Commit graph

37 commits

Author SHA1 Message Date
Ayman Bagabas
ef50612457
gpg-agent: add launchd service agent and sockets
This adds a Darwin Launchd agent along with its sockets to make
gpg-agent starts at load or whenever the sockets are needed.

Fixes: https://github.com/nix-community/home-manager/issues/3864
2024-09-13 08:59:29 +02:00
Sharzy
a9b36cbe92
gpg-agent: fix usage of splitString
`splitString "" "some string"` would throw exception `error: invalid
regular expression` on Darwin (or accurately, on Nix built against
libc++). Refer to https://github.com/NixOS/nix/issues/7208 for
details.

Before Nix handles that issue correctly, we should refrain from using
`splitString ""`, and luckliy `lib.stringAsChars` can do the same thing.
2024-05-28 23:15:11 +02:00
Phillip Cloud
587719494e
gpg-agent: fix broken variable reference 2024-03-14 14:45:55 +01:00
Bruno BELANYI
01e4a5143e
gpg-agent: migrate to 'pinentryPackage'
This follows upstream's module change [1], which allows setting any
package as a pinentry program.

[1]: https://github.com/NixOS/nixpkgs/pull/133542
2024-03-14 08:22:26 +01:00
Joaquín Triñanes
1d717f581b
gpg-agent: Fix nushell integration 2024-03-06 11:54:01 +01:00
Sandro
458544594b
gpg-agent: don't set a default for pinentry
NixOS stopped building gtk2 pinentry by default in
https://github.com/NixOS/nixpkgs/pull/270266 and there does not appear
to be a reasonable other default.
2023-12-27 12:01:23 +01:00
TornaxO7
a2523ea034
gpg-agent: add nushell integration 2023-12-23 22:56:59 +01:00
Emily
9f9e277b60 treewide: remove now-redundant lib.mdDoc calls
These (and the `*MD` functions apart from `literalMD`) are now no-ops
in nixpkgs and serve no purpose other than to add additional noise and
potentially mislead people into thinking unmarked DocBook documentation
will still be accepted.

Note that if backporting changes including documentation to 23.05,
the `mdDoc` calls will need to be re-added.

To reproduce this commit, run:

    $ NIX_PATH=nixpkgs=flake:nixpkgs/e7e69199f0372364a6106a1e735f68604f4c5a25 \
      nix shell nixpkgs#coreutils \
      -c find . -name '*.nix' \
      -exec nix run -- github:emilazy/nix-doc-munge/98dadf1f77351c2ba5dcb709a2a171d655f15099 \
      --strip {} +
    $ ./format
2023-07-17 18:49:09 +01:00
Emily
36a53d9f26 treewide: convert all option docs to Markdown
This process was automated by [my fork of `nix-doc-munge`]. All
conversions were automatically checked to produce the same DocBook
result when converted back, modulo minor typographical/formatting
differences on the acceptable-to-desirable spectrum.

To reproduce this commit, run:

  $ NIX_PATH=nixpkgs=flake:nixpkgs/e7e69199f0372364a6106a1e735f68604f4c5a25 \
    nix shell nixpkgs#coreutils \
    -c find . -name '*.nix' \
    -exec nix run -- github:emilazy/nix-doc-munge/98dadf1f77351c2ba5dcb709a2a171d655f15099 \
    {} +
  $ ./format

[my fork of `nix-doc-munge`]: https://github.com/emilazy/nix-doc-munge/tree/home-manager
2023-07-17 18:40:56 +01:00
midchildan
17dc593930
modules: add platform assertions 2023-02-07 21:54:24 +01:00
Dixon Sean Low Yan Feng
7026e1a934
gpg-agent: fix SSH support for fish 2023-01-18 23:49:05 +01:00
Jim Fowler
7b512c94ff
gpg-agent: invert grab and no-grab behavior
The GNU Privacy Guard 2.3 man page for `gpg-agent` describes the
`--grab` and `--no-grab` options as follows:

> Tell the pinentry to grab the keyboard and mouse. This option should
> be used on X-Servers to avoid X-sniffing attacks. Any use of the
> option --grab overrides an used option --no-grab. The default is
> --no-grab.

Therefore Home Manager should explicitly output `grab` when
`cfg.grabKeyboardAndMouse` is true. Previously Home Manager emitted
`no-grab` when `cfg.grabKeyboardAndMouse` was false.

PR #3192
2022-09-05 12:12:48 +02:00
Nick Cao
1e66e035e1
gpg-agent: set Environment to a list 2022-07-12 12:26:36 +02:00
crazymanjinn
df6010551d
gpg-agent: make shell integrations optional (#2927)
In esoteric setups, automatically setting GPG_TTY to current tty is not
desired on every shell startup. This change adds configuration options
to allow user to disable that if desired.
2022-04-30 18:38:36 -06:00
Robert Helgesson
2499b91692
treewide: apply nixfmt to a few more files 2022-02-27 02:19:44 +01:00
oxalica
736581f113
gpg-agent: rewrite hash algo in Nix to avoid IFD 2021-12-08 00:01:29 +01:00
Naïm Favier
371576cdc2
gpg-agent: remove unnecessary IFD
Make `gpgconf` only perform an import from derivation when the GPG
`homedir` is set to a non-default value, which probably isn't the case
for most users.
2021-09-15 23:09:02 +02:00
John Ericson
4367119ca3
local gpg-agent acting as ssh-agent should yield (#667) (#2253)
* gpg-agent: local agent acting as ssh-agent should yield

This happens commonly if someone using home manager with gpg-agent
acting as ssh-agent on both machines.

@rycee brought up how gpg-itself has some support for agents on both
ends, but in that case one is forwarding the gpg-agent socket rather
than forwardning the gpg-agent-as-ssh-agent socket. There is no need to
forward both.

So I think this is a good default:

 - Forward just gpg-agent socket and this doesn't matter.

 - Forward just the ssh-agent socket and this does the right thing.

 - Forward both sockets and now the ssh one takes priority instead, but
   forwarding both was always a silly thing to do.

Fix #667

* Update modules/services/gpg-agent.nix

Co-authored-by: Nicolas Berbiche <nic.berbiche@gmail.com>

Co-authored-by: Nicolas Berbiche <nic.berbiche@gmail.com>
2021-08-21 01:43:41 -04:00
Cole Mickens
d437baa41c
gnupg/gpg-agent: gnupg package is configurable (#1949) 2021-04-27 16:40:05 -04:00
fricklerhandwerk
6aa6556bca
gpg-agent: add GNUPG_HOMEDIR to environment (#1932)
otherwise, if `programs.gpg.homedir` is not set to default, calls to
`gpg` will fail to pick up anything related to secrets
2021-04-19 01:52:31 +02:00
fricklerhandwerk
348b5a5a69
gpg: make homedir configurable 2021-04-14 23:44:34 +02:00
Nicolas Berbiche
ddee030dc7
gpg: export GPG_TTY for fish (#1846) 2021-03-03 21:59:13 +01:00
jD91mZM2
ebf1df58da
gpg-agent: fix GnuPG by adding pinentry flavor option
See https://github.com/NixOS/nixpkgs/pull/71095.

Fixes #908
2020-01-01 13:26:21 +01:00
Kai Wohlfahrt
f83c49baa3 gpg-agent: add sshcontrol configuration
This lets gpg-agent serve specific keys with authentication capability
as SSH keys
2019-06-18 13:37:19 +01:00
Tad Fisher
26342588ab
gpg-agent: add extraConfig option 2018-08-19 21:46:25 +02:00
jD91mZM2
97ee4578c9
gpg-agent: Add maxCacheTtl(Ssh) options 2018-06-29 00:39:14 +02:00
Gleb Peregud
9bf9e7ac5c
gpg-agent: add enableExtraSocket and verbose options.
This option enables a GPG Agent restricted socket (aka "extra-socket"), which
can be used to forward GPG Agent over SSH.

Additionally `verbose` option enables verbose output of an `gpg-agent.service`
unit for easier debugging.

See: https://wiki.gnupg.org/AgentForwarding
2018-03-13 22:36:30 +01:00
Robert Helgesson
bc50202d0d
gpg-agent: do updatestartuptty only when SSH is enabled
Inspired by #163.
2018-03-04 22:20:35 +01:00
Robert Helgesson
9ea353569a
Remove deprecated option home.sessionVariableSetter 2018-02-08 22:54:29 +01:00
Robert Helgesson
576217d33a
gpg-agent: use gpgconf to set SSH socket path
Inspired by #163.
2018-01-14 15:58:59 +01:00
Roman Volosatovs
c023b0532a
gpg-agent: add missing options 2017-12-02 19:44:53 +01:00
Robert Helgesson
3aca8a938c
gpg-agent: use full path to gpg-connect-agent 2017-10-05 19:54:09 +02:00
Robert Helgesson
a8e08d14bb
Mark rycee as maintainer for a bunch of modules 2017-09-26 23:40:31 +02:00
Nikita Uvarov
42ae135d38
gpg-agent: add zsh support 2017-08-22 10:10:13 +02:00
Robert Helgesson
196db18f5b
gpg-agent: use systemd socket activation 2017-06-29 23:33:28 +02:00
Robert Helgesson
75bb0c8efb
gpg-agent: remove deprecated argument 2017-01-15 23:42:47 +01:00
Robert Helgesson
d7d02c3ce8
Initial import 2017-01-14 13:15:24 +01:00