From d23353c4dbf06cd074e243a30412604a9c69e581 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Tue, 16 Feb 2021 19:32:29 +0100
Subject: gnupg: Work around GPG agent reload with v2.2.26

GnuPG version 2.2.26 got a refactor of the option parser and now no
longer preserves options set via command line flags when sending the HUP
signal.

I think this is an upstream regression and ideally we should submit a
bug report and or patch upstream, so this should be treated as a
workaround since I currently have limited time and just wanted fix our
integration module.

Since the config file is actually reloaded on HUP, we're now simply
passing the same options via file rather than via arguments.

Signed-off-by: aszlig <aszlig@nix.build>
---
 modules/programs/gnupg/default.nix | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'modules/programs')

diff --git a/modules/programs/gnupg/default.nix b/modules/programs/gnupg/default.nix
index 99bbebe6..e474289c 100644
--- a/modules/programs/gnupg/default.nix
+++ b/modules/programs/gnupg/default.nix
@@ -116,16 +116,18 @@ in {
         environment.LD_PRELOAD = agentWrapper hasSupervisorSupport;
         environment.GNUPGHOME = "~/${cfg.homeDir}";
 
-        serviceConfig.ExecStart = toString ([
-          "${cfg.package}/bin/gpg-agent"
-          "--pinentry-program=${pinentryWrapper}"
-          (if cfg.agent.scdaemon.enable
-           then "--scdaemon-program=${scdaemonRedirector}"
-           else "--disable-scdaemon")
-          (if hasSupervisorSupport
-           then "--supervised"
-           else "--no-detach --daemon")
-        ] ++ lib.optional cfg.agent.sshSupport "--enable-ssh-support");
+        serviceConfig.ExecStart = let
+          configFile = pkgs.writeText "gpg-agent.conf" ''
+            pinentry-program ${pinentryWrapper}
+            ${if cfg.agent.scdaemon.enable
+              then "scdaemon-program ${scdaemonRedirector}"
+              else "disable-scdaemon"}
+            ${if hasSupervisorSupport
+              then "supervised"
+              else "no-detach\ndaemon"}
+            ${lib.optionalString cfg.agent.sshSupport "enable-ssh-support"}
+          '';
+        in "${cfg.package}/bin/gpg-agent --options ${configFile}";
 
         serviceConfig.ExecReload = toString [
           "${cfg.package}/bin/gpg-connect-agent"
-- 
cgit 1.4.1