From 7b512c94ffd714d18067257d08f7b5da6def947a Mon Sep 17 00:00:00 2001
From: Jim Fowler <kisonecat@gmail.com>
Date: Tue, 30 Aug 2022 14:18:36 -0400
Subject: [PATCH] gpg-agent: invert grab and no-grab behavior

The GNU Privacy Guard 2.3 man page for `gpg-agent` describes the
`--grab` and `--no-grab` options as follows:

> Tell the pinentry to grab the keyboard and mouse. This option should
> be used on X-Servers to avoid X-sniffing attacks. Any use of the
> option --grab overrides an used option --no-grab. The default is
> --no-grab.

Therefore Home Manager should explicitly output `grab` when
`cfg.grabKeyboardAndMouse` is true. Previously Home Manager emitted
`no-grab` when `cfg.grabKeyboardAndMouse` was false.

PR #3192
---
 modules/services/gpg-agent.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix
index 488675f66..ca70406f1 100644
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@@ -216,7 +216,7 @@ in {
     {
       home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n"
         (optional (cfg.enableSshSupport) "enable-ssh-support"
-          ++ optional (!cfg.grabKeyboardAndMouse) "no-grab"
+          ++ optional cfg.grabKeyboardAndMouse "grab"
           ++ optional (!cfg.enableScDaemon) "disable-scdaemon"
           ++ optional (cfg.defaultCacheTtl != null)
           "default-cache-ttl ${toString cfg.defaultCacheTtl}"