From 1d03f9a0ebaa36fd5f2c6e46d0b39d5743c50dd5 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Tue, 15 Sep 2020 21:10:05 -0400
Subject: WKS/WKD support

see https://wiki.gnupg.org/WKS
---
 selfpublish.sh | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

(limited to 'selfpublish.sh')

diff --git a/selfpublish.sh b/selfpublish.sh
index c97163f..7d19690 100644
--- a/selfpublish.sh
+++ b/selfpublish.sh
@@ -56,6 +56,7 @@ cgit
 curl
 fortune-mod
 fortunes-min
+gnupg (>= 2.2.14)
 libssl1.1 (>= 1.1.1d)
 openssl
 EOF
@@ -366,12 +367,51 @@ install_tls_public_certificate()
     fi
 }
 
+get_home()
+{
+    [ "$1" ] && getent passwd "$1" | (IFS=: read _ _ _ _ _ h _ && echo $h)
+}
+
+process_key()
+{
+    local uid="$1" domain="${1#*@}" destdir="$2" tdir
+    while read keyid some_uid
+    do
+        [ "$some_uid" = "$uid" ] || continue
+        tempdir=$(mktemp -d)
+        /usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null
+        mkdir -p "$destdir"
+        mv "$tempdir"/"$domain"/hu/* -t "$destdir"
+        rm -rf "$tempdir"
+    done
+}
+
+install_gpg_rings()
+{
+    (
+        domain=$DOMAIN
+        dest=/srv/$domain/public_html/.well-known/openpgpkey/hu
+        uid=${SUDO_USER:-$(id -un)}@$domain
+
+        if [ "$SUDO_USER" -a ! "$GNUPGHOME" ]
+        then
+            GNUPGHOME=$(get_home "$SUDO_USER")/.gnupg
+            export GNUPGHOME
+        fi
+
+        gpg --list-options show-only-fpr-mbox -k "$uid" 2>&- | process_key "$uid" "$dest"
+
+        find /srv/"$DOMAIN"/public_html/.well-known/openpgpkey/ -type d -exec chmod 755 '{}' ';'
+    )
+}
+
 configure_apache_vhost()
 {
     enable_apache_modules
     install_self_to_site
     install_header_to_site
     install_tls_public_certificate
+    install_gpg_rings
     write_cgit_config
 }
 
-- 
cgit v1.2.3