-#!/bin/bash
+#!/usr/bin/env bash
set -euo pipefail
exit 1
fi
-gpg_keys=$(pass ls Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2)
-for key in $gpg_keys; do
- content=$(pass show Nixops/GPGKeys/$key)
- fpr=$(echo "$content" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
+if ! which direnv 2>/dev/null >/dev/null; then
+ cat <<-EOF
+ direnv is needed, please install it
+ EOF
+ exit 1
+fi
+
+if [ -z "$NIXOPS_ENV_LOADED" ]; then
+ cat <<-EOF
+ direnv environment needs to be loaded
+ EOF
+ exit 1
+fi
+
+if [ "$(git config --get include.path)" != "../.gitconfig" ]; then
+ cat <<-EOF
+ it is recommended to include the .gitconfig file into (local) git configuration:
+ git config --local include.path '../.gitconfig'
+ Run this command? [y/N]
+ EOF
+ read y
+ if [ "$y" = "y" -o "$y" = "Y" ]; then
+ git config --local include.path '../.gitconfig'
+ fi
+fi
+
+for key in public_keys/*; do
+ fpr=$(cat "$key" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no
# /usr/share/doc/gnupg/DETAILS field 2
- (echo "$content" | gpg --import-options show-only --import --with-colons |
+ (cat "$key" | gpg --import-options show-only --import --with-colons |
grep -E '^pub:' |
cut -d':' -f2 |
grep -q '[fu]') && signed=yes || signed=no
if [ "$signed" = no -o "$imported" = no ] ; then
echo "The key for $key needs to be imported and signed (a local signature is enough)"
- echo "$content" | gpg --import-options show-only --import
+ cat "$key" | gpg --import-options show-only --import
echo "Continue? [y/N]"
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
- echo "$content" | gpg --import
+ cat "$key" | gpg --import
gpg --expert --edit-key "$fpr" lsign quit
else
echo "Aborting"