+++ /dev/null
-# Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys
-# Use with git with -c gpg.program='keyedgpg /path/to/keyfile.asc'
-
-self: super:
-let
- homelessGPG = super.writeShellScript "homeless-gpg" ''
- set -eo pipefail
-
- export GNUPGHOME=$(${self.coreutils}/bin/mktemp -d)
- trap '${self.coreutils}/bin/rm -r "$GNUPGHOME"' EXIT
- ${self.gnupg}/bin/gpg --no-default-keyring "$@"
- '';
-in {
- keyedgpg = super.writeShellScript "keyed-gpg" ''
- set -eo pipefail
-
- usage() {
- echo "usage: keyed-gpg /path/to/keyfile1.asc ... -- gpg-command..." >&2
- exit 1
- }
-
- incomplete=true
- keyfiles=()
- while (( $# > 0 ));do
- if [[ "$1" == -- ]];then
- shift
- incomplete=false
- break
- fi
- if [[ ! -r "$1" ]];then
- usage
- fi
- keyfiles+=$1
- shift
- done
- if "$incomplete";then
- usage
- fi
-
- keyring=$(${self.coreutils}/bin/mktemp)
- cleanup() { ${self.coreutils}/bin/rm "$keyring"; }
- trap cleanup EXIT
- ${homelessGPG} --keyring="$keyring" --import "''${keyfiles[@]}"
-
- trusted_key_args=()
- while read keyid;do
- trusted_key_args+=( --trusted-key "$keyid" )
- done < <(
- ${homelessGPG} --with-colons --show-keys "''${keyfiles[@]}" |
- ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }')
-
- ${homelessGPG} --keyring="$keyring" "''${trusted_key_args[@]}" "$@"
- '';
-}