knot+nginx: add lemoutona5pattes.sourcephile.fr for helping Cadine
[sourcephile-nix.git] / shell / modules / tools / security / gnupg.nix
index c5821bed2f0a3b16030a6b5b05d21c4ae80fb59a..689792170870c88810df666033f9433884c252f3 100644 (file)
@@ -407,14 +407,32 @@ options.gnupg = {
   gpgAgentConf = lib.mkOption {
     type = types.lines;
     apply = s: pkgs.writeText "gpg-agent.conf" s;
-    default = ''
+    default =
+      let pinentry = pkgs.writeShellScript "pinentry" ''
+        #!${pkgs.runtimeShell}
+        # choose pinentry depending on PINENTRY_USER_DATA
+        # this *only works* with gpg2
+        # see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802020
+        case "''${PINENTRY_USER_DATA:-tty}" in
+        curses) exec ${pkgs.pinentry.curses}/bin/pinentry-curses "$@";;
+        #emacs)  exec ''${pkgs.pinentry.emacs}/bin/pinentry-emacs "$@";;
+        #gnome3) exec ''${pkgs.pinentry.gnome3}/bin/pinentry-gnome3 "$@";;
+        gtk-2)  exec ${pkgs.pinentry.gtk2}/bin/pinentry-gtk-2 "$@";;
+        none)   exit 1;; # do not ask for passphrase
+        #qt)     exec ''${pkgs.pinentry.qt}/bin/pinentry-qt "$@";;
+        tty)    exec ${pkgs.pinentry.tty}/bin/pinentry-tty "$@";;
+        esac
+      '';
+    in ''
+      allow-loopback-pinentry
       allow-preset-passphrase
       default-cache-ttl 17200
       default-cache-ttl-ssh 17200
       enable-ssh-support
       max-cache-ttl 17200
       max-cache-ttl-ssh 17200
-      pinentry-program ${pkgs.pinentry}/bin/pinentry
+      no-allow-external-cache
+      pinentry-program ${pinentry}
     '';
     description = ''
       GnuPG's gpg-agent.conf content.