mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-18 03:34:58 +00:00
gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be two gnupg store paths in a standard NixOS system which has udisks2 enabled by default. NixOS users are expected to use the gpg-agent user service to pull in the appropriate pinentry flavour or install it on their systemPackages and set it in their local gnupg agent config instead. Co-authored-by: Florian Klink <flokli@flokli.de>
This commit is contained in:
parent
c2576266ba
commit
3d832dee59
@ -85,7 +85,14 @@
|
|||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para />
|
<para>
|
||||||
|
GnuPG is now built without support for a graphical passphrase entry
|
||||||
|
by default. Please enable the <literal>gpg-agent</literal> user service
|
||||||
|
via the NixOS option <literal>programs.gnupg.agent.enable</literal>.
|
||||||
|
Note that upstream recommends using <literal>gpg-agent</literal> and
|
||||||
|
will spawn a <literal>gpg-agent</literal> on the first invocation of
|
||||||
|
GnuPG anyway.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
@ -76,7 +76,7 @@ in
|
|||||||
thus overrides the pinentry option in gpg-agent.conf in the user's
|
thus overrides the pinentry option in gpg-agent.conf in the user's
|
||||||
home directory.
|
home directory.
|
||||||
If not set at all, it'll pick an appropriate flavor depending on the
|
If not set at all, it'll pick an appropriate flavor depending on the
|
||||||
system configuration (qt3 flavor for lxqt and plasma5, gtk2 for xfce
|
system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
|
||||||
4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
|
4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -24,11 +24,7 @@ stdenv.mkDerivation rec {
|
|||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
|
nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
|
||||||
|
|
||||||
buildInputs = let
|
buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ];
|
||||||
gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome
|
|
||||||
in [
|
|
||||||
gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk
|
|
||||||
];
|
|
||||||
|
|
||||||
propagatedBuildInputs = [ glib gtk3 p11-kit ];
|
propagatedBuildInputs = [ glib gtk3 p11-kit ];
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# Each of the dependencies below are optional.
|
# Each of the dependencies below are optional.
|
||||||
# Gnupg can be built without them at the cost of reduced functionality.
|
# Gnupg can be built without them at the cost of reduced functionality.
|
||||||
, pinentry ? null, guiSupport ? true
|
, pinentry ? null, guiSupport ? false
|
||||||
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
|
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
# Each of the dependencies below are optional.
|
# Each of the dependencies below are optional.
|
||||||
# Gnupg can be built without them at the cost of reduced functionality.
|
# Gnupg can be built without them at the cost of reduced functionality.
|
||||||
, pinentry ? null, guiSupport ? true
|
, pinentry ? null, guiSupport ? false
|
||||||
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
|
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
|
||||||
, readline ? null, zlib ? null, bzip2 ? null
|
, readline ? null, zlib ? null, bzip2 ? null
|
||||||
}:
|
}:
|
||||||
|
@ -3499,10 +3499,12 @@ in
|
|||||||
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
|
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
|
||||||
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
|
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
|
||||||
gnupg20 = callPackage ../tools/security/gnupg/20.nix {
|
gnupg20 = callPackage ../tools/security/gnupg/20.nix {
|
||||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
|
guiSupport = stdenv.isDarwin;
|
||||||
|
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
|
||||||
};
|
};
|
||||||
gnupg22 = callPackage ../tools/security/gnupg/22.nix {
|
gnupg22 = callPackage ../tools/security/gnupg/22.nix {
|
||||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
|
guiSupport = stdenv.isDarwin;
|
||||||
|
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
|
||||||
};
|
};
|
||||||
gnupg = gnupg22;
|
gnupg = gnupg22;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user