diff options
| author | aszlig <aszlig@nix.build> | 2021-02-16 19:32:29 +0100 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2021-02-16 19:39:39 +0100 |
| commit | d23353c4dbf06cd074e243a30412604a9c69e581 (patch) | |
| tree | cf9559cd80abfd4a2b4e881c3dbf7bde8e860aee /modules/programs | |
| parent | b9c4208a5ff85bda025e088fa912987d152d5291 (diff) | |
gnupg: Work around GPG agent reload with v2.2.26
GnuPG version 2.2.26 got a refactor of the option parser and now no longer preserves options set via command line flags when sending the HUP signal. I think this is an upstream regression and ideally we should submit a bug report and or patch upstream, so this should be treated as a workaround since I currently have limited time and just wanted fix our integration module. Since the config file is actually reloaded on HUP, we're now simply passing the same options via file rather than via arguments. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'modules/programs')
| -rw-r--r-- | modules/programs/gnupg/default.nix | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/modules/programs/gnupg/default.nix b/modules/programs/gnupg/default.nix index 99bbebe6..e474289c 100644 --- a/modules/programs/gnupg/default.nix +++ b/modules/programs/gnupg/default.nix @@ -116,16 +116,18 @@ in { environment.LD_PRELOAD = agentWrapper hasSupervisorSupport; environment.GNUPGHOME = "~/${cfg.homeDir}"; - serviceConfig.ExecStart = toString ([ - "${cfg.package}/bin/gpg-agent" - "--pinentry-program=${pinentryWrapper}" - (if cfg.agent.scdaemon.enable - then "--scdaemon-program=${scdaemonRedirector}" - else "--disable-scdaemon") - (if hasSupervisorSupport - then "--supervised" - else "--no-detach --daemon") - ] ++ lib.optional cfg.agent.sshSupport "--enable-ssh-support"); + serviceConfig.ExecStart = let + configFile = pkgs.writeText "gpg-agent.conf" '' + pinentry-program ${pinentryWrapper} + ${if cfg.agent.scdaemon.enable + then "scdaemon-program ${scdaemonRedirector}" + else "disable-scdaemon"} + ${if hasSupervisorSupport + then "supervised" + else "no-detach\ndaemon"} + ${lib.optionalString cfg.agent.sshSupport "enable-ssh-support"} + ''; + in "${cfg.package}/bin/gpg-agent --options ${configFile}"; serviceConfig.ExecReload = toString [ "${cfg.package}/bin/gpg-connect-agent" |