~ajhalili2006's personal website, built with Zensical (successor of Material for Mkdocs) [old repo name got bugged while attempting to do manual knot migration via repo deletion]
andreijiroh.dev
andreijiroh.dev
zensical
mkdocs-material
website
1#!/usr/bin/env bash
2# SPDX-License-Identifier: MPL-2.0
3# Helper script to cryptographically sign security.txt with GPG and SSH keys.
4
5GPG_KEY_ID="0x67BFC91B3DA12BE8"
6SSH_KEY_PATH="$HOME/.ssh/personal-2022"
7GIT_ROOT=$(git rev-parse --show-toplevel)
8
9if [ ! -f "$SSH_KEY_PATH" ]; then
10 echo "SSH key not found at $SSH_KEY_PATH"
11 exit 1
12fi
13
14# Use --clearsign for cleartext signature and --local-user for key specification
15# Output to security.txt so it can be served and signed by SSH
16gpg --local-user "$GPG_KEY_ID" --clearsign --yes \
17 --output "$GIT_ROOT/markdown/.well-known/security.txt.asc" \
18 "$GIT_ROOT/markdown/.well-known/security.txt"
19
20# ssh-keygen prompts before overwriting, so remove the old signature first
21rm -f "$GIT_ROOT/markdown/.well-known/security.txt.sig"
22ssh-keygen -Y sign -n file -f "$SSH_KEY_PATH" \
23 "$GIT_ROOT/markdown/.well-known/security.txt"