Last active
May 11, 2024 21:03
-
-
Save jaredallard/d315c985d2d3d68a5be49784964c56f7 to your computer and use it in GitHub Desktop.
Revisions
-
jaredallard revised this gist
May 11, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -71,7 +71,7 @@ if [[ ! -e "$binhostConfFile" ]]; then info "Creating $binhostConfFile" mkdir -p "$(dirname "$binhostConfFile")" cat <<EOF | tee -a "$binhostConfFile" [rgst] priority = 1 sync-uri = https://gentoo.rgst.io/t/arm64/asahi EOF -
May 11, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -73,7 +73,7 @@ if [[ ! -e "$binhostConfFile" ]]; then cat <<EOF | tee -a "$binhostConfFile" [gentoobinhost] priority = 1 sync-uri = https://gentoo.rgst.io/t/arm64/asahi EOF fi -
May 11, 2024 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -68,6 +68,7 @@ fi binhostConfFile="/etc/portage/binrepos.conf/rgst.conf" if [[ ! -e "$binhostConfFile" ]]; then info "Creating $binhostConfFile" mkdir -p "$(dirname "$binhostConfFile")" cat <<EOF | tee -a "$binhostConfFile" [gentoobinhost] -
May 11, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -78,7 +78,7 @@ fi # If we don't have a PORTAGE_BINHOST in make.conf, add it. makeConf="/etc/portage/make.conf" if ! grep "FEATURES" "$makeConf" | grep -q "getbinpkg"; then info "Couldn't find PORTAGE_BINHOST in '$makeConf'" info "Would you like to add it? (y/N)" read -r -n 1 -s -
May 11, 2024 . 1 changed file with 13 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -66,9 +66,19 @@ else info "Remote key '$KEY_ID' already exists in keyring" fi binhostConfFile="/etc/portage/binrepos.conf/rgst.conf" if [[ ! -e "$binhostConfFile" ]]; then mkdir -p "$(dirname "$binhostConfFile")" cat <<EOF | tee -a "$binhostConfFile" [gentoobinhost] priority = 1 sync-uri = https://gentoo.rgst.io/t/arm64/asahi" EOF fi # If we don't have a PORTAGE_BINHOST in make.conf, add it. makeConf="/etc/portage/make.conf" if ! grep -q "FEATURES" "$makeConf" | grep -q "getbinpkg"; then info "Couldn't find PORTAGE_BINHOST in '$makeConf'" info "Would you like to add it? (y/N)" read -r -n 1 -s @@ -79,9 +89,8 @@ if ! grep -q "PORTAGE_BINHOST" "$makeConf"; then info "Writing to '$makeConf'" cat <<EOF | tee -a "$makeConf" # Fetch binpkgs with signature validation enabled. FEATURES="${FEATURES} getbinpkg binpkg-request-signature" EOF success "Successfully set up portage binhost GPG trust" -
May 11, 2024 . No changes.There are no files selected for viewing
-
May 11, 2024 . No changes.There are no files selected for viewing
-
May 11, 2024 . 1 changed file with 0 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,8 +5,6 @@ set -eo pipefail # GPG_DIR is the directory to establish the trust in GPG_DIR="/etc/portage/gnupg" # Key information. KEYFILE="https://gentoo.rgst.io/signing.gpg" @@ -63,9 +61,6 @@ if ! gpg --list-keys "$KEY_ID" >/dev/null 2>&1; then gpg --list-keys echo "=== End signing keys ===" success "Successfully imported remote key '$KEY_ID' from '$KEYFILE' into portage keyring" else info "Remote key '$KEY_ID' already exists in keyring" -
May 11, 2024 . 1 changed file with 10 additions and 36 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,51 +37,25 @@ fi # Scope the GPGHOME to the GPG_DIR export GNUPGHOME="${GPG_DIR}" if [[ ! -e "${GPG_DIR}" ]]; then if ! command -v getuto &>/dev/null; then echo "Error: getuto is required to run this script" >&2 exit 1 fi getuto fi if [[ -e "/etc/portage/binrepos.conf/gentoobinhost.conf" ]]; then info "Removing existing binhost configuration" rm -f "/etc/portage/binrepos.conf/gentoobinhost.conf" fi # Check if the key is already in the keyring if ! gpg --list-keys "$KEY_ID" >/dev/null 2>&1; then info "Importing remote key '$KEY_ID' from '$KEYFILE'" curl "$KEYFILE" | gpg --batch --import info "Setting trust to ultimate for '$KEY_ID'" echo -e "5\ny\n" | gpg --command-fd 0 --edit-key "$KEY_ID" trust -
May 11, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ PASSWD_FILE="${GPG_DIR}/pass" # Key information. KEYFILE="https://gentoo.rgst.io/signing.gpg" KEY_ID="51ADD5251CF9188631F8AFBF9BDB0A58AD3F6FEB" # info prints an info message in bold info() { -
Feb 10, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -111,7 +111,7 @@ if ! grep -q "PORTAGE_BINHOST" "$makeConf"; then cat <<EOF | tee -a "$makeConf" # Binaries packages from the gentoo.rgst.io binhost. PORTAGE_BINHOST="https://gentoo.rgst.io/t/arm64/asahi" FEATURES="getbinpkg binpkg-request-signature" EOF -
Feb 10, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ PASSWD_FILE="${GPG_DIR}/pass" # Key information. KEYFILE="https://gentoo.rgst.io/signing.gpg" KEY_ID="05928A7F667F4E8E2C92B7EA362F3E4FB06436A4" # info prints an info message in bold info() { -
Oct 30, 2023 . 1 changed file with 0 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,6 @@ #!/usr/bin/env bash # Sets up a portage bin host GPG trust. Uses a local key # and signs the remote key with it to establish trust. set -eo pipefail # GPG_DIR is the directory to establish the trust in -
Oct 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -114,7 +114,7 @@ if ! grep -q "PORTAGE_BINHOST" "$makeConf"; then cat <<EOF | tee -a "$makeConf" # Binaries packages from the gentoo.rgst.io binhost. PORTAGE_BINHOST="https://gentoo.rgst.io/t/arm64/m1" FEATURES="getbinpkg binpkg-request-signature" EOF -
Oct 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ PASSWD_FILE="${GPG_DIR}/pass" # Key information. KEYFILE="https://gentoo.rgst.io/signing.gpg" KEY_ID="28FFF28BEF43EF4AA7AEA9D8137F12BF7A47966B" # info prints an info message in bold info() { -
Jun 10, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,124 @@ #!/usr/bin/env bash # Sets up a portage bin host GPG trust. Uses a local key # and signs the remote key with it to establish trust. # # Imports the KEY_ID into the local keyring and sets the trust # to ultimate. set -eo pipefail # GPG_DIR is the directory to establish the trust in GPG_DIR="/etc/portage/gnupg" TRUST_FILE="${GPG_DIR}/trustdb.gpg" PASSWD_FILE="${GPG_DIR}/pass" # Key information. KEYFILE="https://gentoo.rgst.io/signing.gpg" KEY_ID="F0B90B352D189E92AB077CE241EF55D8818FB20B" # info prints an info message in bold info() { echo -e "\e[1m[INFO] $1\e[0m" } # success prints a success message in green success() { echo -e "\e[1;32m[SUCCESS] $1 \e[0m" } # Ensure we're running as root if [[ "${EUID}" -ne 0 ]]; then echo "This script must be run as root" >&2 exit 1 fi # Ensure we have no arguments if [[ "$#" -ne 0 ]]; then echo "Usage: $(basename "$0")" >&2 exit 1 fi # Scope the GPGHOME to the GPG_DIR export GNUPGHOME="${GPG_DIR}" if [[ ! -e "$TRUST_FILE" ]]; then info "$TRUST_FILE does not exist. Generating a new trust key" # PASS is the passphrase for the local key PASS="$(openssl rand -base64 64 | tr -d '\n')" # Generate the local key KEY_CONFIG_FILE="$(mktemp)" chmod 600 "$KEY_CONFIG_FILE" cat >"$KEY_CONFIG_FILE" <<EOF %echo Generating Portage local OpenPGP trust key Key-Type: default Subkey-Type: default Name-Real: Portage Local Trust Key Name-Comment: local signing only Name-Email: portage@localhost Expire-Date: 0 Passphrase: $PASS %commit %echo done EOF mkdir -p "$GPG_DIR" gpg --batch --generate-key "$KEY_CONFIG_FILE" rm -f "$KEY_CONFIG_FILE" # Remove the key config file after generating the key # Store the passphrase in a file touch "$PASSWD_FILE" chmod 600 "$PASSWD_FILE" echo -n "$PASS" >"$PASSWD_FILE" success "Generated a new trust key" else # Read the passphrase from the file PASS="$(cat "$PASSWD_FILE")" fi # Check if the key is already in the keyring if ! gpg --list-keys "$KEY_ID" >/dev/null 2>&1; then info "Importing remote key '$KEY_ID' from '$KEYFILE'" curl "$KEYFILE" | gpg --batch --import info "Signing remote key '$KEY_ID' with local key" gpg --batch --yes --pinentry-mode loopback --passphrase "$PASS" --sign-key "${KEY_ID}" info "Setting trust to ultimate for '$KEY_ID'" echo -e "5\ny\n" | gpg --command-fd 0 --edit-key "$KEY_ID" trust echo "=== Signing keys ===" gpg --list-keys echo "=== End signing keys ===" # Ensure the trustdb is readable by portage chmod ugo+r "$TRUST_FILE" success "Successfully imported remote key '$KEY_ID' from '$KEYFILE' into portage keyring" else info "Remote key '$KEY_ID' already exists in keyring" fi # If we don't have a PORTAGE_BINHOST in make.conf, add it. makeConf="/etc/portage/make.conf" if ! grep -q "PORTAGE_BINHOST" "$makeConf"; then info "Couldn't find PORTAGE_BINHOST in '$makeConf'" info "Would you like to add it? (y/N)" read -r -n 1 -s if [[ ! $REPLY =~ ^[Yy]$ ]]; then exit 0 fi info "Writing to '$makeConf'" cat <<EOF | tee -a "$makeConf" # Binaries packages from the gentoo.rgst.io binhost. PORTAGE_BINHOST="https://gentoo.rgst.io/packages" FEATURES="getbinpkg binpkg-request-signature" EOF success "Successfully set up portage binhost GPG trust" else info "Already have PORTAGE_BINHOST in '$makeConf'" fi