-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ``` This was originally a blog post It may read differently from other build logs for that reason ``` Two posts in one day, this has to be a record for me. So for this post to make sense it requires two bits of background knowledge 1) This site is made using a static site generator using Hugo 2) I wrote a post a few days ago called Encryption which can be found [here](https://eddiequinn.xyz/posts/2023/april/encryption/) With that out of the way, I can explain the issue I am having, and why I may finally have to bite the bullet and learn a tiny amount of web development. I want to start ending my posts with a PGP signature, and I don't know an elegant way to do this that doesn't sacrifice function. In an ideal world, I want the following things to happen ## Public key automation I store my public key on Keybase so it is easy for normies to find it and use it. This key is more or less constantly kept up to date because of how the key base is, and because of that I want the public key on my site to not be static - I want it to be pulled directly from the key base There is a way for me to do this which is a bit hacky, but possible. This site is hosted on GitHub, so I could write a GitHub automation that every 24 hours pulls the key base key, and cross-references it against the key on the site. If they are different then update it. This theoretically should be a fairly simple Python script that I could write in an afternoon - so that clears that up. An easier option would be to make it a sidebar link that takes you directly to the key base but... no ## Sig append I want to make it so that every file on the site links to a raw file, that shows the full signed post. For example, if the post only said "This is a post signed by me - eddiequinn" then the raw file would say ``` - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 this is a message signed by me - eddiequinn - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWQTd1MwJCH3DFDZ0DiAAR72//sIFAmRXvT4ACgkQDiAAR72/ /sJ+Ow/9F9Uf8kYyROgDgG1pMVTcMNrCUmqozuzJNPObMeMPe0Xr8TEMnaahlLES 2XvPQp6lKjE6deLNaf7RJTlYor6hL5VCYT8JFxT0Y3T+benYd502nqJX8LewjRoY BusT1TJ8wHsAGOWoUGPh5lGjV1ab2HDkxkOWXtTY17mxbkZ0anBLuNanoApzH2Pf qL1eF/mMsrX1YYKkkpswDE/M+4YsdOi29dYpSZyTPn4+mC9bUFcpvDKS/V5AS9gF HVw5VDBHpUGxvlYbZy6R2HAgnx03Tm4CTdwLj6Ou9H7vAuFQeX+qVeIlD/9S2cON kYQXbNR44hPAFYeQYIStz7A3lJVhja2p70iP4Kse1lO/GarLWb2C1h9NLPQ3zdMf jc65ni/EukU8aBITwUW+r49y+nFlyZxyae/ot4oQ2z1zP949ITRVWCZVnCncmi+8 4LjjZh4I8dFY11VCnco7ddrCFGnEJHSCTF4cgEx3dAtYm5cMfCS/aMy5JyRY4Vh+ do4l7xtfu0vBWTH3JRxQ9VddzXybidKj21DHJmZd0yktRzwZ2OtNt9noaiqZKzTF qC2nWHRDqvSVsRDXj/SM92cNYhc9DeFLzN0HHvxXEf8GnHb/EVfubjLQbQMm5hIz hEt4IPg/VXQ4eihib0DrZqG18c8DU4DzNwgmQF3T/vTcvK0MwR0= =hJ13 - -----END PGP SIGNATURE----- ``` I think automation may once again be the answer. I have stored my website across multiple reports for a while - - my-blog (parent repo) - - blog posts (just the blog posts) - - eddiequinn.github.io (the actual repo that holds the static files) - - site-theme (A modified version of the Cupper hugo theme) For a while, I have been considering making a workflow that once a week will rebuild the public files. Again these are all hosted on GitHub so it wouldn't be that hard, the program when triggered would just have to 1) Clone the `my-blog` repo and recurse the submodules 2) run the command `hugo -t site-theme` to remake the public files 3) Commit and push this up to the public files repo If I did this, I could accommodate the raw files issue with some slight modifications - - I would create a hidden directory on the server that mimics the layout of the post, but just for the raw signed signatures - - Create a git hook that does two things: Adds a link to the signed post it is about to create to the end of the post, and then creates a plaintext signed version of the post and places it into the sig directory ## Conclusion I won't be signing my posts for the time being, however, when I get around to bringing these changes in then all posts will be signed. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEVR2DXk8VSeBYxT6vvUo0nUeoF5wFAmVZTOIACgkQvUo0nUeo F5x7bBAArn/6aZFcmNycDJH7TSio1NGFQ0Kn5gCAyDLAe3dD60x6ySVFJ1hyR4bk XZMZdN5XcmLIEymsEq7u/9ODd4PfljUA0VwDWaKoHxPy7w35iuajKnFdOiD/TPCb 2bFf46/jHeSKlLJaBhwenpYF070X27fYKODfWp3lVYq1b9wGkFJVSD0Z06/B55mS YG1S5WJxTf83Y9P8bS0njidj8xZDzQRaeesjAAqOdRtkswtV02sVOCZFB9fIU/Fq VyNZkqZVD7+ucbp6JCOjR8S/YfeB4aPn5q7oxPumuLCq5wmK7uSUuFKAJ/+OJVYO VPpcCA9Z6vDsL73U0pXiG2puvkC+Ef18cq1qBhc0T/PcKA6my0is2O7QRhjR1Oi0 tBtqjfS2dYVBo+yPDfBldjaEVUyUB7Fuuo4nXOyVgklqn+Hmdlx98bPhjyWKMXSo peb0x80jm3dUamrKmkd8n8919EG+YQh3i3Fyz5FVMm3/DzLlniuKl6vf0+FopnOl Grz1K0GABx14qCAOMuxFNWuiCNWhgmcrJdYLJR5i/25Oee0hEo8+iD8h0opl2FO2 jdYN7tvtjL/4RO8PgoZfFnvuSxr3BupwHueve7vd+/YfLLLyfe1+6wDNMiJm21Ta jb0fkhmhTA75PGkePdOaoFoTwEYQpzekXw9Z7SuqAry5yj9tIas= =6//X -----END PGP SIGNATURE-----