Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split pinentry flavors and enable udisks2 on install media again #71095

Merged
merged 6 commits into from Oct 17, 2019
Merged

Split pinentry flavors and enable udisks2 on install media again #71095

merged 6 commits into from Oct 17, 2019

Conversation

flokli
Copy link
Contributor

@flokli flokli commented Oct 13, 2019

Motivation for this change

Follow-up of #49270, rebased to latest master and with qt4 removed.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@flokli flokli mentioned this pull request Oct 13, 2019
Closed
9 tasks
jtojnar
jtojnar requested changes Oct 13, 2019
View reviewed changes
Copy link
Contributor

@jtojnar jtojnar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also address the change requests from the original PR?

nixos/modules/installer/tools/tools.nix Outdated Show resolved Hide resolved
nixos/modules/programs/gnupg.nix Outdated Show resolved Hide resolved
pkgs/desktops/gnome-3/core/gcr/default.nix Outdated Show resolved Hide resolved
@flokli
Copy link
Contributor Author

flokli commented Oct 13, 2019
edited

Adressed the comments from @jtojnar and @infinisil on the original PR, and @jtojnar's latest comments.

@ofborg ofborg bot removed the 6.topic: GNOME GNOME desktop environment and its underlying platform label Oct 13, 2019
jtojnar
jtojnar requested changes Oct 13, 2019
View reviewed changes
nixos/modules/programs/gnupg.nix Outdated Show resolved Hide resolved
nixos/modules/programs/gnupg.nix Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/top-level/all-packages.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
worldofpeace
worldofpeace reviewed Oct 13, 2019
View reviewed changes
Copy link
Contributor

@worldofpeace worldofpeace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we change pinentryFlavour and defaultPinentryFlavour to use the spelling flavor?
It's chiefly British.

@flokli flokli force-pushed the pinentry-cleanup branch 2 times, most recently from 40486a7 to 5a7b19e Compare October 13, 2019 22:41
jtojnar
jtojnar reviewed Oct 13, 2019
View reviewed changes
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/pinentry/default.nix Outdated Show resolved Hide resolved
@flokli
Copy link
Contributor Author

flokli commented Oct 13, 2019

Adressed a lot of suggestions, thanks so far!

flokli and others added 5 commits October 16, 2019 19:56
@flokli @worldofpeace
pinentry: change attributes to dashes, alias old ones
66081ce
@fpletz @flokli @worldofpeace
nixos/gnupg: add option for setting pinentry flavours
edea9fe 
Co-authored-by: Florian Klink <flokli@flokli.de>
@fpletz @flokli @worldofpeace
gnupg: disable gui/pinentry support by default
b5bea4c 
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.

NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.

Co-authored-by: Florian Klink <flokli@flokli.de>
@fpletz @flokli @worldofpeace
Revert "installer: Disable udisks"
b04b354 
This reverts commit 571fb74.

The dependency on gtk2 was removed.

Co-authored-by: Florian Klink <flokli@flokli.de>
@flokli @worldofpeace
udisks2: use tmpfiles instead of activation script to create /var/lib…
e397b94 
…/udisks2
worldofpeace
worldofpeace approved these changes Oct 16, 2019
View reviewed changes
Copy link
Contributor

@worldofpeace worldofpeace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on my local system, migrating from home-manager's gpg-agent to nixos gpg.agent without issues.
And this was using gnome3`s pinentry.

Also tested in a VM with a Gnome config.

@worldofpeace worldofpeace merged commit 823da4d into NixOS:master Oct 17, 2019
worldofpeace added a commit that referenced this pull request Oct 17, 2019
@worldofpeace
Revert "Merge pull request #71095 from flokli/pinentry-cleanup"
2fbccbc 
This reverts commit 823da4d, reversing
changes made to b75c8ee.
@worldofpeace
Copy link
Contributor

Ok, reverted that on master because of the rebuilds it should go to staging (I think).
Merged to staging manually.

Nice working on this together @flokli 🌸
And thanks to the responsive reviewers getting this moving again.

@gebner gebner mentioned this pull request Nov 2, 2019
Closed
jtojnar added a commit to jtojnar/nixfiles that referenced this pull request Nov 5, 2019
@jtojnar
kaiser: enable gpg-agent
ebd6118 
Since we stopped shipping graphical frontend with gnupg in NixOS/nixpkgs#71095, we use service overrides to pass the frontend set in NixOS module, offering customizable front-ends without needing to rebuid gnupg.

Unfortunately, when GNUPGHOME environment variable is set, gpg-agent uses a different socket directory, so the socket activation fails and gnupg starts the agent manually, without our overrides. NixOS/nixpkgs#72597 (comment)

Until GNUPG's non-compliance with XDG basedir specification is fixed upstream, we will need to override the socket directory for the systemd socket activation, so that the properly overridden agent can be run. Unfortunately, with global overrides this is only possible to do when there is only one user using gpg, since the socket directory is based on a hash of the gnupg homedir. For multi-user systems solving it at user level with something like home-manager is necessary.
@infinisil infinisil mentioned this pull request Nov 12, 2019
Closed
@flokli flokli mentioned this pull request Nov 22, 2019
Closed
@domenkozar domenkozar mentioned this pull request Nov 25, 2019
Merged
3 tasks
jD91mZM2 added a commit to jD91mZM2/home-manager that referenced this pull request Dec 30, 2019
@jD91mZM2
Fix GnuPG by adding pinentry flavor option
98ed32d 
See NixOS/nixpkgs#71095
jD91mZM2 added a commit to jD91mZM2/home-manager that referenced this pull request Dec 30, 2019
@jD91mZM2
Fix GnuPG by adding pinentry flavor option
c7b3296 
See NixOS/nixpkgs#71095
@jD91mZM2 jD91mZM2 mentioned this pull request Dec 30, 2019
Closed
jD91mZM2 added a commit to jD91mZM2/home-manager that referenced this pull request Dec 30, 2019
@jD91mZM2
Fix GnuPG by adding pinentry flavor option
cb557a1 
See NixOS/nixpkgs#71095
jD91mZM2 added a commit to jD91mZM2/home-manager that referenced this pull request Dec 30, 2019
@jD91mZM2
Fix GnuPG by adding pinentry flavor option
15809e5 
See NixOS/nixpkgs#71095
jD91mZM2 added a commit to jD91mZM2/home-manager that referenced this pull request Dec 31, 2019
@jD91mZM2
Fix GnuPG by adding pinentry flavor option
076e5fd 
See NixOS/nixpkgs#71095
rycee pushed a commit to nix-community/home-manager that referenced this pull request Jan 1, 2020
@jD91mZM2 @rycee
gpg-agent: fix GnuPG by adding pinentry flavor option
ebf1df5 
See NixOS/nixpkgs#71095.

Fixes #908
jorsn pushed a commit to jorsn/home-manager that referenced this pull request Apr 25, 2020
@jD91mZM2 @jorsn
gpg-agent: fix GnuPG by adding pinentry flavor option
e6b9ae1 
See NixOS/nixpkgs#71095.

Fixes nix-community#908
@flokli flokli mentioned this pull request Jul 12, 2020
Merged
10 tasks
@flokli flokli deleted the pinentry-cleanup branch July 12, 2020 20:44
@flokli flokli mentioned this pull request Nov 22, 2020
Closed
@jtojnar jtojnar mentioned this pull request Jan 3, 2024
Closed
13 tasks
@SuperSandro2000 SuperSandro2000 mentioned this pull request Jan 15, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewbauer matthewbauer matthewbauer left review comments

@lheckemann lheckemann lheckemann left review comments

@jtojnar jtojnar jtojnar requested changes

@worldofpeace worldofpeace worldofpeace approved these changes

@fpletz fpletz Awaiting requested review from fpletz

@samueldr samueldr Awaiting requested review from samueldr

@vrthra vrthra Awaiting requested review from vrthra

@ttuegel ttuegel Awaiting requested review from ttuegel

@peti peti Awaiting requested review from peti

@roconnor roconnor Awaiting requested review from roconnor

@peterhoeg peterhoeg Awaiting requested review from peterhoeg

Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: clean-up 8.has: documentation 8.has: module (update) 8.has: package (new) 10.rebuild-darwin: 11-100 10.rebuild-linux: 501-1000 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@flokli @jtojnar @lheckemann @worldofpeace @matthewbauer @fpletz