aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2020-05-19 22:11:52 +1200
committerTom Ryder <tom@sanctum.geek.nz>2020-05-19 22:13:52 +1200
commit9f3407f48d642e32ca60b66802d3468bedbc88fc (patch)
treeabd607d6b25df4c1921e75fc0a094cabae5d6acb
parentMerge branch 'release/v9.3.0' into develop (diff)
downloaddotfiles-9f3407f48d642e32ca60b66802d3468bedbc88fc.tar.gz
dotfiles-9f3407f48d642e32ca60b66802d3468bedbc88fc.zip
Update Mutt config; self and opportunistic encrypt
Install the GPG_KEYID export, built using whatever the value of the GPG_KEYID macro is (renamed from KEY)
-rw-r--r--.gitignore2
-rw-r--r--Makefile19
-rw-r--r--git/config.mi52
-rw-r--r--gnupg/profile.d/gnupg.sh.mi53
-rw-r--r--mutt/muttrc42
5 files changed, 61 insertions, 7 deletions
diff --git a/.gitignore b/.gitignore
index 6f90d859..6d38b02a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -181,6 +181,8 @@
/git/template/hooks/pre-commit
/git/template/hooks/prepare-commit-msg
/git/template/hooks/post-update
+/gnupg/profile.d/gnupg.sh
+/gnupg/profile.d/gnupg.sh.m4
/include/mktd.m4
/less/less
/urxvt/ext/select
diff --git a/Makefile b/Makefile
index ee57aba9..724473aa 100644
--- a/Makefile
+++ b/Makefile
@@ -97,7 +97,7 @@ XDG_DATA_HOME = $(HOME)/.local/share
NAME = 'Tom Ryder'
EMAIL = tom@sanctum.geek.nz
-KEY = FA09C06E1B670CD0B2F5DE60C14286EA77BB8872
+GPG_KEYID = FA09C06E1B670CD0B2F5DE60C14286EA77BB8872
SENDMAIL = msmtp
BINS = bin/ap \
@@ -282,7 +282,11 @@ GIT_TEMPLATE_HOOKS = git/template/hooks/post-update \
git/template/hooks/pre-commit \
git/template/hooks/prepare-commit-msg
-all: $(BINS) git/config less/less $(GIT_TEMPLATE_HOOKS)
+all: $(BINS) \
+ $(GIT_TEMPLATE_HOOKS) \
+ git/config \
+ gnupg/profile.d/gnupg.sh \
+ less/less
clean distclean:
rm -f -- \
@@ -295,6 +299,7 @@ clean distclean:
dillo/dillorc.m4 \
git/config \
git/config.m4 \
+ gnupg/profile.d/gnupg.sh \
include/mktd.m4 \
less/less \
urxvt/ext/select \
@@ -347,7 +352,7 @@ git/config: git/config.m4
m4 \
-D NAME=$(NAME) \
-D EMAIL=$(EMAIL) \
- -D KEY=$(KEY) \
+ -D GPG_KEYID=$(GPG_KEYID) \
-D SENDMAIL=$(SENDMAIL) \
-D XDG_CONFIG_HOME=$(XDG_CONFIG_HOME) \
git/config.m4 > $@
@@ -355,6 +360,11 @@ git/config: git/config.m4
less/less: less/lesskey
lesskey --output $@ less/lesskey
+gnupg/profile.d/gnupg.sh: gnupg/profile.d/gnupg.sh.m4
+ m4 \
+ -D GPG_KEYID=$(GPG_KEYID) \
+ gnupg/profile.d/gnupg.sh.m4 > $@
+
MAILDIR = $(HOME)/Mail
install: install-bin \
@@ -443,7 +453,8 @@ install-git: git/config $(GIT_TEMPLATE_HOOKS)
$(XDG_CONFIG_HOME)/git/template"$${1#git/template}"' \
_ {} \;
-install-gnupg:
+install-gnupg: gnupg/profile.d/gnupg.sh install-sh
+ cp -p -- gnupg/profile.d/* $(HOME)/.profile.d
mkdir -m 0700 -p -- $(HOME)/.gnupg
cp -p -- gnupg/*.conf $(HOME)/.gnupg
diff --git a/git/config.mi5 b/git/config.mi5
index fba79411..3337a683 100644
--- a/git/config.mi5
+++ b/git/config.mi5
@@ -34,4 +34,4 @@
[user]
name = <% NAME %>
email = <% EMAIL %>
- signingKey = <% KEY %>
+ signingKey = <% GPG_KEYID %>
diff --git a/gnupg/profile.d/gnupg.sh.mi5 b/gnupg/profile.d/gnupg.sh.mi5
new file mode 100644
index 00000000..33a57dd0
--- /dev/null
+++ b/gnupg/profile.d/gnupg.sh.mi5
@@ -0,0 +1,3 @@
+# GPG key details
+GPG_KEYID=<% GPG_KEYID %>
+export GPG_KEYID
diff --git a/mutt/muttrc b/mutt/muttrc
index 528127fe..bd244f8a 100644
--- a/mutt/muttrc
+++ b/mutt/muttrc
@@ -26,13 +26,51 @@ set beep_new
#
unset confirmappend
-# Use the GPGME library for PGP. Sign replies to messages that are themselves
-# signed or encrypted.
+# Use the GPGME library for PGP; sign replies to messages that are themselves
+# signed (whether encrypted or not), and encrypt when we have a key for every
+# recipient (opportunistic).
#
set crypt_use_gpgme
+set crypt_opportunistic_encrypt
set crypt_replysign
set crypt_replysignencrypted
+# Use a default key for self-encrypting both sent and draft messages so that
+# they're protected but legible. This defaults to the GPG_KEYID environment
+# variable, so be careful to set that lest you send useless OpenPGP headers!
+# My kingdom for muttrc(5) conditionals...
+#
+set pgp_default_key = $GPG_KEYID
+set pgp_self_encrypt
+set postpone_encrypt
+
+# Always include OpenPGP header with the selected default key, regardless of
+# whether the message is protected or not:
+#
+# <https://datatracker.ietf.org/doc/draft-josefsson-openpgp-mailnews-header/>
+#
+# This RFC has expired and doesn't seem to have seen widespread adoption, but
+# it seems that Thunderbird's Enigmail extension is still sending key IDs with
+# it, and it doesn't do any harm.
+#
+my_hdr OpenPGP: id=$pgp_default_key\; \
+preference=signencrypt\; \
+url=https://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0x$pgp_default_key
+
+# Because I (personally) never want to encrypt mail without signing it, add in
+# a hook for sending or changing a message that forces a signature if it's
+# encrypted but not signed. This may not suit anyone else reading.
+#
+send-hook '~G !~g' 'push <pgp-menu>s'
+send2-hook '~G !~g' 'push <pgp-menu>s'
+
+# Because of the order in which opportunistic encryption is applied, we queue
+# up a no-op change by opening the PGP menu and then doing nothing (pressing
+# Enter), to trigger send2-hooks to run and turn signatures on if opportunistic
+# encryption happens to have decided to switch encryption on.
+#
+send-hook '!~G !~g' 'push <pgp-menu><enter>'
+
# Default to a subject format for forwarded messages that's more familiar to
# most mail users, unless sending mail to a list where they're more likely to
# appreciate the nicer default that uses square brackets and the author email