]> git.scottworley.com Git - auto-upgrade-with-pinch/blobdiff - overlays/keyedgit.nix
Support multiple key files
[auto-upgrade-with-pinch] / overlays / keyedgit.nix
index a4465dcf493328d12f3b53b33b5f18ecfa8de3ff..6cce6fe2ffa9e681608e747a8f20679eebd0021f 100644 (file)
@@ -3,17 +3,23 @@
 self: super: {
   keyedgit = keys:
     let
+      keyfile = if builtins.isList keys then
+        super.runCommand "keyfile" { } ''
+          cat ${super.lib.escapeShellArgs keys} > $out
+        ''
+      else
+        keys;
       homelessGPG = super.writeShellScript "homeless-gpg" ''
         export GNUPGHOME=$(mktemp -d)
         trap 'rm -r "$GNUPGHOME"' EXIT
         ${self.gnupg}/bin/gpg "$@"
       '';
-      keyring = super.runCommand "keyedkeyring.gpg" {} ''
-        ${homelessGPG} --no-default-keyring --keyring=$out --import ${keys}
+      keyring = super.runCommand "keyedkeyring.gpg" { } ''
+        ${homelessGPG} --no-default-keyring --keyring=$out --import ${keyfile}
       '';
-      keyids = super.runCommand "keyids" {} ''
-        ${homelessGPG} --no-default-keyring --with-colons --show-keys ${keys} |
-          ${self.gawk}/bin/awk -F: 'prev == "pub" && $1 == "fpr" { print $10 } { prev = $1 }' > $out
+      keyids = super.runCommand "keyids" { } ''
+        ${homelessGPG} --no-default-keyring --with-colons --show-keys ${keyfile} |
+          ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }' > $out
       '';
       keyedGPG = super.writeShellScript "keyed-gpg" ''
         trusted_key_args=()