Use polite-merge for merging

[auto-upgrade-with-pinch] / overlays / keyedgit.nix

diff --git a/overlays/keyedgit.nix b/overlays/keyedgit.nix
index bf260e7d9abf34f8dedc1142eb6cf28312522f0a..7688acefb3f0e9e2abdb49905801380f7d106755 100644 (file)
--- a/overlays/keyedgit.nix
+++ b/overlays/keyedgit.nix
@@ -1,7 +1,7 @@
 # Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys
 
 self: super: {
-  keyedgit = key:
+  keyedgit = keys:
     let
       homelessGPG = super.writeShellScript "homeless-gpg" ''
         export GNUPGHOME=$(mktemp -d)
@@ -9,13 +9,18 @@ self: super: {
         ${self.gnupg}/bin/gpg "$@"
       '';
       keyring = super.runCommand "keyedkeyring.gpg" {} ''
-        ${homelessGPG} --no-default-keyring --keyring=$out --import ${key}
+        ${homelessGPG} --no-default-keyring --keyring=$out --import ${keys}
       '';
-      keyid = super.runCommand "keyid" {} ''
-        ${homelessGPG} --with-colons --show-keys ${key} | awk -F: '{ print $5; exit }' > $out
+      keyids = super.runCommand "keyids" {} ''
+        ${homelessGPG} --no-default-keyring --with-colons --show-keys ${keys} |
+          ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }' > $out
       '';
       keyedGPG = super.writeShellScript "keyed-gpg" ''
-        ${homelessGPG} --no-default-keyring --keyring=${keyring} --trusted-key "$(< ${keyid} )" "$@"
+        trusted_key_args=()
+        while read keyid;do
+          trusted_key_args+=( --trusted-key "$keyid" )
+        done < ${keyids}
+        ${homelessGPG} --no-default-keyring --keyring=${keyring} "''${trusted_key_args[@]}" "$@"
       '';
     in super.symlinkJoin {
       name = "keyedgit";