Commit graph

14 commits

Author SHA1 Message Date
Sam Willcocks 620ed197f3
gpg: fix handling of multiple public keys
When processing `publicKeys` entries, handle entries that contain
multiple public keys (i.e. gpg --show-key returns multiple `pub`
lines) properly, setting the trust level for each key.

PR #2897
2022-04-17 12:15:14 +02:00
Naïm Favier 399a3dfeaf
gpg: create homedir with 700 permissions (#2823)
It can happen in some cases that home-manager first runs before gpg
creates its homedir, and it creates it with 755 permissions which the
user then needs to change by hand.

Do this in the module instead: before linking files, make sure the
homedir exists, and if it doesn't, create it with the right permissions.
2022-04-04 23:40:15 -04:00
Robert Helgesson 2499b91692
treewide: apply nixfmt to a few more files 2022-02-27 02:19:44 +01:00
Naïm Favier 78aa7cceff
gpg: allow specifying trust levels by name 2021-12-16 19:06:39 +01:00
Miles Breslin ea1794a798
gpg: support declarative trust and public keys
PR #810
2021-11-26 09:02:36 +01:00
Naïm Favier bd11e2c5e6
Replace usage of literalExample
Instead use the new function `literalExpression`. See

  https://github.com/NixOS/nixpkgs/pull/136909
2021-10-13 00:16:10 +02:00
Nicolas Berbiche cced902dda
gpg: document lists are converted to duplicate keys (#2025) 2021-05-18 22:58:38 -06:00
Cole Mickens c0ba8c526d
gpg: can configure scdaemon.conf (#1960) 2021-04-28 14:39:58 -04:00
Cole Mickens d437baa41c
gnupg/gpg-agent: gnupg package is configurable (#1949) 2021-04-27 16:40:05 -04:00
Robert Helgesson ebbbd4f2b5
gpg: fix homedir option documentation
Previously the documentation had a dependency on the configuration.
2021-04-15 08:53:13 +02:00
fricklerhandwerk 348b5a5a69
gpg: make homedir configurable 2021-04-14 23:44:34 +02:00
Nicolas Berbiche eb3a0342a8
gpg: allow for duplicate keys in config (#1814)
Allow for duplicate keys in the form of a list of strings.

Also update the `settings` example configuration to use `literalExample`.
2021-02-21 00:37:46 -05:00
Bjarki Ágúst Guðmundsson 41f918499b
gpg: sane default for throw-keyids option
The [throw-keyids](https://www.gnupg.org/gph/en/manual/r2110.html)
option "hides the receiver of the encrypted data as a countermeasure
against traffic analysis." However, it also slows down decryption, and
even breaks some applications; see e.g.
https://github.com/open-keychain/open-keychain/issues/626

I think the sane default would be to leave it off, just as it is off
by default in gpg. The typical user will probably not need this level
of security, and will probably prefer a better user experience (faster
decryption and compatibility with a wider range of applications).

Closes #838
2019-09-11 19:30:26 +02:00
Jaka Hudoklin 0db26fc3ab
gpg: add module 2019-06-03 23:50:50 +02:00