From 002551cfee260dfb6e2cfd7fd7a0c4d286c3b733 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Sat, 13 Jul 2019 16:43:10 +1200 Subject: Reduce GnuPG config considerably Pretty sure I just got hit by this: --- .gitignore | 2 -- Makefile | 15 ++------------- gnupg/gpg.conf | 5 +++++ gnupg/gpg.conf.mi5 | 48 ------------------------------------------------ 4 files changed, 7 insertions(+), 63 deletions(-) create mode 100644 gnupg/gpg.conf delete mode 100644 gnupg/gpg.conf.mi5 diff --git a/.gitignore b/.gitignore index 825395b3..9e71ad86 100644 --- a/.gitignore +++ b/.gitignore @@ -174,7 +174,5 @@ /git/template/hooks/pre-commit /git/template/hooks/prepare-commit-msg /git/template/hooks/post-update -/gnupg/gpg.conf -/gnupg/gpg.conf.m4 /include/mktd.m4 /urxvt/ext/select diff --git a/Makefile b/Makefile index d9ca626c..e6fd8d70 100644 --- a/Makefile +++ b/Makefile @@ -269,7 +269,7 @@ GIT_TEMPLATE_HOOKS = git/template/hooks/post-update \ git/template/hooks/pre-commit \ git/template/hooks/prepare-commit-msg -all: $(BINS) git/gitconfig $(GIT_TEMPLATE_HOOKS) gnupg/gpg.conf +all: $(BINS) git/gitconfig $(GIT_TEMPLATE_HOOKS) clean distclean: rm -f -- \ @@ -282,8 +282,6 @@ clean distclean: dillo/dillorc.m4 \ git/gitconfig \ git/gitconfig.m4 \ - gnupg/gpg.conf \ - gnupg/gpg.conf.m4 \ include/mktd.m4 \ urxvt/ext/select \ vim/dist/* @@ -338,15 +336,6 @@ git/gitconfig: git/gitconfig.m4 -D SENDMAIL=$(SENDMAIL) \ git/gitconfig.m4 > $@ -KEYSERVER = hkps://hkps.pool.sks-keyservers.net -KEYID_FORMAT = none - -gnupg/gpg.conf: gnupg/gpg.conf.m4 - m4 \ - -D KEYSERVER=$(KEYSERVER) \ - -D KEYID_FORMAT=$(KEYID_FORMAT) \ - gnupg/gpg.conf.m4 > $@ - MAILDIR = $(HOME)/Mail install: install-bin \ @@ -433,7 +422,7 @@ install-git: git/gitconfig $(GIT_TEMPLATE_HOOKS) $(HOME)/.git-template"$${1#git/template}"' \ _ {} \; -install-gnupg: gnupg/gpg.conf +install-gnupg: mkdir -m 0700 -p -- $(HOME)/.gnupg cp -p -- gnupg/*.conf $(HOME)/.gnupg diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf new file mode 100644 index 00000000..1ef5e858 --- /dev/null +++ b/gnupg/gpg.conf @@ -0,0 +1,5 @@ +# Suppress the copyright message +no-greeting + +# Use the GPG agent for key management and decryption +use-agent diff --git a/gnupg/gpg.conf.mi5 b/gnupg/gpg.conf.mi5 deleted file mode 100644 index 97726d20..00000000 --- a/gnupg/gpg.conf.mi5 +++ /dev/null @@ -1,48 +0,0 @@ -# Retrieve certs automatically if possible -auto-key-locate cert pka - -# Use SHA512 as the hash when making key signatures -cert-digest-algo SHA512 - -# Specify the hash algorithms to be used for new keys as available -default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed - -# In the absence of any other recipient, encrypt messages for myself -default-recipient-self - -# Show complete dates and use proper column separation for --with-colon listing -# mode -fixed-list-mode - -# Use only fingerprints as key IDs -keyid-format <% KEYID_FORMAT %> - -# Use a pool of servers which support HKPS (encrypted key retrieval) -keyserver <% KEYSERVER %> - -# Retrieve keys automatically; check the keyserver port cert; use whichever -# server is proffered from the pool -keyserver-options auto-key-retrieve no-honor-keyserver-url - -# Include trust/validity for UIDs in listings -list-options show-uid-validity - -# Suppress the copyright message -no-greeting - -# Use SHA512 as my message digest, overriding GnuPG's efforts to use the lowest -# common denominator in hashing algorithms -personal-digest-preferences SHA512 - -# Suppress a lot of output; sometimes I add --verbose to undo this -quiet - -# Use the GPG agent for key management and decryption -use-agent - -# Include trust/validity for UIDs when verifying signatures -verify-options pka-lookups show-uid-validity - -# Assume "yes" is the answer to most questions, that is, don't keep asking me -# to confirm something I've asked to be done -yes -- cgit v1.2.3