mirror of
https://codeberg.org/privacy1st/arch
synced 2025-01-22 04:32:42 +01:00
gnupg
This commit is contained in:
parent
b61649c837
commit
0721effd72
1
pkg/de-p1st-dns/TESTED
Normal file
1
pkg/de-p1st-dns/TESTED
Normal file
@ -0,0 +1 @@
|
||||
no output on port 53 but encrypted output on 853
|
@ -0,0 +1,74 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF5AoWEBEAC5Hkcg9dQvIc+kUR33WYGUe2fMDi7X5ZlUOavAQ4BZpOSO0ewt
|
||||
b/x7Oc3stVvfWjkPhiOeCBmdpzcNDI6Ep1Pn7pcLVYlQ1o6imB0YvzdIDCGxQFZp
|
||||
toQNj2iKcFPEoA5LKVTXzKlahbrNrL99DQ/m8R4Y9Xjhw/jSS4L5hCAdLfFHmSEk
|
||||
9gkUHlUNA0udeeXHQykJzAPYXaRjzXm3h3dVerRmOaDDYfhwyozyT0cnlEOG5011
|
||||
B03+qO/jlzqqJBkPRpy+ingVo7LQE4zkw0I3yQi6/IJNtFmEzXP1E381vyKuAJtf
|
||||
P8SF+KNtYjJwPBVVcFfXAbyRab91F+QO8Rd31TOF/xPP0w8L5qFMqxhOsrs8xwOr
|
||||
YhVn/xV9KjKFRI6gsmr7QKRt4ISyJXCKASN/GsOUe3ed36EhXxVGk7dzb7b05A1s
|
||||
Xfpa37pKgA1AEjE5hxCCuMkQfjW8FvEosrJ+bSYTK9gdHcPo4SjYqjoBfW1rrhNG
|
||||
3r7HbHg6ZTZkeN67udXdmGNomhHvUQbPCZQ48fZoVTHglOx0ucQ7qcnFGU0AItWj
|
||||
qu7OH9fsQyHy0nXbddJyYmOsSBhMhzAHOT+VzWIOawmpKc2fgP9jQjwfovvADaxc
|
||||
BGTUU+nFviDcMBDtKRswME8vj+8sbVsaDfHZvTOuD61OGIVzJiLFWJSSqwARAQAB
|
||||
tCVEYW5pZWwgTGFuZ2JlaW4gPGRhbmllbEBzeXN0ZW1saS5vcmc+iQJOBBMBCgA4
|
||||
FiEElPPT3awigCJY/ARLbEfHU/CCMAIFAl5AoWECGwMFCwkIBwMFFQoJCAsFFgID
|
||||
AQACHgECF4AACgkQbEfHU/CCMALcNhAAif0ulNF9Iv4CnrwSncnvWsP8qv9ZR+dN
|
||||
GKkmhRVHiuFI+RGPsZmNRDIh8OCDX0N3ZsRZnKqhIHTOo2MH7XKgANE5abvpS2EO
|
||||
iaXqDVcfFhwlQm/fngo2ZO0CVN+UBdxbfqPh+/EGfSMklo41a/DBJSZHObMStMfS
|
||||
Qk8H6SDYI4z/BN26UByjd3VWG/SQhvbu3i8TYXtdxbjLA/HGCczJEH31jR/J/upO
|
||||
8WHI5ijm0uvsPXfc1plVTOqrUwUl6R6ynqGAMvJZqjBm4ITcvgh9Q8iFxD5jeemJ
|
||||
ltM1u5GzG/km+Gb57TCd2MHD3WMad4QL+gkMPJUHEjhb1ez/+vatmwALNSNOkYUI
|
||||
AIU2TJ/CQfVe4SHeoCgb4G2PCMi2wFczrYafAfCZggZWifMkclD5R2lri53ax3XZ
|
||||
3tuw1J0GxibK+acKEajhzX9VNP9KcsJaoncqGY0KMJp2/sg0o2ocNrPqzUyhyP49
|
||||
p/qcpugWmZebzV/zE4zjhC1ZZJXad2SYqylC5QzuCRq0WBC8idv3SeNLnm63IsHu
|
||||
bBs9tFNdbP5FjgfVrDvo18UXC80MvtoaGrEq568iTp/XjZQ4vhmrynBES9Ah7vsR
|
||||
uLhcJRTqqb5AprXPQ5OEWudhuqIzOZbT2pJlYToyD/l4pQEsxFIf9UMSlJeVmL7y
|
||||
RE7iZCw0Bcy5Ag0EXkChYQEQAPt7FK6vYfGXK9glVI5IOoG97kMGnISmwioFl/lr
|
||||
SfLeH/60VgQSrq2bHvbV2YcroaC3JhUZUcPQXc0zPOMMiOIALgLVYDJSH7+iTqz6
|
||||
YcwFXCcoY0WFtdglisCJjjXC+SyxOBHCrCP8KhkO9vlf/UyMahPZPjMb74Uvobbi
|
||||
Jng8E8Un09nJiD2VfM6HQkd57BodXmBznb79ZatMrqbd9dPbiMDuWe6q3JvDVmqR
|
||||
EZhmFOtbbtB6APlEB5jIuvS2qQETX9o/Jonw7QntBZ/x/F4G+lgZo8KOJC6UvsVd
|
||||
GLhsqfIT0Wml631gldEv5uWvF04Vjs6G1MsrCUB2wNHYPLN38w1VewI5qy6RBe52
|
||||
dHpVOoIXXMPNy+1thU8bgCiwhbuWFNXFJvwgnYqAc4K7IxQWXTlC4uH1cWAN46t3
|
||||
GsWORZj5igx5+H9LKQ3gPke6xiiKQaEsjJ0gurO9gtZO6a2HwDxCBi/2/Yo3NI7T
|
||||
o4Z1VVYS/L906o9A4hSZz+Hpy17/roXkzgzxLCfC/cP6nL1nYSBXCQCCQN5FQ9DQ
|
||||
S04YJDa9yN0WDF/wDS/fKVC1CckHFKwSBeBTvIcOkwpdMNdg2tqbBFYBBSZpWwHQ
|
||||
esL2D5Edg6ZNanKsouLp0pXi5bxr/q79wAJDh6jua3yl0Qf0HG0b+Ox4ebwFxNtD
|
||||
AY2XABEBAAGJAjYEGAEKACAWIQSU89PdrCKAIlj8BEtsR8dT8IIwAgUCXkChYQIb
|
||||
DAAKCRBsR8dT8IIwAsSiEACvYTFz8r79p3BOufn9vVqT3iy7Dq38Tz2otcTQJLmp
|
||||
TausS0ICza0VOs3zg5c5DkyDm87FXYUzHxM6qLZKQI0oyEOCih8hNoLHnZ5j2ZQM
|
||||
O7RUOzbXHBiB7trxcWKC6bgWIBRq11IdnZzIKeWaWxCDxt5MzeZD6gGJGb8zfvLS
|
||||
44JWmsnH3hEfXF6cO3yBWxptka9K0+ZD6RB93Kfaubs0cLaQKRwMuM+22icgvIpv
|
||||
/yISodwY9ELvlqgHDJjUQkBMrgEXeXreOsDh1qJAFHFxbhgXUIs2OUXrt39FKpZo
|
||||
bgQOO0yp8rFAf1gAcKVwI9kUWPYyK2zamKvloQQEn4zH87dwCJdCXgPcfx+XKD62
|
||||
FkZM9Ea2eMjtujcfoqZ6w0oZCvOxi/XadUReXj/4BZVFL0nWUCD2/5rX5I3iT1QW
|
||||
48LhCx/Ny0b8pcnwHqctJ6KnuOBR3QZuLhd7hvKYOMTUVQa9aEBFkmm7T75aKUki
|
||||
HNw3d2fqOY/+Z9ZvFRKGY31d9w14m05usLXqUQBZf/efcfsk/pcHP2Pn0ckSxuwo
|
||||
zHFIACkPMFgSfkZsBOVItp1JxeUp2pvFIhGkzOdWh5N9ufGmD66cSR3MCO/wynsU
|
||||
N+Glr782PDpzcUjpsirIoYir6I//yhDrRlKDE41Gp4r3bXNcFvgHmS/653ybqWl4
|
||||
9LkCDQReQKOcARAAqYIoQIPEM7uavgBlxy0e6fq60tcgdCpWW/2PxMGU9eRIRLbF
|
||||
DKgTEYmNE3YykFNG66MsoGZ8pnHC5gl74oRIJN85P4T/FRA5jecJhNrUQT0eJUo6
|
||||
PBNUfDe/RvoGhZMIvd0GIeezLBn2vZOLbxqyctMmg+xqz6rUH/iCLr1deFiUAKp4
|
||||
pE3WxakY5OSRnmq2C1O40imvvTZkeyUPTRMaMiD4JkP6XdF3NqrfJOVBn89xzPTA
|
||||
JiFUN9MISuptYmGfJ8RInR6363kMfDTmu7o6OM0J1dTWL0VIzm6/6siIT1Og2C09
|
||||
plUTbqUBSseiyN/DuFNd4XroFBaid876IN2g7K4hYr/I8yQCb1l8e0N06ioaohvV
|
||||
U5MAcNTQ2wgDlyohHTH4gmG3Qn6TYHXqVO+WzJaCXEkEFVKqB9rUIUm8Ci7kRYDp
|
||||
8mh6b1m4nlwUXFJ3xvIIOKeI6osMeZWsHhHjiDg/4uxtTI8ew49nLZ0/yC2rf8bH
|
||||
/mNFuHia923OS/YIYMOsLCmzUqsIxVAhXB3AESt4L0h/oTtvwaYDFaMr2YzuTzbl
|
||||
Kn7Ge2yCLOXA3cgf5ct4qyrmkc9ft8dceID4EojnI4ux8T8KIM4T7Mn6ESxzbfbS
|
||||
eV+JxdiM9TOUUyaW2QoushI/vUPORVYw++gRFrmXtfJEa8Ibi3/14CnRfbUAEQEA
|
||||
AYkCNgQYAQoAIBYhBJTz092sIoAiWPwES2xHx1PwgjACBQJeQKOcAhsgAAoJEGxH
|
||||
x1PwgjACWlsQAKOWGqOjBBEeS5bhhJ/6KgoDE7+qgIwPcqxEILYT+z96rTWmVC7I
|
||||
/7yext3ZAWf1gzT7+5Pp9IU8CvJf1TEaf/55roCuQ5R/EdVn81m7znBh9ADxKSTS
|
||||
xvKYa//gako4VIOj9Ejo4uExyCZiMSuWz62mcP43SghdL6ZOJW7jLtaNaZcN0bdv
|
||||
DJABfLsYIkBclYgK8yF07XwuXJ2pdYkP4lWpq4/282Or7CkwXtm25n+EepZfsPsx
|
||||
TlRJezYrnaEi7Anl3CU3eyCbTAoKp4DGzYxlnek7VKlMRaxTAoA4RU5F3TqZIOdm
|
||||
yG+2ol7Csn5shpvY+kNHeDe0v0vfpkhMOxHOQKvO5ApwKvAc3KuQaHbnCudY7fU0
|
||||
T+wqTAJEARz4KI8+ncYRBl7hUuiiR3sT/Q11mvl79Cldly8JJ1jRrXZVQzS2Y2S6
|
||||
tXVBxNckuyVTw7oR1jyq9pv5oVArBbxnNTuMhoptVrDqh2ifkMWHwqqVGy07YKy/
|
||||
qKYRlU2YOkdGz91RPcABf5uip+q6fqO1JAT8ddi0O9xuIUhvzKcOx2sxIVrGuejx
|
||||
XvsYEEf0HuHQ1mcOgWZLUYjt2UwClz9LRX/5pmPb2CUyf4Nt2PNgpNSk6jMAsw9c
|
||||
HOIRJevfUeTtJUGLzI5+40eR0a6ZYovb5L1SzR9EZjMKIdQvz7wQdPes
|
||||
=McwK
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
16
pkg/de-p1st-gnupg/99_import_pubkey.sh
Normal file
16
pkg/de-p1st-gnupg/99_import_pubkey.sh
Normal file
@ -0,0 +1,16 @@
|
||||
function import-pubkey() {
|
||||
echo "Importing public key ..."
|
||||
|
||||
gpg --import /usr/share/gnupg/94F3D3DDAC22802258FC044B6C47C753F0823002.pub || {
|
||||
echo "p1st: Error importing pubkey!";
|
||||
return 1;
|
||||
}
|
||||
echo "94F3D3DDAC22802258FC044B6C47C753F0823002:6:" | gpg --import-ownertrust || {
|
||||
echo "p1st: Error changing trust!"
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if ! gpg --export-ownertrust | grep --quiet '^94F3D3DDAC22802258FC044B6C47C753F0823002:6:$'; then
|
||||
import-pubkey
|
||||
fi
|
@ -2,8 +2,8 @@
|
||||
_pkgname=gnupg
|
||||
_reponame=arch
|
||||
pkgname="de-p1st-$_pkgname"
|
||||
pkgver=0.0.5
|
||||
pkgrel=2
|
||||
pkgver=0.0.6
|
||||
pkgrel=1
|
||||
pkgdesc="gnupg with configuration"
|
||||
arch=('any')
|
||||
url="https://codeberg.org/privacy1st/${_reponame}"
|
||||
@ -32,5 +32,8 @@ package() {
|
||||
install -Dm0600 gpg.conf "$pkgdir"/etc/skel/.gnupg/gpg.conf
|
||||
install -Dm0600 gpg-agent.conf "$pkgdir"/etc/skel/.gnupg/gpg-agent.conf
|
||||
|
||||
install -Dm0544 zshrc.holoscript "$pkgdir"/usr/share/holo/files/"$pkgname"/etc/zsh/zshrc.holoscript
|
||||
install -Dm0544 interactive-shell.holoscript "$pkgdir"/usr/share/holo/files/"$pkgname"/etc/bash.bashrc.holoscript
|
||||
install -Dm0544 interactive-shell.holoscript "$pkgdir"/usr/share/holo/files/"$pkgname"/etc/zsh/zshrc.holoscript
|
||||
|
||||
install -Dm0644 99_import_pubkey.sh "$pkgdir"/etc/profile.d/99_import_pubkey.sh
|
||||
}
|
||||
|
@ -6,7 +6,40 @@
|
||||
* default to terminal-pinentry
|
||||
* `de-p1st-gnupg-x11` then changes the /etc/skel files to use graphical-pinentry
|
||||
|
||||
**TODO**:
|
||||
|
||||
To use a smartcard on a new computer, one has to import and then trust the public key!
|
||||
|
||||
```shell
|
||||
gpg --import 94F3D3DDAC22802258FC044B6C47C753F0823002.pub
|
||||
```
|
||||
|
||||
And then trust the key:
|
||||
|
||||
```shell
|
||||
gpg --edit-key 0x94F3D3DDAC22802258FC044B6C47C753F0823002
|
||||
trust
|
||||
5
|
||||
y
|
||||
quit
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```shell
|
||||
printf "5\ny\nquit\n" | gpg --command-fd 0 --expert --edit-key 0x94F3D3DDAC22802258FC044B6C47C753F0823002 trust
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```shell
|
||||
echo "94F3D3DDAC22802258FC044B6C47C753F0823002:6:" | gpg --import-ownertrust
|
||||
```
|
||||
|
||||
See also:
|
||||
* [export/import ownertrust](https://superuser.com/a/1125128)
|
||||
|
||||
---
|
||||
|
||||
GnuPG german mini HowTo:
|
||||
* [pdf](GnuPG_MiniHowto_ger_20200215.pdf)
|
||||
@ -22,11 +55,6 @@ Using a smartcard:
|
||||
* kuketz-blog.de: [gnupg-public-key-authentifizierung-nitrokey-teil3](https://www.kuketz-blog.de/gnupg-public-key-authentifizierung-nitrokey-teil3/)
|
||||
* [gnupg.org -> Invoking-GPG_AGENT](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html)
|
||||
|
||||
Note about login shell:
|
||||
|
||||
> `/etc/profile` This file should be sourced by all POSIX sh-compatible shells upon login: it sets up $PATH and other environment variables and application-specific (/etc/profile.d/*.sh) settings upon login.
|
||||
|
||||
|
||||
## gpg.conf
|
||||
|
||||
Location: `~/.gnupg/gpg.conf`
|
||||
@ -69,7 +97,7 @@ usr/bin/pinentry-gnome3 is owned by core/pinentry 1.1.1-1
|
||||
* These two shell lines are demanded by the gnupg documentation in the chapter `Invoking GPG-AGENT`
|
||||
* man 1 gpg-agent -> EXAMPLES -> set env variable GPG_TTY in your login shell
|
||||
|
||||
One's login shell should run this:
|
||||
One's interactive, non-login shell, should run this:
|
||||
|
||||
```shell
|
||||
GPG_TTY=$(tty)
|
||||
@ -81,7 +109,7 @@ gpg-connect-agent updatestartuptty /bye >/dev/null
|
||||
|
||||
* Archwiki: [GnuPG#Set_SSH_AUTH_SOCK](https://wiki.archlinux.org/index.php/GnuPG#Set_SSH_AUTH_SOCK)
|
||||
|
||||
One's login shell should run the following.
|
||||
One's interactive, non-login shell, should run this:
|
||||
|
||||
```shell
|
||||
unset SSH_AGENT_PID
|
||||
@ -91,9 +119,21 @@ if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
|
||||
fi
|
||||
```
|
||||
|
||||
## Note about "interactive, non-login, shell"
|
||||
|
||||
---
|
||||
The gnupg manual is talking about "login shell" but mentions "~/.bashrc",
|
||||
so I assume they mean a "interactive, non-login, shell".
|
||||
See https://wiki.archlinux.org/title/bash#Configuration_files
|
||||
|
||||
Correct files to set `SSH_AGENT_PID` and `GPG_TTY`:
|
||||
|
||||
* `/etc/bash.bashrc`
|
||||
* `/etc/zsh/zshrc`
|
||||
|
||||
These not work:
|
||||
|
||||
**Note**:
|
||||
* `/etc/profile.d/99_gnupg.sh` does **not** work!
|
||||
* `/etc/X11/xinit/xinitrc.d/`
|
||||
> `/etc/profile` This file should be sourced by all POSIX sh-compatible shells
|
||||
> upon login: it sets up $PATH and other environment variables and application-specific
|
||||
> (/etc/profile.d/*.sh) settings upon login.
|
||||
* `/etc/X11/xinit/xinitrc.d/`
|
||||
|
@ -3,7 +3,8 @@
|
||||
# stdout: modified config
|
||||
cat
|
||||
|
||||
echo 'GPG_TTY=$(tty)
|
||||
echo '
|
||||
GPG_TTY=$(tty)
|
||||
export GPG_TTY
|
||||
gpg-connect-agent updatestartuptty /bye >/dev/null
|
||||
|
||||
@ -11,4 +12,9 @@ unset SSH_AGENT_PID
|
||||
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
|
||||
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
|
||||
export SSH_AUTH_SOCK
|
||||
fi'
|
||||
fi'
|
||||
|
||||
# Source import of public key
|
||||
if [ -f ~/import-pubkey ]; then
|
||||
. /etc/bashrc
|
||||
fi
|
@ -2,7 +2,7 @@
|
||||
_pkgname=installer
|
||||
_reponame=arch
|
||||
pkgname="de-p1st-$_pkgname"
|
||||
pkgver=0.1.9
|
||||
pkgver=0.1.10
|
||||
pkgrel=1
|
||||
pkgdesc="Bash script to install Arch Linux"
|
||||
arch=('any')
|
||||
|
@ -42,5 +42,8 @@ ADDITIONAL_PKGS+=('mkinitcpio' 'de-p1st-kernel-lts' 'de-p1st-ucode-placeholder'
|
||||
#
|
||||
# XFCE4 desktop with HiDPI
|
||||
ADDITIONAL_PKGS+=('de-p1st-gpu-generic' 'de-p1st-xfce4-hidpi' 'de-p1st-sddm-autologin-yoda' 'de-p1st-sddm-theme-default')
|
||||
#
|
||||
# smartcard
|
||||
ADDITIONAL_PKGS+=('de-p1st-smartcard')
|
||||
ADDITIONAL_PKGS+=('de-p1st-smartcard')
|
||||
# other programs
|
||||
ADDITIONAL_PKGS+=('nextcloud-client' 'keepassxc' 'xournalpp')
|
||||
|
Loading…
x
Reference in New Issue
Block a user