From 3ba597a5e6236b0d729a7e6b22aa8a69680417a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 17 Nov 2024 18:43:59 +0100
Subject: [PATCH] remove sops-pgp-hook

---
 default.nix                                   |   4 -
 pkgs/sops-pgp-hook-test.nix                   |  11 ---
 pkgs/sops-pgp-hook/default.nix                |  25 -------
 pkgs/sops-pgp-hook/hook_test.go               |  70 ------------------
 pkgs/sops-pgp-hook/sops-pgp-hook.bash         |  32 --------
 .../test-assets/existing-key.gpg              | Bin 1815 -> 0 bytes
 .../test-assets/keys/key-with-subkeys.asc     |  61 ---------------
 pkgs/sops-pgp-hook/test-assets/keys/key.asc   |   1 -
 pkgs/sops-pgp-hook/test-assets/keys/key.gpg   | Bin 1815 -> 0 bytes
 pkgs/sops-pgp-hook/test-assets/shell.nix      |  14 ----
 pkgs/unit-tests.nix                           |  27 +++----
 11 files changed, 10 insertions(+), 235 deletions(-)
 delete mode 100644 pkgs/sops-pgp-hook-test.nix
 delete mode 100644 pkgs/sops-pgp-hook/default.nix
 delete mode 100644 pkgs/sops-pgp-hook/hook_test.go
 delete mode 100644 pkgs/sops-pgp-hook/sops-pgp-hook.bash
 delete mode 100644 pkgs/sops-pgp-hook/test-assets/existing-key.gpg
 delete mode 100644 pkgs/sops-pgp-hook/test-assets/keys/key-with-subkeys.asc
 delete mode 120000 pkgs/sops-pgp-hook/test-assets/keys/key.asc
 delete mode 100644 pkgs/sops-pgp-hook/test-assets/keys/key.gpg
 delete mode 100644 pkgs/sops-pgp-hook/test-assets/shell.nix

diff --git a/default.nix b/default.nix
index 63abb9b..3546d4f 100644
--- a/default.nix
+++ b/default.nix
@@ -17,10 +17,6 @@ rec {
   # backwards compatibility
   inherit (pkgs) ssh-to-pgp;
 
-  # used in the CI only
-  sops-pgp-hook-test = pkgs.callPackage ./pkgs/sops-pgp-hook-test.nix {
-    inherit vendorHash;
-  };
   unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
 }
 // (pkgs.lib.optionalAttrs pkgs.stdenv.isLinux {
diff --git a/pkgs/sops-pgp-hook-test.nix b/pkgs/sops-pgp-hook-test.nix
deleted file mode 100644
index 7f9f7df..0000000
--- a/pkgs/sops-pgp-hook-test.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ buildGoModule, vendorHash }:
-
-buildGoModule {
-  name = "sops-pgp-hook-test";
-  src = ../.;
-  inherit vendorHash;
-  buildPhase = ''
-    go test -c ./pkgs/sops-pgp-hook
-    install -D sops-pgp-hook.test $out/bin/sops-pgp-hook.test
-  '';
-}
diff --git a/pkgs/sops-pgp-hook/default.nix b/pkgs/sops-pgp-hook/default.nix
deleted file mode 100644
index 300b3c4..0000000
--- a/pkgs/sops-pgp-hook/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  makeSetupHook,
-  gnupg,
-  sops,
-  lib,
-}:
-
-let
-  # FIXME: drop after 23.05
-  propagatedBuildInputs =
-    if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.05") then
-      "deps"
-    else
-      "propagatedBuildInputs";
-in
-(makeSetupHook {
-  name = "sops-pgp-hook";
-  substitutions = {
-    gpg = "${gnupg}/bin/gpg";
-  };
-  ${propagatedBuildInputs} = [
-    sops
-    gnupg
-  ];
-} ./sops-pgp-hook.bash)
diff --git a/pkgs/sops-pgp-hook/hook_test.go b/pkgs/sops-pgp-hook/hook_test.go
deleted file mode 100644
index 452611e..0000000
--- a/pkgs/sops-pgp-hook/hook_test.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"fmt"
-	"os"
-	"os/exec"
-	"path"
-	"runtime"
-	"strings"
-	"testing"
-)
-
-// ok fails the test if an err is not nil.
-func ok(tb testing.TB, err error) {
-	tb.Helper()
-
-	if err != nil {
-		fmt.Printf("\033[31munexpected error: %s\033[39m\n\n", err.Error())
-		tb.FailNow()
-	}
-}
-
-func TestShellHook(t *testing.T) {
-	t.Parallel()
-
-	assets := os.Getenv("TEST_ASSETS")
-	if assets == "" {
-		_, filename, _, _ := runtime.Caller(0)
-		assets = path.Join(path.Dir(filename), "test-assets")
-	}
-	tempdir, err := os.MkdirTemp("", "testdir")
-	ok(t, err)
-	defer os.RemoveAll(tempdir)
-
-	cmd := exec.Command("nix-shell", "shell.nix", "--run", "echo SOPS_PGP_FP=$SOPS_PGP_FP")
-	cmd.Env = append(os.Environ(), fmt.Sprintf("GNUPGHOME=%s", tempdir))
-	var stdoutBuf, stderrBuf bytes.Buffer
-	cmd.Stdout = &stdoutBuf
-	cmd.Stderr = &stderrBuf
-	cmd.Dir = assets
-	err = cmd.Run()
-	stdout := stdoutBuf.String()
-	stderr := stderrBuf.String()
-	fmt.Printf("$ %s\nstdout: \n%s\nstderr: \n%s\n", strings.Join(cmd.Args, " "), stdout, stderr)
-	ok(t, err)
-
-	expectedKeys := []string{
-		"C6DA56E69A7C756564A8AFEB4A6B05B714D13EFD",
-		"4EC40F8E04A945339F7F7C0032C5225271038E3F",
-		"7FB89715AADA920D65D25E63F9BA9DEBD03F57C0",
-		"E3B7464FBE89F5378ED4BC60FC925B42FC8B773D",
-	}
-	for _, key := range expectedKeys {
-		if !strings.Contains(stdout, key) {
-			t.Fatalf("'%v' not in '%v'", key, stdout)
-		}
-	}
-
-	// it should ignore subkeys from ./keys/key-with-subkeys.asc
-	subkey := "94F174F588090494E73D0835A79B1680BC4D9A54"
-	if strings.Contains(stdout, subkey) {
-		t.Fatalf("subkey found in %s", stdout)
-	}
-
-	expectedStderr := "./non-existing-key.gpg does not exists"
-	if !strings.Contains(stderr, expectedStderr) {
-		t.Fatalf("'%v' not in '%v'", expectedStderr, stdout)
-	}
-}
diff --git a/pkgs/sops-pgp-hook/sops-pgp-hook.bash b/pkgs/sops-pgp-hook/sops-pgp-hook.bash
deleted file mode 100644
index e0ced80..0000000
--- a/pkgs/sops-pgp-hook/sops-pgp-hook.bash
+++ /dev/null
@@ -1,32 +0,0 @@
-_sopsAddKey() {
-  @gpg@ --quiet --import "$key"
-  local fpr
-  # only add the first fingerprint, this way we ignore subkeys
-  fpr=$(@gpg@ --with-fingerprint --with-colons --show-key "$key" \
-         | awk -F: '$1 == "fpr" { print $10; exit }')
-  if [[ $fpr != "" ]]; then
-      export SOPS_PGP_FP=''${SOPS_PGP_FP-}''${SOPS_PGP_FP:+','}$fpr
-  fi
-}
-
-sopsPGPHook() {
-  local key dir
-  for key in ${sopsPGPKeys-}; do
-    if [[ -f "$key" ]]; then
-        _sopsAddKey "$key"
-    else
-        echo "$key does not exists" >&2
-    fi
-  done
-  for dir in ${sopsPGPKeyDirs-}; do
-    while IFS= read -r -d '' key; do
-      _sopsAddKey "$key"
-    done < <(find -L "$dir" -type f \( -name '*.gpg' -o -name '*.asc' \) -print0)
-  done
-}
-
-if [ -z "${shellHook-}" ]; then
-  shellHook=sopsPGPHook
-else
-  shellHook="sopsPGPHook;${shellHook}"
-fi
diff --git a/pkgs/sops-pgp-hook/test-assets/existing-key.gpg b/pkgs/sops-pgp-hook/test-assets/existing-key.gpg
deleted file mode 100644
index eba373876ddadb4d792d45c1b0e633a50bd7044d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1815
zcmX?lWCjZZ0|Nsi55q;R29Esm+Ty3CxJ;fXB);;UsNJ4#A{uulp4eh}p8e>l!@Bz}
z*gwtS&DvspNBJ>>+JuAKrY!%sGJ2xllzfir>Z83Ghr^dfMf&M!Ed8$D_M<J*)#T8>
z1qWW-U%bwBeZlIhzZItU&diwoq3m4N#XX`uqBk|g7vGwA<wwEE`2sw}!GCzdOs~FJ
z>HJ%MWpr!j)}(^cMF#{j*qv9L|8VB*F{gKuC&O=8Pdl%aa?2;MBG>z%GQV|_zQ0^z
z<Nm4AfzvGR7@m*_4L>*Crr`SFCD-NF^|4Q~Fn{{o_10p~Edn1_8kYS!zC6cmUd)sf
zuh}~m%Jqi*>(!Was;AUz{cVMRhIvIoYfa2ruP?apKvO4tqU}ka%_rV{4ZE-Q>&B4@
zUw+HX{=b}krAb3#STozMrJHUYpMNMM#cI{wGjY5PoRwd7B_u9(v9oV>d(->CPgbGq
zM${`Yb{+cz*B>18^yH51xPOW3)1ui^w?9$eyhdMV{ZW@&yr;5G_og|ooqT9oxP+R5
z@21<=Lm31a85kLO7!H1^V!Cly-@dV4GK7=s!ky(VVjMEJw;l1Ud-@}g=cAxA=R`l2
zB%zhl{5#HN^~_CB?bS}<pFC&Pau?6e7Y-Z61T5z$30-eKmS!lb^WuMqyGBsHXYI{1
zFH#H^6uG~?zk6-toOH27(SmDTCc18X8Q=c4bJ(9P+byv$b;*^T&u$leE1b8-I<bg3
zBy;omz`)yIgYvKY&kqlkmR)b9p%z~KqdaZLL4g-6oXh#MA5401*&?W*JI7M4{#o$i
zvjN`z1#Pm=Qi6Ego|eQ5|J=Y+C31ga!dus)*Yxeq6uwLCJgc&O(fxvBwPJ>>%GY+w
zdmVp&e2%fmwZ*x=Ev6sR4(I3WD?7rq`hU}mh)?yB!p~DJ1LSOzRc6eY_G8^U*>9?9
zH;yDdoVmCvrQ*J}wrsBAO_BNHTbfTTzgkjepRlg$%t6l7wjZ3Yvw~OV331Mwm6FKs
zxy)&QgLT>2S)OV&>=7k?rB@ktJu;o?ZmoQcvD#FyF2L-Nyv~Mlch@~9&-}YEJLkny
zHik>>x;_U5)_$&D7QVP_;u<%b?wMcAl_u6-zJBaUmy=d;3^T_RIicTsSI_Y2JRn}T
z?(81R<i^nFhqv&3%Ds6l<VQI(f1Tp7#@d}io7&HK{BC=d_^jt~3y1seP3!-?*_-hD
z=<8)E=QIzm<BKwSViKkE;-%XUrl7k$H_9^33%u<8AGPPgBloG#`3+)swD72_dB{z(
zm8rZavrMG=|GKv^KNOY<eA)BceMWqP{jrah<{nn8zB#HMN7J<ZB8orU>{#?>GaJLd
z2xk4sN8A^xop9NpRcX+d_s1^d=tQGueSK!XFBnUFyQNvQ<<sAfNuOu2=vgrvKb+e#
zQEAi8#Q8~DmOF1-uXlfK$Um2#QGM3(S?T9|OB|;ymihcvI_Hn`5f|wND@3nMv9&wB
zH}Lcn%i6Q^cCDPa+c0tR1Pzr*^4GMM2M2H2dvi_V|9wsA-8xCSlePb)pI(}_*v{rf
z<Mq#T%%qhUS6_Hu_*1-_$!LYKGsibatrY@+9bd1zytdm{Klha1yOarY?XR;jZ2so7
z!_GO?Y!gSVkNM^^&9b+4Tv1Ptd;BWztox4RD_8WHY0FPxP+ffe-R_Tm?{<jvh|0h7
z*fh~*ec|h_0-cVgC^hf<WqJKu)C;$Cu2qVa-tuBa)7<1uA&=fA+HNg$`)78~QR}x-
zzMgedoXl2{4Auu*qFgS%Pfhy1=9|O@Bb5w$UX6!ZOBi0S39<g^^O;w?W?RhP*|L)*
zC3T+i+^t{qu$#l8D$F@tZC7rm^zwtZC+o9W?zkR$$2R&;DZ8z~DgP^<&x#i1=a(qh
zfJld&{N%)(jQrvfyF&*au?RDAFo>}-feKzu0k3S<?IIWL{xV7PGf6TsFwEY?!?1Tn
zz|r}WD@>VJxqg^up#45I&ERd~FTI-$O&U|4zP7h_^)gZDpFVX(f=%0=ICcLWv3EHl
zvUIj>+{V0kDf`T7+wQ2vGa|3;Z{KkDU~G)Xh1dF<mw%|b@{}`BO+0@4iiHby{?S-}
zv25n{4L8hM*G+N!^H}69kMzE+)qZu&9ZGAJZmNZQWyRYR)EzSE&MoEsCVccl=XVb7
zOn<ej@6S$}-!ASaaet-z?&dwOoldoz3w+|@{-iAN#&Ld99ee2kfr8mF9Ko7K6`KEc
zxwC)DU-@OW-+8}(iWclzJw{C;6NP{8+)-G|RcCoO(>~uh!pLiSj*{@wjHeex*S48H
zwylfJTcv#>hD-l~?~O;5=e2ScTj)>cj%NQJy=Kk(z$1FoJ6ASopZAlzeRGrioN2xP
zc9nK)mklg-h;W%+!N1)6ri~fL%cZ^^s~(G|GQ|si)luB}&1?CI#A>yRyCN61TX6W?
qpCBFj_(}WBj)mVEHdt-xY`$rj`&*;5<|NCeZpX`V)r;0Q>;(X;rDsh5

diff --git a/pkgs/sops-pgp-hook/test-assets/keys/key-with-subkeys.asc b/pkgs/sops-pgp-hook/test-assets/keys/key-with-subkeys.asc
deleted file mode 100644
index 71f5405..0000000
--- a/pkgs/sops-pgp-hook/test-assets/keys/key-with-subkeys.asc
+++ /dev/null
@@ -1,61 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBF8YRjUBCACfdPLn/dUxr3SHZR2p6+aFgnu0jFA1KESBAgqA5TzDNIjaecff
-MV2nP7Z+vmcyRq2oJb7zAd2UfavjH0jPzRJi+TP6NvJepfMj8SaflKEh8kZN6Gv0
-Zl0Fr6WtTPuenATuesAYvFDW+b2ZYRIs/XzEI+HP96XaW4MCWgTPwMPP8gMPZO3c
-Cv+A5T9p1RHZjezfHktA0z+3F07IDquIT9K5d5Iapy0illnV7TziCdN6EbPUQZis
-FqAP1kxgWUzJvYLswIncGb9WAw8T49GMVUtP8hoBiw3g0mNfnvzJUTBjYQr/e5X2
-+ZnGM4qqdrMTdTHFdQtzKHlsh3S1EI9Z5qB9ABEBAAG0H0pvaG4gRG9lIDxqb2hu
-LmRvZUB0aGFsaGVpbS5pbz6JAU4EEwEIADgWIQTjt0ZPvon1N47UvGD8kltC/It3
-PQUCXxhGNQIbAQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRD8kltC/It3PTqF
-B/9fbQmuDb0mg+rt8ALndJUXkiUK3osGTcmPhBXWPZpViCRsP4nOmBsM0yv5aA2y
-Gsei+dHfLXK48UDkUFo/bt2ACEywCE+7QFBrhCnQFKS5sbPpE6EcqKF3eWzfR0I/
-PnzXQNA/igryuvaPxvQN9lIdY/Gzfi/erhv+f4/PgR53TzIhXYw2f2rwD4dCoiH3
-QkmKez3tasTc8zq7nwhlZ0d1pnbFn0qlCJCntrQT6caCkcWh9IiutrK0ozxfoa9H
-Yqt/FdTWuRgEG1vj+/0RG2pggqE9D2LSkX6+gW0vai2OzTCn1a8VlrX2uYmDnXVF
-b/bQBlAFW6wyGC6HhH+xckmHuQENBF8YRk0BCADCB2ov5gXA6X388bBeJ7YwWTMr
-YuSAe2PZzZ3GipuQ4PRIpFvSLXHx4G4NT60J0G48cFL8M6dZCyJbCe+dZPyCEYLl
-3V+5txpN0dYcbUTiG07uEAyDbuhkuda9goSJlfvJF8vUxGPNNHbYWPOO3hLsGQse
-aQVGHSqu8WlRCWSDtNEyc11cOlty/zhEv3M5ZtBrJTahfy0u5RrCzk/x9SRea+MV
-0xhYd1cKfi5ud/mNpQnnrbLuD+Gy9YgcqJUyxi6zvdfoCDYR4Sv7Rf0fxafxDkNZ
-GQlqmPkaEuw21eedczmwUqMC57ZJz3avgDxKcLZG8uFC+6DY4thTSERPRb85ABEB
-AAGJAmwEGAEIACAWIQTjt0ZPvon1N47UvGD8kltC/It3PQUCXxhGTQIbAgFACRD8
-kltC/It3PcB0IAQZAQgAHRYhBJTxdPWICQSU5z0INaebFoC8TZpUBQJfGEZNAAoJ
-EKebFoC8TZpUWpQH/3de056tFqVIvsFjkYUW3oGylexVQEXeQljoqYx7NWsSxNX6
-NMEwYYJdNWgwXhL4CD8Tn0/3sVx/mMUDtbgQnQ8rKMB3lXZ3U6yzGghh5RdSmhAk
-EQGhiYkZhIONce46i7rk+AE+hGi57p1IqsZ0UketOKoWN7rVYXbVLPf78cphD7G+
-Q7v7KWJYx8i3VkXDHJXP3wRlhbkbqVJAyUTmi63c7femOB+mDPJMBHBFmw6Opxt4
-AZR+qYczOLAyJCGA2MBx2U/26mVztkMYl5rJ80VKgUe/CEb8kD/uaOBYXeokGfqh
-i6TV9fQxYokkmSU/4SIa+F+VcTu0xfRC46+EosL2Pwf+NpMRgpWihbF9EEh6RqX4
-NUxN4IVV/6frG19AJD8XNq0E8+bXvKVhHEy/Ea68ILKaJb/SIpcFY0aIJ3tHC0b2
-mh97nm5FdyRXRUNXoQ/u2wsOcD+HGK3P/jdrJDkNETuLTNr4Uff5Nn1Y6XydKviK
-i7UwexDtX+wmyr1JxRdu7AJhdSi3rWY2lQxMMem7+9xyyqZ8uY2SixroMjcV/DL/
-7AjvfucWL6e/pESpvTp29sAKM5PUtMWqjm/vgapiFVLhXIEYWqe6OowXQ+smlkah
-zQ00HJxLILNy3Mu2Vic543OVbLNRoWlJYQ1/zAqMxU5GLmdZA1hwncQT/3UCZ5zI
-L7kBDQRfGEZvAQgAoPiXUlpQFLISXSHobzPtUwx1O3x+hN7XH57+VV0Hktz94+gb
-NMj+3UBd67NZeseqUG6PMQ1ztEAuht7UX/LjLlmcBwmTD7iFeT8Y+hlo1+7AeKE6
-a3RGycTMOm5HFra1n3KcQqkmh6RMlTPxcpvb5wXHJXIiWvoW/k7C3nbFbJlzVZtK
-dW2x4tcU/INsk2qgpir4Ou2nCwAXOOb91E/SDR+isPj4lYOp69AZa266YvShX1/X
-UObG5UXSsPGs7CbZC9i+DcgJFhGjicrjgoEbAhPBmAdUwWaFiMls2WXmIkq9utv+
-uxQmQixEXL+/OQgXPJGzCmGaq4h/2JC9nCf5swARAQABiQE2BBgBCAAgFiEE47dG
-T76J9TeO1Lxg/JJbQvyLdz0FAl8YRm8CGwwACgkQ/JJbQvyLdz01cAf9EsfZye6j
-p7GuxInoZaJBblWW3tbJjOOH3GdeOhcY8ygImsRDcYFRIsp9QLp91eCRxGsT/EMz
-q0vgQk4zsZOyTXMcK4TUMgUtsRY6zmiHSRez7sw0CA919KY/PAbMfB5F0qkuR5FL
-auoAeYOUY1oYpiE7AG5rdtNNI1PC+EUeiivs+raczH3kLJr71fwjFD6Jnh9FDgPZ
-QsYaWIe6t0quho6cNaL8DYfXtdJZh2vKgWX8h/qu5dUB/aHx18rWTvcQ7zmQ/ADn
-oweTR94hbSL9O9mm3LoWogr/vtUGWvs8LlIYjFDUXj4TRx2svclcBdKI0qrjrCDx
-Ed+ons5QiTE1LLkBDQRfGEaGAQgArDpYiwBV9Xml93knxoGVFi+rj0YL35gdVraT
-ZqbeN+s0t9QPshzVpZz0jyqZSxFE/ojUmO7WMrH/Jb8nLVGvm/fq/jLEMfnbpJnb
-Cu6ym7ed1QP7Y2JDMYJorlcS8BQCOSGSe2QRRD6h0nvgygrg70XKnkIhH6YfGCLt
-pC96WWdbEr78d/dMloPRIW1Tsp58bXVkTfIseXpdCB5zVGj58GBtelWibvIms+/T
-SRzw7QU9uiPjcrl5iZ8UMcRlE4mdMEBhlZ+eZaKgRdDNNDpcsd38xtktA52hs3uY
-AgFKUGQ+PxY9cG9haVyCwwYwCVKo24/hTreTL1DydFLmAxaonQARAQABiQE2BBgB
-CAAgFiEE47dGT76J9TeO1Lxg/JJbQvyLdz0FAl8YRoYCGyAACgkQ/JJbQvyLdz1d
-gggAj+Gcxy6irGlkX9mxoq+sZv9WzRjXRT8xkB8H10tzqqOLQ0uzXeob07vDi3MC
-6dBahE8sJq4ByOruy4hNhKUa/vtBm/G4ijTDNFzS/fmafDxZ+FObUDz6gLHGVbf0
-/NpwOmfcc/UeDCgI5t3TRcbQ9PugwCfw7A7eCYS34NspS549WJfzdNj8FcNBzsbi
-yx1/wnXb7Eq5+kvZaPR1vodAW7YptYrUQCbCbioFGwq+zd1SHPXMS2h2D0ncMNbP
-+C/y/AXliH+P08WRJ6kazSkSHv93UNM2nOt6x04vlk652WejLDc0t3wWNQEp0Q4U
-W1YR5NNzw2GqjhH3nhj/SnUwXg==
-=jshU
------END PGP PUBLIC KEY BLOCK-----
diff --git a/pkgs/sops-pgp-hook/test-assets/keys/key.asc b/pkgs/sops-pgp-hook/test-assets/keys/key.asc
deleted file mode 120000
index 34bc240..0000000
--- a/pkgs/sops-pgp-hook/test-assets/keys/key.asc
+++ /dev/null
@@ -1 +0,0 @@
-../../../sops-install-secrets/test-assets/key.asc
\ No newline at end of file
diff --git a/pkgs/sops-pgp-hook/test-assets/keys/key.gpg b/pkgs/sops-pgp-hook/test-assets/keys/key.gpg
deleted file mode 100644
index c168d7400078d06ffc04e81b851b888c91ee3ae3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1815
zcmX?lWCjZZ0|Nsi55uNR@kmyUh@X}!&D(R%Y}1QkUO6j7O1fQn_G0#$^bajh-oBZ(
zK{m5zW=dJegTUw|PbW^~Si72Mk5KdV(%8dK)_zi&K6x)k*wRm*Z7zi_aKCxdx~l2l
zIr-do51xBo3Eq@lbpGbepo+_XUM0_{@>IH~$=p1RFFs2^Du7+MP<zn^BhMzWzzqkk
zXxrD9U-}%bzITfugUQsA!?6Ylv!8VJ3Vi=ocK2=L^VVy!R^6YLF$PX!V`^lqyb_+h
zslrs^^OPOwDQBELH^l|L*(iCYD6aoKr_r1JBEL6yo^)q4l}mqcI&I0Noc#KO`>dIH
zJ$JQO9C5W$d={ZO$x(Fgr8j1MmRx_%JpHox#KYH9mu?mMdjEe+rJuu0t955vSG_s0
zV2hFbSC0vEPAW^bCp+D_durz;W|Lw)d&8UmBJy3ISZ}*^LcI8!{~3i1iDyh>yv?_~
z%FJBk$?v&A_f>x2@{TV7f0dT-JYNv+v{UVm**7~G)f*4<Se#FGovwdaa3pZm<o}y~
z`Ri#i2r@D-GVm~LTo=S2=`e5cxk)noAM$+cxO4YJZ9ci7X|LL$-i_S#g58dD^#hM&
zN=q$`e<Auf;MxE6O6~4qOYGHT6R)|nT)8>>Zs8&m|6hw|TH8Nc78M-QdPsPON}1)K
zx7Jr{j$Etqd{k;N`-$=E!%wf<9A>#X@#~)B`kd>N?n*4L`7-GPyKSxeBo!goYST#v
zF4pqbI^Ua|bZA}J1~(&r>-(>r*x$9k*!@9-`Ma)=LCMb9nj%Lf3$9A0d$;~O@b!qk
zZ<i}ey37AJPPf+_jZ%JnXW5$YwmCOVs-K$Qin4etCTZtz=>LwS*x=IJ-zO!{+H3A>
zr0|Dlj?h_krh{4+#ixIq@vt|wVD7SI9Jl5w{57`FSvU2?VWSfH>jh3>2|vV_i*GP#
zy{}Mj!m;b5;7Q#{lkywiIBG5S6<Wc2yYu{utJe(rnti0-U74h3^LtfXM~KMnOD8*|
zOqlXo{<ixkW%C%HU%lG>|CL!Ly2~%M7PQO@np)``+IC@ul3dq*@$(WF53c*+;UcyC
zA{)cSYUPOuKh@UFZOG=<lHF9a_A*mIWrEfmz2}$xDwtod@2{_C%v|*8=Uk_$dET<m
zr#u&mJraETbMU|KCM$9dMgDF2)^o5)?8lj<H##RNN|bh&ygC|qbT+%w@kfhel{(IG
z>YkBQRw(E7eX;oerkJ)c&)_g)iQWr~|F=!tc4tZ5e|wYOU#p*7H1ZEsv|9A$x5b&6
zzdqbwxp42q2fUM;XRQ{<;L%Wa{SiCWUG2tpmOE=tMZftGQ&wabzWNQr>VMtY`MPWj
zx7g>p24CH<?!E69<3L5Djfp4DE{~6zdb95@&&wpW>E=nfEx&feE?*-5;rv3M6~YO&
z^10!y3r*`e>;!zfE=|3BC!xf1LZ{=$$VtYM>W4Iv&+?aLFL-k7q4Wb=Zm*hm?ay9y
zD9xBvy{_lvm8XAeFKyHlpMU@HyhObpHkYyw`fNFxsW!v&@WaC_6IAT}`Isg?dA@Dw
zd@c9rRfb<LY+oksS$}KCnN6E!+4Cl*edDw$6_0*+)~xc}^}m~SMQ&YHoNbZI#?U4m
zzGKsa0waU$IH{<DmW12Cj|z2c$>v&>m3u#8(f@^A%Svsoq`N!Tf86=)y_isfp?l7Q
z+5J{GeqUag`EJ9D#OviJVv9cSS-@yKc^B8Mty3l+`SL1c%j|g8_4E15y(}GtZwjxH
zvGhr)fBB%>zIUnlf(}88Xjj&}{FhftCv^rW8LHgzt)KR!Eh*wji13>Tt%lFh6?cO=
z7+&4qk{ojPiluY%TebQ&4%MW~95S~9+iyCh{K)*sSmS#A2G6SY2_bi$?Kvx2l%HRs
zU;`o@a`KZCb29RaOY9CEc*G*i$iX1S$^<HSIR%W4Dg_lX_t`T^^D{{@GB7xC@-X;#
z9la52!)xaH>y*r|%<CIE{*|p;#FPDv(<;tD>Wb~_E0xb)Ovp2??K9!rd%?-0X`TPY
zr=MHdxFVLC`3H2(*{j%dY|hTFE6N|vjt;uL#&XgHrJ#?=Gj<lgc$gO$J@L7l{PTt*
z;pg1E)|`rF>Up%SwXDU0ZEl|{+liyQVr7p7Pm+|Z@%(jaUABbT%UZ+cmYeSLcIHP(
zf4k9SY-AbppmG8Wt8+$u16w}pvCSIu<y0lL{@>WcvAX>3qTt@$-cP*J*QSLjFudWm
zGI>97Mzb96)OSf7v+_$$D^2-qe`Q6mq175u!KdL9AE>cdYlZIM|8I0Xhr4{uQeM7&
zdk&unQwpA~{&?;?hw8AatedVV=h<`HG`yWTMLV74sbPi3oJM0g!5;^Wmh5|VC{j^9
z=B!LaLy&0O^KX?K-{@(ta+~7WIWusnfWr~tFZ!;vt%sN#KdgQmoA=-K*q8sVmL^e)
rEv46<=eGDWH)=s#v{6M@H^a=7lQzpjRzyF^@Y(ct=Fy(F=jQ<c$h38k

diff --git a/pkgs/sops-pgp-hook/test-assets/shell.nix b/pkgs/sops-pgp-hook/test-assets/shell.nix
deleted file mode 100644
index 71173fd..0000000
--- a/pkgs/sops-pgp-hook/test-assets/shell.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-# shell.nix
-with import <nixpkgs> { };
-mkShell {
-  sopsPGPKeyDirs = [
-    "./keys"
-  ];
-  sopsPGPKeys = [
-    "./existing-key.gpg"
-    "./non-existing-key.gpg"
-  ];
-  nativeBuildInputs = [
-    (pkgs.callPackage ../../.. { }).sops-pgp-hook
-  ];
-}
diff --git a/pkgs/unit-tests.nix b/pkgs/unit-tests.nix
index f3d3678..9fc14fc 100644
--- a/pkgs/unit-tests.nix
+++ b/pkgs/unit-tests.nix
@@ -5,17 +5,14 @@ let
   sopsPkgs = import ../. { inherit pkgs; };
 in
 pkgs.stdenv.mkDerivation {
-  name = "env";
-  nativeBuildInputs =
-    with pkgs;
-    [
-      bashInteractive
-      gnupg
-      util-linux
-      nix
-      sopsPkgs.sops-pgp-hook-test
-    ]
-    ++ pkgs.lib.optional (pkgs.stdenv.isLinux) sopsPkgs.sops-install-secrets.unittest;
+  name = "unit-tests";
+  nativeBuildInputs = with pkgs; [
+    bashInteractive
+    gnupg
+    util-linux
+    nix
+    sopsPkgs.sops-install-secrets.unittest
+  ];
   # allow to prefetch shell dependencies in build phase
   dontUnpack = true;
   installPhase = ''
@@ -23,11 +20,7 @@ pkgs.stdenv.mkDerivation {
   '';
   shellHook = ''
     set -x
-    NIX_PATH=nixpkgs=${toString pkgs.path} TEST_ASSETS=$(realpath ./pkgs/sops-pgp-hook/test-assets) \
-      sops-pgp-hook.test
-    ${pkgs.lib.optionalString (pkgs.stdenv.isLinux) ''
-      sudo TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \
-        unshare --mount --fork sops-install-secrets.test
-    ''}
+    sudo TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \
+      unshare --mount --fork sops-install-secrets.test
   '';
 }