From 764d15f59f3f0fe3168231f268e2be1136e78cd8 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 11 Aug 2021 22:06:36 +0200 Subject: pinentry: remove multiple outputs package fixes #133156 #124753 --- nixos/modules/config/no-x-libs.nix | 2 +- nixos/modules/programs/gnupg.nix | 42 +++++++++++----------- nixos/modules/programs/wayland/sway.nix | 5 +++ nixos/modules/services/security/yubikey-agent.nix | 12 ++----- .../services/x11/desktop-managers/deepin.nix | 1 + .../modules/services/x11/desktop-managers/lxqt.nix | 2 ++ .../services/x11/desktop-managers/plasma5.nix | 1 + .../modules/services/x11/desktop-managers/xfce.nix | 1 + nixos/modules/services/x11/xserver.nix | 2 ++ 9 files changed, 35 insertions(+), 33 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 870b3fe77cca..fea6e0c4110b 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -66,7 +66,7 @@ with lib; networkmanager-sstp = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; pango = super.pango.override { x11Support = false; }; - pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; }; + pinentry-curses = super.pinentry-curses.override { withLibsecret = false; }; pipewire = super.pipewire.override { vulkanSupport = false; x11Support = false; }; pythonPackagesExtensions = super.pythonPackagesExtensions ++ [ (python-final: python-prev: { diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index 179d2de87cc5..66be1f247fbd 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) mkRemovedOptionModule mkOption mkPackageOption types mkIf optionalString; cfg = config.programs.gnupg; @@ -26,8 +25,10 @@ let "curses"; in - { + imports = [ + (mkRemovedOptionModule [ "programs" "gnupg" "agent" "pinentryFlavor" ] "Use programs.gnupg.agent.pinentryPackage instead") + ]; options.programs.gnupg = { package = mkPackageOption pkgs "gnupg" { }; @@ -66,17 +67,17 @@ in ''; }; - agent.pinentryFlavor = mkOption { - type = types.nullOr (types.enum pkgs.pinentry.flavors); - example = "gnome3"; - default = defaultPinentryFlavor; - defaultText = literalMD ''matching the configured desktop environment''; + agent.pinentryPackage = mkOption { + type = types.nullOr types.package; + example = lib.literalMD "pkgs.pinentry-gnome3"; + default = pkgs.pinentry-curses; + defaultText = lib.literalMD "matching the configured desktop environment or `pkgs.pinentry-curses`"; description = lib.mdDoc '' - Which pinentry interface to use. If not null, the path to the - pinentry binary will be set in /etc/gnupg/gpg-agent.conf. - If not set at all, it'll pick an appropriate flavor depending on the - system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce - 4.12, gnome3 on all other systems with X enabled, ncurses otherwise). + Which pinentry package to use. The path to the mainProgram as defined in + the package's meta attriutes will be set in /etc/gnupg/gpg-agent.conf. + If not set by the user, it'll pick an appropriate flavor depending on the + system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce, + gnome3 on all other systems with X enabled, curses otherwise). ''; }; @@ -102,9 +103,8 @@ in }; config = mkIf cfg.agent.enable { - programs.gnupg.agent.settings = { - pinentry-program = lib.mkIf (cfg.agent.pinentryFlavor != null) - "${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry"; + programs.gnupg.agent.settings = mkIf (cfg.agent.pinentryPackage != null) { + pinentry-program = lib.getExe cfg.agent.pinentryPackage; }; environment.etc."gnupg/gpg-agent.conf".source = @@ -207,9 +207,9 @@ in wantedBy = [ "sockets.target" ]; }; - services.dbus.packages = mkIf (cfg.agent.pinentryFlavor == "gnome3") [ pkgs.gcr ]; + services.dbus.packages = mkIf (lib.elem "gnome3" (cfg.agent.pinentryPackage.flavors or [])) [ pkgs.gcr ]; - environment.systemPackages = with pkgs; [ cfg.package ]; + environment.systemPackages = [ cfg.package ]; environment.interactiveShellInit = '' # Bind gpg-agent to this TTY if gpg commands are used. @@ -230,12 +230,10 @@ in ''; assertions = [ - { assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; + { + assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!"; } ]; }; - - # uses attributes of the linked package - meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/programs/wayland/sway.nix b/nixos/modules/programs/wayland/sway.nix index ca2503ae5da7..2bd297af5254 100644 --- a/nixos/modules/programs/wayland/sway.nix +++ b/nixos/modules/programs/wayland/sway.nix @@ -152,6 +152,7 @@ in { ''; } ]; + environment = { systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages; # Needed for the default wallpaper: @@ -166,8 +167,12 @@ in { "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config"; }; }; + + programs.gnupg.agent.pinentryPackage = lib.mkDefault pkgs.pinentry-gnome3; + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050913 xdg.portal.config.sway.default = mkDefault [ "wlr" "gtk" ]; + # To make a Sway session available if a display manager like SDDM is enabled: services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; } (import ./wayland-session.nix { inherit lib pkgs; }) diff --git a/nixos/modules/services/security/yubikey-agent.nix b/nixos/modules/services/security/yubikey-agent.nix index a9f15e4405f2..bf8432a00238 100644 --- a/nixos/modules/services/security/yubikey-agent.nix +++ b/nixos/modules/services/security/yubikey-agent.nix @@ -6,9 +6,6 @@ with lib; let cfg = config.services.yubikey-agent; - - # reuse the pinentryFlavor option from the gnupg module - pinentryFlavor = config.programs.gnupg.agent.pinentryFlavor; in { ###### interface @@ -41,13 +38,8 @@ in # This overrides the systemd user unit shipped with the # yubikey-agent package systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) { - path = [ pkgs.pinentry.${pinentryFlavor} ]; - wantedBy = [ - (if pinentryFlavor == "tty" || pinentryFlavor == "curses" then - "default.target" - else - "graphical-session.target") - ]; + path = [ config.programs.gnupg.agent.pinentryPackage ]; + wantedBy = [ "default.target" ]; }; # Yubikey-agent expects pcsd to be running in order to function. diff --git a/nixos/modules/services/x11/desktop-managers/deepin.nix b/nixos/modules/services/x11/desktop-managers/deepin.nix index 0824d6e30a8a..e6f221201013 100644 --- a/nixos/modules/services/x11/desktop-managers/deepin.nix +++ b/nixos/modules/services/x11/desktop-managers/deepin.nix @@ -66,6 +66,7 @@ in services.upower.enable = mkDefault config.powerManagement.enable; networking.networkmanager.enable = mkDefault true; programs.dconf.enable = mkDefault true; + programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; fonts.packages = with pkgs; [ noto-fonts ]; xdg.mime.enable = true; diff --git a/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixos/modules/services/x11/desktop-managers/lxqt.nix index 50ad72dc7388..d3bdc4326a90 100644 --- a/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -62,6 +62,8 @@ in # Link some extra directories in /run/current-system/software/share environment.pathsToLink = [ "/share" ]; + programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; + # virtual file systems support for PCManFM-QT services.gvfs.enable = true; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 7645b3070369..c884b4487e24 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -336,6 +336,7 @@ in serif = [ "Noto Serif" ]; }; + programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; programs.ssh.askPassword = mkDefault "${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass"; # Enable helpful DBus services. diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index e28486bcc12d..6bc964f4c6ed 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -131,6 +131,7 @@ in xfdesktop ] ++ optional cfg.enableScreensaver xfce4-screensaver) excludePackages; + programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2; programs.xfconf.enable = true; programs.thunar.enable = true; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 38fb1074fcdf..3d7474e18263 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -749,6 +749,8 @@ in boot.kernel.sysctl."fs.inotify.max_user_instances" = mkDefault 524288; boot.kernel.sysctl."fs.inotify.max_user_watches" = mkDefault 524288; + programs.gnupg.agent.pinentryPackage = lib.mkDefault pkgs.pinentry-gnome3; + systemd.defaultUnit = mkIf cfg.autorun "graphical.target"; systemd.services.display-manager = -- cgit 1.4.1