summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Azpiazu <jonazpiazu@users.noreply.github.com>2018-05-30 17:03:37 +0200
committerJon Azpiazu <jonazpiazu@users.noreply.github.com>2018-05-30 17:03:37 +0200
commit480ac06686d50f4e9379f4d490cdb81ceda5c796 (patch)
tree57b66446bbbe8201ef2dbbd4aeb79418ca50dd90
parent89f0e237922ec9a4fdb6d4002905f34445dce12d (diff)
Increase gpg key security
-rwxr-xr-xassets/gpg.conf.sh8
-rwxr-xr-xassets/gpg_batch.sh2
-rwxr-xr-xassets/startup.sh8
3 files changed, 16 insertions, 2 deletions
diff --git a/assets/gpg.conf.sh b/assets/gpg.conf.sh
new file mode 100755
index 0000000..934e2b2
--- /dev/null
+++ b/assets/gpg.conf.sh
@@ -0,0 +1,8 @@
1#!/bin/bash
2mkdir -p ~/.gnupg/
3touch ~/.gnupg/gpg.conf
4cat >> ~/.gnupg/gpg.conf <<EOF
5personal-digest-preferences SHA256
6cert-digest-algo SHA256
7default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
8EOF
diff --git a/assets/gpg_batch.sh b/assets/gpg_batch.sh
index d2228c0..e269e0a 100755
--- a/assets/gpg_batch.sh
+++ b/assets/gpg_batch.sh
@@ -2,7 +2,7 @@
2cat << EOF > /opt/gpg_batch 2cat << EOF > /opt/gpg_batch
3%echo Generating a GPG key, might take a while 3%echo Generating a GPG key, might take a while
4Key-Type: RSA 4Key-Type: RSA
5Key-Length: 2048 5Key-Length: 4096
6Subkey-Type: ELG-E 6Subkey-Type: ELG-E
7Subkey-Length: 1024 7Subkey-Length: 1024
8Name-Real: ${FULL_NAME} 8Name-Real: ${FULL_NAME}
diff --git a/assets/startup.sh b/assets/startup.sh
index 6aa72fb..8b86c06 100755
--- a/assets/startup.sh
+++ b/assets/startup.sh
@@ -1,5 +1,9 @@
1#! /bin/bash 1#! /bin/bash
2 2
3if [[ ! -f /root/.gnupg/gpg.conf ]]; then
4 /opt/gpg.conf.sh
5fi
6
3# If the repository GPG keypair doesn't exist, create it. 7# If the repository GPG keypair doesn't exist, create it.
4if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then 8if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
5 echo "Generating new gpg keys" 9 echo "Generating new gpg keys"
@@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
8 # If your system doesn't have a lot of entropy this may, take a long time 12 # If your system doesn't have a lot of entropy this may, take a long time
9 # Google how-to create "artificial" entropy if this gets stuck 13 # Google how-to create "artificial" entropy if this gets stuck
10 gpg --batch --gen-key /opt/gpg_batch 14 gpg --batch --gen-key /opt/gpg_batch
15else
16 echo "No need to generate new gpg keys"
11fi 17fi
12 18
13# Export the GPG Public key 19# Export the GPG Public key
@@ -40,7 +46,7 @@ fi
40 46
41# Aptly looks in /root/.gnupg for default keyrings 47# Aptly looks in /root/.gnupg for default keyrings
42ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec 48ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
43ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub 49ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
44 50
45# Generate Nginx Config 51# Generate Nginx Config
46/opt/nginx.conf.sh 52/opt/nginx.conf.sh