Increase gpg key security
This commit is contained in:
parent
89f0e23792
commit
480ac06686
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/bash
|
||||||
|
mkdir -p ~/.gnupg/
|
||||||
|
touch ~/.gnupg/gpg.conf
|
||||||
|
cat >> ~/.gnupg/gpg.conf <<EOF
|
||||||
|
personal-digest-preferences SHA256
|
||||||
|
cert-digest-algo SHA256
|
||||||
|
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
||||||
|
EOF
|
|
@ -2,7 +2,7 @@
|
||||||
cat << EOF > /opt/gpg_batch
|
cat << EOF > /opt/gpg_batch
|
||||||
%echo Generating a GPG key, might take a while
|
%echo Generating a GPG key, might take a while
|
||||||
Key-Type: RSA
|
Key-Type: RSA
|
||||||
Key-Length: 2048
|
Key-Length: 4096
|
||||||
Subkey-Type: ELG-E
|
Subkey-Type: ELG-E
|
||||||
Subkey-Length: 1024
|
Subkey-Length: 1024
|
||||||
Name-Real: ${FULL_NAME}
|
Name-Real: ${FULL_NAME}
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
|
if [[ ! -f /root/.gnupg/gpg.conf ]]; then
|
||||||
|
/opt/gpg.conf.sh
|
||||||
|
fi
|
||||||
|
|
||||||
# If the repository GPG keypair doesn't exist, create it.
|
# If the repository GPG keypair doesn't exist, create it.
|
||||||
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
|
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
|
||||||
echo "Generating new gpg keys"
|
echo "Generating new gpg keys"
|
||||||
|
@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
|
||||||
# If your system doesn't have a lot of entropy this may, take a long time
|
# If your system doesn't have a lot of entropy this may, take a long time
|
||||||
# Google how-to create "artificial" entropy if this gets stuck
|
# Google how-to create "artificial" entropy if this gets stuck
|
||||||
gpg --batch --gen-key /opt/gpg_batch
|
gpg --batch --gen-key /opt/gpg_batch
|
||||||
|
else
|
||||||
|
echo "No need to generate new gpg keys"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Export the GPG Public key
|
# Export the GPG Public key
|
||||||
|
@ -40,7 +46,7 @@ fi
|
||||||
|
|
||||||
# Aptly looks in /root/.gnupg for default keyrings
|
# Aptly looks in /root/.gnupg for default keyrings
|
||||||
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
|
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
|
||||||
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
|
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
|
||||||
|
|
||||||
# Generate Nginx Config
|
# Generate Nginx Config
|
||||||
/opt/nginx.conf.sh
|
/opt/nginx.conf.sh
|
||||||
|
|
Loading…
Reference in New Issue