxODIyMDVaMBICASEXDTE0MDUwMjEyNDQ1MlowEgIBIhcNMTQw
+NDI5MTczNDA0WjASAgEjFw0xMzExMTMxOTM3MzNaMBICASQXDTE0MDUwNzIwMTIy
+OFowEgIBKBcNMTQwNDI5MjAwNjAyWjASAgEpFw0xNDA0MjYxNDI0MjRaMBICASsX
+DTE0MDUwMzE0NDgwNlowEgIBLRcNMTQwNDMwMDgxNTU4WjASAgEuFw0xNDA0MzAw
+ODE2MTdaMBICAS8XDTE0MDQyNjEzMDIxNlowEgIBMxcNMTQwNDI5MTczNjIwWjAS
+AgE0Fw0xNDA1MTIxODQwNThaoA8wDTALBgNVHRQEBAICEBowDQYJKoZIhvcNAQEL
+BQADggIBAAZLkVRNqj9nL6f2Cv/AlDe0pMx2ZLNyIN3/KXSByUoIH4NMSDuPQqec
+ceUq+W5Vrh8EDUC9MbUMA1MSv/DWdG/422to8/iDnC/F423JLfOVwQABR5F37mxF
+MH+6aL9QgEezqHjnMg2MKRukB29TXR9rj3Q2HOhn+MH45Cfw7HDpCA+zaCUAHz1d
+74pyp38hfMT5s3Xm2M2ibtOoHmQYbx4rYra+dwPce41QppF2XnfV++6gxUv5F41U
+t7aouAt1ZsrIdcP+7crh4KbeTUIR3eEO/tHs74HVjhMtdsn1rTM668Dl3eg6rcv7
+CCNMgXbotNUekuWlf8YFM01BOyHUaWrMfpS/1WkKqVR/0BzMuSoPAHehoq5SGm1B
+RkVl9/acH07nvmziQQEnyJDZKaJplnIZ+vgNW07cW8eaeafVXTF8fkornyCVDE92
+YGxLQiUu2lQ4qcbb9OH1ki0LnUvCVo8SbzH913VqcvE6EHhoHyaHtBqswBwP5NZd
+ybC2bxOYhmICVnK8ee/1Yz9dnjtJsMhB3qtW3vkJ6yn7bjRLH01U8wvhJDo8Cjhe
+dyZnT3JE9lzPYb3JqkYIn1YnolUF/zhoVTcUQVSn81u44yx5yrPbsvjIsiSWt4Pd
+Q7y++Yy2Sgh9uApIF/1xqsu+dZnOR/rMQdQXwM4bmXn/6itZ/22l
+-----END X509 CRL-----
diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
new file mode 100644
index 00000000..24a2ad2e
--- /dev/null
+++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
+BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
+ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
+MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
+c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
+cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
+6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
+MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
+45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
+FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
+Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
+aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
+MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
+u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
+p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
+fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
+A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
+TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
+OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
+gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
+X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
+gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
+UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
+lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
+BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
+cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
+f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
+ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
+WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
+-----END CERTIFICATE-----
diff --git a/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc
new file mode 100644
index 00000000..5f11bc56
--- /dev/null
+++ b/gnupg/sks-keyservers.net/sks-keyservers.netCA.pem.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJUCZzxAAoJEPw7F94F4Tag/Z8P/jUOTbsCYT+bG7L+/D9s1KCz
+G2H9X4fV/fBeeAFWjgV6iNBEzZuFx9FYxmECyR1JzRektfWa3JR+rt2pipGO2UQ2
+Il2Ti6K7mVNyEnsgfq5otky7UDewmW+p5u1I7PNVcnHmArE7EueX5WB1vYhY2faY
+B4xsFuaLacQVIz9JFyKiTGu0WSkpnlByaCoMPJgifwwGhPNK8X23isKDY8U9hahh
+xWHRf/57Z+g407d6dEG/1ax8ELf68KRLGalZv9fOcZfRbFT4JV4bq/rsZuNptAqf
+8A5RDnsgXFyIgDptWnYYpra/HCPNOKdL/TxcASTsEH6s9NNw9mvNpE//JWYMV4FM
+N6h9aTezSEwAnD781JrPPZ8BlpRYWtnd3UaSbBbOdb6mze0Oh39yvYEcEO8edvC1
+RLH5OJyJIIkkO46B8cYBtokjRlcAeBgFf5GLlwdh6zGcERqsTRHtA8FmLbl1v3w1
+Xj1tUAoex27ke+z+QKBOp06t6eeNavDeN0/jDidSPQ4Q6QVy8KP9eeMDAQkd9+1F
+aCMvSxEkbuiy05grzQC0jqOXAIVwfu33kcFr2Z7boxVNEjM/ng6Ty4WXWWWbADaH
+nXGamvmUrCiODMRl4DYTB65H27tSv2J9j8WyA+IiokJOglH63nyJJy+XWbRmlgmI
++ds5RCeuq2/uVOGhSP7t
+=O9Kt
+-----END PGP SIGNATURE-----