gnupg agent module: Added extra and browser sockets to GnuPG agent, and added dirmngr, also made SSH support false by default due to programs.ssh.startAgent defaulting to true #26295
+82
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nd added dirmngr, also made SSH support false by default due to programs.ssh.startAgent defaulting to true
|
@fpletz Ping |
fpletz
approved these changes
Jun 15, 2017
There was a problem hiding this comment.
Thanks for the reminder and these additions. LGTM! 👍
My reasoning behind the ssh support was that if you enable the gpg-agent, you might not want to run two separate agents for gpg and ssh. So if an user enables the gpg-agent, it would get the informed by the error that there is a choice between ssh-agent and gpg-agent as an ssh agent (which is not obviously exposed in the module system).
But defaulting to false is also fine by me. I wonder, though, if we should disable ssh-agent by default too.
|
Its probably better had ssh agent been disabled by default too. But now we
try to be backwards compatible.
Thanks for accepting!
On 15 Jun 2017 23:14, "Franz Pletz" <notifications@github.com> wrote:
*@fpletz* approved this pull request.
Thanks for the reminder and these additions. LGTM! 👍
My reasoning behind the ssh support was that if you enable the gpg-agent,
you might not want to run two separate agents for gpg and ssh. So if an
user enables the gpg-agent, it would get the informed by the error that
there is a choice between ssh-agent and gpg-agent as an ssh agent (which is
not obviously exposed in the module system).
But defaulting to false is also fine by me. I wonder, though, if we should
disable ssh-agent by default too.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#26295 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnHHXROBnMNubwUvRglqSfB1mgBvo2Iks5sES5AgaJpZM4NskLg>
.
|
|
I've created a PR to change the ssh-agent default: #26605 |
|
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I cloned gnupgs source code to lookup how they are doing systemd integration and ported it to the new gnupg.nix program module.
I had a variation of this already running on my desktop nixos.
@fpletz I changed ssh support to default to false because the ssh start agent defaults to true, I think it would be a better UX if enabling GPG agent doesn't automatically require ssh support and thus result in a nixos rebuild error. Happy to change it back though if you really want it that way.