c1a72a7d37
- /home/.chezmoiscripts/universal/run_onchange_after_11-symlink-ansible-roles.tmpl - /home/.chezmoiscripts/universal/run_before_1-decrypt-age-key.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_12-install-packages.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_14_install-aqua-packages.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_18-install-sdkman.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_50-crontab.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_99_bootstrap-zsh-plugins.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_91-configure-gpg.tmpl - /home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl - /home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl - /home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl - /home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl - /home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl - /home/.chezmoiscripts/darwin/run_onchange_before_10_install-darwin-dependencies.tmpl - /home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl - /home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_5-install-homebrew.tmpl - /home/.chezmoiscripts/_universal/run_onchange_before_8-install-zx.tmpl
38 lines
1.4 KiB
Bash
38 lines
1.4 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
{{ includeTemplate "universal/profile" }}
|
|
{{ includeTemplate "universal/logg" }}
|
|
|
|
KEYID="{{ .user.gpg.id }}"
|
|
|
|
if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
|
|
if [ ! -d "$HOME/.gnupg" ]; then
|
|
mkdir "$HOME/.gnupg"
|
|
fi
|
|
chown -R "$(whoami)" "$HOME/.gnupg/"
|
|
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
|
|
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
|
|
if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
|
|
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
|
|
curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
|
|
chmod 600 "$HOME/.gnupg/gpg.conf"
|
|
fi
|
|
KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
|
|
if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
|
|
logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
|
|
gpg --recv "$KEYID" || EXIT_CODE=$?
|
|
if [ -n "$EXIT_CODE" ]; then
|
|
logg warn 'Error downloading public GPG key'
|
|
logg info 'Retrying after turning on debug mode and using the standard DNS resolver'
|
|
sudo pkill dirmngr
|
|
dirmngr --debug-all --daemon --standard-resolver
|
|
gpg --recv "$KEYID"
|
|
fi
|
|
else
|
|
logg info 'Key is already in keyring'
|
|
fi
|
|
logg 'Ensuring the trust of the provided public GPG key is set to maximum'
|
|
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|
|
else
|
|
logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
|
|
fi
|