3
0
Fork 0
forked from mirrors/nixpkgs

Revert "Merge pull request #71095 from flokli/pinentry-cleanup"

This reverts commit 823da4d492, reversing
changes made to b75c8ee3bc.
This commit is contained in:
worldofpeace 2019-10-16 20:28:21 -04:00
parent 823da4d492
commit 2fbccbc728
15 changed files with 88 additions and 141 deletions

View file

@ -85,14 +85,7 @@
<itemizedlist>
<listitem>
<para>
GnuPG is now built without support for a graphical passphrase entry
by default. Please enable the <literal>gpg-agent</literal> user service
via the NixOS option <literal>programs.gnupg.agent.enable</literal>.
Note that upstream recommends using <literal>gpg-agent</literal> and
will spawn a <literal>gpg-agent</literal> on the first invocation of
GnuPG anyway.
</para>
<para />
</listitem>
</itemizedlist>
</section>

View file

@ -34,6 +34,7 @@ with lib;
networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; };
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; };
gobject-introspection = super.gobject-introspection.override { x11Support = false; };
}));
};

View file

@ -120,11 +120,7 @@ in
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# flavour = "gnome3";
# };
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:

View file

@ -31,6 +31,9 @@ with lib;
# Let the user play Rogue on TTY 8 during the installation.
#services.rogue.enable = true;
# Disable some other stuff we don't need.
services.udisks2.enable = mkDefault false;
# Use less privileged nixos user
users.users.nixos = {
isNormalUser = true;

View file

@ -6,19 +6,6 @@ let
cfg = config.programs.gnupg;
xserverCfg = config.services.xserver;
defaultPinentryFlavor =
if xserverCfg.desktopManager.lxqt.enable
|| xserverCfg.desktopManager.plasma5.enable then
"qt"
else if xserverCfg.desktopManager.xfce.enable then
"gtk2"
else if xserverCfg.enable then
"gnome3"
else
null;
in
{
@ -67,20 +54,6 @@ in
'';
};
agent.pinentryFlavor = mkOption {
type = types.nullOr (types.enum pkgs.pinentry.flavors);
example = "gnome3";
description = ''
Which pinentry interface to use. If not null, the path to the
pinentry binary will be passed to gpg-agent via commandline and
thus overrides the pinentry option in gpg-agent.conf in the user's
home directory.
If not set at all, it'll pick an appropriate flavor depending on the
system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce
4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
'';
};
dirmngr.enable = mkOption {
type = types.bool;
default = false;
@ -91,16 +64,6 @@ in
};
config = mkIf cfg.agent.enable {
programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
# This overrides the systemd user unit shipped with the gnupg package
systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
serviceConfig.ExecStart = [ "" ''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry
'' ];
};
systemd.user.sockets.gpg-agent = {
wantedBy = [ "sockets.target" ];
};

View file

@ -34,7 +34,10 @@ with lib;
services.dbus.packages = [ pkgs.udisks2 ];
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];
system.activationScripts.udisks2 =
''
mkdir -m 0755 -p /var/lib/udisks2
'';
services.udev.packages = [ pkgs.udisks2 ];

View file

@ -54,6 +54,8 @@ let
hardware.enableAllFirmware = lib.mkForce false;
services.udisks2.enable = lib.mkDefault false;
${replaceChars ["\n"] ["\n "] extraConfig}
}
'';
@ -293,6 +295,8 @@ let
++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ];
services.udisks2.enable = mkDefault false;
nix.binaryCaches = mkForce [ ];
nix.extraOptions =
''

View file

@ -51,6 +51,7 @@ let
hashed-mirrors =
connect-timeout = 1
'';
services.udisks2.enable = lib.mkForce false;
};
# /etc/nixos/configuration.nix for the vm
configFile = pkgs.writeText "configuration.nix" ''

View file

@ -24,7 +24,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig gettext gobject-introspection libxslt makeWrapper vala ];
buildInputs = [ gnupg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk ];
buildInputs = let
gpg = gnupg.override { guiSupport = false; }; # prevent build cycle with pinentry_gnome
in [
gpg libgcrypt libtasn1 dbus-glib pango gdk-pixbuf atk
];
propagatedBuildInputs = [ glib gtk3 p11-kit ];

View file

@ -3,7 +3,7 @@
# Each of the dependencies below are optional.
# Gnupg can be built without them at the cost of reduced functionality.
, pinentry ? null, guiSupport ? false
, pinentry ? null, guiSupport ? true
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
}:

View file

@ -4,7 +4,7 @@
# Each of the dependencies below are optional.
# Gnupg can be built without them at the cost of reduced functionality.
, pinentry ? null, guiSupport ? false
, pinentry ? null, guiSupport ? true
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
, readline ? null, zlib ? null, bzip2 ? null
}:

View file

@ -1,5 +1,5 @@
{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig
, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }:
, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }:
mkDerivation rec {
pname = "kwalletcli";
@ -36,7 +36,7 @@ mkDerivation rec {
postInstall = ''
wrapProgram $out/bin/pinentry-kwallet \
--prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \
--prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \
--set-default PINENTRY pinentry-qt
'';

View file

@ -1,93 +1,60 @@
{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook, wrapGAppsHook
, libgpgerror, libassuan, qtbase, wrapQtAppsHook
, ncurses, gtk2, gcr
, libcap ? null, libsecret ? null
, enabledFlavors ? [ "curses" "tty" "gtk2" "qt" "gnome3" "emacs" ]
{ fetchurl, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook
, libgpgerror, libassuan
, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null
, qt4 ? null, qt5 ? null
, enableEmacs ? false
}:
with stdenv.lib;
assert isList enabledFlavors && enabledFlavors != [];
assert qt5 != null -> qt4 == null;
assert qt4 != null -> qt5 == null;
let
pinentryMkDerivation =
if (builtins.elem "qt" enabledFlavors)
then mkDerivation
mkDerivation =
if qt5 != null
then qt5.mkDerivation
else stdenv.mkDerivation;
mkFlag = pfxTrue: pfxFalse: cond: name:
"--${if cond then pfxTrue else pfxFalse}-${name}";
mkEnable = mkFlag "enable" "disable";
mkWith = mkFlag "with" "without";
mkEnablePinentry = f:
let
info = flavorInfo.${f};
flag = flavorInfo.${f}.flag or null;
in
optionalString (flag != null)
(mkEnable (elem f enabledFlavors) ("pinentry-" + flag));
flavorInfo = {
curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; };
tty = { bin = "tty"; flag = "tty"; };
gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; };
gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; };
qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; };
emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; };
};
in
pinentryMkDerivation rec {
pname = "pinentry";
version = "1.1.0";
mkDerivation rec {
name = "pinentry-1.1.0";
src = fetchurl {
url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2";
url = "mirror://gnupg/pinentry/${name}.tar.bz2";
sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ]
++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors;
buildInputs = [ libgpgerror libassuan libcap libsecret ]
++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors;
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs =
[ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt4 ]
++ stdenv.lib.optional (qt5 != null) qt5.qtbase;
dontWrapGApps = true;
dontWrapQtApps = true;
prePatch = ''
substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses
'';
patches = [
./autoconf-ar.patch
] ++ optionals (elem "gtk2" enabledFlavors) [
] ++ lib.optionals (gtk2 != null) [
(fetchpatch {
url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/"
+ "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
})
];
configureFlags = [
(mkWith (libcap != null) "libcap")
(mkEnable (libsecret != null) "libsecret")
] ++ (map mkEnablePinentry (attrNames flavorInfo));
(stdenv.lib.withFeature (libcap != null) "libcap")
(stdenv.lib.enableFeature (libsecret != null) "libsecret")
(stdenv.lib.enableFeature (ncurses != null) "pinentry-curses")
(stdenv.lib.enableFeature true "pinentry-tty")
(stdenv.lib.enableFeature enableEmacs "pinentry-emacs")
(stdenv.lib.enableFeature (gtk2 != null) "pinentry-gtk2")
(stdenv.lib.enableFeature (gcr != null) "pinentry-gnome3")
(stdenv.lib.enableFeature (qt4 != null || qt5 != null) "pinentry-qt")
postInstall =
concatStrings (flip map enabledFlavors (f:
let
binary = "pinentry-" + flavorInfo.${f}.bin;
in ''
moveToOutput bin/${binary} ${placeholder f}
ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry
'' + optionalString (f == "gnome3") ''
wrapGApp ${placeholder f}/bin/${binary}
'' + optionalString (f == "qt") ''
wrapQtApp ${placeholder f}/bin/${binary}
'')) + ''
ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry
'';
outputs = [ "out" ] ++ enabledFlavors;
passthru = { flavors = enabledFlavors; };
"--with-libassuan-prefix=${libassuan.dev}"
"--with-libgpg-error-prefix=${libgpgerror.dev}"
];
meta = with stdenv.lib; {
homepage = http://gnupg.org/aegypten2/;
@ -98,6 +65,6 @@ pinentryMkDerivation rec {
Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
to enter a passphrase when `gpg' or `gpg2' is run and needs it.
'';
maintainers = with maintainers; [ ttuegel fpletz ];
maintainers = [ maintainers.ttuegel ];
};
}

View file

@ -290,11 +290,6 @@ mapAliases ({
pg_hll = postgresqlPackages.pg_hll;
pg_cron = postgresqlPackages.pg_cron;
pg_topn = postgresqlPackages.pg_topn;
pinentry_curses = pinentry-curses; # added 2019-10-14
pinentry_emacs = pinentry-emacs; # added 2019-10-14
pinentry_gtk2 = pinentry-gtk2; # added 2019-10-14
pinentry_qt = pinentry-qt; # added 2019-10-14
pinentry_gnome = pinentry-gnome; # added 2019-10-14
postgis = postgresqlPackages.postgis;
# end
ppl-address-book = throw "deprecated in 2019-05-02: abandoned by upstream.";

View file

@ -3497,12 +3497,10 @@ in
gnupg1compat = callPackage ../tools/security/gnupg/1compat.nix { };
gnupg1 = gnupg1compat; # use config.packageOverrides if you prefer original gnupg1
gnupg20 = callPackage ../tools/security/gnupg/20.nix {
guiSupport = stdenv.isDarwin;
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
};
gnupg22 = callPackage ../tools/security/gnupg/22.nix {
guiSupport = stdenv.isDarwin;
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry_gtk2;
pinentry = if stdenv.isDarwin then pinentry_mac else pinentry;
};
gnupg = gnupg22;
@ -5521,15 +5519,34 @@ in
phodav = callPackage ../tools/networking/phodav { };
pinentry = libsForQt5.callPackage ../tools/security/pinentry {
pinentry = callPackage ../tools/security/pinentry {
libcap = if stdenv.isDarwin then null else libcap;
gcr = null;
qt4 = null;
qt5 = null;
};
pinentry-curses = (stdenv.lib.getOutput "curses" pinentry);
pinentry-emacs = (stdenv.lib.getOutput "emacs" pinentry);
pinentry-gtk2 = (stdenv.lib.getOutput "gtk2" pinentry);
pinentry-qt = (stdenv.lib.getOutput "qt" pinentry);
pinentry-gnome = (stdenv.lib.getOutput "gnome" pinentry);
pinentry_ncurses = res.pinentry.override {
gtk2 = null;
};
pinentry_emacs = res.pinentry.override {
enableEmacs = true;
};
pinentry_gnome = res.pinentry.override {
inherit gcr;
};
pinentry_qt4 = res.pinentry.override {
gtk2 = null;
inherit qt4;
};
pinentry_qt5 = res.pinentry.override {
gtk2 = null;
inherit qt5;
};
pinentry_mac = callPackage ../tools/security/pinentry/mac.nix {
inherit (darwin.apple_sdk.frameworks) Cocoa;