Skip to content

Commit

Permalink
Squash of work to build a test image
Browse files Browse the repository at this point in the history
Merging a test image used for testing all main versions of GPG for pkg
signing. Also a patch to stack.yaml so it'll use the new test image base
and then place the latest stack binary on top.

Squashed commit of the following:

commit af0d6c3
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 20:25:20 2016 -0700

    don't build with docker

    breaks Travis CI

commit 9046008
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 19:26:59 2016 -0700

    more refinement of dockerfile & added stack needs

commit 0bf0eed
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 13:51:19 2016 -0700

    install nix under the unprivileged user

commit bc825fb
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 13:51:01 2016 -0700

    add a full 3 part set of subkeys

commit 82a6bdb
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 13:14:40 2016 -0700

    more dockerfile tweaks

commit 4f99a13
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 11:49:00 2016 -0700

    complete out-of-the-box gnupg

    (3 versions of gnupg with test keys preinstalled)

commit 2bc3eba
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 01:00:01 2016 -0700

    move gpg.conf

commit 09f348f
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:51:24 2016 -0700

    remove stack-build extension

    this doesn't help & there are complications

commit 8314bf7
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:40:12 2016 -0700

    make the image name a little shorter

commit 1286b91
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:39:45 2016 -0700

    repo not base

commit 53a0a2f
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:34:32 2016 -0700

    correct the docker base image name

commit ce4f9a3
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:29:41 2016 -0700

    build with docker & install gnupg versions ahead of time

commit 5d7b461
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:29:16 2016 -0700

    only temporarily set USER

commit 0189b82
Author: Tim Dysinger <[email protected]>
Date:   Wed Mar 30 00:18:21 2016 -0700

    extend the existing runtime base

    ...just being uniform...

commit 9ba330a
Author: Tim Dysinger <[email protected]>
Date:   Tue Mar 29 23:59:03 2016 -0700

    add another docker container image

commit 566cff5
Author: Tim Dysinger <[email protected]>
Date:   Tue Mar 29 23:54:24 2016 -0700

    add a gpg.conf that works with 1.4, 2.0 & 2.1

commit 6104ffa
Author: Tim Dysinger <[email protected]>
Date:   Tue Mar 29 23:53:05 2016 -0700

    new docker image that contains 3 versions of gnupg
  • Loading branch information
dysinger committed Mar 31, 2016
1 parent 3de2dc4 commit 81ab615
Show file tree
Hide file tree
Showing 7 changed files with 658 additions and 0 deletions.
95 changes: 95 additions & 0 deletions etc/docker/ubuntu-with-gnupg/.gnupg/gpg.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
#
# This is an implementation of the Riseup OpenPGP Best Practices
# https://help.riseup.net/en/security/message-security/openpgp/best-practices
#


#-----------------------------
# default key
#-----------------------------

# The default key to sign with. If this option is not used, the default key is
# the first key found in the secret keyring

#default-key 0xD8692123C4065DEA5E0F3AB5249B39D24F25E3B6


#-----------------------------
# behavior
#-----------------------------

# Disable inclusion of the version string in ASCII armored output
no-emit-version

# Disable comment string in clear text signatures and ASCII armored messages
no-comments

# Display long key IDs
keyid-format 0xlong

# List all keys (or the specified ones) along with their fingerprints
with-fingerprint

# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity

# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
# the agent before it asks for a passphrase.
use-agent


#-----------------------------
# keyserver
#-----------------------------

# This is the server that --recv-keys, --send-keys, and --search-keys will
# communicate with to receive keys from, send keys to, and search for keys on

# keyserver hkps://hkps.pool.sks-keyservers.net # NOTE: doesn't work on GnuPG 1.4
keyserver hkp://ha.pool.sks-keyservers.net

# Provide a certificate store to override the system default
# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem

# It's better to import this by way of:
# /usr/local/share/ca-certificates/ & `update-ca-certificates`
#keyserver-options ca-cert-file=/home/user/.gnupg/sks-keyservers.netCA.pem

# Set the proxy to use for HTTP and HKP keyservers - default to the standard
# local Tor socks proxy
# It is encouraged to use Tor for improved anonymity. Preferrably use either a
# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and
# IsolateDestAddr
#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050

# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
#keyserver-options no-try-dns-srv # NOTE: doesn't work on GnuPG 1.4

# When using --refresh-keys, if the key in question has a preferred keyserver
# URL, then disable use of that preferred keyserver to refresh the key from
keyserver-options no-honor-keyserver-url

# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked


#-----------------------------
# algorithm and ciphers
#-----------------------------

# list of personal digest preferences. When multiple digests are supported by
# all recipients, choose the strongest one
personal-cipher-preferences AES256 AES192 AES CAST5

# list of personal digest preferences. When multiple ciphers are supported by
# all recipients, choose the strongest one
personal-digest-preferences SHA512 SHA384 SHA256 SHA224

# message digest algorithm used when signing a key
cert-digest-algo SHA512

# This preference list is used for new keys and becomes the default for
# "setpref" in the edit menu
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
104 changes: 104 additions & 0 deletions etc/docker/ubuntu-with-gnupg/.gnupg/public.asc
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQIBBFb8DFoBD6DppxiMimL7qsxIs3l0ajYYwN58+gLtFkJH6Tiofi6WmQ7Tvevr
p+6bfHvBdG+3uCS4RHXQAkrD8XQrGsOYgvrEVVY7q4b6o655w6YYJC62IcbpyPlX
mTh49wkdTnxyzIsbDiDQjTEdf0kkpCO0L05sC10J4rvWClTRVngV+RikmyWRmiSo
/jRpyr2wUz82/4M5dSMKUp4d9l7iAiMH5G7go+IR+NBrDmhkX/ZAi+mADUDbC1nO
+MteV54GmIIr7c2l4H/q9fDFwNFhv2ghnUPzdxIIiOOf/OvD0t8ZqokG1Mb9s5yf
JRXBXb+mtW+tVa2cDQWiFNmJu0LbZpJAaM8DfSm6imOoDy+jkIEPEDA6OPAgsUmt
YACMbH4nNYeSNtjMOwykkFoGz9liSjw8K2gbLWbm6RfJqk5/pUJHALGTk+Ffri72
20AXHSjoGGm7J4oGg3A50uXixJMlNKvP40jWQBn3RSGU8OS/VcZthGR55XUwfVx4
Hpsad8Fan1c91oXW0E1V8nGHSDO0NEzn+ivGxkqivqBFakP7x+dXhSuZUlh9o2oH
6+vEc27uUAbyEY3Ks+hzBLR7BmepipWORWawZMSgMyJ7ZENjWrHxdhmaHQZH1n2/
q0z1A4rvjFfF2WCLy6KSsPASZeq6jWzZzNcgCLrCjwARAQABtB9UZXN0IFVzZXIg
PHRlc3RAZnBjb21wbGV0ZS5jb20+iQIsBBMBAgAiBQJW/AxaAhsBBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRARhrUTafwhnnBKD545qX71VWc0QnkTevmdMeZB
jrwRvQLzX2CCR4Ra4iTsIDSbKSaBBHOVxIbrKca8PUj4Qdt3mLoj43QqE1V3kCKK
P6cV31yUdr7gLHgqv/aN2LWQrMapKcaIEjOkWYtZT1pihjjKWxoAU2TjrP5OnYjL
nIEKGmJMkTw4Mqmd/ntUrFBefOfF5BkxzdCmEBpLL7bE/aE7UDkvLzm7aYnWKLMx
JUmEsLv5a8LVqcF6tXE8Ai9f9CT8fbUx/NlwglpHz7cwZZYhoSTt6xQYdKQviyes
fUMKupxTY2jTrEB8h5tj7u5dx7hdhkTVTGf2ar/gIrfZEUjZtQOSGi6IQUPUkhnV
kdYUspV7jsRUULd2DbChmsjoKkNK9JD9R16+9lCfU/S+1JFdC5fgycvpHT0sEXmr
4BfQULfw8WKMChcm0ui/QXoG39mONGvtV1V0myMShegDV5zoI2rhSj8D7ADZlwJM
FvqmBXTr7Rs/hXfYASI8v87qqdC4qrqXFkGbItOrFK1yhv6U8d+D6gpx4nLCqP+c
/MWGIh0bLiioazZd3rk1AmkpZvzWLjdUFs89hi0Jd7yq9O4s5Yzk1dSFIIfbMiOk
ECBMzFKLX+LyPgBfswiD1dfk3pHY/oGaqsv9Mz0PfAvGtZUsSvV2Pifv7NR31yRi
GThczLkCAQRW/A3IAQ+gvvyN4pjNJUY8nn79o+d2AkjnpOIS8fvSESg52ayVpmef
UbZOKtsG2si1pSeT8AYz4nU/Ymp5lZ1zuefm9+IiUP7XYQUsMBycxMZdVeEgSnhh
GmDU5VuAKTh3t960zeYfucayseXxYTlzY8XPgog7hT5g4zLPXFEjNwy1zCdczolV
NE+hJ6pYpCdfV1PT4O9E/DC+/N8dynwqO66b3Bn7Yt3SDnCGfqpeodPdG0PSnd98
L0BSPhfAtrn6CXA0pOn6FzOn6B58i65+kx9/bw90H96flB7b00StxPFUoFtv7sDX
bIEzQLlxwyO6+BYk+5xk7Zbvs8CsxX8EBl1+a5HxmgZ5y/HBCoNYltaiTnrWVAOD
3CkiUAKEfqs5M/HqJvJeTo1D5Y7PHFgXNrTInjQsewfVDqFW68IWUd8o1njuQoo1
xqFEyxIYBliGxScLyeYzauIuPUHrBpOglxxZmhub8EUmg+wm9XIztDsPp8SP5Hsl
aR/5WVk9QgRIoEcVeIYRM55uxrWscud32s4q7akLr9RLHO5ShtvaIPw19AisWDH6
XNb1RHWPpBcJSevRElbssjhG9q70bZqeUAp7IulOsHJZb6UtDkp1tQfZKzCqTL06
ugFqG4lcXM7KsXbMiXqDVarhmyNuy6SH2JdoZ2TGVJ6EeVkAEQEAAYkEJgQYAQIA
CQUCVvwNyAIbAgIdCRARhrUTafwhnsFRIAQZAQIABgUCVvwNyAAKCRA8WmNf7iEM
JfURD59H7IPeCL8LxAKeBK47wA0cslYtOdalyk20klKoSBAYTZothWPpjaAfrRWn
uZNFRgWKFPaHpy7LsZoNHaJFCWRYrKasyjpqXqzB67enIFWr/l9TfxhCP8kQFz6/
prfzG2EgzeEIroW/AALzW3IVeV5U7rNVG/ndf7Gd4Bt2AQIPoBuQ9glq+zsKCJtI
CvauHt3oSRA1kmzz5Eiu0DUpK1bITYF+Ry474z1h/5GrHvHvBM9jngCwEbzKgO5Z
3CSnOjIrp7zfECHC+W/vRP+WyLdKdtmYvKFMiq3G+qUz91BMvp08cWJwChHOFY+X
YFHIryUCdxrLPVjHcTJMQWPOfEZZjUlmU8OZDCpeDXSUWqq6i2PHBQYJq8q/1hQW
z2904YAyOkII53LHDros47jN9Y0KGG4mvIevJ4TXDbdDKqAZAHL/vlzrlhBTbM19
04WZLa7RuLPng4aY8bYkTS8h3ui+Z5mz6gqrKw2nqphuZMwJajoRURB0ZqOni55l
8NBTHygJuELKDZT8z4El70RmjI3sV5YWCjLYPue21/Wtuwb/UuHafCq8fckthvC0
q4bX90giQPNR7q5VNSW+uGAWNs0b92E61Tj1wlTODaAIzocHpXcqQNy4aPZFCh6h
wjEdbaNjNf6Ql7iyvMcoXyZYPHCPxAXWyonuD6Diu9VzWneQfdsH4IgLr2ZRuNn2
2ZPEDedlTzRJ1GjHIl760J68YFIihZ8zm6TxiQOziD0n/4LvJxwCgho0qwNaO/ay
aG5RIOFKhR6ohUYfm8ovM32AqgwLp8SGtHta8r/dzWRLSTzvSq2UgauuRE6O2xfm
jwPf5+oEgALHCtBTZ5JbCdUHle5XqsJAv+7NB6uWuOwYLZEQXpKVfgYtN0IuVK4h
hnPJy+vTxgoMItrFBTOEwZ8MwE1XWAAbcPznhK7k28lQ7OUjqGQ3l4m+rBQ780bg
xjUzczWMEwf9GB+8uEFqCCa+h2YSeISW+GdnhY4uMsgLOqiNL1nHcyNZ7kfiZ63+
bB1VutC+B0WKdtp5XPOSgUwsFUCD+Vs/CcUwtJpjG0qWQR2Km8fhNF844odZhcjN
ZRW18Ie7aX0vxpvL3nbDmM/I7L7yjA9PIoqfcSAUS0Fms8NI60FPRmX7E8PrkIyB
zxAbNPeSzFmskyWS+1KyppaZoDzx3s8FqtAi4fdjGrFmjVma5soVf3JQdWMeFLIc
/uCHnDpGHZe5mg91pGqRqayAgA1mS/6klz5A0e+cysgpwqdXjbDtld2d6sUJAkV1
8d9TgAKx4tvS3zGkvRuGACpX5c/1YD0JnX5l2EQLCIjJEbY2vAM0ThN/nO1QJs5H
XbkCAQRW/Do/AQ+gx9YCzYW91fkwMlXAEB2W254RCDX2qSbmVXoFsX4FjmDUH0iP
od3y3w/nTw6Zd/GsuFNRwxr7eA6YToQJa9IfwZsnqdbN13J79K/d/eEesFkCZbGj
ngjHJe1eNVwBMCxyWzMgsb8g33FcO4Mzvh7++KWL0NnaAyk5WaN59wx49NpsSGV6
sFQPEwP0xVufBny23Seua2MsRyj6rsdqsymXTdp7oB4wgjO2aUiX/siH/P0GM8s+
8SYYxhhCUog5gQfktlN/wRy7XZyUFcTCSxNhoB4peOB6BrKz7yGyS1bgqEci9pk7
8XPgvj7LaPOIkZ+nMualcX8e+3Yzb7Fc1vs/DkfTABlocMW2TjhyWnMECe3Wz+Sl
qadoZlzSZydo+IJufaDBBsWgw8zc1gVlp9Sw3QiMDgYxtTTqmiEh8gaGM2wDwUl5
hxCzdMEpFxcvqcA3yWq/42fSrPoAIz+pAtQOWi8rTjoWVx0x5nxxOgLVfrNF0CSb
HdwXE6n5ujuE9JIIGM8fZ90JGLBPyHUmwIP/cJBjC/L3O3epMNgUHP6S3znrdHAi
GjLVtrHHokQ9SIoCE9avAoFZTRq0WuXcQCB/O19sPgcZihSpaLl27k0Mcux6Nawq
xryKY0xb344Tee/vnXnlvMJi0lmhD3yGxH5iSlc9LMcAEQEAAYkCEwQYAQoACQUC
Vvw6PwIbDAAKCRARhrUTafwhnsJpD6CBfhfmP5zOYdutoJwbP4Ufnmr+WrZd91vI
7bSLkJVonUMkuJrFRgts5O6jmmrLq/GWNTwGRvCG1MVIlplg/Py2yWnY0fsnvXxR
4qQTntAHBR4r4DmF+Pt32Ab4Vg5fC2XgYtcxOwKYNRZfXhwDyDtwOpG+TC9+at38
IcsVUK4r7nMrUjuJVy5lnm/KCQU6LHK/R4KH2C7uEOmGT/yRimexxLqFIgW2VVyu
RvJedT03CY4MGlFfgbDEI8Ciw3RPRSDaShFR/Vj9jdP4sEAIcGn27WhRPfLgAKIl
CKI0FaNv7t3onrENe6aB/Xbo5UtLavH2OCqwduhnWiv5QOUhI7B82I92xoWhLxcG
Oxvxqdnoz9LfDKoPMzxDEJqZShTmOOuTjCsfWU5YaQX4AKRcQxVhuSfOp4H1mL9M
o1cvpljl+fU00BqLDA8py2Fm6I8IhpihJNA5GaNYHYYfKR9tfccaOaR9GKHTjRJR
cvfscE2o5EoYx+5X7a+4+Eb+NE4F1zcKEt3gyjLCgFvQeoHj5rve7ZtEcbKlXEbF
hsmQboln+jSU6sJqNv6CTx2FEM9CFJtAoQjPCu3TPny6NH2+JSLOfe6S9tRCfET0
C8AHAbPC0Z6az6YtF1lPD7mU+c+6maFofpUMf/aYccm5XBZWMBqjHMOzsrkCAQRW
/DrnAQ+gnmDOs37dnmYVwmgZrvgYJGvzf/CP1Lwy+AhAkaq98AfyvW/7WKbaZIS5
ZNqEawrbbhKSsDqKBRowuuLFGngieuqhh5ZFS04IUzGsX1armDwRsnDa/D4+iHB1
GySJ4S1nD5dyFgyIlcCUSWX0gBzxtBX7fxgVbaKDiGZRDMI2pttY/7WBct71nRKq
fxQ+4Er2lZXP/yOMnihM7XPTiRoYJTI1wR7bRkt+JyRAWNzUrE+t9R2Ks3P9HD6v
ZtHgqxbw9Xif43cnzhT6l23niVY5FJ0J58e0C14MsFQF3sUXqj/1GJvVMYRSTEbn
SAcyVYMB24bX3zpoxbtoF/Oc2/Q6uUsuKb8hZDIYRl7VjvyyjfEk8RycAHBfFoQ6
syYlWQdIK69H7jhVsbEg5N4iVEFfqxYsYE8vMncZie1GoGjUOHAkmyW5HZRGP3Eo
2UJ7GTEe4cGxumpZa44U+2SntC5Ll/7cTh6Kq6p12ftqsFMxx2gct0/HaQZRgFRJ
FiJDFjzn8+HZCDwr7QuO4sWaqDRaBlvzcXNgrbhdYOdUG19flbWqsdpbtGaBzQUG
CaTltwO5a7ZXI+ThVdGxzfFg5h3td9N1T02skTHjPoWTn8Ro/qD28um6zcPDqFMC
pNP/jhddyJxImXOtBDYG9vDQH+386/9s3CkAEQEAAYkCEwQYAQoACQUCVvw65wIb
IAAKCRARhrUTafwhnnZSD594OQKgZRGmkY+uRsehxbxFREx42C6KgEUIw0RacFdd
A3/qr57ECojl9hKyjj8T6n/NVniBruLCUc1t9dRdaxX2aB/LoQJ1OkzInJEOQVsE
4IDolh+PTkwYTZhIZVpvweAPSFBv4Bffb58Hc4g8qn1TLU0SZj61kDvYcWGqkInD
dlxfZsDdye2pRt8AtNzrZqnvW4Ynn1IOFEyVj42p6lilAEU2EZEtA+bKQM1AQqp/
QIcnQeFXn6nVQXKCjeH9TXW2MASTyuKoLXfqAYzsBawrB41mJYwJhoTMG3awom4l
FHLtWGI4f2oSbnVbX0LfadEDr+jxZgRwDTkMVv07lK+cjo5gQL51Ibh/pk11CERG
+Ar/KdHWgb990G0VyFIPlvsw/gU3GeCRmJCKt3XkfC/Tw9JOLtdym6FKEBjzvHv6
JSXJI5VoIlX3pRIyF31L5S0N4MMV34AfvbU8hTpu0IvgfJ2m6/o/7qMagCxzcXoP
dAe7GhCfqXS+W72ZxnDcikgAnpNJV14RAnd3syor+iCam3AmKN13Uuz0jAnv6h/z
K1KOhofmVK/1tkpbjXJHiuZis1Zg29oEwpAtjqUxdZ2mccmwBIdLK+SbqLfZ6Jhx
G5EoGgpY1bKEppSqHdpBoCC9oq48RZYNKV77uDjWoqPh+9XPOg==
=X3pc
-----END PGP PUBLIC KEY BLOCK-----
Loading

0 comments on commit 81ab615

Please sign in to comment.