From 01e4a5143e92251272850a8e0fbb4518bd099087 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 14 Jan 2024 17:09:06 +0000 Subject: [PATCH 1/2] gpg-agent: migrate to 'pinentryPackage' This follows upstream's module change [1], which allows setting any package as a pinentry program. [1]: https://github.com/NixOS/nixpkgs/pull/133542 --- modules/misc/news.nix | 9 +++++++++ modules/services/gpg-agent.nix | 16 ++++++++++------ .../services/gpg-agent/default-homedir.nix | 2 +- .../services/gpg-agent/override-homedir.nix | 2 +- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/modules/misc/news.nix b/modules/misc/news.nix index 849ac94210b5..0b8588616add 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -1443,6 +1443,15 @@ in { A new module is available: 'programs.joplin-desktop'. ''; } + + { + time = "2024-03-14T07:22:09+00:00"; + condition = config.services.gpg-agent.enable; + message = '' + 'services.gpg-agent.pinentryFlavor' has been removed and replaced by + 'services.gpg-agent.pinentryPackage'. + ''; + } ]; }; } diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix index 685698b774a2..a5d89415741f 100644 --- a/modules/services/gpg-agent.nix +++ b/modules/services/gpg-agent.nix @@ -81,6 +81,11 @@ let in { meta.maintainers = [ maintainers.rycee ]; + imports = [ + (mkRemovedOptionModule [ "services" "gpg-agent" "pinentryFlavor" ] + "Use services.gpg-agent.pinentryPackage instead") + ]; + options = { services.gpg-agent = { enable = mkEnableOption "GnuPG private key agent"; @@ -192,10 +197,9 @@ in { configuration file. ''; }; - - pinentryFlavor = mkOption { - type = types.nullOr (types.enum pkgs.pinentry.flavors); - example = "gnome3"; + pinentryPackage = mkOption { + type = types.nullOr types.package; + example = literalExpression "pkgs.pinentry-gnome3"; default = null; description = '' Which pinentry interface to use. If not @@ -243,8 +247,8 @@ in { "max-cache-ttl ${toString cfg.maxCacheTtl}" ++ optional (cfg.maxCacheTtlSsh != null) "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}" - ++ optional (cfg.pinentryFlavor != null) - "pinentry-program ${pkgs.pinentry.${cfg.pinentryFlavor}}/bin/pinentry" + ++ optional (cfg.pinentryPackage != null) + "pinentry-program ${lib.getExe pinentryPackage}" ++ [ cfg.extraConfig ]); home.sessionVariablesExtra = optionalString cfg.enableSshSupport '' diff --git a/tests/modules/services/gpg-agent/default-homedir.nix b/tests/modules/services/gpg-agent/default-homedir.nix index 9e21eb6dba27..29efddac427d 100644 --- a/tests/modules/services/gpg-agent/default-homedir.nix +++ b/tests/modules/services/gpg-agent/default-homedir.nix @@ -5,7 +5,7 @@ with lib; { config = { services.gpg-agent.enable = true; - services.gpg-agent.pinentryFlavor = null; # Don't build pinentry package. + services.gpg-agent.pinentryPackage = null; # Don't build pinentry package. programs.gpg.enable = true; test.stubs.gnupg = { }; diff --git a/tests/modules/services/gpg-agent/override-homedir.nix b/tests/modules/services/gpg-agent/override-homedir.nix index 1a314e41436e..c50786739681 100644 --- a/tests/modules/services/gpg-agent/override-homedir.nix +++ b/tests/modules/services/gpg-agent/override-homedir.nix @@ -5,7 +5,7 @@ with lib; { config = { services.gpg-agent.enable = true; - services.gpg-agent.pinentryFlavor = null; # Don't build pinentry package. + services.gpg-agent.pinentryPackage = null; # Don't build pinentry package. programs.gpg = { enable = true; homedir = "/path/to/hash"; From 1ab3cec3a1bbb065b2d52b913d1431366028d5b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 10 Mar 2024 10:24:45 +0000 Subject: [PATCH 2/2] rbw: simplify 'pinentry' type Following some upstream changes [1], it's now possible to use a simplified package type for the option. [1]: https://github.com/NixOS/nixpkgs/pull/133542 --- modules/misc/news.nix | 9 +++++++++ modules/programs/rbw.nix | 16 +++++----------- tests/modules/programs/rbw/rbw-stubs.nix | 8 ++------ tests/modules/programs/rbw/settings.nix | 4 ++-- tests/modules/programs/rbw/simple-settings.nix | 2 +- 5 files changed, 19 insertions(+), 20 deletions(-) diff --git a/modules/misc/news.nix b/modules/misc/news.nix index 0b8588616add..c4a19177b707 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -1452,6 +1452,15 @@ in { 'services.gpg-agent.pinentryPackage'. ''; } + + { + time = "2024-03-14T07:22:59+00:00"; + condition = config.programs.rbw.enable; + message = '' + 'programs.rbw.pinentry' has been simplified to only accept 'null' or + a package. + ''; + } ]; }; } diff --git a/modules/programs/rbw.nix b/modules/programs/rbw.nix index b6369dbc455f..5dd751d07ce4 100644 --- a/modules/programs/rbw.nix +++ b/modules/programs/rbw.nix @@ -41,9 +41,9 @@ let }; pinentry = mkOption { - type = with types; either package (enum pkgs.pinentry.flavors); - example = "gnome3"; - default = "gtk2"; + type = types.nullOr types.package; + example = literalExpression "pkgs.pinentry-gnome3"; + default = null; description = '' Which pinentry interface to use. Beware that `pinentry-gnome3` may not work on non-Gnome @@ -52,15 +52,9 @@ let ```nix services.dbus.packages = [ pkgs.gcr ]; ``` - For this reason, the default is `gtk2` for - now. ''; # we want the program in the config - apply = val: - if builtins.isString val then - "${pkgs.pinentry.${val}}/bin/pinentry" - else - "${val}/${val.binaryPath or "bin/pinentry"}"; + apply = val: if val == null then val else lib.getExe val; }; }; }; @@ -87,7 +81,7 @@ in { { email = "name@example.com"; lock_timeout = 300; - pinentry = "gnome3"; + pinentry = pkgs.pinentry-gnome3; } ''; description = '' diff --git a/tests/modules/programs/rbw/rbw-stubs.nix b/tests/modules/programs/rbw/rbw-stubs.nix index c48d88be6103..77436232dcf3 100644 --- a/tests/modules/programs/rbw/rbw-stubs.nix +++ b/tests/modules/programs/rbw/rbw-stubs.nix @@ -5,12 +5,8 @@ nixpkgs.overlays = [ (self: super: { - pinentry = { - gnome3 = - config.lib.test.mkStubPackage { outPath = "@pinentry-gnome3@"; }; - gtk2 = config.lib.test.mkStubPackage { outPath = "@pinentry-gtk2@"; }; - flavors = [ "gnome3" "gtk2" ]; - }; + pinentry-gnome3 = + config.lib.test.mkStubPackage { outPath = "@pinentry-gnome3@"; }; }) ]; } diff --git a/tests/modules/programs/rbw/settings.nix b/tests/modules/programs/rbw/settings.nix index 8cf9572bb551..ac5820186398 100644 --- a/tests/modules/programs/rbw/settings.nix +++ b/tests/modules/programs/rbw/settings.nix @@ -14,7 +14,7 @@ let "email": "name@example.com", "identity_url": "identity.example.com", "lock_timeout": 300, - "pinentry": "@pinentry-gnome3@/bin/pinentry" + "pinentry": "@pinentry-gnome3@/bin/dummy" } ''; in { @@ -27,7 +27,7 @@ in { base_url = "bitwarden.example.com"; identity_url = "identity.example.com"; lock_timeout = 300; - pinentry = "gnome3"; + pinentry = pkgs.pinentry-gnome3; }; }; diff --git a/tests/modules/programs/rbw/simple-settings.nix b/tests/modules/programs/rbw/simple-settings.nix index becf9fad197c..b690659a95fe 100644 --- a/tests/modules/programs/rbw/simple-settings.nix +++ b/tests/modules/programs/rbw/simple-settings.nix @@ -14,7 +14,7 @@ let "email": "name@example.com", "identity_url": null, "lock_timeout": 3600, - "pinentry": "@pinentry-gtk2@/bin/pinentry" + "pinentry": null } ''; in {