diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2016-06-26 13:01:00 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2016-06-26 13:14:42 +0200 |
| commit | 03f62a96f02ddd2112e1cb8d78083abdea7bf66b (patch) | |
| tree | 92760cb4e79c57933737ac7adf6aab2a129c97fa | |
| parent | 0fded3359377975f4ac83a1a00ecd348b0ad9a1b (diff) | |
modules/gnupg: Support sockets in XDG_RUNTIME_DIR
Since GnuPG version 2.1.13 (NixOS/nixpkgs@b586b00), there is support for XDG_RUNTIME_DIR so the sockets are in /run/user/gnupg instead of ~/.gnupg. The full announcement can be found here: https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html Unfortunately the fix is a bit more complicated, because if GNUPGHOME is set to a non-default location, the sockets are to be found within the directory specified in $GNUPGHOME instead. So we also need to check the version of GnuPG so that we can properly split up the socket directory from the GNUPGHOME. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
| -rw-r--r-- | modules/programs/gnupg/default.nix | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/modules/programs/gnupg/default.nix b/modules/programs/gnupg/default.nix index 04adcd88..63002cc7 100644 --- a/modules/programs/gnupg/default.nix +++ b/modules/programs/gnupg/default.nix @@ -5,6 +5,16 @@ with lib; let cfg = config.vuizvui.programs.gnupg; + hasXdgSupport = versionAtLeast (getVersion cfg.package) "2.1.13"; + isDefaultHome = cfg.homeDir == ".gnupg"; + + sockDir = if hasXdgSupport && isDefaultHome + then "%t/gnupg" + else "%h/${cfg.homeDir}"; + shellSockDir = if hasXdgSupport && isDefaultHome + then "$XDG_RUNTIME_DIR/gnupg" + else "$HOME/${cfg.homeDir}"; + pinentryWrapper = pkgs.runCommand "pinentry-wrapper" { pinentryProgram = cfg.agent.pinentry.program; } '' @@ -15,7 +25,7 @@ let scdaemonRedirector = pkgs.writeScript "scdaemon-redirector" '' #!${pkgs.stdenv.shell} exec "${pkgs.socat}/bin/socat" - \ - UNIX-CONNECT:"$HOME/${cfg.homeDir}/S.scdaemon" + UNIX-CONNECT:"${shellSockDir}/S.scdaemon" ''; agentWrapper = pkgs.runCommand "gpg-agent-wrapper" { @@ -94,7 +104,7 @@ in { vuizvui.requiresTests = singleton ["vuizvui" "programs" "gnupg"]; environment.systemPackages = [ cfg.package ]; }) - (mkIf (cfg.enable && cfg.homeDir != ".gnupg") { + (mkIf (cfg.enable && !isDefaultHome) { environment.variables.GNUPGHOME = "~/${cfg.homeDir}"; }) (mkIf (cfg.enable && cfg.agent.enable) { @@ -123,7 +133,7 @@ in { systemd.user.sockets.gpg-agent-main = { wantedBy = [ "sockets.target" ]; description = "Main Socket For GnuPG Agent"; - listenStreams = [ "%h/${cfg.homeDir}/S.gpg-agent" ]; + listenStreams = singleton "${sockDir}/S.gpg-agent"; socketConfig = agentSocketConfig "main"; }; }) @@ -131,7 +141,7 @@ in { systemd.user.sockets.gnupg-scdaemon = { wantedBy = [ "sockets.target" ]; description = "GnuPG Smartcard Daemon Socket"; - listenStreams = [ "%h/${cfg.homeDir}/S.scdaemon" ]; + listenStreams = singleton "${sockDir}/S.scdaemon"; socketConfig = { FileDescriptorName = "scdaemon"; SocketMode = "0600"; @@ -152,13 +162,12 @@ in { }; }) (mkIf (cfg.enable && cfg.agent.enable && cfg.agent.sshSupport) { - environment.variables.SSH_AUTH_SOCK = - "$HOME/${cfg.homeDir}/S.gpg-agent.ssh"; + environment.variables.SSH_AUTH_SOCK = "${shellSockDir}/S.gpg-agent.ssh"; systemd.user.sockets.gpg-agent-ssh = { wantedBy = [ "sockets.target" ]; description = "SSH Socket For GnuPG Agent"; - listenStreams = [ "%h/${cfg.homeDir}/S.gpg-agent.ssh" ]; + listenStreams = singleton "${sockDir}/S.gpg-agent.ssh"; socketConfig = agentSocketConfig "ssh"; }; |