feat: from https://github.com/wiktor-k/age-plugin-openpgp-card

scripts/encrypt-decrypt.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+/etc/init.d/pcscd start
+
+# start a virtual smartcard
+vpicc &
+sleep 2
+
+export PINENTRY_PROGRAM=/app/scripts/fake-pinentry.sh
+echo 12345678 > admin-pin
+echo 123456 > user-pin
+oct admin --card 0000:00000000 --admin-pin admin-pin generate --user-pin user-pin --output /tmp/no-need-for-this cv25519
+
+age-plugin-openpgp-card | tee identity.txt
+grep -oh "age1.*" identity.txt > recipients.txt
+echo I like strawberries | rage -R recipients.txt -a | tee encrypted.age
+rage -d -i identity.txt < encrypted.age

scripts/fake-pinentry.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+# Use this for your test suites when a POSIX shell is available.
+#
+# The encrypted keys in your test suite that you expect to work must
+# be locked with a passphrase of "passphrase"
+#
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# License: Creative Commons Zero ("Public Domain Dedication") --
+# Anyone may reuse it, modify it, redistribute it for any purpose.
+
+echo "OK This is only for test suites, and should never be used in production"
+while read cmd rest; do
+    cmd=$(printf "%s" "$cmd" | tr 'A-Z' 'a-z')
+    if [ -z "$cmd" ]; then
+        continue;
+    fi
+    case "$cmd" in
+        \#*)
+        ;;
+        getpin)
+            echo "D 123456"
+            echo "OK"
+            ;;
+        bye)
+            echo "OK"
+            exit 0
+            ;;
+        *)
+            echo "OK"
+            ;;
+    esac
+done

scripts/hooks/pre-commit

@@ -0,0 +1 @@
+../../.justfile

scripts/hooks/pre-push

@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+set -euo pipefail
+
+just check-commits