pinentry: remove multiple outputs package

fixes #133156 #124753
This commit is contained in:
Franz Pletz 2021-08-11 22:06:36 +02:00 committed by Sandro Jäckel
parent aaf58368e3
commit 764d15f59f
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
13 changed files with 165 additions and 133 deletions

View file

@ -66,7 +66,7 @@ with lib;
networkmanager-sstp = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-sstp = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
pango = super.pango.override { x11Support = false; }; pango = super.pango.override { x11Support = false; };
pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; }; pinentry-curses = super.pinentry-curses.override { withLibsecret = false; };
pipewire = super.pipewire.override { vulkanSupport = false; x11Support = false; }; pipewire = super.pipewire.override { vulkanSupport = false; x11Support = false; };
pythonPackagesExtensions = super.pythonPackagesExtensions ++ [ pythonPackagesExtensions = super.pythonPackagesExtensions ++ [
(python-final: python-prev: { (python-final: python-prev: {

View file

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
inherit (lib) mkRemovedOptionModule mkOption mkPackageOption types mkIf optionalString;
cfg = config.programs.gnupg; cfg = config.programs.gnupg;
@ -26,8 +25,10 @@ let
"curses"; "curses";
in in
{ {
imports = [
(mkRemovedOptionModule [ "programs" "gnupg" "agent" "pinentryFlavor" ] "Use programs.gnupg.agent.pinentryPackage instead")
];
options.programs.gnupg = { options.programs.gnupg = {
package = mkPackageOption pkgs "gnupg" { }; package = mkPackageOption pkgs "gnupg" { };
@ -66,17 +67,17 @@ in
''; '';
}; };
agent.pinentryFlavor = mkOption { agent.pinentryPackage = mkOption {
type = types.nullOr (types.enum pkgs.pinentry.flavors); type = types.nullOr types.package;
example = "gnome3"; example = lib.literalMD "pkgs.pinentry-gnome3";
default = defaultPinentryFlavor; default = pkgs.pinentry-curses;
defaultText = literalMD ''matching the configured desktop environment''; defaultText = lib.literalMD "matching the configured desktop environment or `pkgs.pinentry-curses`";
description = lib.mdDoc '' description = lib.mdDoc ''
Which pinentry interface to use. If not null, the path to the Which pinentry package to use. The path to the mainProgram as defined in
pinentry binary will be set in /etc/gnupg/gpg-agent.conf. the package's meta attriutes will be set in /etc/gnupg/gpg-agent.conf.
If not set at all, it'll pick an appropriate flavor depending on the If not set by the user, it'll pick an appropriate flavor depending on the
system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce,
4.12, gnome3 on all other systems with X enabled, ncurses otherwise). gnome3 on all other systems with X enabled, curses otherwise).
''; '';
}; };
@ -102,9 +103,8 @@ in
}; };
config = mkIf cfg.agent.enable { config = mkIf cfg.agent.enable {
programs.gnupg.agent.settings = { programs.gnupg.agent.settings = mkIf (cfg.agent.pinentryPackage != null) {
pinentry-program = lib.mkIf (cfg.agent.pinentryFlavor != null) pinentry-program = lib.getExe cfg.agent.pinentryPackage;
"${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry";
}; };
environment.etc."gnupg/gpg-agent.conf".source = environment.etc."gnupg/gpg-agent.conf".source =
@ -207,9 +207,9 @@ in
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
}; };
services.dbus.packages = mkIf (cfg.agent.pinentryFlavor == "gnome3") [ pkgs.gcr ]; services.dbus.packages = mkIf (lib.elem "gnome3" (cfg.agent.pinentryPackage.flavors or [])) [ pkgs.gcr ];
environment.systemPackages = with pkgs; [ cfg.package ]; environment.systemPackages = [ cfg.package ];
environment.interactiveShellInit = '' environment.interactiveShellInit = ''
# Bind gpg-agent to this TTY if gpg commands are used. # Bind gpg-agent to this TTY if gpg commands are used.
@ -230,12 +230,10 @@ in
''; '';
assertions = [ assertions = [
{ assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; {
assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent;
message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!"; message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
} }
]; ];
}; };
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
} }

View file

@ -152,6 +152,7 @@ in {
''; '';
} }
]; ];
environment = { environment = {
systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages; systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
# Needed for the default wallpaper: # Needed for the default wallpaper:
@ -166,8 +167,12 @@ in {
"sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config"; "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
}; };
}; };
programs.gnupg.agent.pinentryPackage = lib.mkDefault pkgs.pinentry-gnome3;
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050913 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050913
xdg.portal.config.sway.default = mkDefault [ "wlr" "gtk" ]; xdg.portal.config.sway.default = mkDefault [ "wlr" "gtk" ];
# To make a Sway session available if a display manager like SDDM is enabled: # To make a Sway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; } services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; }
(import ./wayland-session.nix { inherit lib pkgs; }) (import ./wayland-session.nix { inherit lib pkgs; })

View file

@ -6,9 +6,6 @@ with lib;
let let
cfg = config.services.yubikey-agent; cfg = config.services.yubikey-agent;
# reuse the pinentryFlavor option from the gnupg module
pinentryFlavor = config.programs.gnupg.agent.pinentryFlavor;
in in
{ {
###### interface ###### interface
@ -41,13 +38,8 @@ in
# This overrides the systemd user unit shipped with the # This overrides the systemd user unit shipped with the
# yubikey-agent package # yubikey-agent package
systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) { systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
path = [ pkgs.pinentry.${pinentryFlavor} ]; path = [ config.programs.gnupg.agent.pinentryPackage ];
wantedBy = [ wantedBy = [ "default.target" ];
(if pinentryFlavor == "tty" || pinentryFlavor == "curses" then
"default.target"
else
"graphical-session.target")
];
}; };
# Yubikey-agent expects pcsd to be running in order to function. # Yubikey-agent expects pcsd to be running in order to function.

View file

@ -66,6 +66,7 @@ in
services.upower.enable = mkDefault config.powerManagement.enable; services.upower.enable = mkDefault config.powerManagement.enable;
networking.networkmanager.enable = mkDefault true; networking.networkmanager.enable = mkDefault true;
programs.dconf.enable = mkDefault true; programs.dconf.enable = mkDefault true;
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt;
fonts.packages = with pkgs; [ noto-fonts ]; fonts.packages = with pkgs; [ noto-fonts ];
xdg.mime.enable = true; xdg.mime.enable = true;

View file

@ -62,6 +62,8 @@ in
# Link some extra directories in /run/current-system/software/share # Link some extra directories in /run/current-system/software/share
environment.pathsToLink = [ "/share" ]; environment.pathsToLink = [ "/share" ];
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt;
# virtual file systems support for PCManFM-QT # virtual file systems support for PCManFM-QT
services.gvfs.enable = true; services.gvfs.enable = true;

View file

@ -336,6 +336,7 @@ in
serif = [ "Noto Serif" ]; serif = [ "Noto Serif" ];
}; };
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt;
programs.ssh.askPassword = mkDefault "${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass"; programs.ssh.askPassword = mkDefault "${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass";
# Enable helpful DBus services. # Enable helpful DBus services.

View file

@ -131,6 +131,7 @@ in
xfdesktop xfdesktop
] ++ optional cfg.enableScreensaver xfce4-screensaver) excludePackages; ] ++ optional cfg.enableScreensaver xfce4-screensaver) excludePackages;
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
programs.xfconf.enable = true; programs.xfconf.enable = true;
programs.thunar.enable = true; programs.thunar.enable = true;

View file

@ -749,6 +749,8 @@ in
boot.kernel.sysctl."fs.inotify.max_user_instances" = mkDefault 524288; boot.kernel.sysctl."fs.inotify.max_user_instances" = mkDefault 524288;
boot.kernel.sysctl."fs.inotify.max_user_watches" = mkDefault 524288; boot.kernel.sysctl."fs.inotify.max_user_watches" = mkDefault 524288;
programs.gnupg.agent.pinentryPackage = lib.mkDefault pkgs.pinentry-gnome3;
systemd.defaultUnit = mkIf cfg.autorun "graphical.target"; systemd.defaultUnit = mkIf cfg.autorun "graphical.target";
systemd.services.display-manager = systemd.services.display-manager =

View file

@ -26,7 +26,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
programs.gnupg = { programs.gnupg = {
agent.enable = true; agent.enable = true;
agent.pinentryFlavor = "tty";
dirmngr.enable = true; dirmngr.enable = true;
}; };
}; };

View file

@ -1,100 +1,120 @@
{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkg-config, autoreconfHook, wrapGAppsHook { stdenv
, libgpg-error, libassuan, qtbase, wrapQtAppsHook , lib
, ncurses, gtk2, gcr , fetchurl
, withLibsecret ? true, libsecret , fetchpatch
, enabledFlavors ? [ "curses" "tty" "gtk2" "emacs" ] , pkg-config
++ lib.optionals stdenv.isLinux [ "gnome3" ] , autoreconfHook
++ lib.optionals (!stdenv.isDarwin) [ "qt" ] , wrapGAppsHook
, libgpg-error
, libassuan
, libsForQt5
, ncurses
, gtk2
, gcr
, withLibsecret ? true
, libsecret
}: }:
assert lib.isList enabledFlavors && enabledFlavors != [];
let let
pinentryMkDerivation =
if (builtins.elem "qt" enabledFlavors)
then mkDerivation
else stdenv.mkDerivation;
enableFeaturePinentry = f:
let
flag = flavorInfo.${f}.flag or null;
in
lib.optionalString (flag != null)
(lib.enableFeature (lib.elem f enabledFlavors) ("pinentry-" + flag));
flavorInfo = { flavorInfo = {
curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; }; tty = { flag = "tty"; };
tty = { bin = "tty"; flag = "tty"; }; curses = {
gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; }; flag = "curses";
gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; }; buildInputs = [ ncurses ];
qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; }; };
emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; }; gtk2 = {
flag = "gtk2";
buildInputs = [ gtk2 ];
};
gnome3 = {
flag = "gnome3";
buildInputs = [ gcr ];
nativeBuildInputs = [ wrapGAppsHook ];
};
qt = {
flag = "qt";
buildInputs = [ libsForQt5.qtbase ];
nativeBuildInputs = [ libsForQt5.wrapQtAppsHook ];
};
emacs = { flag = "emacs"; };
}; };
buildPinentry = pinentryExtraPname: buildFlavors:
let
enableFeaturePinentry = f:
lib.enableFeature (lib.elem f buildFlavors) ("pinentry-" + flavorInfo.${f}.flag);
pinentryMkDerivation =
if (lib.elem "qt" buildFlavors)
then libsForQt5.mkDerivation
else stdenv.mkDerivation;
in
pinentryMkDerivation rec {
pname = "pinentry-${pinentryExtraPname}";
version = "1.2.1";
src = fetchurl {
url = "mirror://gnupg/pinentry/pinentry-${version}.tar.bz2";
hash = "sha256-RXoYXlqFI4+5RalV3GNSq5YtyLSHILYvyfpIx1QKQGc=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ]
++ lib.concatMap (f: flavorInfo.${f}.nativeBuildInputs or [ ]) buildFlavors;
buildInputs = [ libgpg-error libassuan ]
++ lib.optional withLibsecret libsecret
++ lib.concatMap (f: flavorInfo.${f}.buildInputs or [ ]) buildFlavors;
dontWrapGApps = true;
dontWrapQtApps = true;
patches = [
./autoconf-ar.patch
] ++ lib.optionals (lib.elem "gtk2" buildFlavors) [
(fetchpatch {
url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
})
];
configureFlags = [
"--with-libgpg-error-prefix=${libgpg-error.dev}"
"--with-libassuan-prefix=${libassuan.dev}"
(lib.enableFeature withLibsecret "libsecret")
] ++ (map enableFeaturePinentry (lib.attrNames flavorInfo));
postInstall =
lib.optionalString (lib.elem "gnome3" buildFlavors) ''
wrapGApp $out/bin/pinentry-gnome3
'' + lib.optionalString (lib.elem "qt" buildFlavors) ''
wrapQtApp $out/bin/pinentry-qt
'';
passthru = { flavors = buildFlavors; };
meta = with lib; {
homepage = "https://gnupg.org/software/pinentry/index.html";
description = "GnuPGs interface to passphrase input";
license = licenses.gpl2Plus;
platforms =
if elem "gnome3" buildFlavors then platforms.linux else
if elem "qt" buildFlavors then (remove "aarch64-darwin" platforms.all) else
platforms.all;
longDescription = ''
Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
to enter a passphrase when `gpg' or `gpg2' is run and needs it.
'';
maintainers = with maintainers; [ fpletz ];
mainProgram = "pinentry";
};
};
in in
{
pinentryMkDerivation rec { pinentry-curses = buildPinentry "curses" [ "curses" "tty" ];
pname = "pinentry"; pinentry-gtk2 = buildPinentry "gtk2" [ "gtk2" "curses" "tty" ];
version = "1.2.1"; pinentry-gnome3 = buildPinentry "gnome3" [ "gnome3" "curses" "tty" ];
pinentry-qt = buildPinentry "qt" [ "qt" "curses" "tty" ];
src = fetchurl { pinentry-emacs = buildPinentry "emacs" [ "emacs" "curses" "tty" ];
url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2"; pinentry-all = buildPinentry "all" [ "curses" "tty" "gtk2" "gnome3" "qt" "emacs" ];
sha256 = "sha256-RXoYXlqFI4+5RalV3GNSq5YtyLSHILYvyfpIx1QKQGc=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ]
++ lib.concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors;
buildInputs = [ libgpg-error libassuan ]
++ lib.optional withLibsecret libsecret
++ lib.concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors;
dontWrapGApps = true;
dontWrapQtApps = true;
patches = [
./autoconf-ar.patch
] ++ lib.optionals (lib.elem "gtk2" enabledFlavors) [
(fetchpatch {
url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
})
];
configureFlags = [
"--with-libgpg-error-prefix=${libgpg-error.dev}"
"--with-libassuan-prefix=${libassuan.dev}"
(lib.enableFeature withLibsecret "libsecret")
] ++ (map enableFeaturePinentry (lib.attrNames flavorInfo));
postInstall =
lib.concatStrings (lib.flip map enabledFlavors (f:
let
binary = "pinentry-" + flavorInfo.${f}.bin;
in ''
moveToOutput bin/${binary} ${placeholder f}
ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry
'' + lib.optionalString (f == "gnome3") ''
wrapGApp ${placeholder f}/bin/${binary}
'' + lib.optionalString (f == "qt") ''
wrapQtApp ${placeholder f}/bin/${binary}
'')) + ''
ln -sf ${placeholder (lib.head enabledFlavors)}/bin/pinentry-${flavorInfo.${lib.head enabledFlavors}.bin} $out/bin/pinentry
'';
outputs = [ "out" ] ++ enabledFlavors;
passthru = { flavors = enabledFlavors; };
meta = with lib; {
homepage = "http://gnupg.org/aegypten2/";
description = "GnuPGs interface to passphrase input";
license = licenses.gpl2Plus;
platforms = platforms.all;
longDescription = ''
Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
to enter a passphrase when `gpg' or `gpg2' is run and needs it.
'';
maintainers = with maintainers; [ ttuegel fpletz ];
};
} }

View file

@ -891,12 +891,23 @@ mapAliases ({
timescaledb = postgresqlPackages.timescaledb; timescaledb = postgresqlPackages.timescaledb;
tsearch_extras = postgresqlPackages.tsearch_extras; tsearch_extras = postgresqlPackages.tsearch_extras;
# pinentry was using multiple outputs, this emulates the old interface for i.e. home-manager
# soon: throw "'pinentry' has been removed. Pick an appropriate variant like 'pinentry-curses' or 'pinentry-gnome3'";
pinentry = pinentry-all // {
curses = pinentry-curses;
gtk2 = pinentry-gtk2;
gnome2 = pinentry-gnome3;
qt = pinentry-qt;
emacs = pinentry-emacs;
flavors = [ "curses" "gtk2" "gnome2" "qt" "emacs" ];
}; # added 2024-01-15
pinentry_curses = throw "'pinentry_curses' has been renamed to/replaced by 'pinentry-curses'"; # Converted to throw 2023-09-10 pinentry_curses = throw "'pinentry_curses' has been renamed to/replaced by 'pinentry-curses'"; # Converted to throw 2023-09-10
pinentry_emacs = throw "'pinentry_emacs' has been renamed to/replaced by 'pinentry-emacs'"; # Converted to throw 2023-09-10 pinentry_emacs = throw "'pinentry_emacs' has been renamed to/replaced by 'pinentry-emacs'"; # Converted to throw 2023-09-10
pinentry_gnome = throw "'pinentry_gnome' has been renamed to/replaced by 'pinentry-gnome'"; # Converted to throw 2023-09-10 pinentry_gnome = throw "'pinentry_gnome' has been renamed to/replaced by 'pinentry-gnome'"; # Converted to throw 2023-09-10
pinentry_gtk2 = throw "'pinentry_gtk2' has been renamed to/replaced by 'pinentry-gtk2'"; # Converted to throw 2023-09-10 pinentry_gtk2 = throw "'pinentry_gtk2' has been renamed to/replaced by 'pinentry-gtk2'"; # Converted to throw 2023-09-10
pinentry_qt = throw "'pinentry_qt' has been renamed to/replaced by 'pinentry-qt'"; # Converted to throw 2023-09-10 pinentry_qt = throw "'pinentry_qt' has been renamed to/replaced by 'pinentry-qt'"; # Converted to throw 2023-09-10
pinentry_qt5 = pinentry-qt; # Added 2020-02-11 pinentry_qt5 = pinentry-qt; # Added 2020-02-11
PlistCpp = plistcpp; # Added 2024-01-05 PlistCpp = plistcpp; # Added 2024-01-05
pocket-updater-utility = pupdate; # Added 2024-01-25 pocket-updater-utility = pupdate; # Added 2024-01-25
poetry2nix = throw "poetry2nix is now maintained out-of-tree. Please use https://github.com/nix-community/poetry2nix/"; # Added 2023-10-26 poetry2nix = throw "poetry2nix is now maintained out-of-tree. Please use https://github.com/nix-community/poetry2nix/"; # Added 2023-10-26

View file

@ -11999,13 +11999,13 @@ with pkgs;
piknik = callPackage ../tools/networking/piknik { }; piknik = callPackage ../tools/networking/piknik { };
pinentry = libsForQt5.callPackage ../tools/security/pinentry { }; inherit (callPackages ../tools/security/pinentry { })
pinentry-curses
pinentry-curses = (lib.getOutput "curses" pinentry); pinentry-emacs
pinentry-emacs = (lib.getOutput "emacs" pinentry); pinentry-gtk2
pinentry-gtk2 = (lib.getOutput "gtk2" pinentry); pinentry-gnome3
pinentry-qt = (lib.getOutput "qt" pinentry); pinentry-qt
pinentry-gnome = (lib.getOutput "gnome3" pinentry); pinentry-all;
pinentry_mac = callPackage ../tools/security/pinentry/mac.nix { pinentry_mac = callPackage ../tools/security/pinentry/mac.nix {
inherit (darwin.apple_sdk.frameworks) Cocoa; inherit (darwin.apple_sdk.frameworks) Cocoa;