X-Git-Url: http://git.scottworley.com/auto-upgrade-with-pinch/blobdiff_plain/f1a53b29b8269cb5dd28a3285bc95a7df37f9a16..edaaa0c0ab2761711c3b9217a2c7396a56d6a54e:/overlays/keyedgpg.nix?ds=inline diff --git a/overlays/keyedgpg.nix b/overlays/keyedgpg.nix deleted file mode 100644 index 202abb3..0000000 --- a/overlays/keyedgpg.nix +++ /dev/null @@ -1,54 +0,0 @@ -# Following the instructions at https://tribut.de/blog/git-commit-signatures-trusted-keys -# Use with git with -c gpg.program='keyedgpg /path/to/keyfile.asc' - -self: super: -let - homelessGPG = super.writeShellScript "homeless-gpg" '' - set -eo pipefail - - export GNUPGHOME=$(${self.coreutils}/bin/mktemp -d) - trap '${self.coreutils}/bin/rm -r "$GNUPGHOME"' EXIT - ${self.gnupg}/bin/gpg --no-default-keyring "$@" - ''; -in { - keyedgpg = super.writeShellScript "keyed-gpg" '' - set -eo pipefail - - usage() { - echo "usage: keyed-gpg /path/to/keyfile1.asc ... -- gpg-command..." >&2 - exit 1 - } - - incomplete=true - keyfiles=() - while (( $# > 0 ));do - if [[ "$1" == -- ]];then - shift - incomplete=false - break - fi - if [[ ! -r "$1" ]];then - usage - fi - keyfiles+=$1 - shift - done - if "$incomplete";then - usage - fi - - keyring=$(${self.coreutils}/bin/mktemp) - cleanup() { ${self.coreutils}/bin/rm "$keyring"; } - trap cleanup EXIT - ${homelessGPG} --keyring="$keyring" --import "''${keyfiles[@]}" - - trusted_key_args=() - while read keyid;do - trusted_key_args+=( --trusted-key "$keyid" ) - done < <( - ${homelessGPG} --with-colons --show-keys "''${keyfiles[@]}" | - ${self.gawk}/bin/awk -F: '$1 == "pub" { print $5 }') - - ${homelessGPG} --keyring="$keyring" "''${trusted_key_args[@]}" "$@" - ''; -}