From 5391882ebd781149e213e8817fba6ac3c503740c Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 18 Mar 2016 10:31:40 +0100 Subject: [PATCH] services.xserver.startGnuPGAgent: remove obsolete NixOS option GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to ~/.xsession or some other appropriate place that's sourced at start-up: gpg-connect-agent /bye GPG_TTY=$(tty) export GPG_TTY If you want to use gpg-agent for SSH, too, also add the settings unset SSH_AGENT_PID export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" and make sure that enable-ssh-support is included in your ~/.gnupg/gpg-agent.conf. The gpg-agent(1) man page has more details about this subject, i.e. in the "EXAMPLES" section. --- nixos/modules/config/gnu.nix | 1 - nixos/modules/rename.nix | 1 + .../services/x11/display-managers/default.nix | 11 ---------- nixos/modules/services/x11/xserver.nix | 20 +------------------ 4 files changed, 2 insertions(+), 31 deletions(-) diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix index f8c35b440d12..ad0e35c8a63f 100644 --- a/nixos/modules/config/gnu.nix +++ b/nixos/modules/config/gnu.nix @@ -37,7 +37,6 @@ with lib; services.openssh.enable = false; services.lshd.enable = true; programs.ssh.startAgent = false; - services.xserver.startGnuPGAgent = true; # TODO: GNU dico. # TODO: GNU Inetutils' inetd. diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 0de6ca758c16..c6a781b6f00f 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -111,6 +111,7 @@ with lib; (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ]) (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ]) + (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]) ]; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 533b03aff08d..7dffdfc2b36c 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -49,17 +49,6 @@ let fi ''} - ${optionalString cfg.startGnuPGAgent '' - if test -z "$SSH_AUTH_SOCK"; then - # Restart this script as a child of the GnuPG agent. - exec "${pkgs.gnupg}/bin/gpg-agent" \ - --enable-ssh-support --daemon \ - --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2" \ - --write-env-file "$HOME/.gpg-agent-info" \ - "$0" "$sessionType" - fi - ''} - # Handle being called by kdm. if test "''${1:0:1}" = /; then eval exec "$1"; fi diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index abbe00cc8881..0fcea6ce5e4f 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -219,17 +219,6 @@ in ''; }; - startGnuPGAgent = mkOption { - type = types.bool; - default = false; - description = '' - Whether to start the GnuPG agent when you log in. The GnuPG agent - remembers private keys for you so that you don't have to type in - passphrases every time you make an SSH connection or sign/encrypt - data. Use ssh-add to add a key to the agent. - ''; - }; - startDbusSession = mkOption { type = types.bool; default = true; @@ -444,14 +433,7 @@ in in optional (driver != null) ({ inherit name; driverName = name; } // driver)); assertions = - [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent); - message = - '' - The OpenSSH agent and GnuPG agent cannot be started both. Please - choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’. - ''; - } - { assertion = config.security.polkit.enable; + [ { assertion = config.security.polkit.enable; message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’)."; } ];