Revert "pinentry: drop gtk2"

[lheckemann]

This reverts commit edb8b79.

Description of changes

Revert the removal of the gtk2 flavour in #270266, since people are still using the gtk2 pinentry for reasons.

gtk2 still won't end up in the runtime closure of systems not using it, but something like #133542 might be a more principled approach that removes it from the build-time closure too.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[SuperSandro2000]

since people are still using the gtk2 pinentry for reasons.

Why would you want to still use it? It is since 3 years deprecated and there is no DE using it anymore.

[lheckemann]

It's the default in home-manager:

  services.gpg-agent.pinentryFlavor
      Which pinentry interface to use. If not null, it sets pinentry-program in gpg-agent.conf. Beware that pinentry-gnome3 may not work on non-Gnome systems. You can fix it by
      adding the following to your system configuration:

          services.dbus.packages = [ pkgs.gcr ];

      For this reason, the default is gtk2 for now.

      Type: null or one of “curses”, “tty”, “gtk2”, “emacs”, “gnome3”, “qt”

      Default: "gtk2"

      Example: "gnome3"

      Declared by:
          <home-manager/modules/services/gpg-agent.nix>

That's probably worth changing anyway, but in the meantime let's bring back the gtk2 pinentry.

[SuperSandro2000]

It's the default in home-manager:

I am not very amused that we are held back by an out of tree project that is setting bad defaults and not properly forwarding the overrides.

I've opened nix-community/home-manager#4805. Lets see how far we get with that instead of undoing this.

[dschrempf]

I think this also affects programs.gnupg.agent.pinentryFlavor, which mentions gtk2 as a valid option. (Actually, also the code itself handles gtk2 as a valid option, only the type check throws this error:

      type = types.nullOr (types.enum pkgs.pinentry.flavors);

(I may look at outdated code, I have nixos-unstable checked out here, but then, the pinentry change is alsready on unstable).

EDIT: Actually, there seem to be more problems with programs.gnupg.agent.pinentryFlavor because it mentions ncurses and curses, and I think only the last one is a valid option.

[sg-qwt]

For wayland folks, gave wayprompt a try. It's pretty good, but it's only in nixpkgs-wayland. Would appreciate if anyone can upstream the package in nixpkgs.

[SuperSandro2000]

@dschrempf I've opened #277221 to fix that. I hope I didn't mix things up.

The linked home-manager PR got merged, so we can close this, right?

[arcnmx]

It's worth noting that the prior PR also silently broke the top-level attribute pkgs.pinentry-gtk2. Unless gtk2 itself is removed from nixpkgs I don't see why this shouldn't continue to be available, and if it is a bottleneck for builds then a separate derivation could be provided as a middle-ground solution instead.

[SuperSandro2000]

Unless gtk2 itself is removed from nixpkgs I don't see why this shouldn't continue to be available

It is just no longer available as a default, you can still explicitly opt into this.
Also removing gtk2 in one go is near impossible and a pretty huge task, so we need to start somewhere and default options and dead software are a pretty good start.

if it is a bottleneck for builds then a separate derivation could be provided as a middle-ground solution instead.

I don't think we need to go that way. gpg pinentry is pretty small and pretty fast built.

[fpletz]

It is just no longer available as a default, you can still explicitly opt into this.

No, #270266 broke this.

[fpletz]

Merging this since there is no use keeping gtk2 broken while #277221 is no ready.