From 00a79ae1cc6cdc2791545c0b0aa9dc55e9c95ec5 Mon Sep 17 00:00:00 2001 From: Scott Worley Date: Tue, 14 Apr 2020 16:14:28 -0700 Subject: [PATCH] Trust the specified key --- overlays/keyedgit.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/overlays/keyedgit.nix b/overlays/keyedgit.nix index bbc156b..bf260e7 100644 --- a/overlays/keyedgit.nix +++ b/overlays/keyedgit.nix @@ -3,26 +3,27 @@ self: super: { keyedgit = key: let - keyring = super.runCommand "keyedkeyring.gpg" {} '' + homelessGPG = super.writeShellScript "homeless-gpg" '' export GNUPGHOME=$(mktemp -d) - ${self.gnupg}/bin/gpg --no-default-keyring --keyring=$out --import ${key} + trap 'rm -r "$GNUPGHOME"' EXIT + ${self.gnupg}/bin/gpg "$@" + ''; + keyring = super.runCommand "keyedkeyring.gpg" {} '' + ${homelessGPG} --no-default-keyring --keyring=$out --import ${key} + ''; + keyid = super.runCommand "keyid" {} '' + ${homelessGPG} --with-colons --show-keys ${key} | awk -F: '{ print $5; exit }' > $out + ''; + keyedGPG = super.writeShellScript "keyed-gpg" '' + ${homelessGPG} --no-default-keyring --keyring=${keyring} --trusted-key "$(< ${keyid} )" "$@" ''; - keyedgpg = super.symlinkJoin { - name = "keyedgpg"; - buildInputs = [ super.makeWrapper ]; - paths = [ self.gnupg ]; - postBuild = '' - wrapProgram "$out/bin/gpg" \ - --add-flags '--no-default-keyring --keyring=${keyring}' - ''; - }; in super.symlinkJoin { name = "keyedgit"; paths = [ self.git ]; buildInputs = [ super.makeWrapper ]; postBuild = '' wrapProgram "$out/bin/git" \ - --add-flags '-c gpg.program=${keyedgpg}/bin/gpg' + --add-flags '-c gpg.program=${keyedGPG}' ''; }; } -- 2.44.1