remotes: add gpg-import option. (#91)

* remotes: add gpg-import option. Adds an option to declare imports of a GPG key from file. Refactor remotes helper functions in modules/remotes.nix.
gmodena · Oct 28, 2024 · 1cba177 · 1cba177
1 parent 68bc646
commit 1cba177
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 27 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -24,10 +24,5 @@ jobs:
     - run: nix flake check
     - name: Run Nix tests
       run: |
-        cd tests/
-        result=$(nix eval --impure --expr 'import ./ref-test.nix {}')
-        if [ "$result" != "[ ]" ]; then
-          echo "Test failed: Expected [], but got $result"
-          exit 1
-        fi
+        ./test.sh
       shell: bash
diff --git a/modules/installer.nix b/modules/installer.nix
@@ -2,6 +2,7 @@
 
 let
   utils = import ./ref.nix { inherit lib; };
+  remotes = import ./remotes.nix { inherit pkgs; };
 
   flatpakrefCache = builtins.foldl'
     (acc: package:
@@ -168,30 +169,12 @@ let
     in
     installCmd + "\n" + pinCommitOrUpdate;
 
-  flatpakAddRemotesCmd = installation: { name, location, args ? null, ... }: ''
-    ${pkgs.flatpak}/bin/flatpak remote-add --${installation} --if-not-exists ${if args == null then "" else args} ${name} ${location}
-  '';
-  flatpakAddRemote = installation: remotes: map (flatpakAddRemotesCmd installation) remotes;
-
-  flatpakDeleteRemotesCmd = installation: uninstallUnmanaged: {}: ''
-    # Delete all remotes that are present in the old state but not the new one
-    # $OLD_STATE and $NEW_STATE are globals, declared in the output of pkgs.writeShellScript.
-    # If uninstallUnmanagedState is true, then the remotes will be deleted forcefully.
-    ${pkgs.jq}/bin/jq -r -n \
-      --argjson old "$OLD_STATE" \
-      --argjson new "$NEW_STATE" \
-       '(($old.remotes // []) - ($new.remotes // []))[]' \
-      | while read -r REMOTE_NAME; do
-          ${pkgs.flatpak}/bin/flatpak remote-delete ${if uninstallUnmanaged then " --force " else " " } --${installation} $REMOTE_NAME
-
-      done
-  '';
-
-
   flatpakInstall = installation: update: packages: map (flatpakInstallCmd installation update) packages;
 
   mkFlatpakInstallCmd = installation: update: packages: builtins.foldl' (x: y: x + y) '''' (flatpakInstall installation update packages);
-  mkFlatpakAddRemotesCmd = installation: remotes: builtins.foldl' (x: y: x + y) '''' (flatpakAddRemote installation remotes);
+
+  flatpakDeleteRemotesCmd = remotes.flatpakDeleteRemotesCmd;
+  mkFlatpakAddRemotesCmd = remotes.mkFlatpakAddRemotesCmd;
 in
 pkgs.writeShellScript "flatpak-managed-install" ''
   # This script is triggered at build time by a transient systemd unit.

diff --git a/modules/options.nix b/modules/options.nix
@@ -13,6 +13,11 @@ let
         description = lib.mdDoc "The remote location. Must be a valid URL of a flatpak repo.";
         default = "https://dl.flathub.org/repo/flathub.flatpakrepo";
       };
+      gpg-import = mkOption {
+        type = types.nullOr types.str;
+        description = "Import GPG key from FILE";
+        default = null;
+      };
       args = mkOption {
         type = types.nullOr types.str;
         description = "Extra arguments to pass to flatpak remote-add.";

diff --git a/modules/remotes.nix b/modules/remotes.nix
@@ -0,0 +1,33 @@
+{ pkgs }:
+
+let
+  flatpakAddRemotesCmd = installation: { name, location, gpg-import ? null, args ? null, ... }:
+    let
+      gpg-import-flag = ''${if gpg-import == null then "" else "--gpg-import=${gpg-import}" }'';
+      args-flag = ''${if args == null then "" else args}'';
+    in
+    ''
+      ${pkgs.flatpak}/bin/flatpak remote-add --${installation} --if-not-exists ${args-flag} ${gpg-import-flag} ${name} ${location}
+    '';
+
+  flatpakAddRemote = installation: remotes: map (flatpakAddRemotesCmd installation) remotes;
+
+  flatpakDeleteRemotesCmd = installation: uninstallUnmanaged: {}: ''
+    # Delete all remotes that are present in the old state but not the new one
+    # $OLD_STATE and $NEW_STATE are globals, declared in the output of pkgs.writeShellScript.
+    # If uninstallUnmanagedState is true, then the remotes will be deleted forcefully.
+    ${pkgs.jq}/bin/jq -r -n \
+      --argjson old "$OLD_STATE" \
+      --argjson new "$NEW_STATE" \
+       '(($old.remotes // []) - ($new.remotes // []))[]' \
+      | while read -r REMOTE_NAME; do
+          ${pkgs.flatpak}/bin/flatpak remote-delete ${if uninstallUnmanaged then " --force " else " " } --${installation} $REMOTE_NAME
+
+      done
+  '';
+
+  mkFlatpakAddRemotesCmd = installation: remotes: builtins.foldl' (x: y: x + y) '''' (flatpakAddRemote installation remotes);
+in
+{
+  inherit mkFlatpakAddRemotesCmd flatpakDeleteRemotesCmd;
+}
diff --git a/test.sh b/test.sh
@@ -0,0 +1,15 @@
+cd tests/
+
+test_count=0
+for test_file in *-test.nix; do
+    echo "Collecting results for... ${test_file}"
+    result=$(nix eval --show-trace --impure --expr "import ./${test_file} {}")
+
+    if [ "$result" != "[ ]" ]; then
+        echo "Test failed: Expected [], but got $result in $test_file"
+        exit 1
+    fi
+    ((test_count++))
+done
+
+echo "All tests in ${test_count} suites passed."
diff --git a/tests/remotes-test.nix b/tests/remotes-test.nix
@@ -0,0 +1,19 @@
+{ pkgs ? import <nixpkgs> { } }:
+
+let
+  inherit (pkgs) lib;
+  inherit (lib) runTests;
+  installation = "system";
+  installer = import ../modules/remotes.nix { inherit pkgs; };
+in
+runTests {
+  testMkFlatpakAddRemotesCmd = {
+    expr = installer.mkFlatpakAddRemotesCmd installation [{ name = "flathub"; location = "http://flathub"; }];
+    expected = "${pkgs.flatpak}/bin/flatpak remote-add --system --if-not-exists   flathub http://flathub\n";
+  };
+
+  testMkFlatpakAddRemotesCmdCmdWithTrustedKeys = {
+    expr = installer.mkFlatpakAddRemotesCmd installation [{ name = "flathub"; location = "http://flathub"; gpg-import = "trustedkeys.gpg"; }];
+    expected = "${pkgs.flatpak}/bin/flatpak remote-add --system --if-not-exists  --gpg-import=trustedkeys.gpg flathub http://flathub\n";
+  };
+}