Skip to content

Instantly share code, notes, and snippets.

@piyoki

piyoki/gpg.sh

Created March 10, 2024 03:58
Show Gist options
  • Save piyoki/4f8f7557fd08b192e84b2de9f509e563 to your computer and use it in GitHub Desktop.
Save piyoki/4f8f7557fd08b192e84b2de9f509e563 to your computer and use it in GitHub Desktop.
Download ZIP
Script to setup gnupg
Raw
gpg.sh
#!/bin/sh
KEY_NAME="sa-slchris.asc"
LOCAL_KEYSERVER="http://192.168.56.109:9001"
KEY="5BB4DC20DCA50A499219935036F2D646E2E89820" # Key fingerprint
GPG_DIR="/etc/portage/gnupg"
PASS="$(openssl rand -base64 32)"
KEY_CONFIG_FILE="$(mktemp)"
chmod 600 "${KEY_CONFIG_FILE}"
export GNUPGHOME="${GPG_DIR}"
cat > "${KEY_CONFIG_FILE}" <<EOF
%echo Generating Portage local OpenPGP trust key
Key-Type: default
Subkey-Type: default
Name-Real: Portage Local Trust Key
Name-Comment: local signing only
Name-Email: portage@localhost
Expire-Date: 0
Passphrase: ${PASS}
%commit
%echo done
EOF
mkdir -p "${GNUPGHOME}"
gpg --batch --generate-key "${KEY_CONFIG_FILE}"
rm -f "${KEY_CONFIG_FILE}"
touch "${GNUPGHOME}/pass"
chmod 600 "${GNUPGHOME}/pass"
echo "${PASS}" > "${GNUPGHOME}/pass"
curl $LOCAL_KEYSERVER/$KEY_NAME | gpg --import -
gpg --batch --yes --pinentry-mode loopback --passphrase "${PASS}" --sign-key "${KEY}"
echo -e "5\ny\n" | gpg --command-fd 0 --edit-key "${KEY}" trust
chmod ugo+r "${GNUPGHOME}/trustdb.gpg"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment