Skip to content

nixos/gnupg: fix gpg-agent when pinentryFlavor is null #240708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rnhmjoj merged 2 commits into from
Jun 30, 2023
Merged

nixos/gnupg: fix gpg-agent when pinentryFlavor is null #240708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d4f306
nixos/gnupg: fix gpg-agent when pinentryFlavor is null
corngood Jun 30, 2023
d19ab9f
nixos/gnupg: fix pinentryFlavor documentation and add release note
corngood Jun 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions nixos/doc/manual/release-notes/rl-2311.section.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@

- `services.prometheus.exporters` has a new [exporter](https://github.com/hipages/php-fpm_exporter) to monitor PHP-FPM processes, see [#240394](https://github.com/NixOS/nixpkgs/pull/240394) for more details.

- `programs.gnupg.agent.pinentryFlavor` is now set in `/etc/gnupg/gpg-agent.conf`, and will no longer take precedence over a `pinentry-program` set in `~/.gnupg/gpg-agent.conf`.

## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals}

- The `qemu-vm.nix` module by default now identifies block devices via
Expand Down
9 changes: 4 additions & 5 deletions nixos/modules/programs/gnupg.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,7 @@ in
defaultText = literalMD ''matching the configured desktop environment'';
description = lib.mdDoc ''
Which pinentry interface to use. If not null, the path to the
pinentry binary will be passed to gpg-agent via commandline and
thus overrides the pinentry option in gpg-agent.conf in the user's
home directory.
pinentry binary will be set in /etc/gnupg/gpg-agent.conf.
If not set at all, it'll pick an appropriate flavor depending on the
system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
Expand All @@ -94,12 +92,13 @@ in
};

config = mkIf cfg.agent.enable {
environment.etc."gnupg/gpg-agent.conf".text = ''
environment.etc."gnupg/gpg-agent.conf".text =
lib.optionalString (cfg.agent.pinentryFlavor != null) ''
pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry
'';

# This overrides the systemd user unit shipped with the gnupg package
systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
systemd.user.services.gpg-agent = {
unitConfig = {
Description = "GnuPG cryptographic agent and passphrase cache";
Documentation = "man:gpg-agent(1)";
Expand Down