New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split pinentry flavours and enable udisks2 on install media again #49270
Conversation
Success on aarch64-linux (full log) Attempted: gnupg, pinentry Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: gnupg, pinentry Partial log (click to expand)
|
Success on x86_64-darwin (full log) Attempted: gnupg The following builds were skipped because they don't evaluate on x86_64-darwin: pinentry Partial log (click to expand)
|
This solves the dependency cycle in gcr alternatively so there won't be two gnupg store paths in a standard NixOS system which has udisks2 enabled by default. NixOS users are expected to use the gpg-agent user service to pull in the appropriate pinentry flavour or install it on their systemPackages and set it in their local gnupg agent config instead.
This reverts commit 571fb74. The dependencay on gtk2 was removed.
8c2b1c4
to
f6d6ba5
Compare
Success on x86_64-darwin (full log) Attempted: gnupg The following builds were skipped because they don't evaluate on x86_64-darwin: pinentry Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: gnupg, pinentry Partial log (click to expand)
|
Is there an use case for having udisks2 in the installer anyway? The only user available is root and even if it weren't you'd have to use sudo anyway to run Pinentry closure size drop is of course nice regardless. |
Success on aarch64-linux (full log) Attempted: gnupg, pinentry Partial log (click to expand)
|
info = flavourInfo.${f}; | ||
inputs = info.buildInputs or []; | ||
flag = flavourInfo.${f}.flag or null; | ||
inputsSatifsfied = inputs == [] || all (f: !(isNull f)) inputs; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
inputsSatifsfied = inputs == [] || all (f: !(isNull f)) inputs; | |
inputsSatisfied = all (f: !(isNull f)) inputs; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And !(isNull f) == ! isNull f
, libgpgerror, libassuan | ||
, ncurses, gtk2, qt | ||
, libcap ? null, libsecret ? null, gcr ? null | ||
, flavours ? [ "curses" "tty" "gtk2" "qt" "gnome3" "emacs" ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe use enabledFlavours
or something?
''; | ||
nativeBuildInputs = [ pkgconfig ]; | ||
buildInputs = [ libgpgerror libassuan libcap libsecret ] | ||
++ flatten (flip map flavours (f: flavourInfo.${f}.buildInputs or [])); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not just
++ flatten (flip map flavours (f: flavourInfo.${f}.buildInputs or [])); | |
++ concatMap (f: flavourInfo.${f}.buildInputs or []) flavours; |
Hopefully, there will not be multiple levels of nested lists.
ln -sf ${outputVar}/bin/${binary} ${outputVar}/bin/pinentry | ||
'')) | ||
+ '' | ||
ln -sf ${head flavours}/bin/pinentry-${flavourInfo.${head flavours}.bin} $out/bin/pinentry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not this be
ln -sf ${head flavours}/bin/pinentry-${flavourInfo.${head flavours}.bin} $out/bin/pinentry | |
ln -sf ${"$" + head flavours}/bin/pinentry-${flavourInfo.${head flavours}.bin} $out/bin/pinentry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could even use placeholder now.
pinentry binary will be passed to gpg-agent via commandline and | ||
thus overrides the pinentry option in gpg-agent.conf in the user's | ||
home directory. | ||
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe also mention the default behaviour.
According to @edolstra in #41723 (comment)
|
}; | ||
|
||
pinentry_gnome = self.pinentry.override { | ||
qt = qt5.qtbase; | ||
gcr = gnome3.gcr; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gcr
is now part of top-level attribute set, this can be removed.
|
||
pinentry_qt5 = self.pinentry.override { | ||
qt = qt5.qtbase; | ||
pinentry_qt4 = pinentry.override { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do not need QT4 variant. #33248
Ooh I like this feature, and definitely want this for 20.03. |
Superseded by #71095. |
Motivation for this change
Due to the udisks2 update in #41723 its closure size exploded and was subsequently disabled on installation media. This PR refactors the pinentry derivation to be able to split out the different flavours and adds a NixOS option to select the desired flavour with a sensible fallback depending on the configured desktop environment.
Also this disables GUI support in GnuPG by default to resolve the dependency cycle in gcr. This way we won't have two versions of GnuPG in all systems closures that include gcr (i.e. due to udisks2).
Finally, we can enable udisks2 on install mediums again.
Everything except the breaking GnuPG change can and should be backported to 18.03 imho.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)