gnupg: disable gui/pinentry support by default

This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.

NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.

Co-authored-by: Florian Klink <flokli@flokli.de>

2 files changed, 9 insertions, 2 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml
index ab0951e831c..49ffcd1c2d2 100644
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@@ -85,7 +85,14 @@
 
   <itemizedlist>
    <listitem>
-    <para />
+    <para>
+      GnuPG is now built without support for a graphical passphrase entry
+      by default. Please enable the <literal>gpg-agent</literal> user service
+      via the NixOS option <literal>programs.gnupg.agent.enable</literal>.
+      Note that upstream recommends using <literal>gpg-agent</literal> and
+      will spawn a <literal>gpg-agent</literal> on the first invocation of
+      GnuPG anyway.
+    </para>
    </listitem>
   </itemizedlist>
  </section>
diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix
index dd3d74c2632..4fb7c43c8b2 100644
--- a/nixos/modules/programs/gnupg.nix
+++ b/nixos/modules/programs/gnupg.nix
@@ -76,7 +76,7 @@ in
         thus overrides the pinentry option in gpg-agent.conf in the user's
         home directory.
         If not set at all, it'll pick an appropriate flavor depending on the
-        system configuration (qt3 flavor for lxqt and plasma5, gtk2 for xfce
+        system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
         4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
       '';
     };