From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 15 10:15:17 2025 Received: (at submit) by debbugs.gnu.org; 15 Apr 2025 14:15:17 +0000 Received: from localhost ([127.0.0.1]:52918 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u4h4G-0005fX-IV for submit@debbugs.gnu.org; Tue, 15 Apr 2025 10:15:17 -0400 Received: from lists.gnu.org ([2001:470:142::17]:55518) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u4h4D-0005ao-69 for submit@debbugs.gnu.org; Tue, 15 Apr 2025 10:15:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u4h44-0004aA-Pb for guix-patches@gnu.org; Tue, 15 Apr 2025 10:15:05 -0400 Received: from smtp-outgoing-1901.laposte.net ([160.92.124.105]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u4h41-0004UV-AT for guix-patches@gnu.org; Tue, 15 Apr 2025 10:15:04 -0400 X-mail-filterd: {"version":"1.9.1","queueID":"4ZcR4R6tCtz10MQS","contextId": "cc77c4a7-3825-441b-8f1a-834bce888b77"} Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0120.laposte.net (SMTP Server) with ESMTP id 4ZcR4R6tCtz10MQS; Tue, 15 Apr 2025 16:14:47 +0200 (CEST) X-mail-filterd: {"version":"1.9.1","queueID":"4ZcR4R3pnMz10MQQ","contextId": "d5861a15-366d-4b90-ad7b-0c65d89dda42"} X-lpn-mailing: LEGIT X-lpn-spamrating: 40 X-lpn-spamlevel: not-spam Received: from localhost (91-173-200-211.subs.proxad.net [91.173.200.211]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mlpnf0120.laposte.net (SMTP Server) with ESMTPSA id 4ZcR4R3pnMz10MQQ; Tue, 15 Apr 2025 16:14:47 +0200 (CEST) From: =?UTF-8?q?S=C3=A9bastien=20Farge?= To: guix-patches@gnu.org Subject: [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Tue, 15 Apr 2025 16:13:40 +0200 Message-ID: <20250415141428.3407-1-sebastien-farge@laposte.net> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd; t=1744726490; bh=KFGJnLZQ850+53AAqJksma23ghy3e42vaqdSqVWYn+M=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; b=n7fL0Mp72iydL4r6MzdtW1dCqLLEtL+PXMpt5yoAGyls2u/mbe1Nf6459Hz2IeJCP/DdbR+XeXoUfKexKEe10VurGX0D4QktPBSnRjy2HVGuuTEuoiE3+DcTdS3sNsZ/tZkGa717YdgkuauJHIvQlxyuqIJkBuvpo8CZRRILbHNgG2CMY1eZGxWr2E7sth62gVevF1d514PGlLycUy/0CIpoej/bb/MJ/HpjKTNxxT1eDzZAiF0Gn0HeiZdb52Jmk+O0UYyMZS98KKhxVJYUgRx5/ZJlZO1xM9PnhBDnTbxyHbd36G32nAI94GwMnLDsFmAqtXQYPJDUlT8ExMO54g==; Received-SPF: pass client-ip=160.92.124.105; envelope-from=sebastien-farge@laposte.net; helo=smtp-outgoing-1901.laposte.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?S=C3=A9bastien=20Farge?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) * gnu/home/services/gnupg.scm: New parameter. * doc/guix.texi (GNU Privacy Guard): New description. * gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if bot= h works Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb --- doc/guix.texi | 5 + gnu/home/services/gnupg.scm | 18 ++- gnu/tests/gnupg.scm | 246 ++++++++++++++++++++++++++++++++++++ 3 files changed, 268 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/gnupg.scm diff --git a/doc/guix.texi b/doc/guix.texi index d109877a32..46b2115aad 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -49076,6 +49076,11 @@ Whether to enable @acronym{SSH,secure shell} sup= port. When true, @command{ssh-agent} program, taking care of OpenSSH secret keys and directing passphrase requests to the chosen Pinentry program. =20 +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean) +Whether to enable keyboxd and its keybox database instead of usual keyri= ng. When true, +@command{gpg-agent} call @command{keyboxd} who take care of keys managem= ent process and database.=20 +The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyb= oxd} for the switch to happen. + @item @code{default-cache-ttl} (default: @code{600}) (type: integer) Time a cache entry is valid, in seconds. =20 diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm index 7fc99f793a..f7691f38e0 100644 --- a/gnu/home/services/gnupg.scm +++ b/gnu/home/services/gnupg.scm @@ -31,6 +31,7 @@ (define-module (gnu home services gnupg) home-gpg-agent-configuration-gnupg home-gpg-agent-configuration-pinentry-program home-gpg-agent-configuration-ssh-support? + home-gpg-agent-configuration-use-keyboxd? home-gpg-agent-configuration-default-cache-ttl home-gpg-agent-configuration-max-cache-ttl home-gpg-agent-configuration-max-cache-ttl-ssh @@ -66,6 +67,11 @@ (define-configuration/no-serialization home-gpg-agent-= configuration @command{gpg-agent} acts as a drop-in replacement for OpenSSH's @command{ssh-agent} program, taking care of OpenSSH secret keys and dire= cting passphrase requests to the chosen Pinentry program.") + (use-keyboxd? + (boolean #f) + "Whether to enable keyboxd and its keybox database instead of usual k= eyring. When true, +@command{gpg-agent} call @command{keyboxd} who take care of keys managem= ent process and database.=20 +The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyb= oxd} for the switch to happen.") (default-cache-ttl (integer 600) "Time a cache entry is valid, in seconds.") @@ -101,6 +107,13 @@ (define (home-gpg-agent-configuration-file config) (number->string max-cache-ttl-ssh) "\n" extra-content))) =20 +(define (home-gpg-common-configuration-file config) + "Return the @file{common.conf} file for @var{config}." + (match-record config + (use-keyboxd?) + (mixed-text-file "common.conf" "use-keyboxd\n"))) + + (define (home-gpg-agent-shepherd-services config) "Return the possibly-empty list of Shepherd services for @var{config}.= " (match-record config @@ -134,7 +147,10 @@ (define (home-gpg-agent-shepherd-services config) '()))) =20 (define (home-gpg-agent-files config) - `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)= ))) + (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configur= ation-file config)) '()))) + (if (home-gpg-agent-configuration-use-keyboxd? config)=20 + (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-fil= e config)) files) + files))) =20 (define (home-gpg-agent-environment-variables config) "Return GnuPG environment variables needed for @var{config}." diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm new file mode 100644 index 0000000000..6be26b0073 --- /dev/null +++ b/gnu/tests/gnupg.scm @@ -0,0 +1,246 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s +;;; Copyright =C2=A9 2017, 2018 Cl=C3=A9ment Lassieur +;;; Copyright =C2=A9 2017 Marius Bakke +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests gnupg) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services guix) + #:use-module (gnu system shadow)=20 + #:use-module (gnu services base) + #:use-module (gnu home) + #:use-module (gnu home services gnupg) + #:use-module (gnu packages linux) + #:use-module (gnu packages gnupg) + #:use-module (gnu packages base) + #:use-module (guix gexp) + #:export (%test-gnupg-keyboxd)) + +(define %keyboxd-home + (home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (default-cache-ttl 820) + (use-keyboxd? #t)))) + %base-home-services)) + )) + +(define %keyring-home + (home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (default-cache-ttl 820)))) + %base-home-services)) + )) + +(define %gnupg-os + (operating-system + (inherit (simple-operating-system (service guix-home-service-type `(= ("alice" ,%keyboxd-home) + = ("bob" ,%keyring-home))))) + + (users (cons* + (user-account + (name "alice") =20 + (comment "Bob's sister") + (password (crypt "alice" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "bob") =20 + (comment "Alice's brother") + (password (crypt "bob" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + %base-user-accounts)) + )) + =20 +(define* (run-gnupg-keyboxd-test) + "Run an OS using gnupg with and without keyboxd using 'use-keyboxd'? c= onfiguration option." + (define os + (marionette-operating-system + %gnupg-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine + (operating-system os))) + + (define test + (with-imported-modules '((gnu build marionette) + (guix build syscalls)) + #~(begin + (use-modules (gnu build marionette) + (guix build syscalls) + (srfi srfi-1) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$vm))) + + (define (file-get-all-strings fname) + (marionette-eval '(use-modules (rnrs io ports)) marionette) + (wait-for-file fname marionette #:read 'get-string-all)) + + (define (vm-type cmd-or-list) + (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cm= d-or-list)))) + (for-each + (lambda (cmd) (marionette-type cmd marionette) (sleep 1)) + cmd-list))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "gnupg-keyboxd") + =20 + (test-equal "Alice is logged on tty1" + "alice\n" + (begin + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'term-tty1)) + marionette) + (vm-type (list + "alice\n" + "alice\n" + "id -un > alice.log\n")) + (file-get-all-strings "/home/alice/alice.log"))) + + (test-assert "Alice .gnupg dir is created" + (marionette-eval + `(file-exists? "/home/alice/.gnupg") + marionette)) + =20 + (test-equal "Alice gpg-agent.conf exists and is a symlink" + 'symlink + (marionette-eval + `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf") + (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf"= ))) + marionette)) + + (test-equal "Alice common.conf exists and is a symlink" + 'symlink + (marionette-eval + `(and (file-exists? "/home/alice/.gnupg/common.conf") + (stat:type (lstat "/home/alice/.gnupg/common.conf"))) + marionette)) + + (test-equal "Alice common.conf has keyboxd option set" + "use-keyboxd\n" + (file-get-all-strings "/home/alice/.gnupg/common.conf")) + + (test-equal "Alice create a key that is saved in keybox format= " + '("[keyboxd]" "enjoyguix") + (begin + (vm-type (list "gpg --batch --passphrase '' --quick-gen-ke= y '' ed25519\n" + "gpg --list-keys > keybox\n")) + (let* ((output (file-get-all-strings "/home/alice/keybox")= ) + (keyboxd-hdr (if (string-contains output "[keyboxd]= ") "[keyboxd]" "fail")) + (key-id (if (string-contains output "enjoyguix") "e= njoyguix" "fail"))) + (list keyboxd-hdr key-id)) + ) + ) + + (test-assert "Alice private keys are registered" + (marionette-eval + `(file-exists? "/home/alice/.gnupg/private-keys-v1.d") + marionette)) + + (test-equal "Alice has keyboxd running at home" + 0 + (marionette-eval + `(system* #$(file-append procps "/bin/pgrep") "keyboxd") + marionette)) + + ;; bob use gpg-agent + (test-equal "Bob is logged now" + "bob\n" + (begin + (vm-type + (list + "exit\n" + "bob\n" + "bob\n" + "id -un > logged-in\n")) + (file-get-all-strings "/home/bob/logged-in"))) + + (test-equal "Bob is at home" + "/home/bob\n" + (begin + (vm-type (list "printenv \"HOME\" > home.bob\n")) + (file-get-all-strings "/home/bob/home.bob") + )) + + (test-assert "Bob .gnupg dir is created" + (marionette-eval + `(file-exists? "/home/bob/.gnupg") + marionette)) + =20 + (test-equal "Bob gpg-agent.conf exists and is a symlink" + 'symlink + (marionette-eval + `(and (file-exists? "/home/bob/.gnupg/gpg-agent.conf") + (stat:type (lstat "/home/bob/.gnupg/gpg-agent.conf"))= ) + marionette)) + + (test-assert "Bob common.conf doesn't exists" + (marionette-eval + `(not (file-exists? "/home/bob/.gnupg/common.conf")) + marionette)) + + (test-equal "Bob create a key that is saved in a pubring" + '("pubring" "enjoyguix") + (begin + (vm-type (list "gpg --batch --passphrase '' --quick-gen-ke= y '' ed25519\n" + "gpg --list-keys > keybox\n")) + (let* ((output (file-get-all-strings "/home/bob/keybox")) + (agent-hdr (if (string-contains output "/home/bob/.= gnupg/pubring.kbx") "pubring" (format #f "fail with ~s" output))) + (key-id (if (string-contains output "enjoyguix") "e= njoyguix" (format #f "fail with ~s" output)))) + (list agent-hdr key-id)) + ) + ) + + (test-assert "Bob private keys are registered" + (marionette-eval + `(file-exists? "/home/bob/.gnupg/private-keys-v1.d") + marionette)) + + (test-equal "Bob has gpg-agent running at home" + 0 + (marionette-eval + `(system* #$(file-append procps "/bin/pgrep") "gpg-agent") + marionette)) + + (test-end)))) + + (gexp->derivation "gnupg-keyboxd" test)) + +(define %test-gnupg-keyboxd + (system-test + (name "gnupg-keyboxd") + (description "Test gnupg using keyboxd or keyring.") + (value (run-gnupg-keyboxd-test)))) + + --=20 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 16 12:26:49 2025 Received: (at 77826) by debbugs.gnu.org; 16 Apr 2025 16:26:49 +0000 Received: from localhost ([127.0.0.1]:40834 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u55b3-0007Uw-3e for submit@debbugs.gnu.org; Wed, 16 Apr 2025 12:26:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35024) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u55a7-0007NN-W3 for 77826@debbugs.gnu.org; Wed, 16 Apr 2025 12:25:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u55a2-0004QP-4A; Wed, 16 Apr 2025 12:25:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=Pv47fTSO93247K67gvmfK5sMbaFHqw/ZR1ooBBqkg/8=; b=IayGrirNApeu5O/FjD47 huStaSaYurot9oF+td+pWxs7aCHeW0IVv7soMDkFLwZitw2liqXPbGEz3gPL/YQ/Wpd/OfJO2teit PqiKTmX+vJGiuiTpJMopoqlRLaInJscnN8vF3AJ3rD5w94IeoAm1VmqfriMCHRBCrDbyXeRYYZMKy 0NY9Z8ysDwoiw0X1QGhUGwLyrJbumDICYnZN6kpKK2tq0qbt8qPkOd9hg+ylO+2FPh1DM34RFPjfh ljwH6afffsiOxnJkn6j1vVj5pnIy+D2dr4Bu0jVS7t/4rVygQDkXo4+zW4J7UxAIjjAvoiW8JL/+k +gnWbUdwLEoCFA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: =?utf-8?Q?S=C3=A9bastien?= Farge Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. In-Reply-To: <20250415141428.3407-1-sebastien-farge@laposte.net> (=?utf-8?Q?=22S=C3=A9bastien?= Farge"'s message of "Tue, 15 Apr 2025 16:13:40 +0200") References: <20250415141428.3407-1-sebastien-farge@laposte.net> Date: Wed, 16 Apr 2025 17:45:29 +0200 Message-ID: <87mscg9kkm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77826 Cc: 77826@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi S=C3=A9bastien, S=C3=A9bastien Farge writes: > * gnu/home/services/gnupg.scm: New parameter. > * doc/guix.texi (GNU Privacy Guard): New description. > * gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if bot= h works > > Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb Nice! Overall LGTM. Some comments below. Please add the new file to =E2=80=98gnu/local.mk=E2=80=99 next to its frien= ds. > +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean) > +Whether to enable keyboxd and its keybox database instead of usual keyri= ng. When true, > +@command{gpg-agent} call @command{keyboxd} who take care of keys managem= ent process and database.=20 =E2=80=9C@command{gpg-agent} spawns a separate @command{keyboxd} process, w= hich is responsible for managing the key database.=E2=80=9D Nitpick: Please leave two spaces after end-of-sentence periods. It=E2=80=99s the first time I hear about keyboxd and the gnupg manual doesn= =E2=80=99t say much about it. When would you set it to #true? > +(define (home-gpg-common-configuration-file config) > + "Return the @file{common.conf} file for @var{config}." > + (match-record config > + (use-keyboxd?) > + (mixed-text-file "common.conf" "use-keyboxd\n"))) You can remove =E2=80=98match-record=E2=80=99 altogether. > +++ b/gnu/tests/gnupg.scm > @@ -0,0 +1,246 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s > +;;; Copyright =C2=A9 2017, 2018 Cl=C3=A9ment Lassieur > +;;; Copyright =C2=A9 2017 Marius Bakke I think this is inaccurate. :-) Very nice that you wrote tests for this! > + (service home-gpg-agent-service-type > + (home-gpg-agent-configuration > + (default-cache-ttl 820)))) > + %base-home-services)) > + )) No lonely parens please (throughout this file.) > +(define %gnupg-os > + (operating-system > + (inherit (simple-operating-system (service guix-home-service-type `(= ("alice" ,%keyboxd-home) > + = ("bob" ,%keyring-home))))) > + Please insert a newline after =E2=80=98simple-operating-system=E2=80=99. > + (define (file-get-all-strings fname) s/file-get-all-strings/file-contents/ maybe? And s/fname/file/ (this is what=E2=80=99s usually done). > + (define (vm-type cmd-or-list) > + (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cm= d-or-list)))) Avoid polymorphic procedures; have it take either a list of a string. > +(define %test-gnupg-keyboxd > + (system-test > + (name "gnupg-keyboxd") > + (description "Test gnupg using keyboxd or keyring.") s/gnupg/GnuPG/ =E2=80=9Cusing both keyboxd and a local keyring=E2=80=9D maybe? Could you send an updated patch? Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 16 13:23:57 2025 Received: (at submit) by debbugs.gnu.org; 16 Apr 2025 17:23:58 +0000 Received: from localhost ([127.0.0.1]:41279 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u56UM-0000Sb-4Y for submit@debbugs.gnu.org; Wed, 16 Apr 2025 13:23:56 -0400 Received: from lists.gnu.org ([2001:470:142::17]:36746) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u56Tx-0000Pv-34 for submit@debbugs.gnu.org; Wed, 16 Apr 2025 13:23:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u56Tm-00036d-V4 for guix-patches@gnu.org; Wed, 16 Apr 2025 13:23:19 -0400 Received: from layka.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u56Tk-0007tA-VC; Wed, 16 Apr 2025 13:23:18 -0400 Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 082B825CE4; Wed, 16 Apr 2025 19:23:12 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id DkuYLyeT-aWR; Wed, 16 Apr 2025 19:23:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1744824190; bh=Ezaei/DvlYJOYTjvli6NORMs9aZC7VuNPPqNNoO1tTs=; h=Date:From:To:CC:Subject:In-Reply-To:References; b=TDAx4YVOL3yaqnr4GqqGIjqyH8NmMjnyO23u+MOzLrkX1lkdw9ndisW+dghzepCuX EKxz6o94qycaLIMSWRShVQyBRZX9haS16H+I2SFUT29wJbjrT+2eQsFoM9QFXKmhEU L3kmcmZA1pqeUTn6B2Q2FpeooUuLM59hyjSCguNynqPjDTck9jfJETyoPzj7Yc3DTH Qem7LPDsDjPSPdprpDTyZL4gn+3evSfQmXeHVHAGImAcyoZmObc7b2vwLXI0EctAOy vBp4aAIeay4GydBkYszXNkGOk6QZWwJu2NvcVBHw/sLNLAfIjNHDMlNiZ8hrVmm8MW maqgNh5BV7lcg== Date: Wed, 16 Apr 2025 14:23:05 -0300 From: Gabriel Santos To: guix-patches@gnu.org, =?ISO-8859-1?Q?Ludovic_Court=E8s?= , =?ISO-8859-1?Q?S=E9bastien_Farge?= Subject: =?US-ASCII?Q?Re=3A_=5Bbug=2377826=5D_=5BPATCH=5D_home=3A_home-gpg-agen?= =?US-ASCII?Q?t-service=3A_add_new_parameter_=27use-keyboxd=3F=27=2E?= User-Agent: Thunderbird for Android In-Reply-To: <87mscg9kkm.fsf@gnu.org> References: <20250415141428.3407-1-sebastien-farge@laposte.net> <87mscg9kkm.fsf@gnu.org> Message-ID: <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=178.21.23.139; envelope-from=gabrielsantosdesouza@disroot.org; helo=layka.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: 77826@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) >It=E2=80=99s the first time I hear about keyboxd and the gnupg manual does= n=E2=80=99t >say much about it=2E When would you set it to #true? It's the first time for me too=2E I tried to look into the Arch wiki[1] (w= hich is what I read when I'm too lazy for the documentation), and found no information=2E [1] --=20 Gabriel Santos From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 17 13:52:02 2025 Received: (at 77826) by debbugs.gnu.org; 17 Apr 2025 17:52:03 +0000 Received: from localhost ([127.0.0.1]:48311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u5TP4-0005Ft-8I for submit@debbugs.gnu.org; Thu, 17 Apr 2025 13:52:02 -0400 Received: from smtp-outgoing-1602.laposte.net ([160.92.124.97]:38602) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u5TOw-0005Dt-FO for 77826@debbugs.gnu.org; Thu, 17 Apr 2025 13:51:54 -0400 X-mail-filterd: {"version":"1.9.1","queueID":"4Zdlnm63tqz1qqhq","contextId": "23178b93-124e-4212-95e9-e6e6866dd41b"} Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0119.laposte.net (SMTP Server) with ESMTP id 4Zdlnm63tqz1qqhq; Thu, 17 Apr 2025 19:51:40 +0200 (CEST) X-mail-filterd: {"version":"1.9.1","queueID":"4Zdlnm4YHyz1qqhn","contextId": "087d8bf7-4e2a-4460-aa7e-f5dc834f2598"} X-lpn-mailing: LEGIT X-lpn-spamrating: 36 X-lpn-spamlevel: not-spam Received: from wlpnf0205.sys.meshcore.net (wlpnf0205.sys.meshcore.net [91.173.200.211]) by mlpnf0119.laposte.net (SMTP Server) with ESMTPA id 4Zdlnm4YHyz1qqhn; Thu, 17 Apr 2025 19:51:40 +0200 (CEST) Date: Thu, 17 Apr 2025 19:51:40 +0200 (CEST) From: sebastien-farge@laposte.net To: Gabriel Santos , =?UTF-8?Q?Ludovic_Court=C3=A8s?= Message-ID: <84058635.9059460.1744912300595@wlpnf0205.sys.meshcore.net> In-Reply-To: <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> References: <20250415141428.3407-1-sebastien-farge@laposte.net> <87mscg9kkm.fsf@gnu.org> <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_9059459_535848694.1744912300594" X-WUM-THEME: 0 X-Message-Size: X-National-Code: Message-Context: email-message X-WUM-MESSAGE-ID-REPLY: <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> X-SAVECOPY: true X-Country-Code: X-Cache-Entry: X-Wum-ChannelType: X-Cache-ID: X-ORIGINATING-IP: 91.173.200.211 X-Wum-Nature: EMAIL-NATURE X-WUM-FROM: |~| X-WUM-TO: |~||~| X-WUM-CC: |~| X-WUM-REPLYTO: |~| DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd; t=1744912303; bh=FGTP1m51bJ1zgNohsvuOHLW0fy+N8prN4THnYhlJ1TI=; h=Date:From:Reply-To:To:Cc:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type; b=A+0xQ++YfZWg+phoRnyYFRfr+iH09+3GorOev5AwmOyieCq0AxqesLbgu7x/tvGnUDLGHriofTbhrhoSzG+ZFd2209+5O+/XNRZC4mJcbi18MQfiG6mFfsKFIS4/7S/rrhlKmdIxkoalofYosyeoUiDX7u0US8BP9MFZb0FO0rcOh1uFp4hmF5CY9rMmTni7Xi8aPMirgH+qdXKN19FazVXGZkFnNxOk8oQLJWypjgLf8W5FRR03RrDy4ZKCxco+fELxdjaveL+sxYw66wZwl+Xs9gK9odsrZgnJApT/ObI96pTOLE/jA533p+4Mzqx2cFYkPvMPddf1n2Z+Voc2lg==; X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77826 Cc: 77826@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: sebastien-farge@laposte.net Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) ------=_Part_9059459_535848694.1744912300594 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =E2=80=8C H=E2=80=8Cello Gabriel, hello=C2=A0Ludovic, =C2=A0 We can find a little explanation in info gpg2 - GPG Configuration=C2=A0 (4.= 3 Configuration Files) =C2=A0 'common.conf' =C2=A0 =C2=A0 This is an optional configuration file read by 'gpg' on start= up. =C2=A0 =C2=A0 =C2=A0It may contain options pertaining to all components of = GnuPG. Its =C2=A0 =C2=A0 =C2=A0current main use is for the "use-keyboxd" option.=C2=A0= If the default =C2=A0 =C2=A0 =C2=A0home directory '~/.gnupg' does not exist, GnuPG creates= this =C2=A0 =C2=A0 =C2=A0directory and a 'common.conf' file with "use-keyboxd". =C2=A0 =C2=A0 We can see that keyboxd is now the default agent (it replace gpg-agent) for= newcomers like me :)=C2=A0 And to be honest i don't know much more. In my hurry to contribute to Guix i thougth a boolean parameter wil be ok, = but looking for an answer at your question shows that it may not be=C2=A0a = good idea. Because it is not possible to use gnupg without keyboxd=C2=A0if = you don't already have=C2=A0a keyring,=C2=A0and so the false alternative is= a no-go. =C2=A0 What may be useful is that it=C2=A0helps having the common.conf in the stor= e. So i will send a correct patch, in case. =C2=A0 S=C3=A9bastien.=C2=A0=C2=A0=C2=A0 =C2=A0 De : "Gabriel Santos" A : guix-patches@gnu.org,"Ludovic Court=C3=A8s" ,"S=C3=A9bast= ien Farge" ,77826@debbugs.gnu.org Envoy=C3=A9: mercredi 16 Avril 2025 19:44 Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new param= eter 'use-keyboxd?'. =C2=A0 >It=E2=80=99s the first time I hear about keyboxd and the gnupg manual does= n=E2=80=99t >say much about it. When would you set it to #true? It's the first time for me too. I tried to look into the Arch wiki[1] (whic= h is what I read when I'm too lazy for the documentation), and found no information. [1] -- Gabriel Santos =C2=A0 ------=_Part_9059459_535848694.1744912300594 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
=E2=80=8C
H=E2=80=8Cello Gabriel, hello Ludovic,
 
We can find a little explanation in info gpg2 - GPG Configuratio= n  (4.3 Configuration Files)
 
'common.conf'
    This is an optional configuration file read by 'gp= g' on startup.
     It may contain options pertaining to all components of = GnuPG. Its
     current main use is for the "use-keyboxd" option. = If the default
     home directory '~/.gnupg' does not exist, GnuPG creates= this
     directory and a 'common.conf' file with "use-keyboxd".<= /div>
 
 
We can see that keyboxd is now the default agent (it replace gpg= -agent) for newcomers like me :)  And to be honest i don't know much m= ore.
In my hurry to contribute to Guix i thougth a boolean parameter = wil be ok, but looking for an answer at your question shows that it may not= be a good idea. Because it is not possible to use gnupg without keybo= xd if you don't already have a keyring, and so the false alt= ernative is a no-go.
 
What may be useful is that it helps having the common.conf = in the store. So i will send a correct patch, in case.
 
S=C3=A9bastien.   
 
De : = "Gabriel Santos" <gabrielsantosdesouza@disroot.org>
A : guix-patches@gnu.org,"Ludovic Court=C3=A8s" <ludo@gnu.org>,"S=C3= =A9bastien Farge" <sebastien-farge@laposte.net>,77826@debbugs.gnu.org=
Envoy=C3=A9: mercredi 16 Avril 2025 19:44
Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new param= eter 'use-keyboxd?'.
 
>It=E2=80=99s the first time I hear about keybo= xd and the gnupg manual doesn=E2=80=99t
>say much about it. When would you set it to #true?

It's the first time for me too. I tried to look into the Arch wiki[1] (whic= h
is what I read when I'm too lazy for the documentation), and found
no information.

[1]

--
Gabriel Santos

 

------=_Part_9059459_535848694.1744912300594-- From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 17 15:49:27 2025 Received: (at 77826) by debbugs.gnu.org; 17 Apr 2025 19:49:28 +0000 Received: from localhost ([127.0.0.1]:48474 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u5VEj-0000eW-TD for submit@debbugs.gnu.org; Thu, 17 Apr 2025 15:49:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48222) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u5VEh-0000d6-4I for 77826@debbugs.gnu.org; Thu, 17 Apr 2025 15:49:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5VEa-0001b3-JF; Thu, 17 Apr 2025 15:49:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=JDrQ/jZLPn5VHzBYGbB7UjJCL9z1zLIhRPhXqzvLcTA=; b=UbBgqzbYtmOQjo6/bZjn RltB1ceRQ3k88rJBOqns8236tqhowrvfngcQLHHm36FVeau+nWKU35fe1LH4GPOrUwgb1LBcY3sIH pNVksiPWcHgqlPGhOKoumz7wZtkddYsgNxyKZ1lgcPgzHZQ06cndPtAq9qfiV9gmP1AjEHXdCCJD6 zC+rrJC3qaTo0OsK7hmowtTbTt//foi6gAAL4B7nZA9lDQMLrTUTw/JZZGepWAjiEgBYOgza6CDIc WSSvf1dIChrQNGul0WvU3K3yLtHrNZNLX1kXYDDGbrgZSmD9U9mIFitl9Os6HuBmjAQBCWpHFoDg/ k+WFjJ8zI/xpzQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: sebastien-farge@laposte.net Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. In-Reply-To: <84058635.9059460.1744912300595@wlpnf0205.sys.meshcore.net> (sebastien-farge@laposte.net's message of "Thu, 17 Apr 2025 19:51:40 +0200 (CEST)") References: <20250415141428.3407-1-sebastien-farge@laposte.net> <87mscg9kkm.fsf@gnu.org> <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> <84058635.9059460.1744912300595@wlpnf0205.sys.meshcore.net> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Octidi 28 Germinal an 233 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour de la =?utf-8?Q?Pens=C3=A9e?= Date: Thu, 17 Apr 2025 21:32:46 +0200 Message-ID: <87sem61t41.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77826 Cc: 77826@debbugs.gnu.org, Gabriel Santos X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, sebastien-farge@laposte.net writes: > We can find a little explanation in info gpg2 - GPG Configuration (4.3 C= onfiguration Files) [...] > We can see that keyboxd is now the default agent (it replace gpg-agent) f= or newcomers like me :) And to be honest i don't know > much more. Hmm, I saw that, though I didn=E2=80=99t interpret it as being a replacemen= t of =E2=80=98gpg-agent=E2=80=99, but maybe it is? This is all incredibly blurr= y. > In my hurry to contribute to Guix i thougth a boolean parameter wil be ok= , but looking for an answer at your question shows that it > may not be a good idea. Because it is not possible to use gnupg without k= eyboxd if you don't already have a keyring, and so the false > alternative is a no-go. Why? Because gpg would not work without keyboxd in some cases? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 17 16:13:06 2025 Received: (at 77826) by debbugs.gnu.org; 17 Apr 2025 20:13:07 +0000 Received: from localhost ([127.0.0.1]:48549 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u5Vbb-0004td-OI for submit@debbugs.gnu.org; Thu, 17 Apr 2025 16:13:06 -0400 Received: from smtp-outgoing-1801.laposte.net ([160.92.124.102]:58382) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u5VbW-0004rY-VW for 77826@debbugs.gnu.org; Thu, 17 Apr 2025 16:13:01 -0400 X-mail-filterd: {"version":"1.9.1","queueID":"4ZdpwX0LfBzqSH4","contextId": "aa9e81e5-4b8d-42b5-bbbb-96709fcf5d0b"} Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0108.laposte.net (SMTP Server) with ESMTP id 4ZdpwX0LfBzqSH4; Thu, 17 Apr 2025 22:12:44 +0200 (CEST) X-mail-filterd: {"version":"1.9.1","queueID":"4ZdpwW4DvkzqSGl","contextId": "328ccf85-97fb-4a6f-af27-3bde53275833"} X-lpn-mailing: LEGIT X-lpn-spamrating: 36 X-lpn-spamlevel: not-spam Received: from wlpnf0205.sys.meshcore.net (wlpnf0205.sys.meshcore.net [91.173.200.211]) by mlpnf0108.laposte.net (SMTP Server) with ESMTPA id 4ZdpwW4DvkzqSGl; Thu, 17 Apr 2025 22:12:43 +0200 (CEST) Date: Thu, 17 Apr 2025 22:12:43 +0200 (CEST) From: sebastien-farge@laposte.net To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Message-ID: <955385421.9085840.1744920763553@wlpnf0205.sys.meshcore.net> In-Reply-To: <87sem61t41.fsf@gnu.org> References: <20250415141428.3407-1-sebastien-farge@laposte.net> <87mscg9kkm.fsf@gnu.org> <1E14FF6A-090A-4E7C-8F7E-B27D417BEDFB@disroot.org> <84058635.9059460.1744912300595@wlpnf0205.sys.meshcore.net> <87sem61t41.fsf@gnu.org> Subject: Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_9085839_896829495.1744920763553" X-ORIGINATING-IP: 91.173.200.211 X-Wum-Nature: EMAIL-NATURE X-SAVECOPY: true X-WUM-FROM: |~| X-WUM-TO: |~| X-WUM-CC: |~||~| X-WUM-REPLYTO: |~| DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd; t=1744920771; bh=OWUFijezHMVqJbwXkj5aRDI3OS3B+8PCo23BVvdA7jg=; h=Date:From:Reply-To:To:Cc:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type; b=NbSIuMsTI9FPcdeQFIiF1F5SNMqiGNVBSVaOY4RMLPWulrO+Ow/9UH9ErG8CVebWgzuKFhBlk2FUJOJlu+X/mw6cBr0/GVqqpquyUXgJBF+TdpPipO5TFRcw0yp2EyzN4gVc4x5Qtpjyd9K6Zfyz4KJFx6DqW+WNYDhs8V1410DueyIkc39y/mNBRoxGepqzroaxtGMVFJ5Cwkjl6kncl0RjmY2Wcod8lkePBOwDxcNvE5Rh37FBt/Ibo0fjHRrojAsKTo+Y/VNCBDuAkjgQuW6GG4SR2Adz9e04WdJcemIUDgzqDPuguHYX8uwQVKPl6j0tr3pBTQQdRQ6you1Crg==; X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77826 Cc: 77826@debbugs.gnu.org, Gabriel Santos X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: sebastien-farge@laposte.net Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) ------=_Part_9085839_896829495.1744920763553 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =E2=80=8C...what i meant is that opting for false in the use-keyboxd?=C2=A0= parameter will not prevent GnuPG to use keyboxd anyway, if you=C2=A0init=C2= =A0a new GnuPG environment.=C2=A0 =C2=A0 (sorry for this two steps answer) De : "Ludovic Court=C3=A8s" A : sebastien-farge@laposte.net,"Gabriel Santos" ,77826@debbugs.gnu.org Envoy=C3=A9: jeudi 17 Avril 2025 21:49 Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new param= eter 'use-keyboxd?'. =C2=A0 Hello, sebastien-farge@laposte.net writes: > We can find a little explanation in info gpg2 - GPG Configuration (4.3 Co= nfiguration Files) [...] > We can see that keyboxd is now the default agent (it replace gpg-agent) f= or newcomers like me :) And to be honest i don't know > much more. Hmm, I saw that, though I didn=E2=80=99t interpret it as being a replacemen= t of =E2=80=98gpg-agent=E2=80=99, but maybe it is? This is all incredibly blurry= . > In my hurry to contribute to Guix i thougth a boolean parameter wil be ok= , but looking for an answer at your question shows that it > may not be a good idea. Because it is not possible to use gnupg without k= eyboxd if you don't already have a keyring, and so the false > alternative is a no-go. Why? Because gpg would not work without keyboxd in some cases? Ludo=E2=80=99. =C2=A0 =C2=A0 ------=_Part_9085839_896829495.1744920763553 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
=E2=80=8C...what i meant is that opting for false in the use-key= boxd? parameter will not prevent GnuPG to use keyboxd anyway, if you&n= bsp;init a new GnuPG environment. 
 
(sorry for this two steps answer)
De : = "Ludovic Court=C3=A8s" <ludo@gnu.org>
A : sebastien-farge@laposte.net,"Gabriel Santos" <gabrielsantosdesouza@d= isroot.org>,77826@debbugs.gnu.org
Envoy=C3=A9: jeudi 17 Avril 2025 21:49
Objet : Re: [bug#77826] [PATCH] home: home-gpg-agent-service: add new param= eter 'use-keyboxd?'.
 
Hello,

sebastien-farge@laposte.net writes:

> We can find a little explanation in info gpg2 - GPG Configuration (4.3= Configuration Files)

[...]

> We can see that keyboxd is now the default agent (it replace gpg-agent= ) for newcomers like me :) And to be honest i don't know
> much more.

Hmm, I saw that, though I didn=E2=80=99t interpret it as being a replacemen= t of
=E2=80=98gpg-agent=E2=80=99, but maybe it is? This is all incredibly blurry= .

> In my hurry to contribute to Guix i thougth a boolean parameter wil be= ok, but looking for an answer at your question shows that it
> may not be a good idea. Because it is not possible to use gnupg withou= t keyboxd if you don't already have a keyring, and so the false
> alternative is a no-go.

Why? Because gpg would not work without keyboxd in some cases?

Ludo=E2=80=99.

 

 

------=_Part_9085839_896829495.1744920763553-- From debbugs-submit-bounces@debbugs.gnu.org Fri May 09 03:25:46 2025 Received: (at 77826) by debbugs.gnu.org; 9 May 2025 07:25:46 +0000 Received: from localhost ([127.0.0.1]:35002 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDI76-0001ht-Cs for submit@debbugs.gnu.org; Fri, 09 May 2025 03:25:46 -0400 Received: from smtp-outgoing-2002.laposte.net ([160.92.124.109]:46876) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uD7ND-00074e-EK for 77826@debbugs.gnu.org; Thu, 08 May 2025 15:57:41 -0400 X-mail-filterd: {"version":"1.9.1","queueID":"4ZtjbC0d22z1GBvm","contextId": "009ec886-f1b3-4d15-86bf-53dadb88afa1"} Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0114.laposte.net (SMTP Server) with ESMTP id 4ZtjbC0d22z1GBvm; Thu, 8 May 2025 21:57:27 +0200 (CEST) X-mail-filterd: {"version":"1.9.1","queueID":"4ZtjbB3kWtz1GBvc","contextId": "8e0b4372-e136-4c7b-a4e4-4e477e207695"} X-lpn-mailing: LEGIT X-lpn-spamrating: 40 X-lpn-spamlevel: not-spam Received: from localhost (91-173-200-211.subs.proxad.net [91.173.200.211]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mlpnf0114.laposte.net (SMTP Server) with ESMTPSA id 4ZtjbB3kWtz1GBvc; Thu, 8 May 2025 21:57:26 +0200 (CEST) From: sebastien-gp@laposte.net To: 77826@debbugs.gnu.org Subject: [PATCH v2] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Thu, 8 May 2025 21:54:34 +0200 Message-ID: <20250508195704.6850-1-sebastien-gp@laposte.net> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd; t=1746734252; bh=9BBvbWezDcjpCMOazYIVXTU5ioVPo0wbr7ZWpNOu9V0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; b=XkJwVe/6vd7EzOERt6G6xBXG4N/fA+eRCSaZCOtk5IZz4BHPvtRW6DjX0Vh7MTbh3vmigbFvA1vooSgZ5L4XpQKInAbO1agGTSnIT5xwyixN9e6IFWlBP2TOJAhs09AzguD84Vmmdfwxzkv9RSphe/B1AMKuNa2FYX+sHo1tvfbYXv+/WH9F7mHvh0f/D3mh2Nm1snKnCc/smH2OeEBAkdaayPXo+VgHFYKL+MKck2rOSKrgQ+Da/LkuxFPcicOLlMydpx7AWvFefqwsK54XS337yTElpPOqccPmvxUi7WETZsiP/9i3f0cTPxrTzvD8m/UC0LTtjMMHt0UasrostA==; X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77826 X-Mailman-Approved-At: Fri, 09 May 2025 03:25:42 -0400 Cc: =?UTF-8?q?S=C3=A9bastien=20Farge?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) From: S=C3=A9bastien Farge Hello Ludo, here is the patch reviewed with your help. At last, after some experimentations, it looks like option use-keyboxd? c= an do its job. keyboxd is a daemon that keeps track of users keys (and certificates) wit= h an sqlite database, and leaves out the keyring file(s). So you have to choose or the new database, or the file keyring, and the '= use-keyboxd?' option will allow exactly that. It means that one will have to migrate previous knowing keys if use-keybo= xd is activated. May be we could expect the option to do the migration fo= r us ? A shell snippet is given in the README file of GnuPG in the sectio= n 'keys database daemon'. I pobably won't be able to implement this in gu= ix process. Tests contains main uses case, i think. But, i didn't test the case when = ssh-support? is on, cause i don't know how to proceed. I took a long time to answer, i'm sorry, i had to learn in between a lot = of things about guile, guix, gexp (and even struggle with emacs, gnus, ms= mtp, and more...) but it's good ! S=C3=A9bastien. PS : i hope i didn't break the thread but i've lost your previous message= .=20 ____________________ * gnu/home/services/gnupg.scm: New parameter. * doc/guix.texi (GNU Privacy Guard): New description. * gnu/tests/gnupg.scm: four scenarii, 1) use-keyboxd? true, no keyring 2) use-keyboxd? unset, no keyring 3) use-keyboxd? false, legacy pubring.gpg 4) use-keyboxd? true, legacy pubring.gpg Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb --- doc/guix.texi | 14 ++ gnu/home/services/gnupg.scm | 17 +- gnu/local.mk | 1 + gnu/tests/gnupg.scm | 432 ++++++++++++++++++++++++++++++++++++ 4 files changed, 463 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/gnupg.scm diff --git a/doc/guix.texi b/doc/guix.texi index 889eab2ab3..16600d4d77 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -50045,6 +50045,20 @@ Whether to enable @acronym{SSH,secure shell} sup= port. When true, @command{ssh-agent} program, taking care of OpenSSH secret keys and directing passphrase requests to the chosen Pinentry program. =20 +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean) +Choose true if you want to use the new keys database daemon +managed by @command{keyboxd} ---as it is by default on a fresh +install since GnuPG 2.4.1--- instead of keyring file(s). +The @file{~/.gnupg/common.conf} is created with parameter +@code{use-keyboxd} set for the switch to happen +(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}). =20 +Caution: keys kept in a previous pubring file has to be imported in +the keyboxd database or will be ignored (For more informations +please refer to the GnuPG README file at section `Keys database daemon`)= .=20 +When false @command{keyboxd} is not used and @command{gpg-agent} +will manage keys in usual keyring file (legacy +@file{pubring.gpg}, or newer @file{pubring.kbx}). + @item @code{default-cache-ttl} (default: @code{600}) (type: integer) Time a cache entry is valid, in seconds. =20 diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm index 7fc99f793a..88bbdc6ccf 100644 --- a/gnu/home/services/gnupg.scm +++ b/gnu/home/services/gnupg.scm @@ -31,6 +31,7 @@ (define-module (gnu home services gnupg) home-gpg-agent-configuration-gnupg home-gpg-agent-configuration-pinentry-program home-gpg-agent-configuration-ssh-support? + home-gpg-agent-configuration-use-keyboxd? home-gpg-agent-configuration-default-cache-ttl home-gpg-agent-configuration-max-cache-ttl home-gpg-agent-configuration-max-cache-ttl-ssh @@ -66,6 +67,12 @@ (define-configuration/no-serialization home-gpg-agent-= configuration @command{gpg-agent} acts as a drop-in replacement for OpenSSH's @command{ssh-agent} program, taking care of OpenSSH secret keys and dire= cting passphrase requests to the chosen Pinentry program.") + (use-keyboxd? + (boolean #f) + "Set it to true if you use keyboxd agent and want its configuration f= ile @file{~/.gnupg/common.conf}=20 +be saved in the store. Note that choosing #f will not prevent GnuPG to = use keyboxd if you init a new +GnuPG environment.=20 +The @file{~/.gnupg/common.conf} is created in the store with parameter @= code{use-keyboxd}.") (default-cache-ttl (integer 600) "Time a cache entry is valid, in seconds.") @@ -101,6 +108,11 @@ (define (home-gpg-agent-configuration-file config) (number->string max-cache-ttl-ssh) "\n" extra-content))) =20 +(define (home-gpg-common-configuration-file config) + "Return the @file{common.conf} file for @var{config}." + (mixed-text-file "common.conf" "use-keyboxd\n")) + + (define (home-gpg-agent-shepherd-services config) "Return the possibly-empty list of Shepherd services for @var{config}.= " (match-record config @@ -134,7 +146,10 @@ (define (home-gpg-agent-shepherd-services config) '()))) =20 (define (home-gpg-agent-files config) - `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)= ))) + (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configur= ation-file config)) '()))) + (if (home-gpg-agent-configuration-use-keyboxd? config)=20 + (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-fil= e config)) files) + files))) =20 (define (home-gpg-agent-environment-variables config) "Return GnuPG environment variables needed for @var{config}." diff --git a/gnu/local.mk b/gnu/local.mk index e6ece8cc48..d922acaa80 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -856,6 +856,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/tests/foreign.scm \ %D%/tests/ganeti.scm \ %D%/tests/gdm.scm \ + %D%/tests/gnupg.scm \ %D%/tests/guix.scm \ %D%/tests/monitoring.scm \ %D%/tests/nfs.scm \ diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm new file mode 100644 index 0000000000..ede49cc0b9 --- /dev/null +++ b/gnu/tests/gnupg.scm @@ -0,0 +1,432 @@ + +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s +;;; Copyright =C2=A9 2025 S=C3=A9bastien Farge +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests gnupg) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services guix) + #:use-module (gnu system shadow)=20 + #:use-module (gnu services base) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services gnupg) + #:use-module (gnu packages linux) + #:use-module (gnu packages gnupg) + #:use-module (gnu packages base) + #:use-module (guix gexp) + #:use-module (rnrs io ports) + #:export (%test-gnupg-keyboxd)) + +;;; A FAIRE +;;; D=C3=A9placer le fichier de charles dans le home de dorothee en chan= geant owner et groupe + + +(define %gnupg-os + (operating-system + (inherit (simple-operating-system + (service guix-home-service-type + ;; keyboxd, no keyring + `(("alice" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-s= ervice-type + (home-gpg-agent-= configuration + (default-cache-= ttl 820) + (use-keyboxd? #= t)))) + %base-home-services)))) + ;; keyboxd unset, no keyring + ("bob" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-ser= vice-type + (home-gpg-agent-co= nfiguration + (default-cache-tt= l 820)))) + %base-home-services)))) + ;; keyboxd false, but legacy keyring.gpg + ("charles" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent= -service-type + (home-gpg-agen= t-configuration + (use-keyboxd? #= f) + (default-cache-= ttl 820)))) + %base-home-services)))) + ;; keyboxd true, but legacy keyring.gpg + ("dorothee" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agen= t-service-type + (home-gpg-age= nt-configuration + (default-cac= he-ttl 820) + (use-keyboxd= ? #t)))) + %base-home-services))))= )))) + + (users (cons* + (user-account + (name "alice") =20 + (comment "Bob's sister") + (password (crypt "alice" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "bob") =20 + (comment "Alice's brother") + (password (crypt "bob" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "charles") =20 + (comment "Alice's best friend") + (password (crypt "charles" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "dorothee") =20 + (comment "Charle's best friend") + (password (crypt "dorothee" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + %base-user-accounts)))) + =20 +(define* (run-gnupg-keyboxd-test) + "Run an OS to test four situations related to 'use-keyboxd?' option : +- Alice : 'use-keyboxd?' true, and has no keyring yet. +- Bob : 'use-keyboxd?' unset, and has no keyring. +- Charles 'use-keyboxd?' false, has a legacy keyring.gpg +- Dorothee 'use-keyboxd?' true, has a legacy keyring.gpg." + (define os + (marionette-operating-system + %gnupg-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine + (operating-system os))) + + (define test + (with-imported-modules '((gnu build marionette) + (guix build syscalls)) + #~(begin + (use-modules (gnu build marionette) + (guix build syscalls) + (srfi srfi-1) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$vm))) + + (define (marionette-login-user user) + (let ((login (format #f "~a\n" user)) + (file-log (format #f "/home/~a/logged-in" user))) + (for-each + (lambda (cmd) (marionette-type cmd marionette) (sleep 1)) + (list login login + "id -un > logged-in\n" + "printenv \"HOME\" >> logged-in\n")) + (marionette-eval '(use-modules (rnrs io ports)) marionette= ) + (wait-for-file file-log marionette #:read 'get-string-all)= )) + + (define (marionette-create-keyring-for user) + "Ask GnuPG to create a legacy keyring 'pubring.gpg' for USER= , and add a default key in it." + (marionette-eval + `(begin + ;; --chuid, root plays gpg user's role + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--no-default-keyring" + "--keyring" "pubring.gpg" + "--fingerprint") + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--batch" + "--passphrase" "''" + "--quick-gen-key" "" "ed2= 5519")) =20 + marionette)) + + (define (marionette-create-gpgkey-for user) + "Ask GnuPG to create and save a new gpg key for USER." + (marionette-eval + `(begin =20 + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--batch" + "--passphrase" "''" + "--quick-gen-key" "" "ed25= 519")) + marionette)) + + (define (marionette-list-keys-for user) + "Ask GnuPG to list the USER's keys." + (marionette-eval + `(begin + (use-modules (ice-9 popen) + (ice-9 textual-ports)) =20 + (let* ((port (open-input-pipe + (format #f "~a -q --chuid ~a --list-keys" + #$(file-append gnupg "/bin/gpg") + ,user))) + (str (get-string-all port)))=20 + (close-pipe port) + str)) + marionette)) + + (test-runner-current (system-test-runner #$output)) + (test-begin "gnupg-keyboxd") + + ;; start tty1 + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'term-tty1)) + marionette) + (sleep 1) + + ;; + ;; Alice tests : : 'use-keyboxd?' true, no keyring + ;; + + ;; ALice logs in to initiate gnupg environment + ;; according to its gnupg home service. + (test-equal "Alice : 'use-keyboxd?' is true, no keyring, she i= s now logged on tty1" + "alice\n/home/alice\n" + (marionette-login-user "alice")) + + ;; The rest of the tests can be done without user. + (test-assert "Alice : .gnupg dir is created" + (marionette-eval + `(file-exists? "/home/alice/.gnupg") + marionette)) + =20 + (test-equal "Alice : gpg-agent.conf exists and is a symlink" + 'symlink + (marionette-eval + `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf") + (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf"= ))) + marionette)) + + (test-equal "Alice : common.conf exists, is a symlink, and con= tains 'use-keyboxd'" + '(#t symlink "use-keyboxd") + (marionette-eval + `(begin + (use-modules (ice-9 rdelim)) + (list (file-exists? "/home/alice/.gnupg/common.conf") + (stat:type (lstat "/home/alice/.gnupg/common.conf"= )) + (call-with-input-file "/home/alice/.gnupg/common.c= onf" read-line))) + marionette)) + + (test-equal "Alice : create a key that is saved in keyboxd dat= abase." + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "alice") + (let ((keylist-str (marionette-list-keys-for "alice"))) + (list + (=3D 0 (string-contains keylist-str "[keyboxd]")) + (< 0(string-contains keylist-str "enjoy-guix@gnu.org"))= )))) + + (test-assert "Alice : No 'pubring.kbx' file is created" + (marionette-eval + `(not (file-exists? "/home/alice/.gnupg/pubring.kbx")) + marionette)) + + (test-equal "Alice : 'keyboxd' and 'gpg-agent' are running" + '(0 0) + (marionette-eval + `(list + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent"= ))) + marionette)) + + (test-equal "kill 'gpg-agent', and 'keyboxd'" + '(0 0)=20 + (marionette-eval + `(list + (status:exit-val + (system* #$(file-append procps "/bin/pkill") "gpg-agent"= )) + (status:exit-val + (system* #$(file-append procps "/bin/pkill") "keyboxd"))= ) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) + + ;; + ;; Bob tests : 'use-keyboxd?' unset, no keyring. + ;; + =20 + (test-equal "Bob : 'use-keyboxd?' is not set, no keyring, and = is now logged on tty1" + "bob\n/home/bob\n" + (marionette-login-user "bob")) + + (test-assert "Bob : .gnupg dir is created" + (marionette-eval + `(file-exists? "/home/bob/.gnupg") + marionette)) + =20 + (test-equal "Bob : gpg-agent.conf exists and is a symlink" + 'symlink + (marionette-eval + `(and (file-exists? "/home/bob/.gnupg/gpg-agent.conf") + (stat:type (lstat "/home/bob/.gnupg/gpg-agent.conf"))= ) + marionette)) + + (test-assert "Bob : common.conf is NOT created" + (marionette-eval + `(not (file-exists? "/home/bob/.gnupg/common.conf")) + marionette)) + =20 + (test-equal "Bob : create a key, gpg saved it in 'pubring.kbx'= not in keyboxd database." + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "bob") + (let ((keylist-str (marionette-list-keys-for "bob"))) + (list + (=3D 0(string-contains keylist-str "/home/bob/.gnupg/p= ubring.kbx")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org"= )))))) + + (test-equal "Bob : 'keyboxd' is NOT running" + 1 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Bob : 'gpg-agent' is running, kill it" + '(0 0) + (marionette-eval + `(list + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent"= )) + (status:exit-val + (system* #$(file-append procps "/bin/pkill") "gpg-agent"= ))) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) =20 + + ;; + ;; Charles tests : : 'use-keyboxd?' unset, a legacy keyring pu= bring.gpg + ;; + + (marionette-create-keyring-for "charles") + + (test-equal "Charles : 'use-keyboxd?' is not set, has a legacy= pubring.gpg. He is now logged" + "charles\n/home/charles\n" + (marionette-login-user "charles")) + + + (test-equal "Charles : create a key, saved in its legacy pubri= ng.gpg" + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "charles") + (let ((keylist-str (marionette-list-keys-for "charles"))) + (list + (=3D 0 (string-contains keylist-str "/home/charles/.gnu= pg/pubring.gpg")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org")= ))))) =20 + + (test-equal "Charles : 'keyboxd' is NOT in use" + 1 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Charles : 'gpg-agent' is running" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent")= ) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) =20 + + ;; + ;; Dorothee tests : 'use-keyboxd?' true, a legacy keyring pubr= ing.gpg + ;; + + ;;(marionette-create-keyring-for "dorothee") + ;; =3D> gpg don't allow creating keyring when 'use-keyboxd' is= set. + ;; hack and use charles's keyring + (marionette-eval + '(let ((dorothee (getpw "dorothee"))) + (copy-file "/home/charles/.gnupg/pubring.gpg" "/home/doroth= ee/.gnupg/pubring.gpg") + (chown "/home/dorothee/.gnupg/pubring.gpg" (passwd:uid doro= thee) (passwd:gid dorothee))) + marionette) + =20 + (test-equal "Dorothee : 'use-keyboxd?' is true, but has a lega= cy pubring.gpg. She is now logged" + "dorothee\n/home/dorothee\n" + (marionette-login-user "dorothee")) + + (test-equal "Dorothee : create a key, gpg ignore the legacy pu= bring.gpg and saved it in its keyboxd database." + '(#t #t #f) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "dorothee") + (let ((keylist-str (marionette-list-keys-for "dorothee"))) + (list + (=3D 0 (string-contains keylist-str "[keyboxd]")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org")= ) + (string-contains keylist-str "guiliguilix@gnu.org"))))) + + (test-equal "Dorothee : 'keyboxd' is in use" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Dorothee : 'gpg-agent' is running" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent")= ) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) + =20 + (test-end)))) + + (gexp->derivation "gnupg-keyboxd" test)) + +(define %test-gnupg-keyboxd + (system-test + (name "gnupg-keyboxd") + (description "Test GnuPG with and without use-keyboxd option.") + (value (run-gnupg-keyboxd-test)))) + + base-commit: ec95c71c01144fcae1a3d079e0d0aec6087b9d2a --=20 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Mon May 12 04:54:47 2025 Received: (at 77826) by debbugs.gnu.org; 12 May 2025 08:54:47 +0000 Received: from localhost ([127.0.0.1]:50063 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uEOvu-0003uH-ON for submit@debbugs.gnu.org; Mon, 12 May 2025 04:54:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36530) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uEOvp-0003tY-6u for 77826@debbugs.gnu.org; Mon, 12 May 2025 04:54:41 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uEOvj-00032W-Of; Mon, 12 May 2025 04:54:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=J/RwDubPmcFz5vntSY+cafX8jar8C3VEQDuhxRtCKZQ=; b=N09C0u7gRwEdoE3uDsXr ifk0DKheJae4IzEGa6a3svit+NzdKn96JZuyL6RplfB4sC5Bc7ltb2Uvjh/9Byolc5fS7Ijw9G7PC IEmkKHjiPWPbn8bUVTZVdOBpOtEmo3JKAWxFgKH8AyVXwJpAZiIxSucHo9VfVxehf8YH7LDwLhjFb ZWpus6thbI2chZ4MuJcMAT89l4yk8JqKZT8JCbGaFU2zwuAJI8meCd3mXZeEtePjHx4YXTdGAhfau 9MoIbd5QAiq52G8d0B604Vnz0BX2qcGAz25KnwKbbO936Fegw3tpQ0ZF8QUVyzgIDSWITNHRsgpcl jjQc7WK2X3JjTw==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: sebastien-gp@laposte.net Subject: Re: bug#77826: [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. In-Reply-To: <20250508195704.6850-1-sebastien-gp@laposte.net> (sebastien-gp@laposte.net's message of "Thu, 8 May 2025 21:54:34 +0200") References: <20250415141428.3407-1-sebastien-farge@laposte.net> <20250508195704.6850-1-sebastien-gp@laposte.net> Date: Mon, 12 May 2025 10:33:13 +0200 Message-ID: <874ixq5iuu.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77826 Cc: 77826@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi S=C3=A9bastien, sebastien-gp@laposte.net writes: > * gnu/home/services/gnupg.scm: New parameter. > * doc/guix.texi (GNU Privacy Guard): New description. > * gnu/tests/gnupg.scm: four scenarii, > 1) use-keyboxd? true, no keyring > 2) use-keyboxd? unset, no keyring > 3) use-keyboxd? false, legacy pubring.gpg > 4) use-keyboxd? true, legacy pubring.gpg Nice. Some comments below. > +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean) > +Choose true if you want to use the new keys database daemon > +managed by @command{keyboxd} ---as it is by default on a fresh ^ extra space here. s/as it is by default/the default setting/ > +install since GnuPG 2.4.1--- instead of keyring file(s). ^ extra space > +The @file{~/.gnupg/common.conf} is created with parameter > +@code{use-keyboxd} set for the switch to happen > +(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}).=20=20 > +Caution: keys kept in a previous pubring file has to be imported in Please insert a newline before =E2=80=9CCaution.=E2=80=9D Also, you might want to enclose the warning like this: @quotation Warning Keys kept in a previous pubring file=E2=80=A6 @end quotation s/has to be imported/have to be imported/ ? > +the keyboxd database or will be ignored (For more informations s/For more informations/for more information/ (singular) > +please refer to the GnuPG README file at section `Keys database daemon`)= .=20 =E2=80=9Cplease refer to the ``Keys database daemon'' section of GnuPG's @file{README} file=E2=80=9D > +++ b/gnu/tests/gnupg.scm > @@ -0,0 +1,432 @@ > + Extra newline here. :-) Please add the file to gnu/local.mk. > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s You can drop this line. > +;;; A FAIRE > +;;; D=C3=A9placer le fichier de charles dans le home de dorothee en chan= geant owner et groupe Leftover comment? > +(define* (run-gnupg-keyboxd-test) > + "Run an OS to test four situations related to 'use-keyboxd?' option : > +- Alice : 'use-keyboxd?' true, and has no keyring yet. > +- Bob : 'use-keyboxd?' unset, and has no keyring. > +- Charles 'use-keyboxd?' false, has a legacy keyring.gpg > +- Dorothee 'use-keyboxd?' true, has a legacy keyring.gpg." No space before colon (unlike in French :-)). > + ;; The rest of the tests can be done without user. > + (test-assert "Alice : .gnupg dir is created" > + (marionette-eval > + `(file-exists? "/home/alice/.gnupg") > + marionette)) > +=20=20=20=20=20=20=20=20=20=20 > + (test-equal "Alice : gpg-agent.conf exists and is a symlink" > + 'symlink > + (marionette-eval > + `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf") > + (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf"= ))) > + marionette)) > + > + (test-equal "Alice : common.conf exists, is a symlink, and con= tains 'use-keyboxd'" > + '(#t symlink "use-keyboxd") > + (marionette-eval > + `(begin > + (use-modules (ice-9 rdelim)) > + (list (file-exists? "/home/alice/.gnupg/common.conf") > + (stat:type (lstat "/home/alice/.gnupg/common.conf"= )) > + (call-with-input-file "/home/alice/.gnupg/common.c= onf" read-line))) > + marionette)) I would be tempted to drop these three tests (also where duplicated below for Doroth=C3=A9e and Charles and Bob) because they just mirror the code, and thus that=E2=80=99s a lot of line for a very low =E2=80=9Cbug-fin= ding performance=E2=80=9D. > + (test-equal "kill 'gpg-agent', and 'keyboxd'" > + '(0 0)=20 > + (marionette-eval > + `(list > + (status:exit-val > + (system* #$(file-append procps "/bin/pkill") "gpg-agent"= )) > + (status:exit-val > + (system* #$(file-append procps "/bin/pkill") "keyboxd"))) > + marionette)) You can omit =E2=80=98status:exit-val=E2=80=99 calls. > + ;; Close user session. > + (marionette-type "exit\n" marionette) > + (sleep 1) =E2=80=98sleep=E2=80=99? Can this be removed? Could you send an updated patch? Thanks for coming up with nice tests! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon May 19 20:06:28 2025 Received: (at 77826) by debbugs.gnu.org; 20 May 2025 00:06:28 +0000 Received: from localhost ([127.0.0.1]:48102 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHAV2-0008Hk-62 for submit@debbugs.gnu.org; Mon, 19 May 2025 20:06:28 -0400 Received: from layka.disroot.org ([178.21.23.139]:46178) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHAUx-0008H7-Jf for 77826@debbugs.gnu.org; Mon, 19 May 2025 20:06:24 -0400 Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 3C24C260D5; Tue, 20 May 2025 02:06:22 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id ymtJWwsY8Jub; Tue, 20 May 2025 02:06:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1747699581; bh=2XO22D5zSK82+TUdQx0zsVw44pQIDQ1zP1Lg7sIc3wk=; h=Date:From:To:CC:Subject:In-Reply-To:References; b=HIPBzdP1IY0Ehsl3s0s+O5UauuMuDtWhIEG1pNe4Mr0W392MEp4Dmgna++lRnsipX /FuU96CZ+XP9Da/ergly1g0ayhdnVqWALyrO8evVAC/CfFxphbPEY1uQvs4ZKZKP7H ZI5Vl6qVUga4+xlnSM520fHwSL7NUWlkhQJakf/MDKI1FcJVx2WPoYZdY9iKkF9cMt cMg8HsravAPtdsUNNAWCo4JX5Wa521vO6kB7fIAYZUQp0lm/JKbbCM0ykFSHXYm3iF Or6raiv6kc1xBFmJMAPXZbNnw4oSp/Srd2zp7K7CWJCxm+Hc4iTtj/0G4gzMJJHoJ9 b+Fjk+mwvPhTA== Date: Mon, 19 May 2025 21:06:17 -0300 From: Gabriel Santos To: sebastien-gp@laposte.net, 77826@debbugs.gnu.org Subject: =?US-ASCII?Q?Re=3A_=5BPATCH_v3=5D_home=3A_home-gpg-agent-ser?= =?US-ASCII?Q?vice=3A_add_new_parameter_=27use-keyboxd=3F=27=2E?= User-Agent: Thunderbird for Android In-Reply-To: <20250519191837.2345-1-sebastien-gp@laposte.net> References: <20250519191837.2345-1-sebastien-gp@laposte.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77826 Cc: ludo@gnu.org, =?ISO-8859-1?Q?S=E9bastien_Farge?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Em 19 de maio de 2025 16:03:20 BRT, sebastien-gp@laposte=2Enet escreveu: >PS : Hello Gabriel, you answered the first patch, as i lost the thread, i= 'm sending you the message again, > in case you're still interested by the subject =2E I'm subscribed to the guix-patches mailing list, so I was kind of watching= this in silence :p=2E I have to say, this is much clearer now, nice patch! I'll move to this whe= n this patch is merged=2E --=20 Gabriel Santos From debbugs-submit-bounces@debbugs.gnu.org Tue May 20 00:29:19 2025 Received: (at 77826) by debbugs.gnu.org; 20 May 2025 04:29:19 +0000 Received: from localhost ([127.0.0.1]:51117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHEbN-0000hF-3q for submit@debbugs.gnu.org; Tue, 20 May 2025 00:29:19 -0400 Received: from smtp-outgoing-1701.laposte.net ([160.92.124.99]:47618) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uH60y-0007c3-Pe for 77826@debbugs.gnu.org; Mon, 19 May 2025 15:19:10 -0400 X-mail-filterd: {"version":"1.9.1","queueID":"4b1SCn1LrDz1GBvn","contextId": "4e0af32c-bdce-485f-a008-aa3f9ad99c36"} Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0114.laposte.net (SMTP Server) with ESMTP id 4b1SCn1LrDz1GBvn; Mon, 19 May 2025 21:19:01 +0200 (CEST) X-mail-filterd: {"version":"1.9.1","queueID":"4b1SCm4fkPz1GBvm","contextId": "93627e7b-133e-470b-8eb7-a1da1265a059"} X-lpn-mailing: LEGIT X-lpn-spamrating: 36 X-lpn-spamlevel: not-spam Received: from localhost (91-173-200-211.subs.proxad.net [91.173.200.211]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mlpnf0114.laposte.net (SMTP Server) with ESMTPSA id 4b1SCm4fkPz1GBvm; Mon, 19 May 2025 21:19:00 +0200 (CEST) From: sebastien-gp@laposte.net To: 77826@debbugs.gnu.org Subject: [PATCH v3] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'. Date: Mon, 19 May 2025 21:03:20 +0200 Message-ID: <20250519191837.2345-1-sebastien-gp@laposte.net> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd; t=1747682341; bh=E6dGcczyeD7wCbOYIZs+W1BiirPyqoy4sCcWhvp3y3A=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; b=MFECiQ6i3Y3l+YB7GswMZIC4n9+Vl/ZEdmhE5VNhGZAYdf4LqH8KnNrjXFAGy5cYGALCIokBciOwcfQbqLC2Rq67+2UZrruFXX5vIZrZ5zg8lVyHyX3AebuanUsuAhfITrbYz9JZNYwnuVRwQMqP5qNdWIjjsEwDmP3SXtrrHISLe0/1T0LBLNhFi1GilqmUhk3y51GTozEeDBFQr+ODllKlrgYn+WmXN1oDlHs200O+DLXNA3dKxhBJAKTgND6yydjHDEOo+qO5sqOOtAyevkWsLu8W/MSgHlqnncbNbnn7JQB2EQL4ofgIBrHxwc6NpzEfB7HxSSnxkuv+tHCLnA==; X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77826 X-Mailman-Approved-At: Tue, 20 May 2025 00:29:16 -0400 Cc: ludo@gnu.org, =?UTF-8?q?S=C3=A9bastien=20Farge?= , gabrielsantosdesouza@disroot.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) From: S=C3=A9bastien Farge Hi Ludo', Here is the v3 updated following your recommendations. One exception : Ludo' wrote > > + ;; Close user session. > > + (marionette-type "exit\n" marionette) > > + (sleep 1) > =E2=80=98sleep=E2=80=99? Can this be removed? if we remove that 1s temporisation the next user won't be able to start h= is session. > Thanks for coming up with nice tests! You're welcome, i'm pleased to contribute. S=C3=A9bastien. PS : Hello Gabriel, you answered the first patch, as i lost the thread, i= 'm sending you the message again, in case you're still interested by the subject . * gnu/home/services/gnupg.scm: New parameter. * doc/guix.texi (GNU Privacy Guard): New description. * gnu/tests/gnupg.scm: four scenarii, 1) use-keyboxd? true, no keyring 2) use-keyboxd? unset, no keyring 3) use-keyboxd? false, legacy pubring.gpg 4) use-keyboxd? true, legacy pubring.gpg Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb --- doc/guix.texi | 19 ++ gnu/home/services/gnupg.scm | 17 +- gnu/local.mk | 1 + gnu/tests/gnupg.scm | 393 ++++++++++++++++++++++++++++++++++++ 4 files changed, 429 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/gnupg.scm diff --git a/doc/guix.texi b/doc/guix.texi index 34092a2f73..88cb308948 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -50079,6 +50079,25 @@ Whether to enable @acronym{SSH,secure shell} sup= port. When true, @command{ssh-agent} program, taking care of OpenSSH secret keys and directing passphrase requests to the chosen Pinentry program. =20 +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean) +Choose true if you want to use the new keys database daemon +managed by @command{keyboxd}---the default settings on a fresh +install since GnuPG 2.4.1---instead of keyring file(s). +The @file{~/.gnupg/common.conf} is created with parameter +@code{use-keyboxd} set for the switch to happen +(@pxref{GPG Configuration,,, gnupg, Using the GNU Privacy Guard}). + +@quotation Warning +Keys kept in a previous pubring file have to +be imported in the keyboxd database or will be ignored (for +more information please refer to ``Keys database daemon`` section +of the GnuPG's @file{README} file). +@end quotation + +When false @command{keyboxd} is not used and @command{gpg-agent} +will manage keys in usual keyring file (legacy +@file{pubring.gpg}, or newer @file{pubring.kbx}). + @item @code{default-cache-ttl} (default: @code{600}) (type: integer) Time a cache entry is valid, in seconds. =20 diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm index 7fc99f793a..88bbdc6ccf 100644 --- a/gnu/home/services/gnupg.scm +++ b/gnu/home/services/gnupg.scm @@ -31,6 +31,7 @@ (define-module (gnu home services gnupg) home-gpg-agent-configuration-gnupg home-gpg-agent-configuration-pinentry-program home-gpg-agent-configuration-ssh-support? + home-gpg-agent-configuration-use-keyboxd? home-gpg-agent-configuration-default-cache-ttl home-gpg-agent-configuration-max-cache-ttl home-gpg-agent-configuration-max-cache-ttl-ssh @@ -66,6 +67,12 @@ (define-configuration/no-serialization home-gpg-agent-= configuration @command{gpg-agent} acts as a drop-in replacement for OpenSSH's @command{ssh-agent} program, taking care of OpenSSH secret keys and dire= cting passphrase requests to the chosen Pinentry program.") + (use-keyboxd? + (boolean #f) + "Set it to true if you use keyboxd agent and want its configuration f= ile @file{~/.gnupg/common.conf}=20 +be saved in the store. Note that choosing #f will not prevent GnuPG to = use keyboxd if you init a new +GnuPG environment.=20 +The @file{~/.gnupg/common.conf} is created in the store with parameter @= code{use-keyboxd}.") (default-cache-ttl (integer 600) "Time a cache entry is valid, in seconds.") @@ -101,6 +108,11 @@ (define (home-gpg-agent-configuration-file config) (number->string max-cache-ttl-ssh) "\n" extra-content))) =20 +(define (home-gpg-common-configuration-file config) + "Return the @file{common.conf} file for @var{config}." + (mixed-text-file "common.conf" "use-keyboxd\n")) + + (define (home-gpg-agent-shepherd-services config) "Return the possibly-empty list of Shepherd services for @var{config}.= " (match-record config @@ -134,7 +146,10 @@ (define (home-gpg-agent-shepherd-services config) '()))) =20 (define (home-gpg-agent-files config) - `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)= ))) + (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configur= ation-file config)) '()))) + (if (home-gpg-agent-configuration-use-keyboxd? config)=20 + (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-fil= e config)) files) + files))) =20 (define (home-gpg-agent-environment-variables config) "Return GnuPG environment variables needed for @var{config}." diff --git a/gnu/local.mk b/gnu/local.mk index dfafe8b895..08aafc67b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -857,6 +857,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/tests/foreign.scm \ %D%/tests/ganeti.scm \ %D%/tests/gdm.scm \ + %D%/tests/gnupg.scm \ %D%/tests/guix.scm \ %D%/tests/monitoring.scm \ %D%/tests/nfs.scm \ diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm new file mode 100644 index 0000000000..fc521085a1 --- /dev/null +++ b/gnu/tests/gnupg.scm @@ -0,0 +1,393 @@ + +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2025 S=C3=A9bastien Farge +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests gnupg) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services guix) + #:use-module (gnu system shadow)=20 + #:use-module (gnu services base) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services gnupg) + #:use-module (gnu packages linux) + #:use-module (gnu packages gnupg) + #:use-module (gnu packages base) + #:use-module (guix gexp) + #:use-module (rnrs io ports) + #:export (%test-gnupg-keyboxd)) + + +(define %gnupg-os + (operating-system + (inherit (simple-operating-system + (service guix-home-service-type + ;; keyboxd, no keyring + `(("alice" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-s= ervice-type + (home-gpg-agent-= configuration + (default-cache-= ttl 820) + (use-keyboxd? #= t)))) + %base-home-services)))) + ;; keyboxd unset, no keyring + ("bob" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent-ser= vice-type + (home-gpg-agent-co= nfiguration + (default-cache-tt= l 820)))) + %base-home-services)))) + ;; keyboxd false, but legacy keyring.gpg + ("charles" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agent= -service-type + (home-gpg-agen= t-configuration + (use-keyboxd? #= f) + (default-cache-= ttl 820)))) + %base-home-services)))) + ;; keyboxd true, but legacy keyring.gpg + ("dorothee" ,(home-environment + (packages (list gnupg procps)) + (services + (append (list + (service home-gpg-agen= t-service-type + (home-gpg-age= nt-configuration + (default-cac= he-ttl 820) + (use-keyboxd= ? #t)))) + %base-home-services))))= )))) + + (users (cons* + (user-account + (name "alice") =20 + (comment "Bob's sister") + (password (crypt "alice" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "bob") =20 + (comment "Alice's brother") + (password (crypt "bob" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "charles") =20 + (comment "Alice's best friend") + (password (crypt "charles" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + (user-account + (name "dorothee") =20 + (comment "Charle's best friend") + (password (crypt "dorothee" "$6$abc")) + (group "users") + (supplementary-groups '("wheel" "audio" "video"))) + %base-user-accounts)))) + =20 +(define* (run-gnupg-keyboxd-test) + "Run an OS to test four situations related to 'use-keyboxd?' option: +- Alice: 'use-keyboxd?' true, and has no keyring yet. +- Bob: 'use-keyboxd?' unset, and has no keyring. +- Charles: 'use-keyboxd?' false, has a legacy keyring.gpg +- Dorothee: 'use-keyboxd?' true, has a legacy keyring.gpg." + (define os + (marionette-operating-system + %gnupg-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine + (operating-system os))) + + (define test + (with-imported-modules '((gnu build marionette) + (guix build syscalls)) + #~(begin + (use-modules (gnu build marionette) + (guix build syscalls) + (srfi srfi-1) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$vm))) + + (define (marionette-login-user user) + (let ((login (format #f "~a\n" user)) + (file-log (format #f "/home/~a/logged-in" user))) + (for-each + (lambda (cmd) (marionette-type cmd marionette) (sleep 1)) + (list login login + "id -un > logged-in\n" + "printenv \"HOME\" >> logged-in\n")) + (marionette-eval '(use-modules (rnrs io ports)) marionette= ) + (wait-for-file file-log marionette #:read 'get-string-all)= )) + + (define (marionette-create-keyring-for user) + "Ask GnuPG to create a legacy keyring 'pubring.gpg' for USER= , and add a default key in it." + (marionette-eval + `(begin + ;; --chuid, root plays gpg user's role + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--no-default-keyring" + "--keyring" "pubring.gpg" + "--fingerprint") + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--batch" + "--passphrase" "''" + "--quick-gen-key" "" "ed2= 5519")) =20 + marionette)) + + (define (marionette-create-gpgkey-for user) + "Ask GnuPG to create and save a new gpg key for USER." + (marionette-eval + `(begin =20 + (system* #$(file-append gnupg "/bin/gpg") + "-q" + "--chuid" ,user + "--batch" + "--passphrase" "''" + "--quick-gen-key" "" "ed25= 519")) + marionette)) + + (define (marionette-list-keys-for user) + "Ask GnuPG to list the USER's keys." + (marionette-eval + `(begin + (use-modules (ice-9 popen) + (ice-9 textual-ports)) =20 + (let* ((port (open-input-pipe + (format #f "~a -q --chuid ~a --list-keys" + #$(file-append gnupg "/bin/gpg") + ,user))) + (str (get-string-all port)))=20 + (close-pipe port) + str)) + marionette)) + + (test-runner-current (system-test-runner #$output)) + (test-begin "gnupg-keyboxd") + + ;; start tty1 + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'term-tty1)) + marionette) + (sleep 1) + + ;; + ;; Alice tests: 'use-keyboxd?' true, no keyring + ;; + + ;; Alice logs in to initiate gnupg environment + ;; according to its gnupg home service. + (test-equal "Alice: logged on tty1 ('use-keyboxd?' true, no ke= yring)." + "alice\n/home/alice\n" + (marionette-login-user "alice")) + + (test-equal "Alice: create a key that is saved in keyboxd data= base." + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "alice") + (let ((keylist-str (marionette-list-keys-for "alice"))) + (list + (=3D 0 (string-contains keylist-str "[keyboxd]")) + (< 0(string-contains keylist-str "enjoy-guix@gnu.org"))= )))) + + (test-assert "Alice: No 'pubring.kbx' file is created" + (marionette-eval + `(not (file-exists? "/home/alice/.gnupg/pubring.kbx")) + marionette)) + + (test-equal "Alice: 'keyboxd' and 'gpg-agent' are running" + '(0 0) + (marionette-eval + `(list + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent"= ))) + marionette)) + + (test-equal "kill 'gpg-agent', and 'keyboxd'" + '(0 0)=20 + (marionette-eval + `(list + (system* #$(file-append procps "/bin/pkill") "gpg-agent") + (system* #$(file-append procps "/bin/pkill") "keyboxd")) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) + + ;; + ;; Bob tests: 'use-keyboxd?' unset, no keyring. + ;; + =20 + (test-equal "Bob: logged on tty1 ('use-keyboxd?' unset, no key= ring)" + "bob\n/home/bob\n" + (marionette-login-user "bob")) + + (test-assert "Bob: common.conf is NOT created" + (marionette-eval + `(not (file-exists? "/home/bob/.gnupg/common.conf")) + marionette)) + =20 + (test-equal "Bob: create a key, gpg saved it in 'pubring.kbx' = not in keyboxd database." + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "bob") + (let ((keylist-str (marionette-list-keys-for "bob"))) + (list + (=3D 0(string-contains keylist-str "/home/bob/.gnupg/p= ubring.kbx")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org"= )))))) + + (test-equal "Bob: 'keyboxd' is NOT running" + 1 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Bob: 'gpg-agent' is running, kill it" + '(0 0) + (marionette-eval + `(list + (status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent"= )) + (status:exit-val + (system* #$(file-append procps "/bin/pkill") "gpg-agent"= ))) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) + =20 + + ;; + ;; Charles tests: 'use-keyboxd?' false, a legacy keyring pubri= ng.gpg + ;; + + (marionette-create-keyring-for "charles") + + (test-equal "Charles: logged on tty1 (use-keyboxd?' false + le= gacy pubring.gpg)." + "charles\n/home/charles\n" + (marionette-login-user "charles")) + + + (test-equal "Charles: create a key, saved in its legacy pubrin= g.gpg" + '(#t #t) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "charles") + (let ((keylist-str (marionette-list-keys-for "charles"))) + (list + (=3D 0 (string-contains keylist-str "/home/charles/.gnu= pg/pubring.gpg")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org")= ))))) =20 + + (test-equal "Charles: 'keyboxd' is NOT in use" + 1 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Charles: 'gpg-agent' is running" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent")= ) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + (sleep 1) + =20 + + ;; + ;; Dorothee tests: 'use-keyboxd?' true, a legacy keyring pubri= ng.gpg + ;; + + ;;(marionette-create-keyring-for "dorothee") + ;; =3D> gpg don't allow creating keyring when 'use-keyboxd' is= set. + ;; hack and use charles's keyring + (marionette-eval + '(let ((dorothee (getpw "dorothee"))) + (copy-file "/home/charles/.gnupg/pubring.gpg" "/home/doroth= ee/.gnupg/pubring.gpg") + (chown "/home/dorothee/.gnupg/pubring.gpg" (passwd:uid doro= thee) (passwd:gid dorothee))) + marionette) + =20 + (test-equal "Dorothee: logged on tty1 ('use-keyboxd?' true + l= egacy pubring.gpg)." + "dorothee\n/home/dorothee\n" + (marionette-login-user "dorothee")) + + (test-equal "Dorothee: create a key, gpg ignore the legacy pub= ring.gpg and saved it in its keyboxd database." + '(#t #t #f) + (begin + (use-modules (ice-9 regex)) + (marionette-create-gpgkey-for "dorothee") + (let ((keylist-str (marionette-list-keys-for "dorothee"))) + (list + (=3D 0 (string-contains keylist-str "[keyboxd]")) + (< 0 (string-contains keylist-str "enjoy-guix@gnu.org")= ) + (string-contains keylist-str "guiliguilix@gnu.org"))))) + + (test-equal "Dorothee: 'keyboxd' is in use" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "keyboxd")) + marionette)) + + (test-equal "Dorothee: 'gpg-agent' is running" + 0 + (marionette-eval + `(status:exit-val + (system* #$(file-append procps "/bin/pgrep") "gpg-agent")= ) + marionette)) + + ;; Close user session. + (marionette-type "exit\n" marionette) + ;; (sleep 1) + =20 + (test-end)))) + + (gexp->derivation "gnupg-keyboxd" test)) + +(define %test-gnupg-keyboxd + (system-test + (name "gnupg-keyboxd") + (description "Test GnuPG with and without use-keyboxd option.") + (value (run-gnupg-keyboxd-test)))) + + base-commit: efac01f19b65d7d77a98bbfd57fe2073fb13064a --=20 2.49.0