# Gentoo-keys configuration file
#

[base]

# keyserver: server to use to obtain the keys from
keyserver: pool.sks-keyservers.net


# gkeysdir: Base directory to use as the path prefix to use
# for the gkey directories, keyring settings
# eg: '/' for root if absolute paths are used
#     for sub-directories, keyrings
# eg: /var/lib/gentoo/gkeys if using relative paths
gkeysdir: /var/lib/gentoo/gkeys


# default user home directory
homedir: ~


# user gkey directory
user-dir = %(homedir)s/gkeys-user


# base keyring dir
keyring: %(gkeysdir)s/keyrings


# The default keyring, nick to use
# for verification if not specified
verify-keyring: gentoo
verify-nick: gkeys


# Base directory to use as the path prefix to use
# for the signing capable keyrings, keyring settings
# eg: '/' for root if absolute paths are used for homedir, keyring
# eg: %(gkeysdir)s if using relative paths
sign-keydir: %(keyring)s/sign


# seedsdir: base directory for all seed files
# used when searching all seed files.
seedsdir: %(gkeysdir)s/seeds


# logfile directory
#logdir: %(gkeysdir)s/logs
logdir: /var/log/gkeys


[permissions]

# Permissions settings (octal)
# chmod setting (octal)
directories: 0o775

#umask setting (octal)
files: 0o022


[seeds]

# file is a json text file of: nick, name, keydir, fingerprint
# one file per line
# category = category or seedfile name
# these categories/seedfile nmaes are used for the
# -C, --category input value validations
# eg: category: filepath
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds

# Add sign here for ability to choose as a category
# but leave the value blank to prevent accidental changes
# this subdir directory is where you would copy your gpghome directories to
# after creating your key with gkeys-gen. Name them the same as the nick you use.
#sign:


[seedurls]

# Use the filenames as the keys.
# The will be paired to the seed file of the same name for fetching, updating
# category = category or seedfile name
# eg: category: url
gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds

#sign:


[verify-seeds]

# mapping of the seedfile category name
# to the category-name and gpg-key keydir to use to verify the seedfile
# seedfile-name: category keydir
gentoo: gentoo gkeys
gentoo-devs: gentoo gkeys

#sign:


[sign]

# GKEY nick used for verification of seeds and other gkey files
nick =

# The home or key directory to use for signing files
keydir:

# keyring to use if not the default
#keyring:

# The key fingerprint to use for signing
key:

# the gpg signature option to use for signing
type: detach-sign