diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml
index 49ffcd1c2d2..ab0951e831c 100644
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@@ -85,14 +85,7 @@
-
- GnuPG is now built without support for a graphical passphrase entry
- by default. Please enable the gpg-agent user service
- via the NixOS option programs.gnupg.agent.enable.
- Note that upstream recommends using gpg-agent and
- will spawn a gpg-agent on the first invocation of
- GnuPG anyway.
-
+
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
index 873b8073fed..74cf74d7418 100644
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@@ -34,6 +34,7 @@ with lib;
networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; };
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
+ pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; };
gobject-introspection = super.gobject-introspection.override { x11Support = false; };
}));
};
diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix
index 9e6eead3c4d..32926005959 100644
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@@ -120,11 +120,7 @@ in
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # flavour = "gnome3";
- # };
+ # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix
index 4596e163404..fd30220ce1c 100644
--- a/nixos/modules/profiles/installation-device.nix
+++ b/nixos/modules/profiles/installation-device.nix
@@ -31,6 +31,9 @@ with lib;
# Let the user play Rogue on TTY 8 during the installation.
#services.rogue.enable = true;
+ # Disable some other stuff we don't need.
+ services.udisks2.enable = mkDefault false;
+
# Use less privileged nixos user
users.users.nixos = {
isNormalUser = true;
diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix
index 4fb7c43c8b2..bcbc994efe9 100644
--- a/nixos/modules/programs/gnupg.nix
+++ b/nixos/modules/programs/gnupg.nix
@@ -6,19 +6,6 @@ let
cfg = config.programs.gnupg;
- xserverCfg = config.services.xserver;
-
- defaultPinentryFlavor =
- if xserverCfg.desktopManager.lxqt.enable
- || xserverCfg.desktopManager.plasma5.enable then
- "qt"
- else if xserverCfg.desktopManager.xfce.enable then
- "gtk2"
- else if xserverCfg.enable then
- "gnome3"
- else
- null;
-
in
{
@@ -67,20 +54,6 @@ in
'';
};
- agent.pinentryFlavor = mkOption {
- type = types.nullOr (types.enum pkgs.pinentry.flavors);
- example = "gnome3";
- description = ''
- Which pinentry interface to use. If not null, the path to the
- pinentry binary will be passed to gpg-agent via commandline and
- thus overrides the pinentry option in gpg-agent.conf in the user's
- home directory.
- If not set at all, it'll pick an appropriate flavor depending on the
- system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
- 4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
- '';
- };
-
dirmngr.enable = mkOption {
type = types.bool;
default = false;
@@ -91,16 +64,6 @@ in
};
config = mkIf cfg.agent.enable {
- programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
-
- # This overrides the systemd user unit shipped with the gnupg package
- systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
- serviceConfig.ExecStart = [ "" ''
- ${pkgs.gnupg}/bin/gpg-agent --supervised \
- --pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry
- '' ];
- };
-
systemd.user.sockets.gpg-agent = {
wantedBy = [ "sockets.target" ];
};
@@ -120,7 +83,7 @@ in
systemd.user.sockets.dirmngr = mkIf cfg.dirmngr.enable {
wantedBy = [ "sockets.target" ];
};
-
+
environment.systemPackages = with pkgs; [ cfg.package ];
systemd.packages = [ cfg.package ];
diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix
index e898f326058..ed8703be921 100644
--- a/nixos/modules/services/hardware/udisks2.nix
+++ b/nixos/modules/services/hardware/udisks2.nix
@@ -34,7 +34,10 @@ with lib;
services.dbus.packages = [ pkgs.udisks2 ];
- systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];
+ system.activationScripts.udisks2 =
+ ''
+ mkdir -m 0755 -p /var/lib/udisks2
+ '';
services.udev.packages = [ pkgs.udisks2 ];
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
index eb1f4f192dd..a136678c6ef 100644
--- a/nixos/tests/installer.nix
+++ b/nixos/tests/installer.nix
@@ -54,6 +54,8 @@ let
hardware.enableAllFirmware = lib.mkForce false;
+ services.udisks2.enable = lib.mkDefault false;
+
${replaceChars ["\n"] ["\n "] extraConfig}
}
'';
@@ -293,6 +295,8 @@ let
++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ];
+ services.udisks2.enable = mkDefault false;
+
nix.binaryCaches = mkForce [ ];
nix.extraOptions =
''
diff --git a/nixos/tests/os-prober.nix b/nixos/tests/os-prober.nix
index 5407a62339f..9cd9f4ecd15 100644
--- a/nixos/tests/os-prober.nix
+++ b/nixos/tests/os-prober.nix
@@ -51,11 +51,12 @@ let
hashed-mirrors =
connect-timeout = 1
'';
+ services.udisks2.enable = lib.mkForce false;
};
# /etc/nixos/configuration.nix for the vm
configFile = pkgs.writeText "configuration.nix" ''
{config, pkgs, ...}: ({
- imports =
+ imports =
[ ./hardware-configuration.nix
];
diff --git a/pkgs/development/libraries/gcr/default.nix b/pkgs/development/libraries/gcr/default.nix
index 1947d40dc85..18b568b0f6c 100644
--- a/pkgs/development/libraries/gcr/default.nix
+++ b/pkgs/development/libraries/gcr/default.nix
@@ -24,7 +24,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
- buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ];
+ buildInputs = let
+ gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome
+ in [
+ gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk
+ ];
propagatedBuildInputs = [ glib gtk3 p11-kit ];
diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix
index ef348e38834..6336d319997 100644
--- a/pkgs/tools/security/gnupg/20.nix
+++ b/pkgs/tools/security/gnupg/20.nix
@@ -3,7 +3,7 @@
# Each of the dependencies below are optional.
# Gnupg can be built without them at the cost of reduced functionality.
-, pinentry ? null, guiSupport ? false
+, pinentry ? null, guiSupport ? true
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
}:
diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix
index f62f10c8cf9..e2f460e7e30 100644
--- a/pkgs/tools/security/gnupg/22.nix
+++ b/pkgs/tools/security/gnupg/22.nix
@@ -4,7 +4,7 @@
# Each of the dependencies below are optional.
# Gnupg can be built without them at the cost of reduced functionality.
-, pinentry ? null, guiSupport ? false
+, pinentry ? null, guiSupport ? true
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
, readline ? null, zlib ? null, bzip2 ? null
}:
diff --git a/pkgs/tools/security/kwalletcli/default.nix b/pkgs/tools/security/kwalletcli/default.nix
index 9356e2f53f9..fedf3421fb1 100644
--- a/pkgs/tools/security/kwalletcli/default.nix
+++ b/pkgs/tools/security/kwalletcli/default.nix
@@ -1,5 +1,5 @@
{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig
-, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }:
+, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }:
mkDerivation rec {
pname = "kwalletcli";
@@ -36,7 +36,7 @@ mkDerivation rec {
postInstall = ''
wrapProgram $out/bin/pinentry-kwallet \
- --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \
+ --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \
--set-default PINENTRY pinentry-qt
'';
diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix
index 87edc914131..160816a8cb7 100644
--- a/pkgs/tools/security/pinentry/default.nix
+++ b/pkgs/tools/security/pinentry/default.nix
@@ -1,93 +1,60 @@
-{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook, wrapGAppsHook
-, libgpgerror, libassuan, qtbase, wrapQtAppsHook
-, ncurses, gtk2, gcr
-, libcap ? null, libsecret ? null
-, enabledFlavors ? [ "curses" "tty" "gtk2" "qt" "gnome3" "emacs" ]
+{ fetchurl, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook
+, libgpgerror, libassuan
+, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null
+, qt4 ? null, qt5 ? null
+, enableEmacs ? false
}:
-with stdenv.lib;
-
-assert isList enabledFlavors && enabledFlavors != [];
+assert qt5 != null -> qt4 == null;
+assert qt4 != null -> qt5 == null;
let
- pinentryMkDerivation =
- if (builtins.elem "qt" enabledFlavors)
- then mkDerivation
+ mkDerivation =
+ if qt5 != null
+ then qt5.mkDerivation
else stdenv.mkDerivation;
-
- mkFlag = pfxTrue: pfxFalse: cond: name:
- "--${if cond then pfxTrue else pfxFalse}-${name}";
- mkEnable = mkFlag "enable" "disable";
- mkWith = mkFlag "with" "without";
-
- mkEnablePinentry = f:
- let
- info = flavorInfo.${f};
- flag = flavorInfo.${f}.flag or null;
- in
- optionalString (flag != null)
- (mkEnable (elem f enabledFlavors) ("pinentry-" + flag));
-
- flavorInfo = {
- curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; };
- tty = { bin = "tty"; flag = "tty"; };
- gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; };
- gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; };
- qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; };
- emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; };
- };
-
in
-pinentryMkDerivation rec {
- pname = "pinentry";
- version = "1.1.0";
+mkDerivation rec {
+ name = "pinentry-1.1.0";
src = fetchurl {
- url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2";
+ url = "mirror://gnupg/pinentry/${name}.tar.bz2";
sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8";
};
- nativeBuildInputs = [ pkgconfig autoreconfHook ]
- ++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors;
- buildInputs = [ libgpgerror libassuan libcap libsecret ]
- ++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors;
+ nativeBuildInputs = [ pkgconfig autoreconfHook ];
+ buildInputs =
+ [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt4 ]
+ ++ stdenv.lib.optional (qt5 != null) qt5.qtbase;
- dontWrapGApps = true;
- dontWrapQtApps = true;
+ prePatch = ''
+ substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses
+ '';
patches = [
./autoconf-ar.patch
- ] ++ optionals (elem "gtk2" enabledFlavors) [
+ ] ++ lib.optionals (gtk2 != null) [
(fetchpatch {
- url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
+ url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/"
+ + "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
})
];
configureFlags = [
- (mkWith (libcap != null) "libcap")
- (mkEnable (libsecret != null) "libsecret")
- ] ++ (map mkEnablePinentry (attrNames flavorInfo));
+ (stdenv.lib.withFeature (libcap != null) "libcap")
+ (stdenv.lib.enableFeature (libsecret != null) "libsecret")
+ (stdenv.lib.enableFeature (ncurses != null) "pinentry-curses")
+ (stdenv.lib.enableFeature true "pinentry-tty")
+ (stdenv.lib.enableFeature enableEmacs "pinentry-emacs")
+ (stdenv.lib.enableFeature (gtk2 != null) "pinentry-gtk2")
+ (stdenv.lib.enableFeature (gcr != null) "pinentry-gnome3")
+ (stdenv.lib.enableFeature (qt4 != null || qt5 != null) "pinentry-qt")
- postInstall =
- concatStrings (flip map enabledFlavors (f:
- let
- binary = "pinentry-" + flavorInfo.${f}.bin;
- in ''
- moveToOutput bin/${binary} ${placeholder f}
- ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry
- '' + optionalString (f == "gnome3") ''
- wrapGApp ${placeholder f}/bin/${binary}
- '' + optionalString (f == "qt") ''
- wrapQtApp ${placeholder f}/bin/${binary}
- '')) + ''
- ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry
- '';
-
- outputs = [ "out" ] ++ enabledFlavors;
-
- passthru = { flavors = enabledFlavors; };
+ "--with-libassuan-prefix=${libassuan.dev}"
+ "--with-libgpg-error-prefix=${libgpgerror.dev}"
+ ];
meta = with stdenv.lib; {
homepage = http://gnupg.org/aegypten2/;
@@ -98,6 +65,6 @@ pinentryMkDerivation rec {
Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
to enter a passphrase when `gpg' or `gpg2' is run and needs it.
'';
- maintainers = with maintainers; [ ttuegel fpletz ];
+ maintainers = [ maintainers.ttuegel ];
};
}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 127bf8b2cdf..d4617a635f1 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -290,11 +290,6 @@ mapAliases ({
pg_hll = postgresqlPackages.pg_hll;
pg_cron = postgresqlPackages.pg_cron;
pg_topn = postgresqlPackages.pg_topn;
- pinentry_curses = pinentry-curses; # added 2019-10-14
- pinentry_emacs = pinentry-emacs; # added 2019-10-14
- pinentry_gtk2 = pinentry-gtk2; # added 2019-10-14
- pinentry_qt = pinentry-qt; # added 2019-10-14
- pinentry_gnome = pinentry-gnome; # added 2019-10-14
postgis = postgresqlPackages.postgis;
# end
ppl-address-book = throw "deprecated in 2019-05-02: abandoned by upstream.";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index be4e7875a1e..38b8b521248 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3497,12 +3497,10 @@ in
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
gnupg20 = callPackage ../tools/security/gnupg/20.nix {
- guiSupport = stdenv.isDarwin;
- pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
+ pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
};
gnupg22 = callPackage ../tools/security/gnupg/22.nix {
- guiSupport = stdenv.isDarwin;
- pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
+ pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
};
gnupg = gnupg22;
@@ -5521,15 +5519,34 @@ in
phodav = callPackage ../tools/networking/phodav { };
- pinentry = libsForQt5.callPackage ../tools/security/pinentry {
+ pinentry = callPackage ../tools/security/pinentry {
libcap = if stdenv.isDarwin then null else libcap;
+ gcr = null;
+ qt4 = null;
+ qt5 = null;
};
- pinentry-curses = (stdenv.lib.getOutput "curses" pinentry);
- pinentry-emacs = (stdenv.lib.getOutput "emacs" pinentry);
- pinentry-gtk2 = (stdenv.lib.getOutput "gtk2" pinentry);
- pinentry-qt = (stdenv.lib.getOutput "qt" pinentry);
- pinentry-gnome = (stdenv.lib.getOutput "gnome" pinentry);
+ pinentry_ncurses = res.pinentry.override {
+ gtk2 = null;
+ };
+
+ pinentry_emacs = res.pinentry.override {
+ enableEmacs = true;
+ };
+
+ pinentry_gnome = res.pinentry.override {
+ inherit gcr;
+ };
+
+ pinentry_qt4 = res.pinentry.override {
+ gtk2 = null;
+ inherit qt4;
+ };
+
+ pinentry_qt5 = res.pinentry.override {
+ gtk2 = null;
+ inherit qt5;
+ };
pinentry_mac = callPackage ../tools/security/pinentry/mac.nix {
inherit (darwin.apple_sdk.frameworks) Cocoa;