diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2018-10-27 16:03:13 +0200 |
|---|---|---|
| committer | worldofpeace <worldofpeace@protonmail.ch> | 2019-10-16 20:31:16 -0400 |
| commit | 3d832dee59ed0338db4afb83b4c481a062163771 (patch) | |
| tree | 804a43fe762e94bc3c6e421e1fee9816f2d907fc | |
| parent | c2576266baaf02be2d4da39cf25ed48044b6245e (diff) | |
| download | nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar.gz nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar.bz2 nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar.lz nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar.xz nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.tar.zst nixpkgs-3d832dee59ed0338db4afb83b4c481a062163771.zip | |
gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be two gnupg store paths in a standard NixOS system which has udisks2 enabled by default. NixOS users are expected to use the gpg-agent user service to pull in the appropriate pinentry flavour or install it on their systemPackages and set it in their local gnupg agent config instead. Co-authored-by: Florian Klink <flokli@flokli.de>
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 9 | ||||
| -rw-r--r-- | nixos/modules/programs/gnupg.nix | 2 | ||||
| -rw-r--r-- | pkgs/development/libraries/gcr/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/tools/security/gnupg/20.nix | 2 | ||||
| -rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 2 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 6 |
6 files changed, 16 insertions, 11 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index ab0951e831c..49ffcd1c2d2 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -85,7 +85,14 @@ <itemizedlist> <listitem> - <para /> + <para> + GnuPG is now built without support for a graphical passphrase entry + by default. Please enable the <literal>gpg-agent</literal> user service + via the NixOS option <literal>programs.gnupg.agent.enable</literal>. + Note that upstream recommends using <literal>gpg-agent</literal> and + will spawn a <literal>gpg-agent</literal> on the first invocation of + GnuPG anyway. + </para> </listitem> </itemizedlist> </section> diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index dd3d74c2632..4fb7c43c8b2 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -76,7 +76,7 @@ in thus overrides the pinentry option in gpg-agent.conf in the user's home directory. If not set at all, it'll pick an appropriate flavor depending on the - system configuration (qt3 flavor for lxqt and plasma5, gtk2 for xfce + system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce 4.12, gnome3 on all other systems with X enabled, ncurses otherwise). ''; }; diff --git a/pkgs/development/libraries/gcr/default.nix b/pkgs/development/libraries/gcr/default.nix index 18b568b0f6c..1947d40dc85 100644 --- a/pkgs/development/libraries/gcr/default.nix +++ b/pkgs/development/libraries/gcr/default.nix @@ -24,11 +24,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ]; - buildInputs = let - gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome - in [ - gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk - ]; + buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ]; propagatedBuildInputs = [ glib gtk3 p11-kit ]; diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 6336d319997..ef348e38834 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -3,7 +3,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, guiSupport ? true +, pinentry ? null, guiSupport ? false , openldap ? null, bzip2 ? null, libusb ? null, curl ? null }: diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index e2f460e7e30..f62f10c8cf9 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, guiSupport ? true +, pinentry ? null, guiSupport ? false , adns ? null, gnutls ? null, libusb ? null, openldap ? null , readline ? null, zlib ? null, bzip2 ? null }: diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 08837c7a575..055209a3bc4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3499,10 +3499,12 @@ in gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { }; gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1 gnupg20 = callPackage ../tools/security/gnupg/20.nix { - pinentry = if stdenv.isDarwin then pinentry_mac else pinentry; + guiSupport = stdenv.isDarwin; + pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2; }; gnupg22 = callPackage ../tools/security/gnupg/22.nix { - pinentry = if stdenv.isDarwin then pinentry_mac else pinentry; + guiSupport = stdenv.isDarwin; + pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2; }; gnupg = gnupg22; |