gnupg: fix smartcards (yubikeys) on Darwin

Since version 2.3, GnuPG no longer falls back to other access methods if its built-in CCID driver fails to access smartcards, including yubikeys. The built-in CCID driver fails on macOS. The upstream developers recommend disabling CCID support in this case: If it works and the distribution doesn't offer appropriate USB configuration, I think that it's good for the distribution to use --disable-ccid-driver for building GnuPG. Cite: https://dev.gnupg.org/T5415 See also: https://dev.gnupg.org/T5409 Fixes #155629
author: Dan Callahan <dan.callahan@gmail.com> 2022-11-15 12:35:20 +0000
committer: Dan Callahan <dan.callahan@gmail.com> 2022-11-15 12:57:42 +0000
commit: 973c7b12caebf5dd8dee48f15b14e5525551f95d (patch)
tree: f42656eb90e203cca15d08a9cc6460a5d4abbde8 /pkgs/tools/security/gnupg
parent: 8c8f38c1367fa90ff87d28a44b82fd8e59dc088d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix
index 0b7941ce46e18..2030e8195e680 100644
--- a/pkgs/tools/security/gnupg/23.nix
+++ b/pkgs/tools/security/gnupg/23.nix
@@ -57,7 +57,8 @@ stdenv.mkDerivation rec {
     "--with-ksba-prefix=${libksba.dev}"
     "--with-npth-prefix=${npth}"
   ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"
-  ++ lib.optional withTpm2Tss "--with-tss=intel";
+  ++ lib.optional withTpm2Tss "--with-tss=intel"
+  ++ lib.optional stdenv.isDarwin "--disable-ccid-driver";
   postInstall = if enableMinimal
   then ''
     rm -r $out/{libexec,sbin,share}
author	Dan Callahan <dan.callahan@gmail.com>	2022-11-15 12:35:20 +0000
committer	Dan Callahan <dan.callahan@gmail.com>	2022-11-15 12:57:42 +0000
commit	973c7b12caebf5dd8dee48f15b14e5525551f95d (patch)
tree	f42656eb90e203cca15d08a9cc6460a5d4abbde8 /pkgs/tools/security/gnupg
parent	8c8f38c1367fa90ff87d28a44b82fd8e59dc088d (diff)