gpg: allow specifying trust levels by name

This commit is contained in:
Naïm Favier 2021-12-16 04:54:56 +01:00 committed by Robert Helgesson
parent 4108989d19
commit 78aa7cceff
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
2 changed files with 19 additions and 9 deletions

View file

@ -40,30 +40,40 @@ let
}; };
trust = mkOption { trust = mkOption {
type = types.nullOr (types.enum [ 1 2 3 4 5 ]); type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]);
default = null; default = null;
apply = v:
if isString v then
{
unknown = 1;
never = 2;
marginal = 3;
full = 4;
ultimate = 5;
}.${v}
else v;
description = '' description = ''
The amount of trust you have in the key ownership and the care the The amount of trust you have in the key ownership and the care the
owner puts into signing other keys. The available levels are owner puts into signing other keys. The available levels are
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><literal>1</literal></term> <term><literal>unknown</literal> or <literal>1</literal></term>
<listitem><para>I don't know or won't say.</para></listitem> <listitem><para>I don't know or won't say.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>2</literal></term> <term><literal>never</literal> or <literal>2</literal></term>
<listitem><para>I do NOT trust.</para></listitem> <listitem><para>I do NOT trust.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>3</literal></term> <term><literal>marginal</literal> or <literal>3</literal></term>
<listitem><para>I trust marginally.</para></listitem> <listitem><para>I trust marginally.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>4</literal></term> <term><literal>full</literal> or <literal>4</literal></term>
<listitem><para>I trust fully.</para></listitem> <listitem><para>I trust fully.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>5</literal></term> <term><literal>ultimate</literal> or <literal>5</literal></term>
<listitem><para>I trust ultimately.</para></listitem> <listitem><para>I trust ultimately.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -94,7 +104,7 @@ let
keyId="$(gpgKeyId "$1")" keyId="$(gpgKeyId "$1")"
trust="$2" trust="$2"
if [[ -n $keyId ]] ; then if [[ -n $keyId ]] ; then
echo -e "trust\n$trust\ny\nquit" \ { echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \
| ${gpg} --no-tty --command-fd 0 --edit-key "$keyId" | ${gpg} --no-tty --command-fd 0 --edit-key "$keyId"
fi fi
} }

View file

@ -14,14 +14,14 @@
"https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4"; "https://keybase.io/rycee/pgp_keys.asc?fingerprint=36cacf52d098cc0e78fb0cb13573356c25c424d4";
sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c"; sha256 = "082mjy6llvrdry6i9r5gx97nw9d89blnam7bghza4ynsjk1mmx6c";
}; };
trust = 1; trust = 1; # "unknown"
} }
{ {
source = pkgs.fetchurl { source = pkgs.fetchurl {
url = "https://www.rsync.net/resources/pubkey.txt"; url = "https://www.rsync.net/resources/pubkey.txt";
sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl"; sha256 = "16nzqfb1kvsxjkq919hxsawx6ydvip3md3qyhdmw54qx6drnxckl";
}; };
trust = 2; trust = "never";
} }
]; ];
}; };