From 973c7b12caebf5dd8dee48f15b14e5525551f95d Mon Sep 17 00:00:00 2001
From: Dan Callahan <dan.callahan@gmail.com>
Date: Tue, 15 Nov 2022 12:35:20 +0000
Subject: [PATCH] gnupg: fix smartcards (yubikeys) on Darwin

Since version 2.3, GnuPG no longer falls back to other access methods if
its built-in CCID driver fails to access smartcards, including yubikeys.

The built-in CCID driver fails on macOS.

The upstream developers recommend disabling CCID support in this case:

    If it works and the distribution doesn't offer appropriate USB
    configuration, I think that it's good for the distribution to use
    --disable-ccid-driver for building GnuPG.

Cite: https://dev.gnupg.org/T5415
See also: https://dev.gnupg.org/T5409

Fixes #155629
---
 pkgs/tools/security/gnupg/23.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix
index 0b7941ce46e..2030e8195e6 100644
--- a/pkgs/tools/security/gnupg/23.nix
+++ b/pkgs/tools/security/gnupg/23.nix
@@ -57,7 +57,8 @@ stdenv.mkDerivation rec {
     "--with-ksba-prefix=${libksba.dev}"
     "--with-npth-prefix=${npth}"
   ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"
-  ++ lib.optional withTpm2Tss "--with-tss=intel";
+  ++ lib.optional withTpm2Tss "--with-tss=intel"
+  ++ lib.optional stdenv.isDarwin "--disable-ccid-driver";
   postInstall = if enableMinimal
   then ''
     rm -r $out/{libexec,sbin,share}