eeva/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-23 11:39:46 +01:00
Code Issues Releases Wiki Activity

gpg: allow specifying trust levels by name

Browse source
This commit is contained in:
Naïm Favier 2021-12-16 04:54:56 +01:00 committed by Robert Helgesson
parent 4108989d19
commit 78aa7cceff
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
2 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
modules/programs/gpg.nix
View file

@ -40,30 +40,40 @@ let
}; };
trust = mkOption { trust = mkOption {
type = types.nullOr (types.enum [ 1 2 3 4 5 ]); type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]);
default = null; default = null;
apply = v:
if isString v then
{
unknown = 1;
never = 2;
marginal = 3;
full = 4;
ultimate = 5;
}.${v}
else v;
description = '' description = ''
The amount of trust you have in the key ownership and the care the The amount of trust you have in the key ownership and the care the
owner puts into signing other keys. The available levels are owner puts into signing other keys. The available levels are
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><literal>1</literal></term> <term><literal>unknown</literal> or <literal>1</literal></term>
<listitem><para>I don't know or won't say.</para></listitem> <listitem><para>I don't know or won't say.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>2</literal></term> <term><literal>never</literal> or <literal>2</literal></term>
<listitem><para>I do NOT trust.</para></listitem> <listitem><para>I do NOT trust.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>3</literal></term> <term><literal>marginal</literal> or <literal>3</literal></term>
<listitem><para>I trust marginally.</para></listitem> <listitem><para>I trust marginally.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>4</literal></term> <term><literal>full</literal> or <literal>4</literal></term>
<listitem><para>I trust fully.</para></listitem> <listitem><para>I trust fully.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>5</literal></term> <term><literal>ultimate</literal> or <literal>5</literal></term>
<listitem><para>I trust ultimately.</para></listitem> <listitem><para>I trust ultimately.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -94,7 +104,7 @@ let
keyId="$(gpgKeyId "$1")" keyId="$(gpgKeyId "$1")"
trust="$2" trust="$2"
if [[ -n $keyId ]] ; then if [[ -n $keyId ]] ; then
echo -e "trust\n$trust\ny\nquit" \ { echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \
| ${gpg} --no-tty --command-fd 0 --edit-key "$keyId" | ${gpg} --no-tty --command-fd 0 --edit-key "$keyId"
fi fi
} }

4
tests/modules/programs/gpg/immutable-keyfiles.nix
View file

@ -14,14 +14,14 @@
"https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4"; "https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4";
sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c"; sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c";
}; };
trust = 1; trust = 1; # "unknown"
} }
{ {
source = pkgs.fetchurl { source = pkgs.fetchurl {
url = "https://www.rsync.net/resources/pubkey.txt"; url = "https://www.rsync.net/resources/pubkey.txt";
sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl"; sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl";
}; };
trust = 2; trust = "never";
} }
]; ];
}; };