mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Better support GPG migrations

Browse source 
After yet another unpleasant experience starting up GPG on a new system, I
decided to encode my learnings and mistakes as aliases, functions, scripts,
hoping to protect my future me from myself. Fingers crossed!
This commit is contained in:
William Carroll 2019-03-11 18:00:03 +00:00
parent e774ce5d1c
commit eaf42b68c2
5 changed files with 64 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
README.md
View file

@ -58,15 +58,12 @@ $ DOTFILES="$(pwd)" make install
# SSHFS # SSHFS
TODO: add explanation about `unison`, `rsync`, etc.
SSHFS enables seamless file transfers from your local machine to a remote SSHFS enables seamless file transfers from your local machine to a remote
machine. machine.
To install, run: ## Usage
```bash
$ brew cask install osxfuse
$ brew install sshfs
```
Assuming your remote machine is configured in your `~/.ssh/config` (see above), Assuming your remote machine is configured in your `~/.ssh/config` (see above),
you can mount your remote machine's home directory on your local machine like you can mount your remote machine's home directory on your local machine like
@ -78,34 +75,39 @@ $ sshfs ec2:/home/ubuntu ~/ec2 -o reconnect,follow_symlinks
``` ```
Now your remote machine's home directory can be accessed using the `~/ec2` Now your remote machine's home directory can be accessed using the `~/ec2`
directory. This directory can be transparently treated as if it were an ordinary directory. This directory can be treated as if it were an ordinary local
local directory. To illustrate how easy it is to use, let's install `Vundle`, a directory. To illustrate how easy it is to use, let's install `Vundle` onto our
Vim package manager, on our remote machine. remote machine.
```bash ```bash
$ git clone https://github.com/VundleVim/Vundle.vim.git ~/ec2/.vim/bundle/Vundle.vim $ git clone https://github.com/VundleVim/Vundle.vim.git ~/ec2/.vim/bundle/Vundle.vim
``` ```
Voila! We now have `Vundle` installed on our ec2 instance without needing to SSH Voila! We now have `Vundle` installed on our ec2 instance without needing to
into that machine ourselves. That's all there is to it. manually SSH into that machine.
# GnuPG # GnuPG
1. Download public key from keyserver. `gpg --receive-keys [KEY_ID]` Entering a new system?
2. Transfer backed-up private key information from secure disk
3. Create `[E]` encrypting and `[S]` signing subkeys for personal computer
## Commentary
By default `gpg2` interfaces with `gpg-agent`. `gpg` does not unless
`--use-agent` is specified. I suggest using `gpg2`, but if you must use `gpg`,
add the following entry to `~/.gnupg/gpg.conf`:
```bash
$ ./configs/shared/gpg/.gnupg/import.sh path/to/directory
``` ```
use-agent
Leaving an old system? TODO: create a job that runs this periodically.
```bash
$ ./configs/shared/gpg/.gnupg/export.sh [directory]
``` ```
## Reference
- sec: secret key
- pub: public key
- ssb: secret sub-key
- sub: public sub-key
## GnuPG + Git ## GnuPG + Git
1. Register newly created `[S]` signing subkey as `signingkey` 1. Register newly created `[S]` signing subkey as `signingkey`

21
configs/shared/gpg/.gnupg/export.sh Executable file
View file

@ -0,0 +1,21 @@
#!/usr/bin/env bash
set -e
# Run this script to export all the information required to transport your GPG
# information.
# Usage: ./export.sh [directory]
# TODO: run this periodically as a job.
destination="${1:-$(mktemp -d)}"
if [ ! -d "$destination" ]; then
echo "$destination does not exist. Creating it..."
mkdir -p "$destination"
fi
gpg --armor --export >"$destination/public.asc"
gpg --armor --export-secret-keys >"$destination/secret.asc"
gpg --armor --export-ownertrust >"$destination/ownertrust.txt"
echo $(realpath "$destination")

13
configs/shared/gpg/.gnupg/import.sh Normal file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env bash
set -e
# Run this script to import all of the information exported by `export.sh`.
# Usage: ./export.sh path/to/directory
gpg --import "$1/public.asc"
gpg --import "$1/secret.asc"
gpg --import-ownertrust "$1/ownertrust.txt"
# Run this at the end to output some verification
gpg --list-keys

6
configs/shared/zsh/aliases.zsh
View file

@ -49,6 +49,12 @@ alias mdg="mix deps.get"
alias mdu="mix deps.update" alias mdu="mix deps.update"
alias mdup="mix docker.up" alias mdup="mix docker.up"
# GPG
alias gpged='gpg --edit-key wpcarro@gmail.com'
alias gpge='gpg --encrypt'
alias gpgd='gpg --decrypt'
alias gpgls='gpg --list-keys'
# Git # Git
alias g="git" alias g="git"
alias glp='git log --graph --pretty=format:"%Cred%h%Creset -%Cblue %an %Creset - %C(yellow)%d%Creset %s %Cgreen(%cr)%Creset" --abbrev-commit --date=relative' alias glp='git log --graph --pretty=format:"%Cred%h%Creset -%Cblue %an %Creset - %C(yellow)%d%Creset %s %Cgreen(%cr)%Creset" --abbrev-commit --date=relative'

1
configs/shared/zsh/variables.zsh
View file

@ -1,6 +1,7 @@
export TERMINAL=urxvtc export TERMINAL=urxvtc
export EDITOR=emacsclient export EDITOR=emacsclient
export ALTERNATE_EDITOR=nvim export ALTERNATE_EDITOR=nvim
export GPG_TTY=$(tty) # "It is important that this environment variable always reflects the output of the tty command". Source: https://gnupg.org/documentation/manuals/gnupg-devel/Invoking-GPG_002dAGENT.html
BROWSER=google-chrome BROWSER=google-chrome
NIXIFY="$HOME/programming/nixify" NIXIFY="$HOME/programming/nixify"