Mirrors/home-manager
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

gpg: create homedir with 700 permissions (#2823)

Browse source 
It can happen in some cases that home-manager first runs before gpg
creates its homedir, and it creates it with 755 permissions which the
user then needs to change by hand.

Do this in the module instead: before linking files, make sure the
homedir exists, and if it doesn't, create it with the right permissions.
This commit is contained in:
Naïm Favier 2022-04-05 05:40:15 +02:00 committed by GitHub
parent a985e711e8
commit 399a3dfeaf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/programs/gpg.nix
View file

@ -282,7 +282,12 @@ in {
source = "${keyringFiles}/pubring.kbx"; source = "${keyringFiles}/pubring.kbx";
}; };
home.activation = mkIf (cfg.publicKeys != [ ]) { home.activation = {
createGpgHomedir =
hm.dag.entryBetween [ "linkGeneration" ] [ "writeBoundary" ] ''
$DRY_RUN_CMD mkdir -m700 -p $VERBOSE_ARG ${escapeShellArg cfg.homedir}
'';
importGpgKeys = let importGpgKeys = let
gpg = "${cfg.package}/bin/gpg"; gpg = "${cfg.package}/bin/gpg";
@ -313,7 +318,8 @@ in {
unset GNUPGHOME QUIET_ARG keyId importTrust unset GNUPGHOME QUIET_ARG keyId importTrust
'' ++ optional (!cfg.mutableTrust && anyTrust) '' '' ++ optional (!cfg.mutableTrust && anyTrust) ''
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"''); install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
in lib.hm.dag.entryAfter [ "linkGeneration" ] block; in mkIf (cfg.publicKeys != [ ])
(lib.hm.dag.entryAfter [ "linkGeneration" ] block);
}; };
}; };
} }