Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pinentry: add GNOME frontend #27468

Merged
merged 6 commits into from Oct 2, 2017
Merged

pinentry: add GNOME frontend #27468

merged 6 commits into from Oct 2, 2017

Conversation

jtojnar
Copy link
Contributor

@jtojnar jtojnar commented Jul 18, 2017

This pull request introduces GNOME 3 frontend for pinentry, pinentry_gnome. Because gnupg depends on pinentry and pinentry_gnome depends on gnupg via gcr, I had to modify gcr to prevent building GUI. I also added libsecret dependency for caching passwords.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@jtojnar
Copy link
Contributor Author

jtojnar commented Jul 18, 2017
edited

As previously, the gnupg-agent accesses incorrect path when I try to sign something:

gpg-agent[15706]: can't connect to the PIN entry module '/usr/bin/pinentry-gnome3': IPC connect call failed

I am installing gnupg with pinentry_gnome.

Using the following override

{
  nixpkgs.config.packageOverrides = {
    gnupg = gnupg.override {
      pinentry = pinentry_gnome;
    };
  };
}

I see this when building:

[...]
Default pinentry:  /nix/store/i1sjd69zjgpy04z7jda0m2g65wdd8hbw-pinentry-1.0.0/bin/pinentry
[...]
gcc -DHAVE_CONFIG_H -I. -I..  -DLOCALEDIR=\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/share/locale\" -DGNUPG_BINDIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/bin\"" -DGNUPG_LIBEXECDIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/libexec\"" -DGNUPG_LIBDIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/lib/gnupg\"" -DGNUPG_DATADIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/share/gnupg\"" -DGNUPG_SYSCONFDIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/etc/gnupg\"" -DGNUPG_LOCALSTATEDIR="\"/nix/store/krdf8zvqwx90h0lskg1kd82k3y5bafvw-gnupg-2.1.21/var\""  -DGNUPG_DEFAULT_PINENTRY="\"/nix/store/i1sjd69zjgpy04z7jda0m2g65wdd8hbw-pinentry-1.0.0/bin/pinentry\""      -I/nix/store/5kx4d0zwj2236ng23kw2ws7z4qfqz2bz-libgcrypt-1.7.8-dev/include -I/nix/store/35pds3b8fv4bviaspmm7a5qfwplw5c0r-libgpg-error-1.27-dev/include -I/nix/store/b5rln46cxmsjcl0mbxmxa7ldmah918d8-libassuan-2.4.3-dev/include -I/nix/store/35pds3b8fv4bviaspmm7a5qfwplw5c0r-libgpg-error-1.27-dev/include -I/nix/store/6z896znj5ih72m5knawz2xw1vmpin3c4-libksba-1.3.5-dev/include -I/nix/store/35pds3b8fv4bviaspmm7a5qfwplw5c0r-libgpg-error-1.27-dev/include -I/nix/store/b5rln46cxmsjcl0mbxmxa7ldmah918d8-libassuan-2.4.3-dev/include -I/nix/store/35pds3b8fv4bviaspmm7a5qfwplw5c0r-libgpg-error-1.27-dev/include -DWITHOUT_NPTH=1 -Wall -Wno-pointer-sign -Wpointer-arith  -g -O2 -c -o libcommon_a-mapstrings.o `test -f 'mapstrings.c' || echo './'`mapstrings.c
[...]

cc @ttuegel

@ttuegel
Copy link
Member

ttuegel commented Jul 18, 2017

As previously, the gnupg-agent accesses incorrect path when I try to sign something:

Yes, you have to set the path in $HOME/.gnupg/gpg.conf or $HOME/.gnupg/gpg-agent.conf. Just overriding the pinentry attribute is not going to change the path in gnupg; you would have to patch gnupg to do that.

@jtojnar
Copy link
Contributor Author

jtojnar commented Jul 18, 2017
edited

@ttuegel Oh, I forgot I have created $HOME/.gnupg/gpg-agent.conf when I have been using Arch. After deleting the file, the GNOME pinentry is recognized correctly.

Now, do you have any idea why Travis Darwin build fails?

clang++ -DHAVE_CONFIG_H -I. -I..  -I/nix/store/cl2v73fvsmschkrhmxllddhdml76r6aj-libsecret-0.18.5-dev/include/libsecret-1 -I/nix/store/m4ppjkkda89wfkgsdky62ffd5hp0zqv1-glib-2.52.1-dev/include/glib-2.0 -I/nix/store/07ynsgd6v3rbg8llpp80h40nhmh894ak-glib-2.52.1/lib/glib-2.0/include -I/nix/store/ss1jg7g9k96v9bakxlls7diwkxrk6pqx-libassuan-2.4.3-dev/include -I/nix/store/k9xcjc4d1c3lh41s6yagdwdvnf7w71s3-libgpg-error-1.27-dev/include -I/nix/store/k9xcjc4d1c3lh41s6yagdwdvnf7w71s3-libgpg-error-1.27-dev/include  -I.. -I../secmem  -I../pinentry -Wall -DQT_SHARED -I/nix/store/vqdnc4x1qvdlmggkpnvh15rqdc6wbw06-qt-4.8.7/include -I/nix/store/vqdnc4x1qvdlmggkpnvh15rqdc6wbw06-qt-4.8.7/include/QtGui -I/nix/store/vqdnc4x1qvdlmggkpnvh15rqdc6wbw06-qt-4.8.7/include -I/nix/store/vqdnc4x1qvdlmggkpnvh15rqdc6wbw06-qt-4.8.7/include/QtCore -g -O2 -c -o pinentrydialog.o pinentrydialog.cpp

In file included from pinentrydialog.cpp:25:

./pinentrydialog.h:28:10: fatal error: 'QDialog' file not found

#include <QDialog>

@fpletz fpletz added this to the 17.09 milestone Jul 26, 2017
@jtojnar jtojnar mentioned this pull request Aug 3, 2017
Merged
8 tasks
bendlas
bendlas approved these changes Aug 11, 2017
View reviewed changes
Copy link
Contributor

@bendlas bendlas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just built it. Works fine and fixes a problem for me, that the gtk2 version has.

@Ma27
Copy link
Member

Ma27 commented Aug 13, 2017

just built it locally. Seems to work :-)

@jtojnar
Copy link
Contributor Author

jtojnar commented Sep 1, 2017

Rebased.

It looks like it previously built pinentry_qt on Darwin successfully just because the qt4 target was not enabled due to invalid configure argument. Should I limit the platforms to just linux for pinentry_qt?

@jtojnar jtojnar force-pushed the fix/pinentry-gnome branch 2 times, most recently from d66c239 to 4571a35 Compare September 24, 2017 23:17
@jtojnar jtojnar force-pushed the fix/pinentry-gnome branch 4 times, most recently from eedce4a to e19da58 Compare September 30, 2017 23:31
@jtojnar
gnome3.gcr: propagate pkg-config dependencies
adbba9d 
The pinentry_gnome package requires gcr. Unfortunately, when configure
asks about the library (or `pkg-config --libs gcr-base-3` is used) it
fails because glib is not in scope.

```
$ pkg-config --libs gcr-base-3
Package glib-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `glib-2.0.pc'
to the PKG_CONFIG_PATH environment variable
Package 'glib-2.0', required by 'gcr-base-3', not found
```

This commit moves glib and gtk to `propagatedBuildInputs` so pkgconfig
could find them.

See also 38b58ba
@jtojnar
pinentry: add GNOME 3 frontend support
4ad9878
@jtojnar
pinentry: fix configure arguments
75bf151 
pinentry 0.9.6 changed the `qt4` flag to just `qt`. Additionally,
the `--with-x` option has not been there for a while. This commit
renames and removes the flags, respectively.
@jtojnar
pinentry: add optional libsecret dependency
feddf1b 
libsecret is used for cacheing passwords.
@jtojnar
gnome3.gcr: prevent dependency cycle
b34a891 
When overriding gnupg to uss pinentry gnome3 frontend, there is
a dependency cycle:

    gnupg → pinentry_gnome → gcr → gnupg

This commit overrides the gnupg required by gcr to not build GUI.
@grahamc grahamc merged commit 5af263c into NixOS:master Oct 2, 2017
@fpletz
Copy link
Member

fpletz commented Oct 4, 2017

This breaks the gpg-agent user service for me. It seems there is some dbus stuff missing that the gnome3 version needs. Reverted 3f7e3db for now.

fpletz added a commit that referenced this pull request Oct 4, 2017
@fpletz
Revert "pinentry: make GTK3 the default front-end"
3340100 
This reverts commit 3f7e3db.

This broke the gpg-agent user service. See #27468.

(cherry picked from commit eb59961)
fpletz added a commit that referenced this pull request Oct 4, 2017
@fpletz
Revert "pinentry: make GTK3 the default front-end"
eb59961 
This reverts commit 3f7e3db.

This broke the gpg-agent user service. See #27468.
@jtojnar
Copy link
Contributor Author

jtojnar commented Oct 6, 2017

@fpletz Could you provide some more details (desktop environment, journal log, configuration.nix)? I am unable to reproduce it.

@jtojnar jtojnar mentioned this pull request Nov 22, 2017
Closed
56 tasks
@fpletz
Copy link
Member

fpletz commented Dec 16, 2017
edited

On 17.09 with the revert reverted, I can reproduce this issue on my system

Here is the relevant portion from the journal:

Dec 16 01:11:57 yolovo systemd[19988]: Started GnuPG cryptographic agent and passphrase cache.
Dec 16 01:11:57 yolovo gpg-agent[19997]: gpg-agent (GnuPG) 2.2.3 starting in supervised mode.
Dec 16 01:11:57 yolovo gpg-agent[19997]: using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Dec 16 01:11:57 yolovo gpg-agent[19997]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Dec 16 01:11:57 yolovo gpg-agent[19997]: listening on: std=3 extra=-1 browser=-1 ssh=4
Dec 16 01:12:06 yolovo gpg-agent[19997]: No $DBUS_SESSION_BUS_ADDRESS found, falling back to curses
Dec 16 01:12:06 yolovo gpg-agent[19997]: Failed to lookup password for key s/162F8C3CF3C122E6E5A694519EE2006322D9B3F5 with secret service: Cannot autolaunch D-Bus without X11 $DISPLAY
Dec 16 01:12:06 yolovo gpg-agent[19997]: failed to unprotect the secret key: No such file or directory
Dec 16 01:12:06 yolovo gpg-agent[19997]: failed to read the secret key
Dec 16 01:12:06 yolovo gpg-agent[19997]: ssh sign request failed: No such file or directory <Pinentry>

The relevant settings from my NixOS config:

    services.xserver = {
      desktopManager.default = "none";
      desktopManager.xterm.enable = false;
      windowManager.default = "i3";
      windowManager.i3.enable = true;
      displayManager.slim.enable = true;
  };


  programs.gnupg.agent.enable = true;
  programs.gnupg.agent.enableSSHSupport = true;

@jtojnar jtojnar mentioned this pull request Oct 13, 2019
Merged
10 tasks
@jtojnar jtojnar deleted the fix/pinentry-gnome branch December 20, 2019 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz fpletz approved these changes

@bendlas bendlas bendlas approved these changes

Assignees
No one assigned
Labels
8.has: package (update)
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@jtojnar @ttuegel @Ma27 @fpletz @bendlas @grahamc