From 236c6ec21420e44c38ec76de4fc3335bec1859b5 Mon Sep 17 00:00:00 2001 From: Sam Willcocks Date: Sat, 16 Apr 2022 17:45:41 +0100 Subject: [PATCH] gpg: fix handling of multiple public keys When processing `publicKeys` entries, handle entries that contain multiple public keys (i.e. gpg --show-key returns multiple `pub` lines) properly, setting the trust level for each key. PR #2897 (cherry picked from commit 620ed197f3624dafa5f42e61d5c043f39b8df366) --- modules/programs/gpg.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix index 184c2516..f13873bb 100644 --- a/modules/programs/gpg.nix +++ b/modules/programs/gpg.nix @@ -109,14 +109,15 @@ let } function importTrust() { - local keyId trust - keyId="$(gpgKeyId "$1")" + local keyIds trust + IFS='\n' read -ra keyIds <<< "$(gpgKeyId "$1")" trust="$2" - if [[ -n $keyId ]] ; then + for id in "''${keyIds[@]}" ; do { echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \ - | ${gpg} --no-tty --command-fd 0 --edit-key "$keyId" - fi + | ${gpg} --no-tty --command-fd 0 --edit-key "$id" + done } + ''; keyringFiles = let