diff options
| author |  sommerfeld <[email protected]> | 2026-04-17 14:47:34 +0100 |
|---|---|---|
| committer | sommerfeld <[email protected]> | 2026-04-17 14:47:34 +0100 |
| commit | 644785859ac960c0da64016065a800bf660ffbcf (patch) | |
| tree | 503139e3804cb19c277a2179dd6d0c4ff6efa2a4 /home/.local | |
| parent | 8fadfc96e378886aa5e9d3ddf82bb7913c0cf0e4 (diff) | |
| download | dotfiles-644785859ac960c0da64016065a800bf660ffbcf.tar.gz dotfiles-644785859ac960c0da64016065a800bf660ffbcf.tar.bz2 dotfiles-644785859ac960c0da64016065a800bf660ffbcf.zip | |
refactor: revert GNUPGHOME to default ~/.gnupg
Drop custom GNUPGHOME=~/.local/share/gnupg which required 6 systemd
socket/service overrides with hardcoded directory hashes. GnuPG
periodically changes its hash algorithm on updates, silently breaking
systemd socket activation and pam-gnupg passphrase presetting.
With default GNUPGHOME, stock systemd units work out of the box.
- Move gpg.conf, gpg-agent.conf, sshcontrol to home/.gnupg/
- Delete all gpg-agent socket/service/dirmngr override dirs
- Remove GNUPGHOME from .zprofile, .pam_environment, pam-gnupg
- Remove GNUPGHOME from vdirsyncer and bridge service overrides
Diffstat (limited to 'home/.local')
| -rw-r--r-- | home/.local/share/gnupg/gpg-agent.conf | 8 | ||||
| -rw-r--r-- | home/.local/share/gnupg/gpg.conf | 11 | ||||
| -rw-r--r-- | home/.local/share/gnupg/sshcontrol | 17 |
3 files changed, 0 insertions, 36 deletions
diff --git a/home/.local/share/gnupg/gpg-agent.conf b/home/.local/share/gnupg/gpg-agent.conf deleted file mode 100644 index 0826efe..0000000 --- a/home/.local/share/gnupg/gpg-agent.conf +++ /dev/null @@ -1,8 +0,0 @@ -max-cache-ttl 60480000 -default-cache-ttl 60480000 -allow-preset-passphrase -enable-ssh-support -default-cache-ttl-ssh 60480000 -max-cache-ttl-ssh 60480000 -pinentry-program /usr/bin/pinentry-curses -allow-loopback-pinentry diff --git a/home/.local/share/gnupg/gpg.conf b/home/.local/share/gnupg/gpg.conf deleted file mode 100644 index e6672bf..0000000 --- a/home/.local/share/gnupg/gpg.conf +++ /dev/null @@ -1,11 +0,0 @@ -personal-digest-preferences SHA512 -cert-digest-algo SHA512 -default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed -personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES - -keyserver-options auto-key-retrieve - -keyid-format 0xlong -with-fingerprint - -default-key B79D F5F3 7D7F 9B0F 3902 38D5 3298 945F 717C 85F8 diff --git a/home/.local/share/gnupg/sshcontrol b/home/.local/share/gnupg/sshcontrol deleted file mode 100644 index 9197976..0000000 --- a/home/.local/share/gnupg/sshcontrol +++ /dev/null @@ -1,17 +0,0 @@ -# List of allowed ssh keys. Only keys present in this file are used -# in the SSH protocol. The ssh-add tool may add new entries to this -# file to enable them; you may also add them manually. Comment -# lines, like this one, as well as empty lines are ignored. Lines do -# have a certain length limit but this is not serious limitation as -# the format of the entries is fixed and checked by gpg-agent. A -# non-comment line starts with optional white spaces, followed by the -# keygrip of the key given as 40 hex digits, optionally followed by a -# caching TTL in seconds, and another optional field for arbitrary -# flags. Prepend the keygrip with an '!' mark to disable it. - -91191A4A6E86279A901A7D38A7512EC126518FA5 -22747ABA1B4502F186654CD84DC353B0C3BD353F -9F3FCCA0F99AE1C5D05B834F0E89C79970A7B74A -5E9259E1EFFFB85520F62A5C31C97033C1DEDBD8 -515584E3A76C03EEA4A563156882938003FBEC90 -E843F385FEEAE6CA2E1B9A67796241FDA5423CA3 |