From 7f211abcf877571a3a4853029bcfca25596c6177 Mon Sep 17 00:00:00 2001
From: Danielle McLean <dani@00dani.me>
Date: Wed, 14 Jun 2017 11:40:56 +1000
Subject: [PATCH] Work around a bug in GnuPG by passing it --default-key
 instead of --local-user when signing a Git commit

---
 config/git/config              |  2 +-
 local/bin/gpg2-for-git-signing | 13 +++++++++++++
 local/bin/gpg2-no-tty          |  2 --
 3 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100755 local/bin/gpg2-for-git-signing
 delete mode 100755 local/bin/gpg2-no-tty

diff --git a/config/git/config b/config/git/config
index 57502cf..6849057 100644
--- a/config/git/config
+++ b/config/git/config
@@ -22,7 +22,7 @@
 	arguments = --preserve-merges
 
 [gpg]
-	program = gpg2-no-tty
+	program = gpg2-for-git-signing
 
 [rerere]
 	enabled = true
diff --git a/local/bin/gpg2-for-git-signing b/local/bin/gpg2-for-git-signing
new file mode 100755
index 0000000..59bb18d
--- /dev/null
+++ b/local/bin/gpg2-for-git-signing
@@ -0,0 +1,13 @@
+#!/bin/zsh
+# There's a weird inconsistency between the --default-key and --local-user
+# arguments: when you have multiple signing subkeys, --local-user chooses the
+# newest, and --default-key chooses the one that's available. The latter is
+# clearly preferable. So we shuffle the arguments around a little.
+for arg; do
+	if [[ $arg = -bsau ]]; then
+		args+=(-bsa --default-key)
+	else
+		args+=($arg)
+	fi
+done
+exec gpg2 --no-tty "${(@)args}"
diff --git a/local/bin/gpg2-no-tty b/local/bin/gpg2-no-tty
deleted file mode 100755
index 34b2ce3..0000000
--- a/local/bin/gpg2-no-tty
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-exec gpg2 --no-tty "$@"