From 9c10ac957dd77e22e9c4f29cd54652d9547c624a Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 18 Mar 2016 10:12:58 +0100 Subject: [PATCH 1/2] Update our default version of GnuPG from 2.0.x to 2.1.x. This patch closes https://github.com/NixOS/nixpkgs/issues/4888. --- pkgs/top-level/all-packages.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f8e5ecbd6a54..3bbcb5e826ea 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1780,17 +1780,11 @@ let gnupatch = callPackage ../tools/text/gnupatch { }; gnupg1orig = callPackage ../tools/security/gnupg/1.nix { }; - gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { }; - - # use config.packageOverrides if you prefer original gnupg1 - gnupg1 = gnupg1compat; - + gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1 gnupg20 = callPackage ../tools/security/gnupg/20.nix { }; - - gnupg21 = lowPrio (callPackage ../tools/security/gnupg/21.nix { }); - - gnupg = gnupg20; + gnupg21 = callPackage ../tools/security/gnupg/21.nix { }; + gnupg = gnupg21; gnuplot = callPackage ../tools/graphics/gnuplot { qt = qt4; }; From 5391882ebd781149e213e8817fba6ac3c503740c Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 18 Mar 2016 10:31:40 +0100 Subject: [PATCH 2/2] services.xserver.startGnuPGAgent: remove obsolete NixOS option GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to ~/.xsession or some other appropriate place that's sourced at start-up: gpg-connect-agent /bye GPG_TTY=$(tty) export GPG_TTY If you want to use gpg-agent for SSH, too, also add the settings unset SSH_AGENT_PID export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" and make sure that enable-ssh-support is included in your ~/.gnupg/gpg-agent.conf. The gpg-agent(1) man page has more details about this subject, i.e. in the "EXAMPLES" section. --- nixos/modules/config/gnu.nix | 1 - nixos/modules/rename.nix | 1 + .../services/x11/display-managers/default.nix | 11 ---------- nixos/modules/services/x11/xserver.nix | 20 +------------------ 4 files changed, 2 insertions(+), 31 deletions(-) diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix index f8c35b440d12..ad0e35c8a63f 100644 --- a/nixos/modules/config/gnu.nix +++ b/nixos/modules/config/gnu.nix @@ -37,7 +37,6 @@ with lib; services.openssh.enable = false; services.lshd.enable = true; programs.ssh.startAgent = false; - services.xserver.startGnuPGAgent = true; # TODO: GNU dico. # TODO: GNU Inetutils' inetd. diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 0de6ca758c16..c6a781b6f00f 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -111,6 +111,7 @@ with lib; (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ]) (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ]) + (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]) ]; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 533b03aff08d..7dffdfc2b36c 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -49,17 +49,6 @@ let fi ''} - ${optionalString cfg.startGnuPGAgent '' - if test -z "$SSH_AUTH_SOCK"; then - # Restart this script as a child of the GnuPG agent. - exec "${pkgs.gnupg}/bin/gpg-agent" \ - --enable-ssh-support --daemon \ - --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2" \ - --write-env-file "$HOME/.gpg-agent-info" \ - "$0" "$sessionType" - fi - ''} - # Handle being called by kdm. if test "''${1:0:1}" = /; then eval exec "$1"; fi diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index abbe00cc8881..0fcea6ce5e4f 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -219,17 +219,6 @@ in ''; }; - startGnuPGAgent = mkOption { - type = types.bool; - default = false; - description = '' - Whether to start the GnuPG agent when you log in. The GnuPG agent - remembers private keys for you so that you don't have to type in - passphrases every time you make an SSH connection or sign/encrypt - data. Use ssh-add to add a key to the agent. - ''; - }; - startDbusSession = mkOption { type = types.bool; default = true; @@ -444,14 +433,7 @@ in in optional (driver != null) ({ inherit name; driverName = name; } // driver)); assertions = - [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent); - message = - '' - The OpenSSH agent and GnuPG agent cannot be started both. Please - choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’. - ''; - } - { assertion = config.security.polkit.enable; + [ { assertion = config.security.polkit.enable; message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’)."; } ];