From 4367119ca3e295513a71eafe839296410a73dbf0 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sat, 21 Aug 2021 01:43:41 -0400 Subject: [PATCH] local gpg-agent acting as ssh-agent should yield (#667) (#2253) * gpg-agent: local agent acting as ssh-agent should yield This happens commonly if someone using home manager with gpg-agent acting as ssh-agent on both machines. @rycee brought up how gpg-itself has some support for agents on both ends, but in that case one is forwarding the gpg-agent socket rather than forwardning the gpg-agent-as-ssh-agent socket. There is no need to forward both. So I think this is a good default: - Forward just gpg-agent socket and this doesn't matter. - Forward just the ssh-agent socket and this does the right thing. - Forward both sockets and now the ssh one takes priority instead, but forwarding both was always a silly thing to do. Fix #667 * Update modules/services/gpg-agent.nix Co-authored-by: Nicolas Berbiche Co-authored-by: Nicolas Berbiche --- modules/services/gpg-agent.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix index 785c23b4b..644690a8d 100644 --- a/modules/services/gpg-agent.nix +++ b/modules/services/gpg-agent.nix @@ -203,10 +203,11 @@ in [ cfg.extraConfig ] ); - home.sessionVariables = - optionalAttrs cfg.enableSshSupport { - SSH_AUTH_SOCK = "$(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)"; - }; + home.sessionVariablesExtra = optionalString cfg.enableSshSupport '' + if [[ -z "$SSH_AUTH_SOCK" ]]; then + export SSH_AUTH_SOCK="$(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)" + fi + ''; programs.bash.initExtra = gpgInitStr; programs.zsh.initExtra = gpgInitStr;