diff options
| author | worldofpeace <worldofpeace@protonmail.ch> | 2019-10-17 00:24:15 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-17 00:24:15 +0000 |
| commit | 823da4d492b8b4ad46bf812db8421d99ff17a8fc (patch) | |
| tree | 82549172077243a7706f405d98a2d68617f59113 /nixos | |
| parent | b75c8ee3bc1b9734c29740e9d17ac2175fe207fd (diff) | |
| parent | e397b949a9439e0df7ad77e72a12410efc61a930 (diff) | |
| download | nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar.gz nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar.bz2 nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar.lz nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar.xz nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.tar.zst nixlib-823da4d492b8b4ad46bf812db8421d99ff17a8fc.zip | |
Merge pull request #71095 from flokli/pinentry-cleanup
Split pinentry flavors and enable udisks2 on install media again
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 9 | ||||
| -rw-r--r-- | nixos/modules/config/no-x-libs.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/installer/tools/tools.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/profiles/installation-device.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/programs/gnupg.nix | 39 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/udisks2.nix | 5 | ||||
| -rw-r--r-- | nixos/tests/installer.nix | 4 | ||||
| -rw-r--r-- | nixos/tests/os-prober.nix | 3 |
8 files changed, 53 insertions, 17 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index ab0951e831ce..49ffcd1c2d21 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -85,7 +85,14 @@ <itemizedlist> <listitem> - <para /> + <para> + GnuPG is now built without support for a graphical passphrase entry + by default. Please enable the <literal>gpg-agent</literal> user service + via the NixOS option <literal>programs.gnupg.agent.enable</literal>. + Note that upstream recommends using <literal>gpg-agent</literal> and + will spawn a <literal>gpg-agent</literal> on the first invocation of + GnuPG anyway. + </para> </listitem> </itemizedlist> </section> diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 74cf74d74181..873b8073fed9 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -34,7 +34,6 @@ with lib; networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; - pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; }; })); }; diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 329260059598..9e6eead3c4d7 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -120,7 +120,11 @@ in # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # flavour = "gnome3"; + # }; # List services that you want to enable: diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index fd30220ce1c9..4596e163404c 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -31,9 +31,6 @@ with lib; # Let the user play Rogue on TTY 8 during the installation. #services.rogue.enable = true; - # Disable some other stuff we don't need. - services.udisks2.enable = mkDefault false; - # Use less privileged nixos user users.users.nixos = { isNormalUser = true; diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index bcbc994efe9b..4fb7c43c8b2e 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -6,6 +6,19 @@ let cfg = config.programs.gnupg; + xserverCfg = config.services.xserver; + + defaultPinentryFlavor = + if xserverCfg.desktopManager.lxqt.enable + || xserverCfg.desktopManager.plasma5.enable then + "qt" + else if xserverCfg.desktopManager.xfce.enable then + "gtk2" + else if xserverCfg.enable then + "gnome3" + else + null; + in { @@ -54,6 +67,20 @@ in ''; }; + agent.pinentryFlavor = mkOption { + type = types.nullOr (types.enum pkgs.pinentry.flavors); + example = "gnome3"; + description = '' + Which pinentry interface to use. If not null, the path to the + pinentry binary will be passed to gpg-agent via commandline and + thus overrides the pinentry option in gpg-agent.conf in the user's + home directory. + If not set at all, it'll pick an appropriate flavor depending on the + system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce + 4.12, gnome3 on all other systems with X enabled, ncurses otherwise). + ''; + }; + dirmngr.enable = mkOption { type = types.bool; default = false; @@ -64,6 +91,16 @@ in }; config = mkIf cfg.agent.enable { + programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor; + + # This overrides the systemd user unit shipped with the gnupg package + systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) { + serviceConfig.ExecStart = [ "" '' + ${pkgs.gnupg}/bin/gpg-agent --supervised \ + --pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry + '' ]; + }; + systemd.user.sockets.gpg-agent = { wantedBy = [ "sockets.target" ]; }; @@ -83,7 +120,7 @@ in systemd.user.sockets.dirmngr = mkIf cfg.dirmngr.enable { wantedBy = [ "sockets.target" ]; }; - + environment.systemPackages = with pkgs; [ cfg.package ]; systemd.packages = [ cfg.package ]; diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix index ed8703be921c..e898f3260585 100644 --- a/nixos/modules/services/hardware/udisks2.nix +++ b/nixos/modules/services/hardware/udisks2.nix @@ -34,10 +34,7 @@ with lib; services.dbus.packages = [ pkgs.udisks2 ]; - system.activationScripts.udisks2 = - '' - mkdir -m 0755 -p /var/lib/udisks2 - ''; + systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ]; services.udev.packages = [ pkgs.udisks2 ]; diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index a136678c6eff..eb1f4f192dd1 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -54,8 +54,6 @@ let hardware.enableAllFirmware = lib.mkForce false; - services.udisks2.enable = lib.mkDefault false; - ${replaceChars ["\n"] ["\n "] extraConfig} } ''; @@ -295,8 +293,6 @@ let ++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub ++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ]; - services.udisks2.enable = mkDefault false; - nix.binaryCaches = mkForce [ ]; nix.extraOptions = '' diff --git a/nixos/tests/os-prober.nix b/nixos/tests/os-prober.nix index 9cd9f4ecd150..5407a62339fe 100644 --- a/nixos/tests/os-prober.nix +++ b/nixos/tests/os-prober.nix @@ -51,12 +51,11 @@ let hashed-mirrors = connect-timeout = 1 ''; - services.udisks2.enable = lib.mkForce false; }; # /etc/nixos/configuration.nix for the vm configFile = pkgs.writeText "configuration.nix" '' {config, pkgs, ...}: ({ - imports = + imports = [ ./hardware-configuration.nix <nixpkgs/nixos/modules/testing/test-instrumentation.nix> ]; |