X-Git-Url: http://git.scottworley.com/auto-upgrade-with-pinch/blobdiff_plain/00a79ae1cc6cdc2791545c0b0aa9dc55e9c95ec5..318cb8e22fa7dcdf691149b520b5d24428ee3cc9:/overlays/keyedgit.nix?ds=sidebyside

diff --git a/overlays/keyedgit.nix b/overlays/keyedgit.nix
index bf260e7..6cce6fe 100644
--- a/overlays/keyedgit.nix
+++ b/overlays/keyedgit.nix
@@ -1,21 +1,32 @@
 # Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys
 
 self: super: {
-  keyedgit = key:
+  keyedgit = keys:
     let
+      keyfile = if builtins.isList keys then
+        super.runCommand "keyfile" { } ''
+          cat ${super.lib.escapeShellArgs keys} > $out
+        ''
+      else
+        keys;
       homelessGPG = super.writeShellScript "homeless-gpg" ''
         export GNUPGHOME=$(mktemp -d)
         trap 'rm -r "$GNUPGHOME"' EXIT
         ${self.gnupg}/bin/gpg "$@"
       '';
-      keyring = super.runCommand "keyedkeyring.gpg" {} ''
-        ${homelessGPG} --no-default-keyring --keyring=$out --import ${key}
+      keyring = super.runCommand "keyedkeyring.gpg" { } ''
+        ${homelessGPG} --no-default-keyring --keyring=$out --import ${keyfile}
       '';
-      keyid = super.runCommand "keyid" {} ''
-        ${homelessGPG} --with-colons --show-keys ${key} | awk -F: '{ print $5; exit }' > $out
+      keyids = super.runCommand "keyids" { } ''
+        ${homelessGPG} --no-default-keyring --with-colons --show-keys ${keyfile} |
+          ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }' > $out
       '';
       keyedGPG = super.writeShellScript "keyed-gpg" ''
-        ${homelessGPG} --no-default-keyring --keyring=${keyring} --trusted-key "$(< ${keyid} )" "$@"
+        trusted_key_args=()
+        while read keyid;do
+          trusted_key_args+=( --trusted-key "$keyid" )
+        done < ${keyids}
+        ${homelessGPG} --no-default-keyring --keyring=${keyring} "''${trusted_key_args[@]}" "$@"
       '';
     in super.symlinkJoin {
       name = "keyedgit";