From 09aef5131eb9322b60a79976562c0c45e6822bbf Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 28 Aug 2024 18:59:51 +0100
Subject: [PATCH] fix(profile): gpg key generation.

---
 apparmor.d/groups/gpg/gpg       |  2 ++
 apparmor.d/groups/gpg/gpg-agent | 20 ++++++++++----------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg
index b549f147..a4f2a11e 100644
--- a/apparmor.d/groups/gpg/gpg
+++ b/apparmor.d/groups/gpg/gpg
@@ -28,6 +28,8 @@ profile gpg @{exec_path} {
   @{bin}/gpgsm             rPx,
   @{lib}/{,gnupg/}scdaemon rPx,
 
+  /usr/share/terminfo/** r,
+
   /etc/inputrc r,
 
   owner @{HOME}/@{XDG_GPG_DIR}/ rw,
diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent
index f7580a8a..d9732796 100644
--- a/apparmor.d/groups/gpg/gpg-agent
+++ b/apparmor.d/groups/gpg/gpg-agent
@@ -24,37 +24,37 @@ profile gpg-agent @{exec_path} {
   /usr/share/gnupg/* r,
 
   owner @{HOME}/@{XDG_GPG_DIR}/ rw,
-  owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r,
+  owner @{HOME}/@{XDG_GPG_DIR}/*.conf r,
   owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
-  owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key rw,
+  owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key{,.tmp} rw,
   owner @{HOME}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{HOME}/@{XDG_GPG_DIR}/sshcontrol r,
 
   owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/ rw,
-  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/gpg-agent.conf r,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/*.conf r,
   owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
-  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key rw,
+  owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/private-keys-v1.d/@{hex}.key{,.tmp} rw,
   owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
 
   owner @{user_projects_dirs}/**/{.,}gnupg/ rw,
-  owner @{user_projects_dirs}/**/{.,}gnupg/gpg-agent.conf r,
+  owner @{user_projects_dirs}/**/{.,}gnupg/*.conf r,
   owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/ rw,
-  owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key rw,
+  owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key{,.tmp} rw,
   owner @{user_projects_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{user_projects_dirs}/**/{.,}gnupg/sshcontrol r,
 
   owner @{run}/user/@{uid}/gnupg/ rw,
-  owner @{run}/user/@{uid}/gnupg/gpg-agent.conf r,
+  owner @{run}/user/@{uid}/gnupg/*.conf r,
   owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/ rw,
-  owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key rw,
+  owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key{,.tmp} rw,
   owner @{run}/user/@{uid}/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{run}/user/@{uid}/gnupg/sshcontrol r,
 
   owner @{user_tmp_dirs}/**/{.,}gnupg/ rw,
-  owner @{user_tmp_dirs}/**/{.,}gnupg/gpg-agent.conf r,
+  owner @{user_tmp_dirs}/**/{.,}gnupg/*.conf r,
   owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/ rw,
-  owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key rw,
+  owner @{user_tmp_dirs}/**/{.,}gnupg/private-keys-v1.d/@{hex}.key{,.tmp} rw,
   owner @{user_tmp_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
   owner @{user_tmp_dirs}/**/{.,}gnupg/sshcontrol r,