.PHONY: all warn hu upload renew upload-tpo ADDRESS=anarcat@anarc.at FINGERPRINT=BBB6CD4C98D74E1358A752A602293A6FA4E53473 NEXT_EXPIRE=$(shell LANG=C date -d '+1 year' '+%Y-%m-%d') TPO_ROOT=~/src/tor all: warn hu upload warn: @echo "run '$(MAKE) renew hu upload upload-tpo' to make a full renewal" @echo "this is not default because 'renew' and 'upload-tpo' are not idempotent" # thanks to kushal for this, originally: https://kushaldas.in/posts/setting-up-wkd.html # # since then switched to simpler sq, which i found confusing, but this # works, i think. see: # https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/576 hu: if ! [ -d hu ]; then \ sq network wkd publish --domain=anarc.at --cert=BBB6CD4C98D74E1358A752A602293A6FA4E53473 --method=direct --create ../.. \ ; else \ sq network wkd publish --domain=anarc.at --cert=BBB6CD4C98D74E1358A752A602293A6FA4E53473 ../.. \ ; fi upload: @echo "Not covered:" @echo "# GitLab and GitHub accounts" @echo @echo "- https://gitlab.torproject.org/-/user_settings/gpg_keys" @echo "- https://gitlab.com/-/user_settings/gpg_keys" @echo "- https://salsa.debian.org/-/user_settings/gpg_keys" @echo "- https://github.com/settings/keys" @echo @echo "most involves deleting the old key then reuploading the new one" @echo "next time, try using GitLab API: https://docs.gitlab.com/ee/api/users.html#list-all-gpg-keys" @echo "list, parse for fingerprint, delete, then upload" @echo "last test with plain 'python-gitlab' CLI failed though" @echo gpg --export --export-options export-minimal -a $(FINGERPRINT) | wl-copy @echo "key copied to clipboard, go paste it above" @echo @echo "uploading to keyservers..." gpg --keyserver keyring.debian.org --send-keys $(FINGERPRINT) gpg --keyserver pgpkeys.eu --send-keys $(FINGERPRINT) gpg --keyserver keys.openpgp.org --send-keys $(FINGERPRINT) renew: gpg --quick-set-expire $(FINGERPRINT) $(NEXT_EXPIRE) @echo "note that this doesn't upload or update the key! run '$(MAKE) hu upload upload-tpo' to complete the procedure" upload-tpo: @echo "updating TPO keyring" git -C $(TPO_ROOT)/account-keyring/ pull gpg --export --export-options export-minimal $(FINGERPRINT) > $(TPO_ROOT)/account-keyring/torproject-keyring/anarcat-$(FINGERPRINT).gpg git -C $(TPO_ROOT)/account-keyring/ commit torproject-keyring/anarcat-$(FINGERPRINT).gpg git -C $(TPO_ROOT)/account-keyring/ push @echo "updating openpgp-policy.toml files" sq-git policy sync --disable-keyservers --policy-file=$(TPO_ROOT)/tor-puppet/openpgp-policy.toml git -C $(TPO_ROOT)/tor-puppet/ commit openpgp-policy.toml git -C $(TPO_ROOT)/tor-puppet/ push