From 68921b0e807efbb4f64dced5fa624e91ade9413a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 14 Jan 2024 17:09:06 +0000
Subject: [PATCH] gpg-agent: migrate to 'pinentryPackage'

This follows upstream's module change [1], which allows setting any
package as a pinentry program.

[1]: https://github.com/NixOS/nixpkgs/pull/133542
---
 modules/misc/news.nix                            |  9 +++++++++
 modules/services/gpg-agent.nix                   | 16 ++++++++++------
 .../services/gpg-agent/default-homedir.nix       |  2 +-
 .../services/gpg-agent/override-homedir.nix      |  2 +-
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/modules/misc/news.nix b/modules/misc/news.nix
index 849ac9421..0b8588616 100644
--- a/modules/misc/news.nix
+++ b/modules/misc/news.nix
@@ -1443,6 +1443,15 @@ in {
           A new module is available: 'programs.joplin-desktop'.
         '';
       }
+
+      {
+        time = "2024-03-14T07:22:09+00:00";
+        condition = config.services.gpg-agent.enable;
+        message = ''
+          'services.gpg-agent.pinentryFlavor' has been removed and replaced by
+          'services.gpg-agent.pinentryPackage'.
+        '';
+      }
     ];
   };
 }
diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix
index 685698b77..a5d894157 100644
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@@ -81,6 +81,11 @@ let
 in {
   meta.maintainers = [ maintainers.rycee ];
 
+  imports = [
+    (mkRemovedOptionModule [ "services" "gpg-agent" "pinentryFlavor" ]
+      "Use services.gpg-agent.pinentryPackage instead")
+  ];
+
   options = {
     services.gpg-agent = {
       enable = mkEnableOption "GnuPG private key agent";
@@ -192,10 +197,9 @@ in {
           configuration file.
         '';
       };
-
-      pinentryFlavor = mkOption {
-        type = types.nullOr (types.enum pkgs.pinentry.flavors);
-        example = "gnome3";
+      pinentryPackage = mkOption {
+        type = types.nullOr types.package;
+        example = literalExpression "pkgs.pinentry-gnome3";
         default = null;
         description = ''
           Which pinentry interface to use. If not
@@ -243,8 +247,8 @@ in {
           "max-cache-ttl ${toString cfg.maxCacheTtl}"
           ++ optional (cfg.maxCacheTtlSsh != null)
           "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
-          ++ optional (cfg.pinentryFlavor != null)
-          "pinentry-program ${pkgs.pinentry.${cfg.pinentryFlavor}}/bin/pinentry"
+          ++ optional (cfg.pinentryPackage != null)
+          "pinentry-program ${lib.getExe pinentryPackage}"
           ++ [ cfg.extraConfig ]);
 
       home.sessionVariablesExtra = optionalString cfg.enableSshSupport ''
diff --git a/tests/modules/services/gpg-agent/default-homedir.nix b/tests/modules/services/gpg-agent/default-homedir.nix
index 9e21eb6db..29efddac4 100644
--- a/tests/modules/services/gpg-agent/default-homedir.nix
+++ b/tests/modules/services/gpg-agent/default-homedir.nix
@@ -5,7 +5,7 @@ with lib;
 {
   config = {
     services.gpg-agent.enable = true;
-    services.gpg-agent.pinentryFlavor = null; # Don't build pinentry package.
+    services.gpg-agent.pinentryPackage = null; # Don't build pinentry package.
     programs.gpg.enable = true;
 
     test.stubs.gnupg = { };
diff --git a/tests/modules/services/gpg-agent/override-homedir.nix b/tests/modules/services/gpg-agent/override-homedir.nix
index 1a314e414..c50786739 100644
--- a/tests/modules/services/gpg-agent/override-homedir.nix
+++ b/tests/modules/services/gpg-agent/override-homedir.nix
@@ -5,7 +5,7 @@ with lib;
 {
   config = {
     services.gpg-agent.enable = true;
-    services.gpg-agent.pinentryFlavor = null; # Don't build pinentry package.
+    services.gpg-agent.pinentryPackage = null; # Don't build pinentry package.
     programs.gpg = {
       enable = true;
       homedir = "/path/to/hash";