setup: Adjust to work with GnuPG 2.2

1 files changed, 19 insertions, 3 deletions

diff --git a/.local/bin/setup b/.local/bin/setup
index 09ce159..b3e04c2 100755
--- a/.local/bin/setup
+++ b/.local/bin/setup
@@ -21,7 +21,7 @@ all: \
 	$(HOME)/.local/bin/autobuild \
 	$(HOME)/.ssh/id_rsa \
 	$(HOME)/.ssh/id_rsa.pub \
-	$(HOME)/.gnupg/secring.gpg \
+	$(HOME)/.gnupg/private-keys-v1.d \
 	$(HOME)/packages/abslibre \
 	$(dirs)
 
@@ -31,7 +31,21 @@ $(HOME)/.local/bin/autobuild: %: %.c
 $(HOME)/.ssh/id_% $(HOME)/.ssh/id_%.pub:
 	ssh-keygen -N '' -f $(@D)/id_$*
 
-$(HOME)/.gnupg/secring.gpg: | $(HOME)/.config/git/config
+# We really don't want gpg `agent-socket` to be
+# `${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent` if `$(HOME) != $(shell echo
+# ~$(USER))`.  So just adjust XDG_RUNTIME_DIR, right?  Nope!  GnuPG
+# 2.2 willfully ignores XDG_RUNTIME_DIR and instead hard-codes the
+# value that systemd sets XDG_RUNTIME_DIR to.
+#
+# However, if `$(GNUPGHOME) != $(HOME)/.gnupg`, then GnuPG will
+# instead set `agent-socket` it to
+# `${XDG_RUNTIME_DIR}/gnupg/d.XXXXXXXXXXXXXXXXXXXXXXXX/S.gpg-agent`
+# where XXX is a hash of GNUPGHOME.  Perfect!  This is actually really
+# robust behavior, that it should probably use all the time.
+# Unfortunately, we need to set HOME to some BS value to trigger it.
+#
+# GnuPG: Broken by default™
+$(HOME)/.gnupg/private-keys-v1.d: | $(HOME)/.config/git/config
 	chmod 700 $(@D)
 	printf '%s\n' \
 		'Key-Type: default' \
@@ -39,7 +53,9 @@ $(HOME)/.gnupg/secring.gpg: | $(HOME)/.config/git/config
 		"Name-Real: $$(git config user.name)" \
 		"Name-Email: $$(git config user.email)" \
 		'Expire-Date: 0' \
-	| gpg --gen-key --batch
+		'%no-protection' \
+		'%commit' \
+	| HOME=/var/empty GNUPGHOME=$(HOME)/.gnupg gpg --gen-key --batch
 
 $(HOME)/packages/abslibre:
 	createworkdir