| | 1 | # Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys |
| | 2 | |
| | 3 | self: super: { |
| | 4 | keyedgit = key: |
| | 5 | let |
| | 6 | keyring = super.runCommand "keyedkeyring.gpg" {} '' |
| | 7 | export GNUPGHOME=$(mktemp -d) |
| | 8 | ${self.gnupg}/bin/gpg --no-default-keyring --keyring=$out --import ${key} |
| | 9 | ''; |
| | 10 | keyedgpg = super.symlinkJoin { |
| | 11 | name = "keyedgpg"; |
| | 12 | buildInputs = [ super.makeWrapper ]; |
| | 13 | paths = [ self.gnupg ]; |
| | 14 | postBuild = '' |
| | 15 | wrapProgram "$out/bin/gpg" \ |
| | 16 | --add-flags '--no-default-keyring --keyring=${keyring}' |
| | 17 | ''; |
| | 18 | }; |
| | 19 | in super.symlinkJoin { |
| | 20 | name = "keyedgit"; |
| | 21 | paths = [ self.git ]; |
| | 22 | buildInputs = [ super.makeWrapper ]; |
| | 23 | postBuild = '' |
| | 24 | wrapProgram "$out/bin/git" \ |
| | 25 | --add-flags '-c gpg.program=${keyedgpg}/bin/gpg' |
| | 26 | ''; |
| | 27 | }; |
| | 28 | } |
projects / auto-upgrade-with-pinch / blame_incremental