Blackbox: Difference between revisions
Jump to navigation
Jump to search
(Created page with " == Import keyring == gpg2 --keyring keyrings/live/pubring.kbx --export | gpg2 --import or gpg --keyring .blackbox/pubring.kbx --export | gpg --import GPG=gpg2 blackbox_update_all_files ref: https://github.com/StackExchange/blackbox/issues/184 == Trust all keys == <pre> # The "-E" makes this work with both GNU sed and OS X sed gpg --list-keys --fingerprint --with-colons | sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' | gpg --import-ownertrust </pre>...") |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Blackbox == | |||
https://github.com/StackExchange/blackbox | |||
== Installation == | |||
# git clone ssh://git@github.com/StackExchange/blackbox | |||
git clone https://github.com/StackExchange/blackbox | |||
cd blackbox | |||
sudo make copy-install | |||
Installs to /usr/local/bin | |||
== Import keyring == | == Import keyring == | ||
| Line 29: | Line 41: | ||
gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust | gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust | ||
Trust last added key: | |||
<pre> | <pre> | ||
gpg --list-keys --fingerprint \ | gpg --list-keys --fingerprint \ | ||
| Line 34: | Line 47: | ||
| tail -1 \ | | tail -1 \ | ||
| tr -d ' ' \ | | tr -d ' ' \ | ||
| awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \ | |||
| gpg --import-ownertrust | |||
</pre> | |||
Trust all key: (my version of the above) | |||
<pre> | |||
gpg --list-keys --fingerprint \ | |||
| grep ^pub -A 1 \ | |||
| grep -v "^pub" \ | |||
| grep -v "^--" \ | |||
| sed 's/ //g' \ | |||
| awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \ | | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \ | ||
| gpg --import-ownertrust | | gpg --import-ownertrust | ||
| Line 39: | Line 63: | ||
ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key | ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key | ||
== Email with multiple keys == | |||
<pre> | |||
My team has found a workaround for now with this issue. We are putting the key ID in the admin file, and putting a comment on the same line with the user email. | |||
Example: | |||
ABC12345 # admin@admin.com | |||
</pre> | |||
ref: https://github.com/StackExchange/blackbox/issues/199 | |||
== Importing gpg == | |||
To trust your fellow admin: | |||
gpg --edit-keys [ID] | |||
lsign | |||
save | |||
== blackbox_check == | |||
/usr/local/bin/blackbox_check | |||
<pre> | |||
#!/bin/bash | |||
echo "== Checking Blackbox Files ==" | |||
blackbox_list_files | while IFS= read -r line ; do | |||
if [ ! -e ${line}.gpg ] ; then | |||
echo "MISSING: ${line}" | |||
fi | |||
done | |||
</pre> | |||
/usr/local/bin/blackbox_check_reverse | |||
<pre> | |||
#!/bin/bash | |||
if [ "$1" == "debug" ] ; then debug=true ; else debug=false ; fi | |||
echo "== Checking Files against Blackbox ==" | |||
echo "=== MISSING GPG FILES FROM BLACKBOX ===" | |||
tmp=`mktemp` | |||
blackbox_list_files>$tmp | |||
find . -iname "*gpg" -printf "%P\n" | while IFS= read -r line ; do | |||
filename=`echo $line | sed 's/.gpg$//'` | |||
grep $filename $tmp > null | |||
if [ $? -ne 0 ] ; then | |||
echo "$line" | |||
else | |||
if $debug ; then echo "OK: $line" ; fi | |||
fi | |||
done | |||
rm -f $tmp | |||
</pre> | |||
== keywords == | |||
Latest revision as of 03:10, 14 January 2026
Blackbox
https://github.com/StackExchange/blackbox
Installation
# git clone ssh://git@github.com/StackExchange/blackbox git clone https://github.com/StackExchange/blackbox cd blackbox sudo make copy-install
Installs to /usr/local/bin
Import keyring
gpg2 --keyring keyrings/live/pubring.kbx --export | gpg2 --import
or
gpg --keyring .blackbox/pubring.kbx --export | gpg --import
GPG=gpg2 blackbox_update_all_files
ref: https://github.com/StackExchange/blackbox/issues/184
Trust all keys
# The "-E" makes this work with both GNU sed and OS X sed gpg --list-keys --fingerprint --with-colons | sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' | gpg --import-ownertrust
gpg --export-ownertrust | sed 's/:.*/:5:/' | gpg --import-ownertrust
echo -e "5\ny\n" | gpg --homedir . --command-fd 0 --expert --edit-key user@exaple.com trust;
gpg --import <user-id.keyfile>
fpr=`gpg --with-colons --fingerprint <user-id> |awk -F: '$1 == "fpr" {print$10; exit}'`
gpg --export-ownertrust && echo $fpr:6: |gpg --import-ownertrust
Trust last added key:
gpg --list-keys --fingerprint \
| grep ^pub -A 1 \
| tail -1 \
| tr -d ' ' \
| awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
| gpg --import-ownertrust
Trust all key: (my version of the above)
gpg --list-keys --fingerprint \
| grep ^pub -A 1 \
| grep -v "^pub" \
| grep -v "^--" \
| sed 's/ //g' \
| awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \
| gpg --import-ownertrust
ref: https://stackoverflow.com/questions/13116457/how-to-make-auto-trust-gpg-public-key
Email with multiple keys
My team has found a workaround for now with this issue. We are putting the key ID in the admin file, and putting a comment on the same line with the user email. Example: ABC12345 # admin@admin.com
ref: https://github.com/StackExchange/blackbox/issues/199
Importing gpg
To trust your fellow admin:
gpg --edit-keys [ID] lsign save
blackbox_check
/usr/local/bin/blackbox_check
#!/bin/bash
echo "== Checking Blackbox Files =="
blackbox_list_files | while IFS= read -r line ; do
if [ ! -e ${line}.gpg ] ; then
echo "MISSING: ${line}"
fi
done
/usr/local/bin/blackbox_check_reverse
#!/bin/bash
if [ "$1" == "debug" ] ; then debug=true ; else debug=false ; fi
echo "== Checking Files against Blackbox =="
echo "=== MISSING GPG FILES FROM BLACKBOX ==="
tmp=`mktemp`
blackbox_list_files>$tmp
find . -iname "*gpg" -printf "%P\n" | while IFS= read -r line ; do
filename=`echo $line | sed 's/.gpg$//'`
grep $filename $tmp > null
if [ $? -ne 0 ] ; then
echo "$line"
else
if $debug ; then echo "OK: $line" ; fi
fi
done
rm -f $tmp