about summary refs log tree commit diff
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2019-03-11T18·00+0000
committerWilliam Carroll <wpcarro@gmail.com>2019-03-11T18·00+0000
commiteaf42b68c25e9bfdb2e5f62f9e9bd460405071d9 (patch)
treeab1841ec8e4f14245fcc5c9a9d158af0ee39ad61
parente774ce5d1c8ddb62fc62c69719390eff1c4f50b0 (diff)
Better support GPG migrations
After yet another unpleasant experience starting up GPG on a new system, I
decided to encode my learnings and mistakes as aliases, functions, scripts,
hoping to protect my future me from myself. Fingers crossed!
-rw-r--r--README.md42
-rwxr-xr-xconfigs/shared/gpg/.gnupg/export.sh21
-rw-r--r--configs/shared/gpg/.gnupg/import.sh13
-rw-r--r--configs/shared/zsh/aliases.zsh6
-rw-r--r--configs/shared/zsh/variables.zsh1
5 files changed, 63 insertions, 20 deletions
diff --git a/README.md b/README.md
index 13eb36e295fc..bc4bca269fc0 100644
--- a/README.md
+++ b/README.md
@@ -58,15 +58,12 @@ $ DOTFILES="$(pwd)" make install
 
 # SSHFS
 
+TODO: add explanation about `unison`, `rsync`, etc.
+
 SSHFS enables seamless file transfers from your local machine to a remote
 machine.
 
-To install, run:
-
-```bash
-$ brew cask install osxfuse
-$ brew install sshfs
-```
+## Usage
 
 Assuming your remote machine is configured in your `~/.ssh/config` (see above),
 you can mount your remote machine's home directory on your local machine like
@@ -78,33 +75,38 @@ $ sshfs ec2:/home/ubuntu ~/ec2 -o reconnect,follow_symlinks
 ```
 
 Now your remote machine's home directory can be accessed using the `~/ec2`
-directory. This directory can be transparently treated as if it were an ordinary
-local directory. To illustrate how easy it is to use, let's install `Vundle`, a
-Vim package manager, on our remote machine.
+directory. This directory can be treated as if it were an ordinary local
+directory. To illustrate how easy it is to use, let's install `Vundle` onto our
+remote machine.
 
 ```bash
 $ git clone https://github.com/VundleVim/Vundle.vim.git ~/ec2/.vim/bundle/Vundle.vim
 ```
 
-Voila! We now have `Vundle` installed on our ec2 instance without needing to SSH
-into that machine ourselves. That's all there is to it.
+Voila! We now have `Vundle` installed on our ec2 instance without needing to
+manually SSH into that machine.
 
 
 # GnuPG
 
-  1. Download public key from keyserver. `gpg --receive-keys [KEY_ID]`
-  2. Transfer backed-up private key information from secure disk
-  3. Create `[E]` encrypting and `[S]` signing subkeys for personal computer
+Entering a new system?
 
-## Commentary
+```bash
+$ ./configs/shared/gpg/.gnupg/import.sh path/to/directory
+```
 
-By default `gpg2` interfaces with `gpg-agent`. `gpg` does not unless
-`--use-agent` is specified.  I suggest using `gpg2`, but if you must use `gpg`,
-add the following entry to `~/.gnupg/gpg.conf`:
+Leaving an old system? TODO: create a job that runs this periodically.
 
+```bash
+$ ./configs/shared/gpg/.gnupg/export.sh [directory]
 ```
-use-agent
-```
+
+## Reference
+
+    - sec: secret key
+    - pub: public key
+    - ssb: secret sub-key
+    - sub: public sub-key
 
 ## GnuPG + Git
 
diff --git a/configs/shared/gpg/.gnupg/export.sh b/configs/shared/gpg/.gnupg/export.sh
new file mode 100755
index 000000000000..571689773b0e
--- /dev/null
+++ b/configs/shared/gpg/.gnupg/export.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Run this script to export all the information required to transport your GPG
+# information.
+# Usage: ./export.sh [directory]
+# TODO: run this periodically as a job.
+
+destination="${1:-$(mktemp -d)}"
+
+if [ ! -d "$destination" ]; then
+  echo "$destination does not exist. Creating it..."
+  mkdir -p "$destination"
+fi
+
+gpg --armor --export >"$destination/public.asc"
+gpg --armor --export-secret-keys >"$destination/secret.asc"
+gpg --armor --export-ownertrust >"$destination/ownertrust.txt"
+
+echo $(realpath "$destination")
diff --git a/configs/shared/gpg/.gnupg/import.sh b/configs/shared/gpg/.gnupg/import.sh
new file mode 100644
index 000000000000..9fb9be64f060
--- /dev/null
+++ b/configs/shared/gpg/.gnupg/import.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Run this script to import all of the information exported by `export.sh`.
+# Usage: ./export.sh path/to/directory
+
+gpg --import "$1/public.asc"
+gpg --import "$1/secret.asc"
+gpg --import-ownertrust "$1/ownertrust.txt"
+
+# Run this at the end to output some verification
+gpg --list-keys
diff --git a/configs/shared/zsh/aliases.zsh b/configs/shared/zsh/aliases.zsh
index c2788d41e12e..ad00763dad59 100644
--- a/configs/shared/zsh/aliases.zsh
+++ b/configs/shared/zsh/aliases.zsh
@@ -49,6 +49,12 @@ alias mdg="mix deps.get"
 alias mdu="mix deps.update"
 alias mdup="mix docker.up"
 
+# GPG
+alias gpged='gpg --edit-key wpcarro@gmail.com'
+alias gpge='gpg --encrypt'
+alias gpgd='gpg --decrypt'
+alias gpgls='gpg --list-keys'
+
 # Git
 alias g="git"
 alias glp='git log --graph --pretty=format:"%Cred%h%Creset -%Cblue %an %Creset - %C(yellow)%d%Creset %s %Cgreen(%cr)%Creset" --abbrev-commit --date=relative'
diff --git a/configs/shared/zsh/variables.zsh b/configs/shared/zsh/variables.zsh
index 53f6f3e84a09..5e8e67ed0221 100644
--- a/configs/shared/zsh/variables.zsh
+++ b/configs/shared/zsh/variables.zsh
@@ -1,6 +1,7 @@
 export TERMINAL=urxvtc
 export EDITOR=emacsclient
 export ALTERNATE_EDITOR=nvim
+export GPG_TTY=$(tty) # "It is important that this environment variable always reflects the output of the tty command". Source: https://gnupg.org/documentation/manuals/gnupg-devel/Invoking-GPG_002dAGENT.html
 
 BROWSER=google-chrome
 NIXIFY="$HOME/programming/nixify"