]>
Commit | Line | Data |
---|---|---|
1 | # Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys | |
2 | # Use with git with -c gpg.program='keyedgpg /path/to/keyfile.asc' | |
3 | ||
4 | self: super: | |
5 | let | |
6 | homelessGPG = super.writeShellScript "homeless-gpg" '' | |
7 | set -eo pipefail | |
8 | ||
9 | export GNUPGHOME=$(${self.coreutils}/bin/mktemp -d) | |
10 | trap '${self.coreutils}/bin/rm -r "$GNUPGHOME"' EXIT | |
11 | ${self.gnupg}/bin/gpg --no-default-keyring "$@" | |
12 | ''; | |
13 | in { | |
14 | keyedgpg = super.writeShellScript "keyed-gpg" '' | |
15 | set -eo pipefail | |
16 | ||
17 | usage() { | |
18 | echo "usage: keyed-gpg /path/to/keyfile1.asc ... -- gpg-command..." >&2 | |
19 | exit 1 | |
20 | } | |
21 | ||
22 | incomplete=true | |
23 | keyfiles=() | |
24 | while (( $# > 0 ));do | |
25 | if [[ "$1" == -- ]];then | |
26 | shift | |
27 | incomplete=false | |
28 | break | |
29 | fi | |
30 | if [[ ! -r "$1" ]];then | |
31 | usage | |
32 | fi | |
33 | keyfiles+=$1 | |
34 | shift | |
35 | done | |
36 | if "$incomplete";then | |
37 | usage | |
38 | fi | |
39 | ||
40 | keyring=$(${self.coreutils}/bin/mktemp) | |
41 | cleanup() { ${self.coreutils}/bin/rm "$keyring"; } | |
42 | trap cleanup EXIT | |
43 | ${homelessGPG} --keyring="$keyring" --import "''${keyfiles[@]}" | |
44 | ||
45 | trusted_key_args=() | |
46 | while read keyid;do | |
47 | trusted_key_args+=( --trusted-key "$keyid" ) | |
48 | done < <( | |
49 | ${homelessGPG} --with-colons --show-keys "''${keyfiles[@]}" | | |
50 | ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }') | |
51 | ||
52 | ${homelessGPG} --keyring="$keyring" "''${trusted_key_args[@]}" "$@" | |
53 | ''; | |
54 | } |