gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be two gnupg store paths in a standard NixOS system which has udisks2 enabled by default. NixOS users are expected to use the gpg-agent user service to pull in the appropriate pinentry flavour or install it on their systemPackages and set it in their local gnupg agent config instead. Co-authored-by: Florian Klink <flokli@flokli.de>
This commit is contained in:
parent
edea9fed72
commit
b5bea4ce32
|
@ -85,7 +85,14 @@
|
|||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para />
|
||||
<para>
|
||||
GnuPG is now built without support for a graphical passphrase entry
|
||||
by default. Please enable the <literal>gpg-agent</literal> user service
|
||||
via the NixOS option <literal>programs.gnupg.agent.enable</literal>.
|
||||
Note that upstream recommends using <literal>gpg-agent</literal> and
|
||||
will spawn a <literal>gpg-agent</literal> on the first invocation of
|
||||
GnuPG anyway.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
|
|
@ -76,7 +76,7 @@ in
|
|||
thus overrides the pinentry option in gpg-agent.conf in the user's
|
||||
home directory.
|
||||
If not set at all, it'll pick an appropriate flavor depending on the
|
||||
system configuration (qt3 flavor for lxqt and plasma5, gtk2 for xfce
|
||||
system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
|
||||
4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -24,11 +24,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
|
||||
|
||||
buildInputs = let
|
||||
gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome
|
||||
in [
|
||||
gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk
|
||||
];
|
||||
buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ];
|
||||
|
||||
propagatedBuildInputs = [ glib gtk3 p11-kit ];
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
# Each of the dependencies below are optional.
|
||||
# Gnupg can be built without them at the cost of reduced functionality.
|
||||
, pinentry ? null, guiSupport ? true
|
||||
, pinentry ? null, guiSupport ? false
|
||||
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
|
||||
}:
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
# Each of the dependencies below are optional.
|
||||
# Gnupg can be built without them at the cost of reduced functionality.
|
||||
, pinentry ? null, guiSupport ? true
|
||||
, pinentry ? null, guiSupport ? false
|
||||
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
|
||||
, readline ? null, zlib ? null, bzip2 ? null
|
||||
}:
|
||||
|
|
|
@ -3499,10 +3499,12 @@ in
|
|||
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
|
||||
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
|
||||
gnupg20 = callPackage ../tools/security/gnupg/20.nix {
|
||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
|
||||
guiSupport = stdenv.isDarwin;
|
||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
|
||||
};
|
||||
gnupg22 = callPackage ../tools/security/gnupg/22.nix {
|
||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
|
||||
guiSupport = stdenv.isDarwin;
|
||||
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
|
||||
};
|
||||
gnupg = gnupg22;
|
||||
|
||||
|
|
Loading…
Reference in New Issue