${head1}
fpr=$(${gpg-fingerprint}/bin/gpg-fingerprint -- "=${uid}" | head1)
caps=$(${gpg-with-home}/bin/gpg-with-home \
- --with-colons --fixed-list-mode --with-fingerprint \
+ --with-colons --with-fingerprint \
--list-secret-keys -- "=${uid}" |
${pkgs.gnugrep}/bin/grep '^ssb:' |
${pkgs.coreutils}/bin/cut -d : -f 12 || true)
gpg-fingerprint = pkgs.writeScriptBin "gpg-fingerprint" ''
set -eu
${gpg-with-home}/bin/gpg-with-home \
- --with-colons --fixed-list-mode --with-fingerprint --with-subkey-fingerprint \
+ --with-colons --with-fingerprint --with-subkey-fingerprint \
--list-public-keys "$@" |
while IFS=: read -r t x x x key x x x x uid x
do case $t in
gpg-keygrip = pkgs.writeScriptBin "gpg-keygrip" ''
set -eu
${gpg-with-home}/bin/gpg-with-home \
- --with-colons --fixed-list-mode --with-keygrip \
+ --with-colons --with-keygrip \
--list-public-keys "$@" |
- while IFS=: read -r t x x x key x x x x uid x
- do case $t in
- (pub|sub|sec|ssb)
- while IFS=: read -r t x x x x x x x x grp x
- do case $t in (grp) printf '%s\n' "$grp"; break;;
- esac done
- ;;
- esac done
+ while IFS=: read -r t x x x key x x x x uid x do case $t in (pub|sub|sec|ssb) while IFS=: read -r t x x x x x x x x grp x do case $t in (grp) printf '%s\n' "$grp"; break;; esac done ;; esac done
'';
# A wrapper around gpg to get uids.
gpg-uid = pkgs.writeScriptBin "gpg-uid" ''
set -eu
${gpg-with-home}/bin/gpg-with-home \
- --with-colons --fixed-list-mode \
+ --with-colons \
--list-public-keys "$@" |
while IFS=: read -r t st x x x x x id x uid x
do case $t in
options.gnupg = {
enable = lib.mkEnableOption "GnuPG shell utilities";
gnupgHome = lib.mkOption {
- type = types.path;
+ type = types.str;
default = "sec/gnupg";
description = ''
'';
};
gpgAgentConf = lib.mkOption {
type = types.lines;
- apply = s: pkgs.writeText "gpg-agent.conf" s;
+ apply = s: pkgs.writeText "gpg-agent.conf" (s+"\n"+gnupg.gpgAgentExtraConf);
default =
let pinentry = pkgs.writeShellScript "pinentry" ''
#!${pkgs.runtimeShell}
# choose pinentry depending on PINENTRY_USER_DATA
# this *only works* with gpg2
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802020
- case "''${PINENTRY_USER_DATA:-tty}" in
+ case "''${PINENTRY_USER_DATA:-curses}" in
curses) exec ${pkgs.pinentry.curses}/bin/pinentry-curses "$@";;
#emacs) exec ''${pkgs.pinentry.emacs}/bin/pinentry-emacs "$@";;
#gnome3) exec ''${pkgs.pinentry.gnome3}/bin/pinentry-gnome3 "$@";;
- gtk-2) exec ${pkgs.pinentry.gtk2}/bin/pinentry-gtk-2 "$@";;
+ gtk-2) exec ''${pkgs.pinentry.gtk2}/bin/pinentry-gtk-2 "$@";;
none) exit 1;; # do not ask for passphrase
#qt) exec ''${pkgs.pinentry.qt}/bin/pinentry-qt "$@";;
tty) exec ${pkgs.pinentry.tty}/bin/pinentry-tty "$@";;
cert-digest-algo SHA512
charset utf-8
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 TWOFISH BZIP2 ZLIB ZIP Uncompressed
- fixed-list-mode
keyid-format 0xlong
keyserver-options no-honor-keyserver-url
no-auto-key-locate
GnuPG's gpg.conf extra content.
'';
};
+ gpgAgentExtraConf = lib.mkOption {
+ type = types.lines;
+ default = "";
+ description = ''
+ GnuPG's gpg-agent.conf extra content.
+ '';
+ };
};
config = lib.mkIf gnupg.enable {
nix-shell.buildInputs = [
sourcephile / git / sourcephile-nix.git / blobdiff