bug: gnupg/gpgconf points to nonexistent pinentry

[whimbree]

Are you following the right branch?

• [X] My Nixpkgs and Home Manager versions are in sync

Is there an existing issue for this?

• [X] I have searched the existing issues

Issue description

After the refactor to pinentry packaging, gpgconf now returns an invalid path to pinentry.

This breaks apps that depend on gpgconf's output for configuring paths to gnupg tools. One such app is GpgFrontend.

example:

❯ gpgconf         
gpg:OpenPGP:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpg
gpgsm:S/MIME:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpgsm
keyboxd:Public Keys:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/keyboxd
gpg-agent:Private Keys:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/gpg-agent
scdaemon:Smartcards:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/scdaemon
tpm2daemon:TPM:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/libexec/tpm2daemon
dirmngr:Network:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/dirmngr
pinentry:Passphrase Entry:/nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry

❯ /nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry 
zsh: no such file or directory: /nix/store/1q3yng4smvrbvffgifrbk78jgs3il9z1-gnupg-2.4.4/bin/pinentry

Maintainer CC

No response

System information

- system: `"x86_64-linux"`
 - host os: `Linux 6.7.9, NixOS, 24.05 (Uakari), 24.05.20240312.0ad13a6`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.1`
 - channels(root): `"nixos"`
 - channels(bree): `""`
 - nixpkgs: `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source`

[dbrw]

I think this related if not same as #5135

[willbush]

After updating and having issues getting my pinentry to work, I ran into this issue and can confirm I also have the same issue. However, my pinentry started working after I gpg-connect-agent reloadagent /bye (thought restarting my computer would be enough?). So maybe I was having a different issue and the missing binary in gpgconf is not affecting me.

[SebTM]

For me this seems to be resolved, any objections closing this? /review 1 week

[vherrmann]

After updating and having issues getting my pinentry to work, I ran into this issue and can confirm I also have the same issue. However, my pinentry started working after I gpg-connect-agent reloadagent /bye (thought restarting my computer would be enough?). So maybe I was having a different issue and the missing binary in gpgconf is not affecting me.

I had a similar issue, but for me gpg-connect-agent reloadagent /bye wasn't enough. I had to kill the agent as well (pkill gpg-agent).

[asymmetric]

I had to both set a pinentryPackage as in #5488, and run gpg-connect-agent reloadagent /bye. After that, even though gpgconf still returned a non-existent pinentry, I could use gpg again. Maybe a restart would fix the entry in gpgconf?

I also tried systemctl --user restart gpg-agent.socket, but that also didn't fix the entry in gpgconf.

So IMO, this is not fixed at all, it's atually broken out of the box, and I think the default pinentryPackage should not be null but pinentry-tty'.

[exarkun]

I'm trying to use gpg from home-manager for the first time and it seems broken out of the box to me as well.

With home-manager f99eace7c167b8a6a0871849493b1c613d0f1b80 and nixpkgs faf912b086576fd1a15fca610166c98d47bc667e and this configuration:

  services.gpg-agent = {
    enable = true;
    pinentryFlavor = "tty";
  };

gpg fails:

gpg: public key decryption failed: No pinentry 
gpg: decryption failed: No pinentry

until I kill gpg-agent.

[SebTM]

With home-manager https://github.com/nix-community/home-manager/commit/f99eace7c167b8a6a0871849493b1c613d0f1b80 and nixpkgs faf912b086576fd1a15fca610166c98d47bc667e and this configuration:

Not sure what's the issue is but it appears to me that you are building from random hashes from February rather than using stable/unstable branch?

The option e.g. pinentryFlavor does not exist anymore in home-manager: https://nix-community.github.io/home-manager/options.xhtml

should be pinentryPackage now.

[exarkun]

Not sure what's the issue is but it appears to me that you are building from random hashes from February rather than using stable/unstable branch?

I was guessing the issue is exactly this one - that the module sometimes generates configurations with bogus pinentry config. As for the revisions, they were from the unstable branch at some point. Then time passed and those branches moved on.

[kwshi]

I'm currently on nixpkgs/nixos-24.05 and home-manager/release-24.05 and still running into this issue. Here's the relevant chunk from my flake.lock:

    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1682203081,
        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    }

And here are the relevant chunks from my config:

    programs.gpg.enable = true;
    services.gpg-agent = {
      enable = true;
      pinentryPackage = pkgs.pinentry-gnome3;
    };

I've done a lot of reloading/pkilling of the gpg agent process but I'm still seeing:

❯ gpgconf 
gpg:OpenPGP:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpg
gpgsm:S/MIME:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpgsm
keyboxd:Public Keys:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/keyboxd
gpg-agent:Private Keys:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/gpg-agent
scdaemon:Smartcards:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/scdaemon
tpm2daemon:TPM:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/libexec/tpm2daemon
dirmngr:Network:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/dirmngr
pinentry:Passphrase Entry:/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry

nixos on  main [!?⇡] 
❯ l /nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry
"/nix/store/ayvxxjman90w72dlzwx7xxa5p1vqhhl3-gnupg-2.4.5/bin/pinentry": No such file or directory (os error 2)

[stale[bot]]

Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.

If you are the original author of the issue

* If this is resolved, please consider closing it so that the maintainers know not to focus on this. * If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough. * If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

If you are not the original author of the issue

* If you are also experiencing this issue, please add details of your situation to help with the debugging process. * If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

Memorandum on closing issues

Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.