Librem 13v4/15v4 use Kabylake SoC, have different set of blobs
required from Skylake-based v3 boards.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability.
flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
This changes Heads' bootscript for the x230 to gui-init and adds config
options needed for it. The config is very similar to the librem13v2 config.
My comparison of startup-time from a power-button press shows 2.5 seconds
more with these changes applied.
That said, the experience is smooth, the GUI is beautiful and easier to use
than the shell and text menu, especially during setup. That's what we
buy with startup time here.
.ash_history: add examples to generate keys and otrust in rom
flash-gui: export otrust and import it in rom
key-init: import otrust.txt if present to supress warning about user public key being untrusted
gpg2 needs GPG_TTY set to function properly. We set it in /init so it
is inherited by all children. The call to $(tty) must be after /dev and
(preferably) /dev/pts are mounted.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Launchpad offers HTTPS downloads, whereas other more obvious mirrors
(like the one used originally, as well as rpm5.org) do not.
Note: it is unclear to whether Launchpad's tarballs will always match
the checksum from upstream tarballs. However, at least for 1.16, this
condition does indeed seem to hold true. Homebrew, FWIW, lists OpenBSD
as a mirror:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/popt.rb
The new URL automatically redirects to a nearby, current GNU mirror.
Also, the fact that it's HTTPS helps with restrictive outbound
firewall policies that disallow plaintext traffic (for example,
using Qubes' firewall functionality).
There are cases when grepping for an option in the config file where
grep will not find it, which is fine in this case, but without adjusting
the exit code in that case it can make an entire script bail out.
