]>
Commit | Line | Data |
---|---|---|
edaaa0c0 SW |
1 | # Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys |
2 | # Use with git with -c gpg.program='keyedgpg /path/to/keyfile.asc' | |
3 | ||
4 | { coreutils, gawk, homeless-gpg, lib, writeShellScript, }: | |
5 | keyfiles: | |
6 | writeShellScript "keyed-gpg" '' | |
7 | set -eo pipefail | |
8 | ||
9 | keyring=$(${coreutils}/bin/mktemp) | |
10 | cleanup() { ${coreutils}/bin/rm "$keyring"; } | |
11 | trap cleanup EXIT | |
12 | ${homeless-gpg} --keyring="$keyring" --import ${lib.escapeShellArgs keyfiles} | |
13 | ||
14 | trusted_key_args=() | |
15 | while read keyid;do | |
16 | trusted_key_args+=( --trusted-key "$keyid" ) | |
17 | done < <( | |
18 | ${homeless-gpg} --with-colons --show-keys ${lib.escapeShellArgs keyfiles} | | |
19 | ${gawk}/bin/awk -F: '$1 == "pub" { print $5 }') | |
20 | ||
21 | ${homeless-gpg} --keyring="$keyring" "''${trusted_key_args[@]}" "$@" | |
22 | '' | |
23 |