ea1794a798
PR #810
53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
programs.gpg = {
|
|
enable = true;
|
|
|
|
mutableKeys = false;
|
|
mutableTrust = false;
|
|
|
|
publicKeys = [
|
|
{
|
|
source = pkgs.fetchurl {
|
|
url =
|
|
"https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4";
|
|
sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c";
|
|
};
|
|
trust = 1;
|
|
}
|
|
{
|
|
source = pkgs.fetchurl {
|
|
url = "https://www.rsync.net/resources/pubkey.txt";
|
|
sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl";
|
|
};
|
|
trust = 2;
|
|
}
|
|
];
|
|
};
|
|
|
|
nmt.script = ''
|
|
assertFileNotRegex activate "^export GNUPGHOME='/home/hm-user/.gnupg'$"
|
|
|
|
assertFileRegex activate \
|
|
'^install -m 0700 /nix/store/[0-9a-z]*-gpg-pubring/trustdb.gpg "/home/hm-user/.gnupg/trustdb.gpg"$'
|
|
|
|
# Setup GPGHOME
|
|
export GNUPGHOME=$(mktemp -d)
|
|
cp -r $TESTED/home-files/.gnupg/* $GNUPGHOME
|
|
TRUSTDB=$(grep -o '/nix/store/[0-9a-z]*-gpg-pubring/trustdb.gpg' $TESTED/activate)
|
|
install -m 0700 $TRUSTDB $GNUPGHOME/trustdb.gpg
|
|
|
|
# Export Trust
|
|
export WORKDIR=$(mktemp -d)
|
|
${pkgs.gnupg}/bin/gpg -q --export-ownertrust > $WORKDIR/gpgtrust.txt
|
|
|
|
# Check Trust
|
|
assertFileRegex $WORKDIR/gpgtrust.txt \
|
|
'^36CACF52D098CC0E78FB0CB13573356C25C424D4:2:$'
|
|
|
|
assertFileRegex $WORKDIR/gpgtrust.txt \
|
|
'^BB847B5A69EF343CEF511B29073C282D7D6F806C:3:$'
|
|
'';
|
|
}
|