diff options
author | William Carroll <wpcarro@gmail.com> | 2019-03-11T18·00+0000 |
---|---|---|
committer | William Carroll <wpcarro@gmail.com> | 2019-03-11T18·00+0000 |
commit | eaf42b68c25e9bfdb2e5f62f9e9bd460405071d9 (patch) | |
tree | ab1841ec8e4f14245fcc5c9a9d158af0ee39ad61 | |
parent | e774ce5d1c8ddb62fc62c69719390eff1c4f50b0 (diff) |
Better support GPG migrations
After yet another unpleasant experience starting up GPG on a new system, I decided to encode my learnings and mistakes as aliases, functions, scripts, hoping to protect my future me from myself. Fingers crossed!
-rw-r--r-- | README.md | 42 | ||||
-rwxr-xr-x | configs/shared/gpg/.gnupg/export.sh | 21 | ||||
-rw-r--r-- | configs/shared/gpg/.gnupg/import.sh | 13 | ||||
-rw-r--r-- | configs/shared/zsh/aliases.zsh | 6 | ||||
-rw-r--r-- | configs/shared/zsh/variables.zsh | 1 |
5 files changed, 63 insertions, 20 deletions
diff --git a/README.md b/README.md index 13eb36e295fc..bc4bca269fc0 100644 --- a/README.md +++ b/README.md @@ -58,15 +58,12 @@ $ DOTFILES="$(pwd)" make install # SSHFS +TODO: add explanation about `unison`, `rsync`, etc. + SSHFS enables seamless file transfers from your local machine to a remote machine. -To install, run: - -```bash -$ brew cask install osxfuse -$ brew install sshfs -``` +## Usage Assuming your remote machine is configured in your `~/.ssh/config` (see above), you can mount your remote machine's home directory on your local machine like @@ -78,33 +75,38 @@ $ sshfs ec2:/home/ubuntu ~/ec2 -o reconnect,follow_symlinks ``` Now your remote machine's home directory can be accessed using the `~/ec2` -directory. This directory can be transparently treated as if it were an ordinary -local directory. To illustrate how easy it is to use, let's install `Vundle`, a -Vim package manager, on our remote machine. +directory. This directory can be treated as if it were an ordinary local +directory. To illustrate how easy it is to use, let's install `Vundle` onto our +remote machine. ```bash $ git clone https://github.com/VundleVim/Vundle.vim.git ~/ec2/.vim/bundle/Vundle.vim ``` -Voila! We now have `Vundle` installed on our ec2 instance without needing to SSH -into that machine ourselves. That's all there is to it. +Voila! We now have `Vundle` installed on our ec2 instance without needing to +manually SSH into that machine. # GnuPG - 1. Download public key from keyserver. `gpg --receive-keys [KEY_ID]` - 2. Transfer backed-up private key information from secure disk - 3. Create `[E]` encrypting and `[S]` signing subkeys for personal computer +Entering a new system? -## Commentary +```bash +$ ./configs/shared/gpg/.gnupg/import.sh path/to/directory +``` -By default `gpg2` interfaces with `gpg-agent`. `gpg` does not unless -`--use-agent` is specified. I suggest using `gpg2`, but if you must use `gpg`, -add the following entry to `~/.gnupg/gpg.conf`: +Leaving an old system? TODO: create a job that runs this periodically. +```bash +$ ./configs/shared/gpg/.gnupg/export.sh [directory] ``` -use-agent -``` + +## Reference + + - sec: secret key + - pub: public key + - ssb: secret sub-key + - sub: public sub-key ## GnuPG + Git diff --git a/configs/shared/gpg/.gnupg/export.sh b/configs/shared/gpg/.gnupg/export.sh new file mode 100755 index 000000000000..571689773b0e --- /dev/null +++ b/configs/shared/gpg/.gnupg/export.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -e + +# Run this script to export all the information required to transport your GPG +# information. +# Usage: ./export.sh [directory] +# TODO: run this periodically as a job. + +destination="${1:-$(mktemp -d)}" + +if [ ! -d "$destination" ]; then + echo "$destination does not exist. Creating it..." + mkdir -p "$destination" +fi + +gpg --armor --export >"$destination/public.asc" +gpg --armor --export-secret-keys >"$destination/secret.asc" +gpg --armor --export-ownertrust >"$destination/ownertrust.txt" + +echo $(realpath "$destination") diff --git a/configs/shared/gpg/.gnupg/import.sh b/configs/shared/gpg/.gnupg/import.sh new file mode 100644 index 000000000000..9fb9be64f060 --- /dev/null +++ b/configs/shared/gpg/.gnupg/import.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +set -e + +# Run this script to import all of the information exported by `export.sh`. +# Usage: ./export.sh path/to/directory + +gpg --import "$1/public.asc" +gpg --import "$1/secret.asc" +gpg --import-ownertrust "$1/ownertrust.txt" + +# Run this at the end to output some verification +gpg --list-keys diff --git a/configs/shared/zsh/aliases.zsh b/configs/shared/zsh/aliases.zsh index c2788d41e12e..ad00763dad59 100644 --- a/configs/shared/zsh/aliases.zsh +++ b/configs/shared/zsh/aliases.zsh @@ -49,6 +49,12 @@ alias mdg="mix deps.get" alias mdu="mix deps.update" alias mdup="mix docker.up" +# GPG +alias gpged='gpg --edit-key wpcarro@gmail.com' +alias gpge='gpg --encrypt' +alias gpgd='gpg --decrypt' +alias gpgls='gpg --list-keys' + # Git alias g="git" alias glp='git log --graph --pretty=format:"%Cred%h%Creset -%Cblue %an %Creset - %C(yellow)%d%Creset %s %Cgreen(%cr)%Creset" --abbrev-commit --date=relative' diff --git a/configs/shared/zsh/variables.zsh b/configs/shared/zsh/variables.zsh index 53f6f3e84a09..5e8e67ed0221 100644 --- a/configs/shared/zsh/variables.zsh +++ b/configs/shared/zsh/variables.zsh @@ -1,6 +1,7 @@ export TERMINAL=urxvtc export EDITOR=emacsclient export ALTERNATE_EDITOR=nvim +export GPG_TTY=$(tty) # "It is important that this environment variable always reflects the output of the tty command". Source: https://gnupg.org/documentation/manuals/gnupg-devel/Invoking-GPG_002dAGENT.html BROWSER=google-chrome NIXIFY="$HOME/programming/nixify" |