# Gentoo-keys configuration file
#

[base]

# keyserver: server to use to obtain the keys from
keyserver: pool.sks-keyservers.net


# gkeysdir: Base directory to use as the path prefix to use
# for the gkey directories, keyring settings
# eg: '/' for root if absolute paths are used
#     for sub-directories, keyrings
# eg: /var/lib/gentoo/gkeys if using relative paths
gkeysdir: /var/lib/gentoo/gkeys


# keyring: The directory where the official keyring  with the specified keys
# will be exported.
keyring: %(gkeysdir)s/keyrings


# The default keyring to use
# for verification if not specified
verify-keyring: gentoo


# Base directory to use as the path prefix to use
# for the signing capable keyrings, keyring settings
# eg: '/' for root if absolute paths are used for homedir, keyring
# eg: %(gkeysdir)s if using relative paths
sign-keydir: %(gkeysdir)s/sign


# seedsdir: The directory for all seed files
# used when searching all seed files.
seedsdir: %(gkeysdir)s/seeds


# logfile directory
logdir: /var/log/gkeys


[permissions]

# Permissions settings (octal)
# chmod setting (octal)
directories: 0o775

#umask setting (octal)
files: 0o002


[seeds]

# file is a json text file of: nick, name, keydir, fingerprint
# one file per line
# category = category or seedfile name
# these categories/seedfile nmaes are used for the
# -C, --category input value validations
# eg: category: filepath
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds


[seedurls]

# Use the filenames as the keys.
# The will be paired to the seed file of the same name for fetching, updating
gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds


[verify-seeds]

# mapping of the seedfile category name
# to the category-name and gpg-key keydir to use to verify the seedfile
# seedfile-name: category keydir
gentoo: gentoo gkeys
gentoo-devs: gentoo gkeys


[sign]

# GKEY nick used for verification of seeds and other gkey files
#nick = foo


# The home or key directory to use for signing files
#keydir: foo


# keyring to use if not the default
# keyring: bar


# The key fingerprint to use for signing
# key: 0x01234567891012345


# the gpg signature option to use for signing
# type: detach-sign