set -eu
set -o pipefail
${info}
- ${pkgs.coreutils}/bin/install -dm0700 -D ${gnupg.gnupgHome}
- ${pkgs.coreutils}/bin/ln -snf ${gnupg.gpgConf} ${gnupg.gnupgHome}/gpg.conf
- ${pkgs.coreutils}/bin/ln -snf ${gnupg.gpgAgentConf} ${gnupg.gnupgHome}/gpg-agent.conf
- ${pkgs.coreutils}/bin/ln -snf ${gnupg.dirmngrConf} ${gnupg.gnupgHome}/dirmngr.conf
'' +
generateKeys gnupg.keys
);
gpgAgentConf = lib.mkOption {
type = types.lines;
apply = s: pkgs.writeText "gpg-agent.conf" s;
- default = ''
+ default =
+ let pinentry = pkgs.writeShellScript "pinentry" ''
+ #!${pkgs.runtimeShell}
+ # choose pinentry depending on PINENTRY_USER_DATA
+ # this *only works* with gpg2
+ # see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802020
+ case "''${PINENTRY_USER_DATA:-tty}" in
+ curses) exec ${pkgs.pinentry.curses}/bin/pinentry-curses "$@";;
+ #emacs) exec ''${pkgs.pinentry.emacs}/bin/pinentry-emacs "$@";;
+ #gnome3) exec ''${pkgs.pinentry.gnome3}/bin/pinentry-gnome3 "$@";;
+ gtk-2) exec ${pkgs.pinentry.gtk2}/bin/pinentry-gtk-2 "$@";;
+ none) exit 1;; # do not ask for passphrase
+ #qt) exec ''${pkgs.pinentry.qt}/bin/pinentry-qt "$@";;
+ tty) exec ${pkgs.pinentry.tty}/bin/pinentry-tty "$@";;
+ esac
+ '';
+ in ''
+ allow-loopback-pinentry
allow-preset-passphrase
default-cache-ttl 17200
default-cache-ttl-ssh 17200
enable-ssh-support
max-cache-ttl 17200
max-cache-ttl-ssh 17200
- pinentry-program ${pkgs.pinentry}/bin/pinentry
+ no-allow-external-cache
+ pinentry-program ${pinentry}
'';
description = ''
GnuPG's gpg-agent.conf content.
};
gpgConf = lib.mkOption {
type = types.lines;
- apply = s: pkgs.writeText "gpg.conf" s;
+ apply = s: pkgs.writeText "gpg.conf" (s+"\n"+gnupg.gpgExtraConf);
default = ''
auto-key-locate keyserver
cert-digest-algo SHA512
GnuPG's gpg.conf content.
'';
};
+ gpgExtraConf = lib.mkOption {
+ type = types.lines;
+ default = "";
+ description = ''
+ GnuPG's gpg.conf extra content.
+ '';
+ };
};
config = lib.mkIf gnupg.enable {
nix-shell.buildInputs = [
];
nix-shell.shellHook = ''
# gnupg
+ ${pkgs.coreutils}/bin/install -dm0700 -D ${gnupg.gnupgHome}
+ ${pkgs.coreutils}/bin/ln -snf ${gnupg.gpgConf} ${gnupg.gnupgHome}/gpg.conf
+ ${pkgs.coreutils}/bin/ln -snf ${gnupg.gpgAgentConf} ${gnupg.gnupgHome}/gpg-agent.conf
+ ${pkgs.coreutils}/bin/ln -snf ${gnupg.dirmngrConf} ${gnupg.gnupgHome}/dirmngr.conf
export GNUPGHOME=${gnupg.gnupgHome}
install -dm700 "$GNUPGHOME"
export GPG_TTY=$(${pkgs.coreutils}/bin/tty)