home-manager
home-manager copied to clipboard
nix-community
bug: gnupg/gpgconf points to nonexistent pinentry
Are you following the right branch?
- [X] My Nixpkgs and Home Manager versions are in sync
Is there an existing issue for this?
- [X] I have searched the existing issues
Issue description
After the refactor to pinentry packaging, gpgconf now returns an invalid path to pinentry.
This breaks apps that depend on gpgconf's output for configuring paths to gnupg tools. One such app is GpgFrontend.
example:
❯ gpgconf
gpg:OpenPGP:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpg
gpgsm:S/MIME:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpgsm
keyboxd:Public Keys:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/keyboxd
gpg-agent:Private Keys:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpg-agent
scdaemon:Smartcards:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/scdaemon
tpm2daemon:TPM:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/tpm2daemon
dirmngr:Network:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/dirmngr
pinentry:Passphrase Entry:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry
❯ /nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry
zsh: no such file or directory: /nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry
Maintainer CC
No response
System information
- system: `"x86_64-linux"`
- host os: `Linux 6.7.9, NixOS, 24.05 (Uakari), 24.05.20240312.0ad13a6`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.18.1`
- channels(root): `"nixos"`
- channels(bree): `""`
- nixpkgs: `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source`
After updating and having issues getting my pinentry to work, I ran into this issue and can confirm I also have the same issue. However, my pinentry started working after I gpg-connect-agent reloadagent /bye (thought restarting my computer would be enough?). So maybe I was having a different issue and the missing binary in gpgconf is not affecting me.
For me this seems to be resolved, any objections closing this? /review 1 week
After updating and having issues getting my pinentry to work, I ran into this issue and can confirm I also have the same issue. However, my pinentry started working after I
gpg-connect-agent reloadagent /bye(thought restarting my computer would be enough?). So maybe I was having a different issue and the missing binary in gpgconf is not affecting me.
I had a similar issue, but for me gpg-connect-agent reloadagent /bye wasn't enough. I had to kill the agent as well (pkill gpg-agent).
I had to both set a pinentryPackage as in #5488, and run gpg-connect-agent reloadagent /bye. After that, even though gpgconf still returned a non-existent pinentry, I could use gpg again. Maybe a restart would fix the entry in gpgconf?
I also tried systemctl --user restart gpg-agent.socket, but that also didn't fix the entry in gpgconf.
So IMO, this is not fixed at all, it's atually broken out of the box, and I think the default pinentryPackage should not be null but pinentry-tty'.
I'm trying to use gpg from home-manager for the first time and it seems broken out of the box to me as well.
With home-manager f99eace7c167b8a6a0871849493b1c613d0f1b80 and nixpkgs faf912b086576fd1a15fca610166c98d47bc667e and this configuration:
services.gpg-agent = {
enable = true;
pinentryFlavor = "tty";
};
gpg fails:
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No pinentry
until I kill gpg-agent.
With home-manager https://github.com/nix-community/home-manager/commit/f99eace7c167b8a6a0871849493b1c613d0f1b80 and nixpkgs faf912b086576fd1a15fca610166c98d47bc667e and this configuration:
Not sure what's the issue is but it appears to me that you are building from random hashes from February rather than using stable/unstable branch?
The option e.g. pinentryFlavor does not exist anymore in home-manager:
https://nix-community.github.io/home-manager/options.xhtml
should be pinentryPackage now.
Not sure what's the issue is but it appears to me that you are building from random hashes from February rather than using stable/unstable branch?
I was guessing the issue is exactly this one - that the module sometimes generates configurations with bogus pinentry config. As for the revisions, they were from the unstable branch at some point. Then time passed and those branches moved on.
I'm currently on nixpkgs/nixos-24.05 and home-manager/release-24.05 and still running into this issue. Here's the relevant chunk from my flake.lock:
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
}
And here are the relevant chunks from my config:
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
I've done a lot of reloading/pkilling of the gpg agent process but I'm still seeing:
❯ gpgconf
gpg:OpenPGP:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpg
gpgsm:S/MIME:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpgsm
keyboxd:Public Keys:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/keyboxd
gpg-agent:Private Keys:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpg-agent
scdaemon:Smartcards:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/scdaemon
tpm2daemon:TPM:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/tpm2daemon
dirmngr:Network:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/dirmngr
pinentry:Passphrase Entry:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry
nixos on main [!?⇡]
❯ l /nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry
"/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry": No such file or directory (os error 2)
