blob: 392df7424748292df65a7a30404e8862f929860f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# Gentoo-keys configuration file
#
[base]
# keyserver: server to use to obtain the keys from
keyserver: pool.sks-keyservers.net
#Days limit for keys nearing expiry
#days_limit = 30
# gkeysdir: Base directory to use as the path prefix to use
# for the gkey directories, keyring settings
# eg: '/' for root if absolute paths are used
# for sub-directories, keyrings
# eg: /var/lib/gentoo/gkeys if using relative paths
gkeysdir: /var/lib/gentoo/gkeys
# default user home directory
# normally set by expanding ~
# uncomment and edit for a custom location
#homedir:
# user gkey directory
user-dir = %(homedir)s/gkeys-user
#Template directory
template_path = /usr/share/gkeys/templates
# base keyring dir
keyring: %(gkeysdir)s/keyrings
# The default keyring, nick to use
# for verification if not specified
verify-keyring: gentoo
verify-nick: gkeys
# Base directory to use as the path prefix to use
# for the signing capable keyrings, keyring settings
# eg: '/' for root if absolute paths are used for homedir, keyring
# eg: %(gkeysdir)s if using relative paths
sign-keydir: %(keyring)s/sign
# seedsdir: base directory for all seed files
# used when searching all seed files.
seedsdir: %(gkeysdir)s/seeds
# logfile directory
#logdir: %(gkeysdir)s/logs
logdir: /var/log/gkeys
[permissions]
# Permissions settings (octal)
# chmod setting (octal)
directories: 0o775
#umask setting (octal)
files: 0o022
[seeds]
# file is a json text file of: nick, name, keydir, fingerprint
# one file per line
# category = category or seedfile name
# these categories/seedfile names are used for the
# -C, --category input value validations
# eg: category: filepath
#
# If adding additional seed files,
# remember to set an appropriate [trust-model] for them below"
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
# Add sign here for ability to choose as a category
# but leave the value blank to prevent accidental changes
# this subdir directory is where you would copy your gpghome directories to
# after creating your key with gkeys-gen. Name them the same as the nick you use.
#sign:
[seedurls]
# Use the filenames as the keys.
# The will be paired to the seed file of the same name for fetching, updating
# category = category or seedfile name
# eg: category: url
gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
#sign:
# Set the trust levels
# one of {pgp|classic|direct|always|auto}
# default is "auto"
# for the gentoo and gentoo-devs keyrings set to "always"
[trust-model]
gentoo: always
gentoo-devs: always
[verify-seeds]
# mapping of the seedfile category name
# to the category-name and gpg-key keydir to use to verify the seedfile
# seedfile-name: category keydir
gentoo: gentoo gkeys
gentoo-devs: gentoo gkeys
#sign:
[sign]
# GKEY nick used for verification of seeds and other gkey files
nick =
# The home or key directory to use for signing files
keydir:
# keyring to use if not the default
#keyring:
# The key fingerprint to use for signing
key:
# the gpg signature option to use for signing
type: detach-sign
|
GitWeb