services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to ~/.xsession or some other appropriate place that's sourced at start-up: gpg-connect-agent /bye GPG_TTY=$(tty) export GPG_TTY If you want to use gpg-agent for SSH, too, also add the settings unset SSH_AGENT_PID export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" and make sure that enable-ssh-support is included in your ~/.gnupg/gpg-agent.conf. The gpg-agent(1) man page has more details about this subject, i.e. in the "EXAMPLES" section.
This commit is contained in:
parent
9c10ac957d
commit
5391882ebd
4 changed files with 2 additions and 31 deletions
|
@ -37,7 +37,6 @@ with lib;
|
|||
services.openssh.enable = false;
|
||||
services.lshd.enable = true;
|
||||
programs.ssh.startAgent = false;
|
||||
services.xserver.startGnuPGAgent = true;
|
||||
|
||||
# TODO: GNU dico.
|
||||
# TODO: GNU Inetutils' inetd.
|
||||
|
|
|
@ -111,6 +111,7 @@ with lib;
|
|||
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
|
||||
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
|
||||
|
||||
];
|
||||
}
|
||||
|
|
|
@ -49,17 +49,6 @@ let
|
|||
fi
|
||||
''}
|
||||
|
||||
${optionalString cfg.startGnuPGAgent ''
|
||||
if test -z "$SSH_AUTH_SOCK"; then
|
||||
# Restart this script as a child of the GnuPG agent.
|
||||
exec "${pkgs.gnupg}/bin/gpg-agent" \
|
||||
--enable-ssh-support --daemon \
|
||||
--pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2" \
|
||||
--write-env-file "$HOME/.gpg-agent-info" \
|
||||
"$0" "$sessionType"
|
||||
fi
|
||||
''}
|
||||
|
||||
# Handle being called by kdm.
|
||||
if test "''${1:0:1}" = /; then eval exec "$1"; fi
|
||||
|
||||
|
|
|
@ -219,17 +219,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
startGnuPGAgent = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to start the GnuPG agent when you log in. The GnuPG agent
|
||||
remembers private keys for you so that you don't have to type in
|
||||
passphrases every time you make an SSH connection or sign/encrypt
|
||||
data. Use <command>ssh-add</command> to add a key to the agent.
|
||||
'';
|
||||
};
|
||||
|
||||
startDbusSession = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -444,14 +433,7 @@ in
|
|||
in optional (driver != null) ({ inherit name; driverName = name; } // driver));
|
||||
|
||||
assertions =
|
||||
[ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
|
||||
message =
|
||||
''
|
||||
The OpenSSH agent and GnuPG agent cannot be started both. Please
|
||||
choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’.
|
||||
'';
|
||||
}
|
||||
{ assertion = config.security.polkit.enable;
|
||||
[ { assertion = config.security.polkit.enable;
|
||||
message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
|
||||
}
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue