Open vandenoever opened 4 years ago
You shouldn't need to nix-env this on nixos.
See https://nixos.org/nixos/options.html#programs.gnupg.agent.pinentryflavor and the programs.gnupg.agent.enable
? And second bullet of https://nixos.org/nixos/manual/release-notes.html#sec-release-20.03-incompatibilities
Setting programs.gnupg.agent.enable
and not installing pinentry by hand fixes the issue. Although I do not understand why, because there is no pinenty in the PATH.
I have got trouble with missing pinentry for gpg too.
$sudo nix-channel --list
nixos https://nixos.org/channels/nixos-20.03
$ nix-env -iA nixos.pinentry
installing 'pinentry-1.1.0'
these paths will be fetched (0.09 MiB download, 0.28 MiB unpacked):
/nix/store/7m67j08dpyrd0n058bbdxipn2chvjaif-pinentry-1.1.0-gtk2
/nix/store/nghfn6cxqa7rv6rkjdxkclfzch8q0plx-pinentry-1.1.0-emacs
/nix/store/sy0y0ib7iz8dc9j6v1yn5rs4q710i01z-pinentry-1.1.0-gnome3
copying path '/nix/store/nghfn6cxqa7rv6rkjdxkclfzch8q0plx-pinentry-1.1.0-emacs' from 'https://cache.nixos.org'...
copying path '/nix/store/sy0y0ib7iz8dc9j6v1yn5rs4q710i01z-pinentry-1.1.0-gnome3' from 'https://cache.nixos.org'...
copying path '/nix/store/7m67j08dpyrd0n058bbdxipn2chvjaif-pinentry-1.1.0-gtk2' from 'https://cache.nixos.org'...
building '/nix/store/6sgnzvwx7mvk09pa2pa85gnb5xi8db2h-user-environment.drv'...
created 2 symlinks in user environment
$ gpg --clear-sign test.txt
gpg: WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `/home/###/.gnupg'
gpg: "###############" wird als voreingestellter geheimer Signaturschlüssel benutzt
gpg: Beglaubigung fehlgeschlagen: Kein Pinentry
gpg: test.txt: clear-sign failed: Kein Pinentry
"#"-Symbols are placeholders for private stuff. The German Text means: No pinentry, gpg cannot do its work.
Of course my /etc/nixos/configuration contains:
programs.gnupg.agent = {
enable = true;
# enableSSHSupport = true;
pinentryFlavor = "tty";
};
(And there is no other direct instruction to install any pinentry-package)
Maybe this is interesting too:
$ nix-env -iA nixos.pinentry_qt5
replacing old 'pinentry-1.1.0'
installing 'pinentry-1.1.0'
building '/nix/store/abfyrji1vgfgh1r2q7p0lx9n8zibr3kg-user-environment.drv'...
created 2 symlinks in user environment
expected behaviour: installing of pinentry_qt5 should install pinentry_qt5 and not pinentry
wanted behaviour: gpg should ask me for the passphrase and work.
After an reboot ´$ gpg --clear-sign test.txt´ worked as it should.
With this setting (pinentryFlavor = "gtk2";
) it worked for me now (after nixos-rebuild and reboot):
programs.gnupg.agent = {
enable = true;
# enableSSHSupport = true;
pinentryFlavor = "gtk2";
};
But the bug with pinentryFlavor = "qt";
remains unsolved.
We shouldn't use nix-env
for this purpose.
expected behaviour: installing of pinentry_qt5 should install pinentry_qt5 and not pinentry
The derivation name doesn't change with what flavor is used, that could be an enhancement.
Here's the note in 20.03:
GnuPG is now built without support for a graphical passphrase entry by default. Please enable the gpg-agent user service via the NixOS option programs.gnupg.agent.enable. Note that upstream recommends using gpg-agent and will spawn a gpg-agent on the first invocation of GnuPG anyway.
What wasn't mentioned was the pinentry flavors were renamed. (pinentryFlavor was also introduced in 20.03). I think documentation on how to use gnupg-agent in nixos is needed.
Thanks.
I marked this as stale due to inactivity. → More info
In Nixos 20.03 I need to have a graphical pinentry. Since I run KDE, pinentry_qt5 seems appropriate. But installing this leads to
pinentry-1.1.0-curses
being installed instead ofpinentry-1.1.0-qt
.The same happens when installing
pinentry-gnome
,pinentry-gtk2
,pinentry-qt
, orpinentry_qt5
.To Reproduce Steps to reproduce the behavior:
Expected behavior
pinentry-qt should be available
Additional context
KMail and other graphical applications require that gpg is able to show a graphical pinentry. Since this not currently possible, any crytography with gpg is impossible in graphical applications.
Notify maintainers @ttuegel @fpletz
Metadata