Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
#!/usr/bin/env bash
2023-04-11 20:57:02 -07:00
# @file GPG Configuration
# @brief Imports the public GPG key defined by the variable `KEYID` and then assigns it ultimate trust
# @description
# This script imports your publicly hosted GPG key using `pgp.mit.edu` as the key host. It then assigns it
# the ultimate trust level. It also downloads and configures GPG to use the configuration defined in `.config.gpg`
# in the `home/.chezmoidata.yaml` file.
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
2023-01-24 20:36:59 -08:00
{{ includeTemplate "universal/profile-before" }}
{{ includeTemplate "universal/logg-before" }}
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
2023-07-10 23:04:11 -07:00
export KEYID="{{ .user.gpg.id }}"
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
2022-11-27 19:44:11 -08:00
if [ -n " $ KEYID " ] && command -v gpg > /dev/null; then
if [ ! -d " $ HOME /.gnupg" ]; then
mkdir " $ HOME /.gnupg"
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
fi
2023-02-03 20:53:29 -08:00
chown "$(whoami)" " $ HOME /.gnupg"
chmod 700 " $ HOME /.gnupg"
chown -Rf "$(whoami)" " $ HOME /.gnupg/"
2022-11-27 19:44:11 -08:00
find " $ HOME /.gnupg" -type f -exec chmod 600 {} \;
find " $ HOME /.gnupg" -type d -exec chmod 700 {} \;
2023-11-30 01:20:26 -08:00
if [ -f " ${ XDG_DATA_HOME : - $ HOME / . local / share } /chezmoi/home/private_dot_gnupg/public/ ${ KEYID } .asc" ]; then
logg info "Importing GPG key stored in ${ XDG_DATA_HOME : - $ HOME / . local / share } /chezmoi/home/private_dot_gnupg/public/ ${ KEYID } .asc since its name matches the GPG key ID in .chezmoi.yaml.tmpl"
gpg --import " ${ XDG_DATA_HOME : - $ HOME / . local / share } /chezmoi/home/private_dot_gnupg/public/ ${ KEYID } .asc" && logg success 'Successfully imported master GPG key'
fi
2022-11-27 19:44:11 -08:00
if [ ! -f " $ HOME /.gnupg/gpg.conf" ]; then
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
2022-11-27 19:44:11 -08:00
curl -sSL "{{ .config.gpg }}" > " $ HOME /.gnupg/gpg.conf"
chmod 600 " $ HOME /.gnupg/gpg.conf"
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
fi
2022-11-27 19:44:11 -08:00
KEYID_TRIMMED="$(echo " $ KEYID " | sed 's/^0x//')"
if ! gpg --list-secret-keys --keyid-format=long | grep " $ KEYID_TRIMMED " > /dev/null; then
2023-07-10 23:04:11 -07:00
logg info 'Killing dirmngr instance and reloading daemon with standard-resolver'
2023-07-10 23:39:01 -07:00
sudo pkill dirmngr
dirmngr --daemon --standard-resolver
2023-07-10 23:04:11 -07:00
if [ -f " $ HOME /.gnupg/public/ $ KEYID . sig " ]; then
gpg --import " $ HOME /.gnupg/public/ $ KEYID . sig "
else
2023-11-04 18:46:18 -07:00
logg info 'Attempting to download the specified public GPG key ({{ .user.gpg.id }}) from public keyservers'
2023-07-10 23:04:11 -07:00
gpg --keyserver https://pgp.mit.edu --recv " $ KEYID " || EXIT_CODE=$?
2023-01-04 18:04:26 -08:00
if [ -n " $ EXIT_CODE " ]; then
2023-07-10 23:04:11 -07:00
logg info 'Non-zero exit code received when downloading public GPG key'
gpg --keyserver hkps://pgp.mit.edu --recv " $ KEYID " || EXIT_CODE=$?
if [ -n " $ EXIT_CODE " ]; then
logg info 'Non-zero exit code received when trying to retrieve public user GPG key on hkps://pgp.mit.edu'
else
logg success 'Successfully imported configured public user GPG key'
2023-01-04 18:49:37 -08:00
fi
2023-01-04 18:04:26 -08:00
fi
2022-11-30 00:45:17 -08:00
fi
2023-07-10 23:04:11 -07:00
logg info 'Stopping dirmngr'
gpgconf --kill dirmngr && logg info 'Stopped dirmngr' || info warn 'Failed to stop dirmngr'
2022-11-27 19:44:11 -08:00
else
logg info 'Key is already in keyring'
fi
logg 'Ensuring the trust of the provided public GPG key is set to maximum'
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key " $ KEYID "
else
2023-11-04 18:46:18 -07:00
logg warn 'gpg appears to be unavailable. Is it installed and on the PATH?'
Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
2022-11-27 09:46:53 -08:00
fi
