| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
mi5(1df) means I can simplify these quite a bit now
|
| |
|
|
|
|
| |
Along with accompanying Makefile rules and .gitignorances
|
| |
|
| |
|
|
|
|
| |
<https://sks-keyservers.net/verify_tls.php>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have to do this because gpg.conf doesn't understand tilde or
environment variable expansion in the configuration file, and the only
reliable way to make the ca-cert-file option work between different
implementations of gpg(1) and its cURL link is to explicitly specify the
path to the CA file.
This is probably a better approach than installing the thing as a
trusted system CA anyway, which requires root privileges that I don't
really want to assume anyone installing this has.
I'm also including the CA, CRL, and .pem for the SKS keyservers in this
commit. This seems a lesser evil than trying to pull them with cURL or
wget at make(1) time.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse>
The keyserver pool CA needs to be installed for this to work. On Debian:
# curl https://sks-keyservers.net/sks-keyservers.netCA.pem \
> /usr/local/share/ca-certificates/sks-keyservers.netCA.crt
# update-ca-certificates
|
| |
|
|
|
|
| |
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices>
|
| |
|
| |
|
| |
|
|
|