Commit graph

14 commits

Author SHA1 Message Date
Sam Willcocks
620ed197f3
gpg: fix handling of multiple public keys
When processing `publicKeys` entries, handle entries that contain
multiple public keys (i.e. gpg --show-key returns multiple `pub`
lines) properly, setting the trust level for each key.

PR #2897
2022-04-17 12:15:14 +02:00
Naïm Favier
399a3dfeaf
gpg: create homedir with 700 permissions (#2823)
It can happen in some cases that home-manager first runs before gpg
creates its homedir, and it creates it with 755 permissions which the
user then needs to change by hand.

Do this in the module instead: before linking files, make sure the
homedir exists, and if it doesn't, create it with the right permissions.
2022-04-04 23:40:15 -04:00
Robert Helgesson
2499b91692
treewide: apply nixfmt to a few more files 2022-02-27 02:19:44 +01:00
Naïm Favier
78aa7cceff
gpg: allow specifying trust levels by name 2021-12-16 19:06:39 +01:00
Miles Breslin
ea1794a798
gpg: support declarative trust and public keys
PR #810
2021-11-26 09:02:36 +01:00
Naïm Favier
bd11e2c5e6
Replace usage of literalExample
Instead use the new function `literalExpression`. See

  https://github.com/NixOS/nixpkgs/pull/136909
2021-10-13 00:16:10 +02:00
Nicolas Berbiche
cced902dda
gpg: document lists are converted to duplicate keys (#2025) 2021-05-18 22:58:38 -06:00
Cole Mickens
c0ba8c526d
gpg: can configure scdaemon.conf (#1960) 2021-04-28 14:39:58 -04:00
Cole Mickens
d437baa41c
gnupg/gpg-agent: gnupg package is configurable (#1949) 2021-04-27 16:40:05 -04:00
Robert Helgesson
ebbbd4f2b5
gpg: fix homedir option documentation
Previously the documentation had a dependency on the configuration.
2021-04-15 08:53:13 +02:00
fricklerhandwerk
348b5a5a69
gpg: make homedir configurable 2021-04-14 23:44:34 +02:00
Nicolas Berbiche
eb3a0342a8
gpg: allow for duplicate keys in config (#1814)
Allow for duplicate keys in the form of a list of strings.

Also update the `settings` example configuration to use `literalExample`.
2021-02-21 00:37:46 -05:00
Bjarki Ágúst Guðmundsson
41f918499b
gpg: sane default for throw-keyids option
The [throw-keyids](https://www.gnupg.org/gph/en/manual/r2110.html)
option "hides the receiver of the encrypted data as a countermeasure
against traffic analysis." However, it also slows down decryption, and
even breaks some applications; see e.g.
https://github.com/open-keychain/open-keychain/issues/626

I think the sane default would be to leave it off, just as it is off
by default in gpg. The typical user will probably not need this level
of security, and will probably prefer a better user experience (faster
decryption and compatibility with a wider range of applications).

Closes #838
2019-09-11 19:30:26 +02:00
Jaka Hudoklin
0db26fc3ab
gpg: add module 2019-06-03 23:50:50 +02:00