[Nix-dev] GPG on NixOS
Daniel Bergey
bergey at alum.mit.edu
Sun Jul 20 18:26:24 CEST 2014
I use the following two lines in nixos/configuration.nix
services.xserver.startGnuPgAgent = true;
programs.ssh.startAgent = false # gpg agent takes over this role
This sets the path to pinentry automatically; the definition is in
nixpkgs/nixos/modules/services/x11/display-managers/default.nix
I don't know if there are reasons to prefer a per-profile config rather
than system-wide.
bergey
On 2014-07-18 at 07:42, Lluís Batlle i Rossell <viric at viric.name> wrote:
> You have to set gpg config to find the pinentry program. It finds it by absolute
> path iirc, /usr/bin/pinentry.
>
> A gpg config line can set up its absolute path (~/.gnupg/gpg.conf or so).
>
> Bye,
> Lluís.
>
> On Fri, Jul 18, 2014 at 02:36:19AM +0200, Mateusz Kowalczyk wrote:
>> Hi,
>>
>> I've been tryin to sign a git tag with my private key but I am failing:
>>
>> [shana at lenalee:~/programming/haddock]$ git tag -a -s
>> haddock-2.14.3-release -m "Haddock version 2.14.3 release"
>>
>> You need a passphrase to unlock the secret key for
>> user: "Mateusz Kowalczyk (Main key) <fuuzetsu at fuuzetsu.co.uk>"
>> 4096-bit RSA key, ID 2ADA9A97, created 2013-01-31
>>
>> gpg-agent[15413]: can't connect to the PIN entry module: IPC connect
>> call failed
>> gpg-agent[15413]: command get_passphrase failed: No pinentry
>> gpg: problem with the agent: No pinentry
>> gpg: skipped "2ADA9A97": Operation cancelled
>> gpg: signing failed: Operation cancelled
>> error: gpg failed to sign the data
>> error: unable to sign the tag
>>
>> I have used nix-env -i to install ‘pinentry’ but that changed nothing.
>> Looking online, I see a person on IRC with the same problem but when
>> trying to create a key which makes me think the whole thing is broken.
>>
>> Is anyone successfully using GPG on NixOS?
>>
>> A relevant question is why we have gnupg and gnupg1compat: how do they
>> differ and why do we need both? I notice that only gnupg1compat provides
>> a ‘gpg’ binary needed by git.
>>
>> --
>> Mateusz K.
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140720/ce0ccb4b/attachment.bin
More information about the nix-dev
mailing list