a44bf0cb0c
Create the signing01.ci.openstack.org job node and puppet the signing subkey onto it via pubring.gpg and secring.gpg files stored in private hiera. Also set up some basic configuration and packages on the management bastion to aid in key management/rotation, and add the beginnings of administrative documentation for this. Change-Id: Iecddb778994a38f7898e0c20e7f3f8e93f0a7f60 Depends-On: I70c3b82185681ee64791cda653360c26a93bd466 Story: #2000336 Signed-off-by: Jeremy Stanley <fungi@yuggoth.org>
25 lines
927 B
Plaintext
25 lines
927 B
Plaintext
# A basic ~/.gnupg/gpg.conf using secure keyserver transport
|
|
# and some more verbose display options
|
|
|
|
# Receive, send and search for keys in the SKS keyservers pool using
|
|
# HKPS (OpenPGP HTTP Keyserver Protocol via TLS/SSL).
|
|
keyserver hkps://hkps.pool.sks-keyservers.net
|
|
|
|
# Set the path to the public certificate for the
|
|
# sks-keyservers.net CA used to verify connections to servers in
|
|
# the pool above.
|
|
keyserver-options ca-cert-file=/root/signing.gnupg/sks-keyservers.netCA.pem
|
|
|
|
# Ignore keyserver URLs specified in retrieved/refreshed keys
|
|
# so they don't direct you to update from non-HKPS sources.
|
|
keyserver-options no-honor-keyserver-url
|
|
|
|
# Display key IDs in a more accurate 16-digit hexidecimal format
|
|
# and add 0x at the beginning for clarity.
|
|
keyid-format 0xlong
|
|
|
|
# Display the calculated validity of user IDs when listing keys or
|
|
# showing signatures.
|
|
list-options show-uid-validity
|
|
verify-options show-uid-validity
|