X-Git-Url: http://git.scottworley.com/auto-upgrade-with-pinch/blobdiff_plain/f1a53b29b8269cb5dd28a3285bc95a7df37f9a16..c1a6f7a35de34fcfd241198d4c037e57a31e8558:/modules/auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index 7e48c40..56d15d9 100644
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -51,7 +51,7 @@ let
 
       if [[ "$(prop requireSignature)" == true ]]; then
         ${pkgs.polite-merge}/bin/polite-merge \
-          -c gpg.program='${pkgs.keyedgpg} '"$(prop 'signingKeys[]' | tr \\n ' ')"' --' \
+          -c gpg.program=${escapeShellArg (pkgs.keyedgpg cfg.signingKeys)} \
           merge --ff-only --verify-signatures
       else
         ${pkgs.polite-merge}/bin/polite-merge merge --ff-only
@@ -218,6 +218,15 @@ in {
         '';
       };
 
+      signingKeys = mkOption {
+        type = types.listOf types.path;
+        description = ''
+          Files containing GPG keys that are authorized to sign updates.
+          Updates are only merged if the commit at the tip of the remote
+          ref is signed with one of these keys.
+        '';
+      };
+
       upgradeConfig = mkOption {
         type = types.listOf types.path;
         description = ''