Package: guix-patches;
Reported by: Sébastien Farge <sebastien-farge <at> laposte.net>
Date: Tue, 15 Apr 2025 14:16:01 UTC
Severity: normal
Tags: patch
To reply to this bug, email your comments to 77826 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Tue, 15 Apr 2025 14:16:01 GMT) Full text and rfc822 format available.Sébastien Farge <sebastien-farge <at> laposte.net>:guix-patches <at> gnu.org.
(Tue, 15 Apr 2025 14:16:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Sébastien Farge <sebastien-farge <at> laposte.net> To: guix-patches <at> gnu.org Cc: Sébastien Farge <sebastien-farge <at> laposte.net> Subject: [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Tue, 15 Apr 2025 16:13:40 +0200
* gnu/home/services/gnupg.scm: New parameter.
* doc/guix.texi (GNU Privacy Guard): New description.
* gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if both works
Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
---
doc/guix.texi | 5 +
gnu/home/services/gnupg.scm | 18 ++-
gnu/tests/gnupg.scm | 246 ++++++++++++++++++++++++++++++++++++
3 files changed, 268 insertions(+), 1 deletion(-)
create mode 100644 gnu/tests/gnupg.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..46b2115aad 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -49076,6 +49076,11 @@ Whether to enable @acronym{SSH,secure shell} support. When true,
@command{ssh-agent} program, taking care of OpenSSH secret keys and
directing passphrase requests to the chosen Pinentry program.
+@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
+Whether to enable keyboxd and its keybox database instead of usual keyring. When true,
+@command{gpg-agent} call @command{keyboxd} who take care of keys management process and database.
+The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyboxd} for the switch to happen.
+
@item @code{default-cache-ttl} (default: @code{600}) (type: integer)
Time a cache entry is valid, in seconds.
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 7fc99f793a..f7691f38e0 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -31,6 +31,7 @@ (define-module (gnu home services gnupg)
home-gpg-agent-configuration-gnupg
home-gpg-agent-configuration-pinentry-program
home-gpg-agent-configuration-ssh-support?
+ home-gpg-agent-configuration-use-keyboxd?
home-gpg-agent-configuration-default-cache-ttl
home-gpg-agent-configuration-max-cache-ttl
home-gpg-agent-configuration-max-cache-ttl-ssh
@@ -66,6 +67,11 @@ (define-configuration/no-serialization home-gpg-agent-configuration
@command{gpg-agent} acts as a drop-in replacement for OpenSSH's
@command{ssh-agent} program, taking care of OpenSSH secret keys and directing
passphrase requests to the chosen Pinentry program.")
+ (use-keyboxd?
+ (boolean #f)
+ "Whether to enable keyboxd and its keybox database instead of usual keyring. When true,
+@command{gpg-agent} call @command{keyboxd} who take care of keys management process and database.
+The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyboxd} for the switch to happen.")
(default-cache-ttl
(integer 600)
"Time a cache entry is valid, in seconds.")
@@ -101,6 +107,13 @@ (define (home-gpg-agent-configuration-file config)
(number->string max-cache-ttl-ssh) "\n"
extra-content)))
+(define (home-gpg-common-configuration-file config)
+ "Return the @file{common.conf} file for @var{config}."
+ (match-record config <home-gpg-agent-configuration>
+ (use-keyboxd?)
+ (mixed-text-file "common.conf" "use-keyboxd\n")))
+
+
(define (home-gpg-agent-shepherd-services config)
"Return the possibly-empty list of Shepherd services for @var{config}."
(match-record config <home-gpg-agent-configuration>
@@ -134,7 +147,10 @@ (define (home-gpg-agent-shepherd-services config)
'())))
(define (home-gpg-agent-files config)
- `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config))))
+ (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)) '())))
+ (if (home-gpg-agent-configuration-use-keyboxd? config)
+ (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-file config)) files)
+ files)))
(define (home-gpg-agent-environment-variables config)
"Return GnuPG environment variables needed for @var{config}."
diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm
new file mode 100644
index 0000000000..6be26b0073
--- /dev/null
+++ b/gnu/tests/gnupg.scm
@@ -0,0 +1,246 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016-2022, 2024 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement <at> lassieur.org>
+;;; Copyright © 2017 Marius Bakke <mbakke <at> fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests gnupg)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services guix)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu services base)
+ #:use-module (gnu home)
+ #:use-module (gnu home services gnupg)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages base)
+ #:use-module (guix gexp)
+ #:export (%test-gnupg-keyboxd))
+
+(define %keyboxd-home
+ (home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))
+ ))
+
+(define %keyring-home
+ (home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820))))
+ %base-home-services))
+ ))
+
+(define %gnupg-os
+ (operating-system
+ (inherit (simple-operating-system (service guix-home-service-type `(("alice" ,%keyboxd-home)
+ ("bob" ,%keyring-home)))))
+
+ (users (cons*
+ (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (password (crypt "alice" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "bob")
+ (comment "Alice's brother")
+ (password (crypt "bob" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ ))
+
+(define* (run-gnupg-keyboxd-test)
+ "Run an OS using gnupg with and without keyboxd using 'use-keyboxd'? configuration option."
+ (define os
+ (marionette-operating-system
+ %gnupg-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette)
+ (guix build syscalls))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (guix build syscalls)
+ (srfi srfi-1)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (define (file-get-all-strings fname)
+ (marionette-eval '(use-modules (rnrs io ports)) marionette)
+ (wait-for-file fname marionette #:read 'get-string-all))
+
+ (define (vm-type cmd-or-list)
+ (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cmd-or-list))))
+ (for-each
+ (lambda (cmd) (marionette-type cmd marionette) (sleep 1))
+ cmd-list)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "gnupg-keyboxd")
+
+ (test-equal "Alice is logged on tty1"
+ "alice\n"
+ (begin
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'term-tty1))
+ marionette)
+ (vm-type (list
+ "alice\n"
+ "alice\n"
+ "id -un > alice.log\n"))
+ (file-get-all-strings "/home/alice/alice.log")))
+
+ (test-assert "Alice .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/alice/.gnupg")
+ marionette))
+
+ (test-equal "Alice gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf")))
+ marionette))
+
+ (test-equal "Alice common.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/alice/.gnupg/common.conf")
+ (stat:type (lstat "/home/alice/.gnupg/common.conf")))
+ marionette))
+
+ (test-equal "Alice common.conf has keyboxd option set"
+ "use-keyboxd\n"
+ (file-get-all-strings "/home/alice/.gnupg/common.conf"))
+
+ (test-equal "Alice create a key that is saved in keybox format"
+ '("[keyboxd]" "enjoyguix")
+ (begin
+ (vm-type (list "gpg --batch --passphrase '' --quick-gen-key '<enjoyguix>' ed25519\n"
+ "gpg --list-keys > keybox\n"))
+ (let* ((output (file-get-all-strings "/home/alice/keybox"))
+ (keyboxd-hdr (if (string-contains output "[keyboxd]") "[keyboxd]" "fail"))
+ (key-id (if (string-contains output "enjoyguix") "enjoyguix" "fail")))
+ (list keyboxd-hdr key-id))
+ )
+ )
+
+ (test-assert "Alice private keys are registered"
+ (marionette-eval
+ `(file-exists? "/home/alice/.gnupg/private-keys-v1.d")
+ marionette))
+
+ (test-equal "Alice has keyboxd running at home"
+ 0
+ (marionette-eval
+ `(system* #$(file-append procps "/bin/pgrep") "keyboxd")
+ marionette))
+
+ ;; bob use gpg-agent
+ (test-equal "Bob is logged now"
+ "bob\n"
+ (begin
+ (vm-type
+ (list
+ "exit\n"
+ "bob\n"
+ "bob\n"
+ "id -un > logged-in\n"))
+ (file-get-all-strings "/home/bob/logged-in")))
+
+ (test-equal "Bob is at home"
+ "/home/bob\n"
+ (begin
+ (vm-type (list "printenv \"HOME\" > home.bob\n"))
+ (file-get-all-strings "/home/bob/home.bob")
+ ))
+
+ (test-assert "Bob .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/bob/.gnupg")
+ marionette))
+
+ (test-equal "Bob gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/bob/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/bob/.gnupg/gpg-agent.conf")))
+ marionette))
+
+ (test-assert "Bob common.conf doesn't exists"
+ (marionette-eval
+ `(not (file-exists? "/home/bob/.gnupg/common.conf"))
+ marionette))
+
+ (test-equal "Bob create a key that is saved in a pubring"
+ '("pubring" "enjoyguix")
+ (begin
+ (vm-type (list "gpg --batch --passphrase '' --quick-gen-key '<enjoyguix>' ed25519\n"
+ "gpg --list-keys > keybox\n"))
+ (let* ((output (file-get-all-strings "/home/bob/keybox"))
+ (agent-hdr (if (string-contains output "/home/bob/.gnupg/pubring.kbx") "pubring" (format #f "fail with ~s" output)))
+ (key-id (if (string-contains output "enjoyguix") "enjoyguix" (format #f "fail with ~s" output))))
+ (list agent-hdr key-id))
+ )
+ )
+
+ (test-assert "Bob private keys are registered"
+ (marionette-eval
+ `(file-exists? "/home/bob/.gnupg/private-keys-v1.d")
+ marionette))
+
+ (test-equal "Bob has gpg-agent running at home"
+ 0
+ (marionette-eval
+ `(system* #$(file-append procps "/bin/pgrep") "gpg-agent")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "gnupg-keyboxd" test))
+
+(define %test-gnupg-keyboxd
+ (system-test
+ (name "gnupg-keyboxd")
+ (description "Test gnupg using keyboxd or keyring.")
+ (value (run-gnupg-keyboxd-test))))
+
+
--
2.48.1
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Wed, 16 Apr 2025 16:27:03 GMT) Full text and rfc822 format available.Message #8 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Sébastien Farge <sebastien-farge <at> laposte.net> Cc: 77826 <at> debbugs.gnu.org Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Wed, 16 Apr 2025 17:45:29 +0200
Hi Sébastien,
Sébastien Farge <sebastien-farge <at> laposte.net> writes:
> * gnu/home/services/gnupg.scm: New parameter.
> * doc/guix.texi (GNU Privacy Guard): New description.
> * gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if both works
>
> Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
Nice!
Overall LGTM. Some comments below.
Please add the new file to ‘gnu/local.mk’ next to its friends.
> +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
> +Whether to enable keyboxd and its keybox database instead of usual keyring. When true,
> +@command{gpg-agent} call @command{keyboxd} who take care of keys management process and database.
“@command{gpg-agent} spawns a separate @command{keyboxd} process, which
is responsible for managing the key database.”
Nitpick: Please leave two spaces after end-of-sentence periods.
It’s the first time I hear about keyboxd and the gnupg manual doesn’t
say much about it. When would you set it to #true?
> +(define (home-gpg-common-configuration-file config)
> + "Return the @file{common.conf} file for @var{config}."
> + (match-record config <home-gpg-agent-configuration>
> + (use-keyboxd?)
> + (mixed-text-file "common.conf" "use-keyboxd\n")))
You can remove ‘match-record’ altogether.
> +++ b/gnu/tests/gnupg.scm
> @@ -0,0 +1,246 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016-2022, 2024 Ludovic Courtès <ludo <at> gnu.org>
> +;;; Copyright © 2017, 2018 Clément Lassieur <clement <at> lassieur.org>
> +;;; Copyright © 2017 Marius Bakke <mbakke <at> fastmail.com>
I think this is inaccurate. :-)
Very nice that you wrote tests for this!
> + (service home-gpg-agent-service-type
> + (home-gpg-agent-configuration
> + (default-cache-ttl 820))))
> + %base-home-services))
> + ))
No lonely parens please (throughout this file.)
> +(define %gnupg-os
> + (operating-system
> + (inherit (simple-operating-system (service guix-home-service-type `(("alice" ,%keyboxd-home)
> + ("bob" ,%keyring-home)))))
> +
Please insert a newline after ‘simple-operating-system’.
> + (define (file-get-all-strings fname)
s/file-get-all-strings/file-contents/ maybe?
And s/fname/file/ (this is what’s usually done).
> + (define (vm-type cmd-or-list)
> + (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cmd-or-list))))
Avoid polymorphic procedures; have it take either a list of a string.
> +(define %test-gnupg-keyboxd
> + (system-test
> + (name "gnupg-keyboxd")
> + (description "Test gnupg using keyboxd or keyring.")
s/gnupg/GnuPG/
“using both keyboxd and a local keyring” maybe?
Could you send an updated patch?
Thanks!
Ludo’.
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Wed, 16 Apr 2025 17:24:09 GMT) Full text and rfc822 format available.Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Gabriel Santos <gabrielsantosdesouza <at> disroot.org> To: guix-patches <at> gnu.org, Ludovic Courtès <ludo <at> gnu.org>, Sébastien Farge <sebastien-farge <at> laposte.net> Cc: 77826 <at> debbugs.gnu.org Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Wed, 16 Apr 2025 14:23:05 -0300
>It’s the first time I hear about keyboxd and the gnupg manual doesn’t >say much about it. When would you set it to #true? It's the first time for me too. I tried to look into the Arch wiki[1] (which is what I read when I'm too lazy for the documentation), and found no information. [1] <https://wiki.archlinux.org/title/GnuPG#gpg-agent> -- Gabriel Santos
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Wed, 16 Apr 2025 17:24:13 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Wed, 16 Apr 2025 17:45:09 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Wed, 16 Apr 2025 17:45:15 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Thu, 17 Apr 2025 17:52:06 GMT) Full text and rfc822 format available.Message #23 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: sebastien-farge <at> laposte.net To: Gabriel Santos <gabrielsantosdesouza <at> disroot.org>, Ludovic Courtès <ludo <at> gnu.org> Cc: 77826 <at> debbugs.gnu.org Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Thu, 17 Apr 2025 19:51:40 +0200 (CEST)
[Message part 1 (text/plain, inline)]
Hello Gabriel, hello Ludovic, We can find a little explanation in info gpg2 - GPG Configuration (4.3 Configuration Files) 'common.conf' This is an optional configuration file read by 'gpg' on startup. It may contain options pertaining to all components of GnuPG. Its current main use is for the "use-keyboxd" option. If the default home directory '~/.gnupg' does not exist, GnuPG creates this directory and a 'common.conf' file with "use-keyboxd". We can see that keyboxd is now the default agent (it replace gpg-agent) for newcomers like me :) And to be honest i don't know much more. In my hurry to contribute to Guix i thougth a boolean parameter wil be ok, but looking for an answer at your question shows that it may not be a good idea. Because it is not possible to use gnupg without keyboxd if you don't already have a keyring, and so the false alternative is a no-go. What may be useful is that it helps having the common.conf in the store. So i will send a correct patch, in case. Sébastien. De : "Gabriel Santos" <gabrielsantosdesouza <at> disroot.org> A : guix-patches <at> gnu.org,"Ludovic Courtès" <ludo <at> gnu.org>,"Sébastien Farge" <sebastien-farge <at> laposte.net>,77826 <at> debbugs.gnu.org Envoyé: mercredi 16 Avril 2025 19:44 Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. >It’s the first time I hear about keyboxd and the gnupg manual doesn’t >say much about it. When would you set it to #true? It's the first time for me too. I tried to look into the Arch wiki[1] (which is what I read when I'm too lazy for the documentation), and found no information. [1] -- Gabriel Santos
[Message part 2 (text/html, inline)]
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Thu, 17 Apr 2025 19:50:05 GMT) Full text and rfc822 format available.Message #26 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: sebastien-farge <at> laposte.net Cc: 77826 <at> debbugs.gnu.org, Gabriel Santos <gabrielsantosdesouza <at> disroot.org> Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Thu, 17 Apr 2025 21:32:46 +0200
Hello, sebastien-farge <at> laposte.net writes: > We can find a little explanation in info gpg2 - GPG Configuration (4.3 Configuration Files) [...] > We can see that keyboxd is now the default agent (it replace gpg-agent) for newcomers like me :) And to be honest i don't know > much more. Hmm, I saw that, though I didn’t interpret it as being a replacement of ‘gpg-agent’, but maybe it is? This is all incredibly blurry. > In my hurry to contribute to Guix i thougth a boolean parameter wil be ok, but looking for an answer at your question shows that it > may not be a good idea. Because it is not possible to use gnupg without keyboxd if you don't already have a keyring, and so the false > alternative is a no-go. Why? Because gpg would not work without keyboxd in some cases? Ludo’.
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Thu, 17 Apr 2025 20:14:02 GMT) Full text and rfc822 format available.Message #29 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: sebastien-farge <at> laposte.net To: Ludovic Courtès <ludo <at> gnu.org> Cc: 77826 <at> debbugs.gnu.org, Gabriel Santos <gabrielsantosdesouza <at> disroot.org> Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Thu, 17 Apr 2025 22:12:43 +0200 (CEST)
[Message part 1 (text/plain, inline)]
...what i meant is that opting for false in the use-keyboxd? parameter will not prevent GnuPG to use keyboxd anyway, if you init a new GnuPG environment. (sorry for this two steps answer) De : "Ludovic Courtès" <ludo <at> gnu.org> A : sebastien-farge <at> laposte.net,"Gabriel Santos" <gabrielsantosdesouza <at> disroot.org>,77826 <at> debbugs.gnu.org Envoyé: jeudi 17 Avril 2025 21:49 Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Hello, sebastien-farge <at> laposte.net writes: > We can find a little explanation in info gpg2 - GPG Configuration (4.3 Configuration Files) [...] > We can see that keyboxd is now the default agent (it replace gpg-agent) for newcomers like me :) And to be honest i don't know > much more. Hmm, I saw that, though I didn’t interpret it as being a replacement of ‘gpg-agent’, but maybe it is? This is all incredibly blurry. > In my hurry to contribute to Guix i thougth a boolean parameter wil be ok, but looking for an answer at your question shows that it > may not be a good idea. Because it is not possible to use gnupg without keyboxd if you don't already have a keyring, and so the false > alternative is a no-go. Why? Because gpg would not work without keyboxd in some cases? Ludo’.
[Message part 2 (text/html, inline)]
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Fri, 09 May 2025 07:26:04 GMT) Full text and rfc822 format available.Message #32 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: sebastien-gp <at> laposte.net To: 77826 <at> debbugs.gnu.org Cc: Sébastien Farge <sebastien-gp <at> laposte.net> Subject: [PATCH v2] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Thu, 8 May 2025 21:54:34 +0200
From: Sébastien Farge <sebastien-gp <at> laposte.net>
Hello Ludo,
here is the patch reviewed with your help.
At last, after some experimentations, it looks like option use-keyboxd? can do its job.
keyboxd is a daemon that keeps track of users keys (and certificates) with an sqlite database, and leaves out the keyring file(s).
So you have to choose or the new database, or the file keyring, and the 'use-keyboxd?' option will allow exactly that.
It means that one will have to migrate previous knowing keys if use-keyboxd is activated. May be we could expect the option to do the migration for us ? A shell snippet is given in the README file of GnuPG in the section 'keys database daemon'. I pobably won't be able to implement this in guix process.
Tests contains main uses case, i think. But, i didn't test the case when ssh-support? is on, cause i don't know how to proceed.
I took a long time to answer, i'm sorry, i had to learn in between a lot of things about guile, guix, gexp (and even struggle with emacs, gnus, msmtp, and more...) but it's good !
Sébastien.
PS : i hope i didn't break the thread but i've lost your previous message.
____________________
* gnu/home/services/gnupg.scm: New parameter.
* doc/guix.texi (GNU Privacy Guard): New description.
* gnu/tests/gnupg.scm: four scenarii,
1) use-keyboxd? true, no keyring
2) use-keyboxd? unset, no keyring
3) use-keyboxd? false, legacy pubring.gpg
4) use-keyboxd? true, legacy pubring.gpg
Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
---
doc/guix.texi | 14 ++
gnu/home/services/gnupg.scm | 17 +-
gnu/local.mk | 1 +
gnu/tests/gnupg.scm | 432 ++++++++++++++++++++++++++++++++++++
4 files changed, 463 insertions(+), 1 deletion(-)
create mode 100644 gnu/tests/gnupg.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index 889eab2ab3..16600d4d77 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -50045,6 +50045,20 @@ Whether to enable @acronym{SSH,secure shell} support. When true,
@command{ssh-agent} program, taking care of OpenSSH secret keys and
directing passphrase requests to the chosen Pinentry program.
+@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
+Choose true if you want to use the new keys database daemon
+managed by @command{keyboxd} ---as it is by default on a fresh
+install since GnuPG 2.4.1--- instead of keyring file(s).
+The @file{~/.gnupg/common.conf} is created with parameter
+@code{use-keyboxd} set for the switch to happen
+(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}).
+Caution: keys kept in a previous pubring file has to be imported in
+the keyboxd database or will be ignored (For more informations
+please refer to the GnuPG README file at section `Keys database daemon`).
+When false @command{keyboxd} is not used and @command{gpg-agent}
+will manage keys in usual keyring file (legacy
+@file{pubring.gpg}, or newer @file{pubring.kbx}).
+
@item @code{default-cache-ttl} (default: @code{600}) (type: integer)
Time a cache entry is valid, in seconds.
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 7fc99f793a..88bbdc6ccf 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -31,6 +31,7 @@ (define-module (gnu home services gnupg)
home-gpg-agent-configuration-gnupg
home-gpg-agent-configuration-pinentry-program
home-gpg-agent-configuration-ssh-support?
+ home-gpg-agent-configuration-use-keyboxd?
home-gpg-agent-configuration-default-cache-ttl
home-gpg-agent-configuration-max-cache-ttl
home-gpg-agent-configuration-max-cache-ttl-ssh
@@ -66,6 +67,12 @@ (define-configuration/no-serialization home-gpg-agent-configuration
@command{gpg-agent} acts as a drop-in replacement for OpenSSH's
@command{ssh-agent} program, taking care of OpenSSH secret keys and directing
passphrase requests to the chosen Pinentry program.")
+ (use-keyboxd?
+ (boolean #f)
+ "Set it to true if you use keyboxd agent and want its configuration file @file{~/.gnupg/common.conf}
+be saved in the store. Note that choosing #f will not prevent GnuPG to use keyboxd if you init a new
+GnuPG environment.
+The @file{~/.gnupg/common.conf} is created in the store with parameter @code{use-keyboxd}.")
(default-cache-ttl
(integer 600)
"Time a cache entry is valid, in seconds.")
@@ -101,6 +108,11 @@ (define (home-gpg-agent-configuration-file config)
(number->string max-cache-ttl-ssh) "\n"
extra-content)))
+(define (home-gpg-common-configuration-file config)
+ "Return the @file{common.conf} file for @var{config}."
+ (mixed-text-file "common.conf" "use-keyboxd\n"))
+
+
(define (home-gpg-agent-shepherd-services config)
"Return the possibly-empty list of Shepherd services for @var{config}."
(match-record config <home-gpg-agent-configuration>
@@ -134,7 +146,10 @@ (define (home-gpg-agent-shepherd-services config)
'())))
(define (home-gpg-agent-files config)
- `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config))))
+ (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)) '())))
+ (if (home-gpg-agent-configuration-use-keyboxd? config)
+ (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-file config)) files)
+ files)))
(define (home-gpg-agent-environment-variables config)
"Return GnuPG environment variables needed for @var{config}."
diff --git a/gnu/local.mk b/gnu/local.mk
index e6ece8cc48..d922acaa80 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -856,6 +856,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/foreign.scm \
%D%/tests/ganeti.scm \
%D%/tests/gdm.scm \
+ %D%/tests/gnupg.scm \
%D%/tests/guix.scm \
%D%/tests/monitoring.scm \
%D%/tests/nfs.scm \
diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm
new file mode 100644
index 0000000000..ede49cc0b9
--- /dev/null
+++ b/gnu/tests/gnupg.scm
@@ -0,0 +1,432 @@
+
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016-2022, 2024 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2025 Sébastien Farge <sebastien-farge <at> laposte.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests gnupg)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services guix)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu services base)
+ #:use-module (gnu home)
+ #:use-module (gnu home services)
+ #:use-module (gnu home services gnupg)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages base)
+ #:use-module (guix gexp)
+ #:use-module (rnrs io ports)
+ #:export (%test-gnupg-keyboxd))
+
+;;; A FAIRE
+;;; Déplacer le fichier de charles dans le home de dorothee en changeant owner et groupe
+
+
+(define %gnupg-os
+ (operating-system
+ (inherit (simple-operating-system
+ (service guix-home-service-type
+ ;; keyboxd, no keyring
+ `(("alice" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))))
+ ;; keyboxd unset, no keyring
+ ("bob" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820))))
+ %base-home-services))))
+ ;; keyboxd false, but legacy keyring.gpg
+ ("charles" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (use-keyboxd? #f)
+ (default-cache-ttl 820))))
+ %base-home-services))))
+ ;; keyboxd true, but legacy keyring.gpg
+ ("dorothee" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))))))))
+
+ (users (cons*
+ (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (password (crypt "alice" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "bob")
+ (comment "Alice's brother")
+ (password (crypt "bob" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "charles")
+ (comment "Alice's best friend")
+ (password (crypt "charles" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "dorothee")
+ (comment "Charle's best friend")
+ (password (crypt "dorothee" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))))
+
+(define* (run-gnupg-keyboxd-test)
+ "Run an OS to test four situations related to 'use-keyboxd?' option :
+- Alice : 'use-keyboxd?' true, and has no keyring yet.
+- Bob : 'use-keyboxd?' unset, and has no keyring.
+- Charles 'use-keyboxd?' false, has a legacy keyring.gpg
+- Dorothee 'use-keyboxd?' true, has a legacy keyring.gpg."
+ (define os
+ (marionette-operating-system
+ %gnupg-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette)
+ (guix build syscalls))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (guix build syscalls)
+ (srfi srfi-1)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (define (marionette-login-user user)
+ (let ((login (format #f "~a\n" user))
+ (file-log (format #f "/home/~a/logged-in" user)))
+ (for-each
+ (lambda (cmd) (marionette-type cmd marionette) (sleep 1))
+ (list login login
+ "id -un > logged-in\n"
+ "printenv \"HOME\" >> logged-in\n"))
+ (marionette-eval '(use-modules (rnrs io ports)) marionette)
+ (wait-for-file file-log marionette #:read 'get-string-all)))
+
+ (define (marionette-create-keyring-for user)
+ "Ask GnuPG to create a legacy keyring 'pubring.gpg' for USER, and add a default key in it."
+ (marionette-eval
+ `(begin
+ ;; --chuid, root plays gpg user's role
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--no-default-keyring"
+ "--keyring" "pubring.gpg"
+ "--fingerprint")
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--batch"
+ "--passphrase" "''"
+ "--quick-gen-key" "<guiliguilix <at> gnu.org>" "ed25519"))
+ marionette))
+
+ (define (marionette-create-gpgkey-for user)
+ "Ask GnuPG to create and save a new gpg key for USER."
+ (marionette-eval
+ `(begin
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--batch"
+ "--passphrase" "''"
+ "--quick-gen-key" "<enjoy-guix <at> gnu.org>" "ed25519"))
+ marionette))
+
+ (define (marionette-list-keys-for user)
+ "Ask GnuPG to list the USER's keys."
+ (marionette-eval
+ `(begin
+ (use-modules (ice-9 popen)
+ (ice-9 textual-ports))
+ (let* ((port (open-input-pipe
+ (format #f "~a -q --chuid ~a --list-keys"
+ #$(file-append gnupg "/bin/gpg")
+ ,user)))
+ (str (get-string-all port)))
+ (close-pipe port)
+ str))
+ marionette))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "gnupg-keyboxd")
+
+ ;; start tty1
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'term-tty1))
+ marionette)
+ (sleep 1)
+
+ ;;
+ ;; Alice tests : : 'use-keyboxd?' true, no keyring
+ ;;
+
+ ;; ALice logs in to initiate gnupg environment
+ ;; according to its gnupg home service.
+ (test-equal "Alice : 'use-keyboxd?' is true, no keyring, she is now logged on tty1"
+ "alice\n/home/alice\n"
+ (marionette-login-user "alice"))
+
+ ;; The rest of the tests can be done without user.
+ (test-assert "Alice : .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/alice/.gnupg")
+ marionette))
+
+ (test-equal "Alice : gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf")))
+ marionette))
+
+ (test-equal "Alice : common.conf exists, is a symlink, and contains 'use-keyboxd'"
+ '(#t symlink "use-keyboxd")
+ (marionette-eval
+ `(begin
+ (use-modules (ice-9 rdelim))
+ (list (file-exists? "/home/alice/.gnupg/common.conf")
+ (stat:type (lstat "/home/alice/.gnupg/common.conf"))
+ (call-with-input-file "/home/alice/.gnupg/common.conf" read-line)))
+ marionette))
+
+ (test-equal "Alice : create a key that is saved in keyboxd database."
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "alice")
+ (let ((keylist-str (marionette-list-keys-for "alice")))
+ (list
+ (= 0 (string-contains keylist-str "[keyboxd]"))
+ (< 0(string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-assert "Alice : No 'pubring.kbx' file is created"
+ (marionette-eval
+ `(not (file-exists? "/home/alice/.gnupg/pubring.kbx"))
+ marionette))
+
+ (test-equal "Alice : 'keyboxd' and 'gpg-agent' are running"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent")))
+ marionette))
+
+ (test-equal "kill 'gpg-agent', and 'keyboxd'"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pkill") "gpg-agent"))
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pkill") "keyboxd")))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+ ;;
+ ;; Bob tests : 'use-keyboxd?' unset, no keyring.
+ ;;
+
+ (test-equal "Bob : 'use-keyboxd?' is not set, no keyring, and is now logged on tty1"
+ "bob\n/home/bob\n"
+ (marionette-login-user "bob"))
+
+ (test-assert "Bob : .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/bob/.gnupg")
+ marionette))
+
+ (test-equal "Bob : gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/bob/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/bob/.gnupg/gpg-agent.conf")))
+ marionette))
+
+ (test-assert "Bob : common.conf is NOT created"
+ (marionette-eval
+ `(not (file-exists? "/home/bob/.gnupg/common.conf"))
+ marionette))
+
+ (test-equal "Bob : create a key, gpg saved it in 'pubring.kbx' not in keyboxd database."
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "bob")
+ (let ((keylist-str (marionette-list-keys-for "bob")))
+ (list
+ (= 0(string-contains keylist-str "/home/bob/.gnupg/pubring.kbx"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-equal "Bob : 'keyboxd' is NOT running"
+ 1
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Bob : 'gpg-agent' is running, kill it"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pkill") "gpg-agent")))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+ ;;
+ ;; Charles tests : : 'use-keyboxd?' unset, a legacy keyring pubring.gpg
+ ;;
+
+ (marionette-create-keyring-for "charles")
+
+ (test-equal "Charles : 'use-keyboxd?' is not set, has a legacy pubring.gpg. He is now logged"
+ "charles\n/home/charles\n"
+ (marionette-login-user "charles"))
+
+
+ (test-equal "Charles : create a key, saved in its legacy pubring.gpg"
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "charles")
+ (let ((keylist-str (marionette-list-keys-for "charles")))
+ (list
+ (= 0 (string-contains keylist-str "/home/charles/.gnupg/pubring.gpg"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-equal "Charles : 'keyboxd' is NOT in use"
+ 1
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Charles : 'gpg-agent' is running"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+ ;;
+ ;; Dorothee tests : 'use-keyboxd?' true, a legacy keyring pubring.gpg
+ ;;
+
+ ;;(marionette-create-keyring-for "dorothee")
+ ;; => gpg don't allow creating keyring when 'use-keyboxd' is set.
+ ;; hack and use charles's keyring
+ (marionette-eval
+ '(let ((dorothee (getpw "dorothee")))
+ (copy-file "/home/charles/.gnupg/pubring.gpg" "/home/dorothee/.gnupg/pubring.gpg")
+ (chown "/home/dorothee/.gnupg/pubring.gpg" (passwd:uid dorothee) (passwd:gid dorothee)))
+ marionette)
+
+ (test-equal "Dorothee : 'use-keyboxd?' is true, but has a legacy pubring.gpg. She is now logged"
+ "dorothee\n/home/dorothee\n"
+ (marionette-login-user "dorothee"))
+
+ (test-equal "Dorothee : create a key, gpg ignore the legacy pubring.gpg and saved it in its keyboxd database."
+ '(#t #t #f)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "dorothee")
+ (let ((keylist-str (marionette-list-keys-for "dorothee")))
+ (list
+ (= 0 (string-contains keylist-str "[keyboxd]"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))
+ (string-contains keylist-str "guiliguilix <at> gnu.org")))))
+
+ (test-equal "Dorothee : 'keyboxd' is in use"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Dorothee : 'gpg-agent' is running"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+ (test-end))))
+
+ (gexp->derivation "gnupg-keyboxd" test))
+
+(define %test-gnupg-keyboxd
+ (system-test
+ (name "gnupg-keyboxd")
+ (description "Test GnuPG with and without use-keyboxd option.")
+ (value (run-gnupg-keyboxd-test))))
+
+
base-commit: ec95c71c01144fcae1a3d079e0d0aec6087b9d2a
--
2.48.1
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Mon, 12 May 2025 08:55:02 GMT) Full text and rfc822 format available.Message #35 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: sebastien-gp <at> laposte.net Cc: 77826 <at> debbugs.gnu.org Subject: Re: bug#77826: [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Mon, 12 May 2025 10:33:13 +0200
Hi Sébastien,
sebastien-gp <at> laposte.net writes:
> * gnu/home/services/gnupg.scm: New parameter.
> * doc/guix.texi (GNU Privacy Guard): New description.
> * gnu/tests/gnupg.scm: four scenarii,
> 1) use-keyboxd? true, no keyring
> 2) use-keyboxd? unset, no keyring
> 3) use-keyboxd? false, legacy pubring.gpg
> 4) use-keyboxd? true, legacy pubring.gpg
Nice. Some comments below.
> +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
> +Choose true if you want to use the new keys database daemon
> +managed by @command{keyboxd} ---as it is by default on a fresh
^
extra space here.
s/as it is by default/the default setting/
> +install since GnuPG 2.4.1--- instead of keyring file(s).
^
extra space
> +The @file{~/.gnupg/common.conf} is created with parameter
> +@code{use-keyboxd} set for the switch to happen
> +(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}).
> +Caution: keys kept in a previous pubring file has to be imported in
Please insert a newline before “Caution.”
Also, you might want to enclose the warning like this:
@quotation Warning
Keys kept in a previous pubring file…
@end quotation
s/has to be imported/have to be imported/ ?
> +the keyboxd database or will be ignored (For more informations
s/For more informations/for more information/ (singular)
> +please refer to the GnuPG README file at section `Keys database daemon`).
“please refer to the ``Keys database daemon'' section of GnuPG's
@file{README} file”
> +++ b/gnu/tests/gnupg.scm
> @@ -0,0 +1,432 @@
> +
Extra newline here. :-)
Please add the file to gnu/local.mk.
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016-2022, 2024 Ludovic Courtès <ludo <at> gnu.org>
You can drop this line.
> +;;; A FAIRE
> +;;; Déplacer le fichier de charles dans le home de dorothee en changeant owner et groupe
Leftover comment?
> +(define* (run-gnupg-keyboxd-test)
> + "Run an OS to test four situations related to 'use-keyboxd?' option :
> +- Alice : 'use-keyboxd?' true, and has no keyring yet.
> +- Bob : 'use-keyboxd?' unset, and has no keyring.
> +- Charles 'use-keyboxd?' false, has a legacy keyring.gpg
> +- Dorothee 'use-keyboxd?' true, has a legacy keyring.gpg."
No space before colon (unlike in French :-)).
> + ;; The rest of the tests can be done without user.
> + (test-assert "Alice : .gnupg dir is created"
> + (marionette-eval
> + `(file-exists? "/home/alice/.gnupg")
> + marionette))
> +
> + (test-equal "Alice : gpg-agent.conf exists and is a symlink"
> + 'symlink
> + (marionette-eval
> + `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf")
> + (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf")))
> + marionette))
> +
> + (test-equal "Alice : common.conf exists, is a symlink, and contains 'use-keyboxd'"
> + '(#t symlink "use-keyboxd")
> + (marionette-eval
> + `(begin
> + (use-modules (ice-9 rdelim))
> + (list (file-exists? "/home/alice/.gnupg/common.conf")
> + (stat:type (lstat "/home/alice/.gnupg/common.conf"))
> + (call-with-input-file "/home/alice/.gnupg/common.conf" read-line)))
> + marionette))
I would be tempted to drop these three tests (also where duplicated
below for Dorothée and Charles and Bob) because they just mirror the
code, and thus that’s a lot of line for a very low “bug-finding
performance”.
> + (test-equal "kill 'gpg-agent', and 'keyboxd'"
> + '(0 0)
> + (marionette-eval
> + `(list
> + (status:exit-val
> + (system* #$(file-append procps "/bin/pkill") "gpg-agent"))
> + (status:exit-val
> + (system* #$(file-append procps "/bin/pkill") "keyboxd")))
> + marionette))
You can omit ‘status:exit-val’ calls.
> + ;; Close user session.
> + (marionette-type "exit\n" marionette)
> + (sleep 1)
‘sleep’? Can this be removed?
Could you send an updated patch?
Thanks for coming up with nice tests!
Ludo’.
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Tue, 20 May 2025 00:07:01 GMT) Full text and rfc822 format available.Message #38 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: Gabriel Santos <gabrielsantosdesouza <at> disroot.org> To: sebastien-gp <at> laposte.net, 77826 <at> debbugs.gnu.org Cc: ludo <at> gnu.org, Sébastien Farge <sebastien-farge <at> laposte.net> Subject: Re: [PATCH v3] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Mon, 19 May 2025 21:06:17 -0300
Em 19 de maio de 2025 16:03:20 BRT, sebastien-gp <at> laposte.net escreveu: >PS : Hello Gabriel, you answered the first patch, as i lost the thread, i'm sending you the message again, > in case you're still interested by the subject . I'm subscribed to the guix-patches mailing list, so I was kind of watching this in silence :p. I have to say, this is much clearer now, nice patch! I'll move to this when this patch is merged. -- Gabriel Santos
guix-patches <at> gnu.org:bug#77826; Package guix-patches.
(Tue, 20 May 2025 04:30:12 GMT) Full text and rfc822 format available.Message #41 received at 77826 <at> debbugs.gnu.org (full text, mbox):
From: sebastien-gp <at> laposte.net To: 77826 <at> debbugs.gnu.org Cc: ludo <at> gnu.org, Sébastien Farge <sebastien-farge <at> laposte.net>, gabrielsantosdesouza <at> disroot.org Subject: [PATCH v3] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Mon, 19 May 2025 21:03:20 +0200
From: Sébastien Farge <sebastien-farge <at> laposte.net>
Hi Ludo',
Here is the v3 updated following your recommendations.
One exception :
Ludo' wrote
> > + ;; Close user session.
> > + (marionette-type "exit\n" marionette)
> > + (sleep 1)
> ‘sleep’? Can this be removed?
if we remove that 1s temporisation the next user won't be able to start his session.
> Thanks for coming up with nice tests!
You're welcome, i'm pleased to contribute.
Sébastien.
PS : Hello Gabriel, you answered the first patch, as i lost the thread, i'm sending you the message again,
in case you're still interested by the subject .
* gnu/home/services/gnupg.scm: New parameter.
* doc/guix.texi (GNU Privacy Guard): New description.
* gnu/tests/gnupg.scm: four scenarii,
1) use-keyboxd? true, no keyring
2) use-keyboxd? unset, no keyring
3) use-keyboxd? false, legacy pubring.gpg
4) use-keyboxd? true, legacy pubring.gpg
Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
---
doc/guix.texi | 19 ++
gnu/home/services/gnupg.scm | 17 +-
gnu/local.mk | 1 +
gnu/tests/gnupg.scm | 393 ++++++++++++++++++++++++++++++++++++
4 files changed, 429 insertions(+), 1 deletion(-)
create mode 100644 gnu/tests/gnupg.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index 34092a2f73..88cb308948 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -50079,6 +50079,25 @@ Whether to enable @acronym{SSH,secure shell} support. When true,
@command{ssh-agent} program, taking care of OpenSSH secret keys and
directing passphrase requests to the chosen Pinentry program.
+@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
+Choose true if you want to use the new keys database daemon
+managed by @command{keyboxd}---the default settings on a fresh
+install since GnuPG 2.4.1---instead of keyring file(s).
+The @file{~/.gnupg/common.conf} is created with parameter
+@code{use-keyboxd} set for the switch to happen
+(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}).
+
+@quotation Warning
+Keys kept in a previous pubring file have to
+be imported in the keyboxd database or will be ignored (for
+more information please refer to ``Keys database daemon`` section
+of the GnuPG's @file{README} file).
+@end quotation
+
+When false @command{keyboxd} is not used and @command{gpg-agent}
+will manage keys in usual keyring file (legacy
+@file{pubring.gpg}, or newer @file{pubring.kbx}).
+
@item @code{default-cache-ttl} (default: @code{600}) (type: integer)
Time a cache entry is valid, in seconds.
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 7fc99f793a..88bbdc6ccf 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -31,6 +31,7 @@ (define-module (gnu home services gnupg)
home-gpg-agent-configuration-gnupg
home-gpg-agent-configuration-pinentry-program
home-gpg-agent-configuration-ssh-support?
+ home-gpg-agent-configuration-use-keyboxd?
home-gpg-agent-configuration-default-cache-ttl
home-gpg-agent-configuration-max-cache-ttl
home-gpg-agent-configuration-max-cache-ttl-ssh
@@ -66,6 +67,12 @@ (define-configuration/no-serialization home-gpg-agent-configuration
@command{gpg-agent} acts as a drop-in replacement for OpenSSH's
@command{ssh-agent} program, taking care of OpenSSH secret keys and directing
passphrase requests to the chosen Pinentry program.")
+ (use-keyboxd?
+ (boolean #f)
+ "Set it to true if you use keyboxd agent and want its configuration file @file{~/.gnupg/common.conf}
+be saved in the store. Note that choosing #f will not prevent GnuPG to use keyboxd if you init a new
+GnuPG environment.
+The @file{~/.gnupg/common.conf} is created in the store with parameter @code{use-keyboxd}.")
(default-cache-ttl
(integer 600)
"Time a cache entry is valid, in seconds.")
@@ -101,6 +108,11 @@ (define (home-gpg-agent-configuration-file config)
(number->string max-cache-ttl-ssh) "\n"
extra-content)))
+(define (home-gpg-common-configuration-file config)
+ "Return the @file{common.conf} file for @var{config}."
+ (mixed-text-file "common.conf" "use-keyboxd\n"))
+
+
(define (home-gpg-agent-shepherd-services config)
"Return the possibly-empty list of Shepherd services for @var{config}."
(match-record config <home-gpg-agent-configuration>
@@ -134,7 +146,10 @@ (define (home-gpg-agent-shepherd-services config)
'())))
(define (home-gpg-agent-files config)
- `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config))))
+ (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)) '())))
+ (if (home-gpg-agent-configuration-use-keyboxd? config)
+ (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-file config)) files)
+ files)))
(define (home-gpg-agent-environment-variables config)
"Return GnuPG environment variables needed for @var{config}."
diff --git a/gnu/local.mk b/gnu/local.mk
index dfafe8b895..08aafc67b6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -857,6 +857,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/foreign.scm \
%D%/tests/ganeti.scm \
%D%/tests/gdm.scm \
+ %D%/tests/gnupg.scm \
%D%/tests/guix.scm \
%D%/tests/monitoring.scm \
%D%/tests/nfs.scm \
diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm
new file mode 100644
index 0000000000..fc521085a1
--- /dev/null
+++ b/gnu/tests/gnupg.scm
@@ -0,0 +1,393 @@
+
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Sébastien Farge <sebastien-farge <at> laposte.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests gnupg)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services guix)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu services base)
+ #:use-module (gnu home)
+ #:use-module (gnu home services)
+ #:use-module (gnu home services gnupg)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages base)
+ #:use-module (guix gexp)
+ #:use-module (rnrs io ports)
+ #:export (%test-gnupg-keyboxd))
+
+
+(define %gnupg-os
+ (operating-system
+ (inherit (simple-operating-system
+ (service guix-home-service-type
+ ;; keyboxd, no keyring
+ `(("alice" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))))
+ ;; keyboxd unset, no keyring
+ ("bob" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820))))
+ %base-home-services))))
+ ;; keyboxd false, but legacy keyring.gpg
+ ("charles" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (use-keyboxd? #f)
+ (default-cache-ttl 820))))
+ %base-home-services))))
+ ;; keyboxd true, but legacy keyring.gpg
+ ("dorothee" ,(home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))))))))
+
+ (users (cons*
+ (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (password (crypt "alice" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "bob")
+ (comment "Alice's brother")
+ (password (crypt "bob" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "charles")
+ (comment "Alice's best friend")
+ (password (crypt "charles" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "dorothee")
+ (comment "Charle's best friend")
+ (password (crypt "dorothee" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))))
+
+(define* (run-gnupg-keyboxd-test)
+ "Run an OS to test four situations related to 'use-keyboxd?' option:
+- Alice: 'use-keyboxd?' true, and has no keyring yet.
+- Bob: 'use-keyboxd?' unset, and has no keyring.
+- Charles: 'use-keyboxd?' false, has a legacy keyring.gpg
+- Dorothee: 'use-keyboxd?' true, has a legacy keyring.gpg."
+ (define os
+ (marionette-operating-system
+ %gnupg-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette)
+ (guix build syscalls))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (guix build syscalls)
+ (srfi srfi-1)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (define (marionette-login-user user)
+ (let ((login (format #f "~a\n" user))
+ (file-log (format #f "/home/~a/logged-in" user)))
+ (for-each
+ (lambda (cmd) (marionette-type cmd marionette) (sleep 1))
+ (list login login
+ "id -un > logged-in\n"
+ "printenv \"HOME\" >> logged-in\n"))
+ (marionette-eval '(use-modules (rnrs io ports)) marionette)
+ (wait-for-file file-log marionette #:read 'get-string-all)))
+
+ (define (marionette-create-keyring-for user)
+ "Ask GnuPG to create a legacy keyring 'pubring.gpg' for USER, and add a default key in it."
+ (marionette-eval
+ `(begin
+ ;; --chuid, root plays gpg user's role
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--no-default-keyring"
+ "--keyring" "pubring.gpg"
+ "--fingerprint")
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--batch"
+ "--passphrase" "''"
+ "--quick-gen-key" "<guiliguilix <at> gnu.org>" "ed25519"))
+ marionette))
+
+ (define (marionette-create-gpgkey-for user)
+ "Ask GnuPG to create and save a new gpg key for USER."
+ (marionette-eval
+ `(begin
+ (system* #$(file-append gnupg "/bin/gpg")
+ "-q"
+ "--chuid" ,user
+ "--batch"
+ "--passphrase" "''"
+ "--quick-gen-key" "<enjoy-guix <at> gnu.org>" "ed25519"))
+ marionette))
+
+ (define (marionette-list-keys-for user)
+ "Ask GnuPG to list the USER's keys."
+ (marionette-eval
+ `(begin
+ (use-modules (ice-9 popen)
+ (ice-9 textual-ports))
+ (let* ((port (open-input-pipe
+ (format #f "~a -q --chuid ~a --list-keys"
+ #$(file-append gnupg "/bin/gpg")
+ ,user)))
+ (str (get-string-all port)))
+ (close-pipe port)
+ str))
+ marionette))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "gnupg-keyboxd")
+
+ ;; start tty1
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'term-tty1))
+ marionette)
+ (sleep 1)
+
+ ;;
+ ;; Alice tests: 'use-keyboxd?' true, no keyring
+ ;;
+
+ ;; Alice logs in to initiate gnupg environment
+ ;; according to its gnupg home service.
+ (test-equal "Alice: logged on tty1 ('use-keyboxd?' true, no keyring)."
+ "alice\n/home/alice\n"
+ (marionette-login-user "alice"))
+
+ (test-equal "Alice: create a key that is saved in keyboxd database."
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "alice")
+ (let ((keylist-str (marionette-list-keys-for "alice")))
+ (list
+ (= 0 (string-contains keylist-str "[keyboxd]"))
+ (< 0(string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-assert "Alice: No 'pubring.kbx' file is created"
+ (marionette-eval
+ `(not (file-exists? "/home/alice/.gnupg/pubring.kbx"))
+ marionette))
+
+ (test-equal "Alice: 'keyboxd' and 'gpg-agent' are running"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent")))
+ marionette))
+
+ (test-equal "kill 'gpg-agent', and 'keyboxd'"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (system* #$(file-append procps "/bin/pkill") "gpg-agent")
+ (system* #$(file-append procps "/bin/pkill") "keyboxd"))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+ ;;
+ ;; Bob tests: 'use-keyboxd?' unset, no keyring.
+ ;;
+
+ (test-equal "Bob: logged on tty1 ('use-keyboxd?' unset, no keyring)"
+ "bob\n/home/bob\n"
+ (marionette-login-user "bob"))
+
+ (test-assert "Bob: common.conf is NOT created"
+ (marionette-eval
+ `(not (file-exists? "/home/bob/.gnupg/common.conf"))
+ marionette))
+
+ (test-equal "Bob: create a key, gpg saved it in 'pubring.kbx' not in keyboxd database."
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "bob")
+ (let ((keylist-str (marionette-list-keys-for "bob")))
+ (list
+ (= 0(string-contains keylist-str "/home/bob/.gnupg/pubring.kbx"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-equal "Bob: 'keyboxd' is NOT running"
+ 1
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Bob: 'gpg-agent' is running, kill it"
+ '(0 0)
+ (marionette-eval
+ `(list
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ (status:exit-val
+ (system* #$(file-append procps "/bin/pkill") "gpg-agent")))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+
+ ;;
+ ;; Charles tests: 'use-keyboxd?' false, a legacy keyring pubring.gpg
+ ;;
+
+ (marionette-create-keyring-for "charles")
+
+ (test-equal "Charles: logged on tty1 (use-keyboxd?' false + legacy pubring.gpg)."
+ "charles\n/home/charles\n"
+ (marionette-login-user "charles"))
+
+
+ (test-equal "Charles: create a key, saved in its legacy pubring.gpg"
+ '(#t #t)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "charles")
+ (let ((keylist-str (marionette-list-keys-for "charles")))
+ (list
+ (= 0 (string-contains keylist-str "/home/charles/.gnupg/pubring.gpg"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))))))
+
+ (test-equal "Charles: 'keyboxd' is NOT in use"
+ 1
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Charles: 'gpg-agent' is running"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ (sleep 1)
+
+
+ ;;
+ ;; Dorothee tests: 'use-keyboxd?' true, a legacy keyring pubring.gpg
+ ;;
+
+ ;;(marionette-create-keyring-for "dorothee")
+ ;; => gpg don't allow creating keyring when 'use-keyboxd' is set.
+ ;; hack and use charles's keyring
+ (marionette-eval
+ '(let ((dorothee (getpw "dorothee")))
+ (copy-file "/home/charles/.gnupg/pubring.gpg" "/home/dorothee/.gnupg/pubring.gpg")
+ (chown "/home/dorothee/.gnupg/pubring.gpg" (passwd:uid dorothee) (passwd:gid dorothee)))
+ marionette)
+
+ (test-equal "Dorothee: logged on tty1 ('use-keyboxd?' true + legacy pubring.gpg)."
+ "dorothee\n/home/dorothee\n"
+ (marionette-login-user "dorothee"))
+
+ (test-equal "Dorothee: create a key, gpg ignore the legacy pubring.gpg and saved it in its keyboxd database."
+ '(#t #t #f)
+ (begin
+ (use-modules (ice-9 regex))
+ (marionette-create-gpgkey-for "dorothee")
+ (let ((keylist-str (marionette-list-keys-for "dorothee")))
+ (list
+ (= 0 (string-contains keylist-str "[keyboxd]"))
+ (< 0 (string-contains keylist-str "enjoy-guix <at> gnu.org"))
+ (string-contains keylist-str "guiliguilix <at> gnu.org")))))
+
+ (test-equal "Dorothee: 'keyboxd' is in use"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "keyboxd"))
+ marionette))
+
+ (test-equal "Dorothee: 'gpg-agent' is running"
+ 0
+ (marionette-eval
+ `(status:exit-val
+ (system* #$(file-append procps "/bin/pgrep") "gpg-agent"))
+ marionette))
+
+ ;; Close user session.
+ (marionette-type "exit\n" marionette)
+ ;; (sleep 1)
+
+ (test-end))))
+
+ (gexp->derivation "gnupg-keyboxd" test))
+
+(define %test-gnupg-keyboxd
+ (system-test
+ (name "gnupg-keyboxd")
+ (description "Test GnuPG with and without use-keyboxd option.")
+ (value (run-gnupg-keyboxd-test))))
+
+
base-commit: efac01f19b65d7d77a98bbfd57fe2073fb13064a
--
2.49.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.