From cbaeb4e1e1a1152fbaa23fc11c6e8f523b8a8a39 Mon Sep 17 00:00:00 2001 From: Ayman Bagabas Date: Fri, 27 Sep 2024 14:43:17 +0200 Subject: [PATCH] gpg-agent: use the canonical path for sockets on macOS GnuPG on macOS uses the canonical path for sockets --- modules/services/gpg-agent.nix | 9 ++++++--- tests/modules/services/gpg-agent/expected-agent.plist | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix index 0f7b82639..988c009a1 100644 --- a/modules/services/gpg-agent.nix +++ b/modules/services/gpg-agent.nix @@ -43,7 +43,9 @@ let else "d.${hash}/${dir}"; in if pkgs.stdenv.isDarwin then - "/private/var/run/org.nix-community.home.gpg-agent/${subdir}" + # macOS GnuPG sockets always use the canonical path. + # See #3864 + "${homedir}/${subdir}" else "%t/gnupg/${subdir}"; @@ -355,8 +357,9 @@ in { launchd.agents.gpg-agent = { enable = true; config = { - ProgramArguments = [ "${gpgPkg}/bin/gpg-agent" "--supervised" ] - ++ optional cfg.verbose "--verbose"; + # macOS doesn't like the "--supervised" option + ProgramArguments = [ "${gpgPkg}/bin/gpgconf" "--launch" "gpg-agent" ] + ++ optionals cfg.verbose [ "--verbose" ]; EnvironmentVariables = { GNUPGHOME = homedir; }; KeepAlive = { Crashed = true; diff --git a/tests/modules/services/gpg-agent/expected-agent.plist b/tests/modules/services/gpg-agent/expected-agent.plist index 5843ff449..2a1298d7d 100644 --- a/tests/modules/services/gpg-agent/expected-agent.plist +++ b/tests/modules/services/gpg-agent/expected-agent.plist @@ -32,7 +32,7 @@ SockPathMode 384 SockPathName - /private/var/run/org.nix-community.home.gpg-agent/d.wp4h7ks5zxy4dodqadgpbbpz/S.gpg-agent + /path/to/hash/d.wp4h7ks5zxy4dodqadgpbbpz/S.gpg-agent SockType stream