]> git.scottworley.com Git - auto-upgrade-with-pinch/blame_incremental - overlays/keyedgit.nix
Upgrade user environments
[auto-upgrade-with-pinch] / overlays / keyedgit.nix
... / ...
CommitLineData
1# Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys
2
3self: super: {
4 keyedgit = key:
5 let
6 homelessGPG = super.writeShellScript "homeless-gpg" ''
7 export GNUPGHOME=$(mktemp -d)
8 trap 'rm -r "$GNUPGHOME"' EXIT
9 ${self.gnupg}/bin/gpg "$@"
10 '';
11 keyring = super.runCommand "keyedkeyring.gpg" {} ''
12 ${homelessGPG} --no-default-keyring --keyring=$out --import ${key}
13 '';
14 keyid = super.runCommand "keyid" {} ''
15 ${homelessGPG} --with-colons --show-keys ${key} | awk -F: '{ print $5; exit }' > $out
16 '';
17 keyedGPG = super.writeShellScript "keyed-gpg" ''
18 ${homelessGPG} --no-default-keyring --keyring=${keyring} --trusted-key "$(< ${keyid} )" "$@"
19 '';
20 in super.symlinkJoin {
21 name = "keyedgit";
22 paths = [ self.git ];
23 buildInputs = [ super.makeWrapper ];
24 postBuild = ''
25 wrapProgram "$out/bin/git" \
26 --add-flags '-c gpg.program=${keyedGPG}'
27 '';
28 };
29}