From 697cc8c68ed6a606296efbbe9614c32537078756 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Na=C3=AFm=20Favier?= <n@monade.li>
Date: Thu, 16 Dec 2021 04:54:56 +0100
Subject: [PATCH] gpg: allow specifying trust levels by name

(cherry picked from commit 78aa7cceffe2a48d05694d3ddf7a323d554d9be0)
---
 modules/programs/gpg.nix                      | 24 +++++++++++++------
 .../programs/gpg/immutable-keyfiles.nix       |  4 ++--
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix
index 31ddf2e8..6cb04292 100644
--- a/modules/programs/gpg.nix
+++ b/modules/programs/gpg.nix
@@ -40,30 +40,40 @@ let
       };
 
       trust = mkOption {
-        type = types.nullOr (types.enum [ 1 2 3 4 5 ]);
+        type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]);
         default = null;
+        apply = v:
+          if isString v then
+            {
+              unknown = 1;
+              never = 2;
+              marginal = 3;
+              full = 4;
+              ultimate = 5;
+            }.${v}
+          else v;
         description = ''
           The amount of trust you have in the key ownership and the care the
           owner puts into signing other keys. The available levels are
           <variablelist>
             <varlistentry>
-              <term><literal>1</literal></term>
+              <term><literal>unknown</literal> or <literal>1</literal></term>
               <listitem><para>I don't know or won't say.</para></listitem>
             </varlistentry>
             <varlistentry>
-              <term><literal>2</literal></term>
+              <term><literal>never</literal> or <literal>2</literal></term>
               <listitem><para>I do NOT trust.</para></listitem>
             </varlistentry>
             <varlistentry>
-              <term><literal>3</literal></term>
+              <term><literal>marginal</literal> or <literal>3</literal></term>
               <listitem><para>I trust marginally.</para></listitem>
             </varlistentry>
             <varlistentry>
-              <term><literal>4</literal></term>
+              <term><literal>full</literal> or <literal>4</literal></term>
               <listitem><para>I trust fully.</para></listitem>
             </varlistentry>
             <varlistentry>
-              <term><literal>5</literal></term>
+              <term><literal>ultimate</literal> or <literal>5</literal></term>
               <listitem><para>I trust ultimately.</para></listitem>
             </varlistentry>
           </variablelist>
@@ -94,7 +104,7 @@ let
         keyId="$(gpgKeyId "$1")"
         trust="$2"
         if [[ -n $keyId ]] ; then
-          echo -e "trust\n$trust\ny\nquit" \
+          { echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \
             | ${gpg} --no-tty --command-fd 0 --edit-key "$keyId"
         fi
       }
diff --git a/tests/modules/programs/gpg/immutable-keyfiles.nix b/tests/modules/programs/gpg/immutable-keyfiles.nix
index d75ff520..b66d770f 100644
--- a/tests/modules/programs/gpg/immutable-keyfiles.nix
+++ b/tests/modules/programs/gpg/immutable-keyfiles.nix
@@ -14,14 +14,14 @@
             "https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4";
           sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c";
         };
-        trust = 1;
+        trust = 1; # "unknown"
       }
       {
         source = pkgs.fetchurl {
           url = "https://www.rsync.net/resources/pubkey.txt";
           sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl";
         };
-        trust = 2;
+        trust = "never";
       }
     ];
   };