This was originally a blog post
It may read differently from other build logs for that reason
Two posts in one day, this has to be a record for me.
So for this post to make sense it requires two bits of background knowledge
- This site is made using a static site generator using Hugo
- I wrote a post a few days ago called Encryption which can be found here
With that out of the way, I can explain the issue I am having, and why I may finally have to bite the bullet and learn a tiny amount of web development.
I want to start ending my posts with a PGP signature, and I don’t know an elegant way to do this that doesn’t sacrifice function. In an ideal world, I want the following things to happen
Public key automation
I store my public key on Keybase so it is easy for normies to find it and use it. This key is more or less constantly kept up to date because of how the key base is, and because of that I want the public key on my site to not be static - I want it to be pulled directly from the key base
There is a way for me to do this which is a bit hacky, but possible. This site is hosted on GitHub, so I could write a GitHub automation that every 24 hours pulls the key base key, and cross-references it against the key on the site. If they are different then update it. This theoretically should be a fairly simple Python script that I could write in an afternoon - so that clears that up.
An easier option would be to make it a sidebar link that takes you directly to the key base but… no
Sig append
I want to make it so that every file on the site links to a raw file, that shows the full signed post.
For example, if the post only said “This is a post signed by me - eddiequinn” then the raw file would say
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
this is a message signed by me - eddiequinn
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWQTd1MwJCH3DFDZ0DiAAR72//sIFAmRXvT4ACgkQDiAAR72/
/sJ+Ow/9F9Uf8kYyROgDgG1pMVTcMNrCUmqozuzJNPObMeMPe0Xr8TEMnaahlLES
2XvPQp6lKjE6deLNaf7RJTlYor6hL5VCYT8JFxT0Y3T+benYd502nqJX8LewjRoY
BusT1TJ8wHsAGOWoUGPh5lGjV1ab2HDkxkOWXtTY17mxbkZ0anBLuNanoApzH2Pf
qL1eF/mMsrX1YYKkkpswDE/M+4YsdOi29dYpSZyTPn4+mC9bUFcpvDKS/V5AS9gF
HVw5VDBHpUGxvlYbZy6R2HAgnx03Tm4CTdwLj6Ou9H7vAuFQeX+qVeIlD/9S2cON
kYQXbNR44hPAFYeQYIStz7A3lJVhja2p70iP4Kse1lO/GarLWb2C1h9NLPQ3zdMf
jc65ni/EukU8aBITwUW+r49y+nFlyZxyae/ot4oQ2z1zP949ITRVWCZVnCncmi+8
4LjjZh4I8dFY11VCnco7ddrCFGnEJHSCTF4cgEx3dAtYm5cMfCS/aMy5JyRY4Vh+
do4l7xtfu0vBWTH3JRxQ9VddzXybidKj21DHJmZd0yktRzwZ2OtNt9noaiqZKzTF
qC2nWHRDqvSVsRDXj/SM92cNYhc9DeFLzN0HHvxXEf8GnHb/EVfubjLQbQMm5hIz
hEt4IPg/VXQ4eihib0DrZqG18c8DU4DzNwgmQF3T/vTcvK0MwR0=
=hJ13
-----END PGP SIGNATURE-----
I think automation may once again be the answer. I have stored my website across multiple reports for a while
- my-blog (parent repo)
- blog posts (just the blog posts)
- eddiequinn.github.io (the actual repo that holds the static files)
- site-theme (A modified version of the Cupper hugo theme)
For a while, I have been considering making a workflow that once a week will rebuild the public files. Again these are all hosted on GitHub so it wouldn’t be that hard, the program when triggered would just have to
- Clone the
my-blogrepo and recurse the submodules - run the command
hugo -t site-themeto remake the public files - Commit and push this up to the public files repo
If I did this, I could accommodate the raw files issue with some slight modifications
- I would create a hidden directory on the server that mimics the layout of the post, but just for the raw signed signatures
- Create a git hook that does two things: Adds a link to the signed post it is about to create to the end of the post, and then creates a plaintext signed version of the post and places it into the sig directory
Conclusion
I won’t be signing my posts for the time being, however, when I get around to bringing these changes in then all posts will be signed.