Revert "Merge pull request #71095 from flokli/pinentry-cleanup"

This reverts commit 823da4d492, reversing changes made to b75c8ee3bc.
2019-10-16 20:28:21 -04:00 · 2019-10-16 20:28:21 -04:00 · 2fbccbc728
parent 823da4d492
commit 2fbccbc728
15 changed files with 88 additions and 141 deletions
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@ -85,14 +85,7 @@
  <itemizedlist>
   <listitem>
-    <para>
+    <para />
      GnuPG is now built without support for a graphical passphrase entry
      by default. Please enable the <literal>gpg-agent</literal> user service
      via the NixOS option <literal>programs.gnupg.agent.enable</literal>.
      Note that upstream recommends using <literal>gpg-agent</literal> and
      will spawn a <literal>gpg-agent</literal> on the first invocation of
      GnuPG anyway.
    </para>
   </listitem>
  </itemizedlist>
 </section>
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@ -34,6 +34,7 @@ with lib;
      networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; };
      networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
      networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
      pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; };
      gobject-introspection = super.gobject-introspection.override { x11Support = false; };
    }));
  };
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@ -120,11 +120,7 @@ in
        # Some programs need SUID wrappers, can be configured further or are
        # started in user sessions.
        # programs.mtr.enable = true;
-        # programs.gnupg.agent = {
+        # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
        #   enable = true;
        #   enableSSHSupport = true;
        #   flavour = "gnome3";
        # };
        # List services that you want to enable:
--- a/nixos/modules/profiles/installation-device.nix
+++ b/nixos/modules/profiles/installation-device.nix
@ -31,6 +31,9 @@ with lib;
    # Let the user play Rogue on TTY 8 during the installation.
    #services.rogue.enable = true;
    # Disable some other stuff we don't need.
    services.udisks2.enable = mkDefault false;
    # Use less privileged nixos user
    users.users.nixos = {
      isNormalUser = true;
--- a/nixos/modules/programs/gnupg.nix
+++ b/nixos/modules/programs/gnupg.nix
@ -6,19 +6,6 @@ let
  cfg = config.programs.gnupg;
  xserverCfg = config.services.xserver;
  defaultPinentryFlavor =
    if xserverCfg.desktopManager.lxqt.enable
    || xserverCfg.desktopManager.plasma5.enable then
      "qt"
    else if xserverCfg.desktopManager.xfce.enable then
      "gtk2"
    else if xserverCfg.enable then
      "gnome3"
    else
      null;
 in
 {
@ -67,20 +54,6 @@ in
      '';
    };
    agent.pinentryFlavor = mkOption {
      type = types.nullOr (types.enum pkgs.pinentry.flavors);
      example = "gnome3";
      description = ''
        Which pinentry interface to use. If not null, the path to the
        pinentry binary will be passed to gpg-agent via commandline and
        thus overrides the pinentry option in gpg-agent.conf in the user's
        home directory.
        If not set at all, it'll pick an appropriate flavor depending on the
        system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
        4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
      '';
    };
    dirmngr.enable = mkOption {
      type = types.bool;
      default = false;
@ -91,16 +64,6 @@ in
  };
  config = mkIf cfg.agent.enable {
    programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
    # This overrides the systemd user unit shipped with the gnupg package
    systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
      serviceConfig.ExecStart = [ "" ''
        ${pkgs.gnupg}/bin/gpg-agent --supervised \
          --pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry
      '' ];
    };
    systemd.user.sockets.gpg-agent = {
      wantedBy = [ "sockets.target" ];
    };
@ -120,7 +83,7 @@ in
    systemd.user.sockets.dirmngr = mkIf cfg.dirmngr.enable {
      wantedBy = [ "sockets.target" ];
    };
-
+    
    environment.systemPackages = with pkgs; [ cfg.package ];
    systemd.packages = [ cfg.package ];
--- a/nixos/modules/services/hardware/udisks2.nix
+++ b/nixos/modules/services/hardware/udisks2.nix
@ -34,7 +34,10 @@ with lib;
    services.dbus.packages = [ pkgs.udisks2 ];
-    systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];
+    system.activationScripts.udisks2 =
      ''
        mkdir -m 0755 -p /var/lib/udisks2
      '';
    services.udev.packages = [ pkgs.udisks2 ];
--- a/nixos/tests/installer.nix
+++ b/nixos/tests/installer.nix
@ -54,6 +54,8 @@ let
        hardware.enableAllFirmware = lib.mkForce false;
        services.udisks2.enable = lib.mkDefault false;
        ${replaceChars ["\n"] ["\n  "] extraConfig}
      }
    '';
@ -293,6 +295,8 @@ let
              ++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
              ++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ];
            services.udisks2.enable = mkDefault false;
            nix.binaryCaches = mkForce [ ];
            nix.extraOptions =
              ''
--- a/nixos/tests/os-prober.nix
+++ b/nixos/tests/os-prober.nix
@ -51,11 +51,12 @@ let
      hashed-mirrors =
      connect-timeout = 1
    '';
    services.udisks2.enable = lib.mkForce false;
  };
  # /etc/nixos/configuration.nix for the vm
  configFile = pkgs.writeText "configuration.nix"  ''
    {config, pkgs, ...}: ({
-    imports =
+    imports = 
          [ ./hardware-configuration.nix
            <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
          ];
--- a/pkgs/development/libraries/gcr/default.nix
+++ b/pkgs/development/libraries/gcr/default.nix
@ -24,7 +24,11 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
-  buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ];
+  buildInputs = let
    gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome
  in [
    gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk
  ];
  propagatedBuildInputs = [ glib gtk3 p11-kit ];
--- a/pkgs/tools/security/gnupg/20.nix
+++ b/pkgs/tools/security/gnupg/20.nix
@ -3,7 +3,7 @@
 # Each of the dependencies below are optional.
 # Gnupg can be built without them at the cost of reduced functionality.
-, pinentry ? null, guiSupport ? false
+, pinentry ? null, guiSupport ? true
 , openldap ? null, bzip2 ? null, libusb ? null, curl ? null
 }:
--- a/pkgs/tools/security/gnupg/22.nix
+++ b/pkgs/tools/security/gnupg/22.nix
@ -4,7 +4,7 @@
 # Each of the dependencies below are optional.
 # Gnupg can be built without them at the cost of reduced functionality.
-, pinentry ? null, guiSupport ? false
+, pinentry ? null, guiSupport ? true
 , adns ? null, gnutls ? null, libusb ? null, openldap ? null
 , readline ? null, zlib ? null, bzip2 ? null
 }:
--- a/pkgs/tools/security/kwalletcli/default.nix
+++ b/pkgs/tools/security/kwalletcli/default.nix
@ -1,5 +1,5 @@
 { mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig
-, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }:
+, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }:
 mkDerivation rec {
  pname = "kwalletcli";
@ -36,7 +36,7 @@ mkDerivation rec {
  postInstall = ''
    wrapProgram $out/bin/pinentry-kwallet \
-      --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \
+      --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \
      --set-default PINENTRY pinentry-qt
  '';
--- a/pkgs/tools/security/pinentry/default.nix
+++ b/pkgs/tools/security/pinentry/default.nix
@ -1,93 +1,60 @@
-{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook, wrapGAppsHook
+{ fetchurl, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook
-, libgpgerror, libassuan, qtbase, wrapQtAppsHook
+, libgpgerror, libassuan
-, ncurses, gtk2, gcr
+, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null
-, libcap ? null, libsecret ? null
+, qt4 ? null, qt5 ? null
-, enabledFlavors ? [ "curses" "tty" "gtk2" "qt" "gnome3" "emacs" ]
+, enableEmacs ? false
 }:
-with stdenv.lib;
+assert qt5 != null -> qt4 == null;
-
+assert qt4 != null -> qt5 == null;
 assert isList enabledFlavors && enabledFlavors != [];
 let
-  pinentryMkDerivation =
+  mkDerivation =
-    if (builtins.elem "qt" enabledFlavors)
+    if qt5 != null
-      then mkDerivation
+      then qt5.mkDerivation
      else stdenv.mkDerivation;
  mkFlag = pfxTrue: pfxFalse: cond: name:
    "--${if cond then pfxTrue else pfxFalse}-${name}";
  mkEnable = mkFlag "enable" "disable";
  mkWith = mkFlag "with" "without";
  mkEnablePinentry = f:
    let
      info = flavorInfo.${f};
      flag = flavorInfo.${f}.flag or null;
    in
      optionalString (flag != null)
        (mkEnable (elem f enabledFlavors) ("pinentry-" + flag));
  flavorInfo = {
    curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; };
    tty = { bin = "tty"; flag = "tty"; };
    gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; };
    gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; };
    qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; };
    emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; };
  };
 in
-pinentryMkDerivation rec {
+mkDerivation rec {
-  pname = "pinentry";
+  name = "pinentry-1.1.0";
  version = "1.1.0";
  src = fetchurl {
-    url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2";
+    url = "mirror://gnupg/pinentry/${name}.tar.bz2";
    sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8";
  };
-  nativeBuildInputs = [ pkgconfig autoreconfHook ]
+  nativeBuildInputs = [ pkgconfig autoreconfHook ];
-    ++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors;
+  buildInputs =
-  buildInputs = [ libgpgerror libassuan libcap libsecret ]
+    [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt4 ]
-    ++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors;
+    ++ stdenv.lib.optional (qt5 != null) qt5.qtbase;
-  dontWrapGApps = true;
+  prePatch = ''
-  dontWrapQtApps = true;
+    substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses
  '';
  patches = [
    ./autoconf-ar.patch
-  ] ++ optionals (elem "gtk2" enabledFlavors) [
+  ] ++ lib.optionals (gtk2 != null) [
    (fetchpatch {
-      url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
+      url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/"
          + "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
      sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
    })
  ];
  configureFlags = [
-    (mkWith   (libcap != null)    "libcap")
+    (stdenv.lib.withFeature   (libcap != null)    "libcap")
-    (mkEnable (libsecret != null) "libsecret")
+    (stdenv.lib.enableFeature (libsecret != null) "libsecret")
-  ] ++ (map mkEnablePinentry (attrNames flavorInfo));
+    (stdenv.lib.enableFeature (ncurses != null)   "pinentry-curses")
    (stdenv.lib.enableFeature true                "pinentry-tty")
    (stdenv.lib.enableFeature enableEmacs         "pinentry-emacs")
    (stdenv.lib.enableFeature (gtk2 != null)      "pinentry-gtk2")
    (stdenv.lib.enableFeature (gcr != null)       "pinentry-gnome3")
    (stdenv.lib.enableFeature (qt4 != null || qt5 != null) "pinentry-qt")
-  postInstall =
+    "--with-libassuan-prefix=${libassuan.dev}"
-    concatStrings (flip map enabledFlavors (f:
+    "--with-libgpg-error-prefix=${libgpgerror.dev}"
-      let
+  ];
        binary = "pinentry-" + flavorInfo.${f}.bin;
      in ''
        moveToOutput bin/${binary} ${placeholder f}
        ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry
      '' + optionalString (f == "gnome3") ''
        wrapGApp ${placeholder f}/bin/${binary}
      '' + optionalString (f == "qt") ''
        wrapQtApp ${placeholder f}/bin/${binary}
      '')) + ''
      ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry
    '';
  outputs = [ "out" ] ++ enabledFlavors;
  passthru = { flavors = enabledFlavors; };
  meta = with stdenv.lib; {
    homepage = http://gnupg.org/aegypten2/;
@ -98,6 +65,6 @@ pinentryMkDerivation rec {
      Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
      to enter a passphrase when `gpg' or `gpg2' is run and needs it.
    '';
-    maintainers = with maintainers; [ ttuegel fpletz ];
+    maintainers = [ maintainers.ttuegel ];
  };
 }
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@ -290,11 +290,6 @@ mapAliases ({
  pg_hll = postgresqlPackages.pg_hll;
  pg_cron = postgresqlPackages.pg_cron;
  pg_topn = postgresqlPackages.pg_topn;
  pinentry_curses = pinentry-curses; # added 2019-10-14
  pinentry_emacs = pinentry-emacs; # added 2019-10-14
  pinentry_gtk2 = pinentry-gtk2; # added 2019-10-14
  pinentry_qt = pinentry-qt; # added 2019-10-14
  pinentry_gnome = pinentry-gnome; # added 2019-10-14
  postgis = postgresqlPackages.postgis;
  # end
  ppl-address-book = throw "deprecated in 2019-05-02: abandoned by upstream.";
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -3497,12 +3497,10 @@ in
  gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
  gnupg1 = gnupg1compat;    # use config.packageOverrides if you prefer original gnupg1
  gnupg20 = callPackage ../tools/security/gnupg/20.nix {
-    guiSupport = stdenv.isDarwin;
+    pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
    pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
  };
  gnupg22 = callPackage ../tools/security/gnupg/22.nix {
-    guiSupport = stdenv.isDarwin;
+    pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
    pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
  };
  gnupg = gnupg22;
@ -5521,15 +5519,34 @@ in
  phodav = callPackage ../tools/networking/phodav { };
-  pinentry = libsForQt5.callPackage ../tools/security/pinentry {
+  pinentry = callPackage ../tools/security/pinentry {
    libcap = if stdenv.isDarwin then null else libcap;
    gcr = null;
    qt4 = null;
    qt5 = null;
  };
-  pinentry-curses = (stdenv.lib.getOutput "curses" pinentry);
+  pinentry_ncurses = res.pinentry.override {
-  pinentry-emacs = (stdenv.lib.getOutput "emacs" pinentry);
+    gtk2 = null;
-  pinentry-gtk2 = (stdenv.lib.getOutput "gtk2" pinentry);
+  };
-  pinentry-qt = (stdenv.lib.getOutput "qt" pinentry);
+
-  pinentry-gnome = (stdenv.lib.getOutput "gnome" pinentry);
+  pinentry_emacs = res.pinentry.override {
    enableEmacs = true;
  };
  pinentry_gnome = res.pinentry.override {
    inherit gcr;
  };
  pinentry_qt4 = res.pinentry.override {
    gtk2 = null;
    inherit qt4;
  };
  pinentry_qt5 = res.pinentry.override {
    gtk2 = null;
    inherit qt5;
  };
  pinentry_mac = callPackage ../tools/security/pinentry/mac.nix {
    inherit (darwin.apple_sdk.frameworks) Cocoa;