From fd98ff18b21d6e9337cb9f2448d845937e18fcdc Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 27 Sep 2018 16:30:07 -0400 Subject: setup: Adjust to work with GnuPG 2.2 --- .local/bin/setup | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.local/bin/setup b/.local/bin/setup index 09ce159..b3e04c2 100755 --- a/.local/bin/setup +++ b/.local/bin/setup @@ -21,7 +21,7 @@ all: \ $(HOME)/.local/bin/autobuild \ $(HOME)/.ssh/id_rsa \ $(HOME)/.ssh/id_rsa.pub \ - $(HOME)/.gnupg/secring.gpg \ + $(HOME)/.gnupg/private-keys-v1.d \ $(HOME)/packages/abslibre \ $(dirs) @@ -31,7 +31,21 @@ $(HOME)/.local/bin/autobuild: %: %.c $(HOME)/.ssh/id_% $(HOME)/.ssh/id_%.pub: ssh-keygen -N '' -f $(@D)/id_$* -$(HOME)/.gnupg/secring.gpg: | $(HOME)/.config/git/config +# We really don't want gpg `agent-socket` to be +# `${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent` if `$(HOME) != $(shell echo +# ~$(USER))`. So just adjust XDG_RUNTIME_DIR, right? Nope! GnuPG +# 2.2 willfully ignores XDG_RUNTIME_DIR and instead hard-codes the +# value that systemd sets XDG_RUNTIME_DIR to. +# +# However, if `$(GNUPGHOME) != $(HOME)/.gnupg`, then GnuPG will +# instead set `agent-socket` it to +# `${XDG_RUNTIME_DIR}/gnupg/d.XXXXXXXXXXXXXXXXXXXXXXXX/S.gpg-agent` +# where XXX is a hash of GNUPGHOME. Perfect! This is actually really +# robust behavior, that it should probably use all the time. +# Unfortunately, we need to set HOME to some BS value to trigger it. +# +# GnuPG: Broken by defaultâ„¢ +$(HOME)/.gnupg/private-keys-v1.d: | $(HOME)/.config/git/config chmod 700 $(@D) printf '%s\n' \ 'Key-Type: default' \ @@ -39,7 +53,9 @@ $(HOME)/.gnupg/secring.gpg: | $(HOME)/.config/git/config "Name-Real: $$(git config user.name)" \ "Name-Email: $$(git config user.email)" \ 'Expire-Date: 0' \ - | gpg --gen-key --batch + '%no-protection' \ + '%commit' \ + | HOME=/var/empty GNUPGHOME=$(HOME)/.gnupg gpg --gen-key --batch $(HOME)/packages/abslibre: createworkdir -- cgit v1.2.2