gpg: create homedir with 700 permissions (#2823)
It can happen in some cases that home-manager first runs before gpg creates its homedir, and it creates it with 755 permissions which the user then needs to change by hand. Do this in the module instead: before linking files, make sure the homedir exists, and if it doesn't, create it with the right permissions.
This commit is contained in:
parent
a985e711e8
commit
399a3dfeaf
|
@ -282,7 +282,12 @@ in {
|
|||
source = "${keyringFiles}/pubring.kbx";
|
||||
};
|
||||
|
||||
home.activation = mkIf (cfg.publicKeys != [ ]) {
|
||||
home.activation = {
|
||||
createGpgHomedir =
|
||||
hm.dag.entryBetween [ "linkGeneration" ] [ "writeBoundary" ] ''
|
||||
$DRY_RUN_CMD mkdir -m700 -p $VERBOSE_ARG ${escapeShellArg cfg.homedir}
|
||||
'';
|
||||
|
||||
importGpgKeys = let
|
||||
gpg = "${cfg.package}/bin/gpg";
|
||||
|
||||
|
@ -313,7 +318,8 @@ in {
|
|||
unset GNUPGHOME QUIET_ARG keyId importTrust
|
||||
'' ++ optional (!cfg.mutableTrust && anyTrust) ''
|
||||
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
|
||||
in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
|
||||
in mkIf (cfg.publicKeys != [ ])
|
||||
(lib.hm.dag.entryAfter [ "linkGeneration" ] block);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue