1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-26 21:19:45 +01:00

gpg: create homedir with 700 permissions (#2823)

It can happen in some cases that home-manager first runs before gpg
creates its homedir, and it creates it with 755 permissions which the
user then needs to change by hand.

Do this in the module instead: before linking files, make sure the
homedir exists, and if it doesn't, create it with the right permissions.
This commit is contained in:
Naïm Favier 2022-04-05 05:40:15 +02:00 committed by GitHub
parent a985e711e8
commit 399a3dfeaf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -282,7 +282,12 @@ in {
source = "${keyringFiles}/pubring.kbx";
};
home.activation = mkIf (cfg.publicKeys != [ ]) {
home.activation = {
createGpgHomedir =
hm.dag.entryBetween [ "linkGeneration" ] [ "writeBoundary" ] ''
$DRY_RUN_CMD mkdir -m700 -p $VERBOSE_ARG ${escapeShellArg cfg.homedir}
'';
importGpgKeys = let
gpg = "${cfg.package}/bin/gpg";
@ -313,7 +318,8 @@ in {
unset GNUPGHOME QUIET_ARG keyId importTrust
'' ++ optional (!cfg.mutableTrust && anyTrust) ''
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
in mkIf (cfg.publicKeys != [ ])
(lib.hm.dag.entryAfter [ "linkGeneration" ] block);
};
};
}