Re: Guix Home: SSH won't ask for GPG password
Hi, What does the output of the command: ssh-add -L show? Are the keys represented by the agent? On 2023-10-05, 09:18 -0700, Caleb Herbert wrote: > Guix System. > > In home-configuration.scm: > (service home-gpg-agent-service-type > (home-gpg-agent-configuration > (pinentry-program > (file-append pinentry-gnome3 "/bin/pinentry")) > (ssh-support? #t))) > > caleb@bender ~$ ssh c...@tty.sdf.org > c...@tty.sdf.org's password: > > This shouldn't happen. Pinentry should come up and ask me for my GPG password. > > gpg-agent.conf looks normal. > > caleb@bender ~$ cat /home/caleb/.gnupg/gpg-agent.conf > pinentry-program > /gnu/store/6rlqjdc9ginn4gnkwg8mhqwm015phhrm-pinentry-gnome3-1.2.1/bin/pinentry > default-cache-ttl 600 > max-cache-ttl 7200 > default-cache-ttl-ssh 1800 > max-cache-ttl-ssh 7200 > caleb@bender ~$ gpg-agent.conf LGTM, except for the lack of enable-ssh-support. But sheperd runs gpg with the --enable-ssh-support option. -- Best regards, Aleksandr Vityazev
Re: Guix Home: SSH won't ask for GPG password
Maxim Cournoyer wrote ..
> What do you mean by "still" ? It must have worked at some point? What
> changed in your configuration?
I don't know when it last worked. I think it stopped working when I added a
package.
Here is my full config:
;; This "home-environment" file can be passed to 'guix home reconfigure'
;; to reproduce the content of your profile. This is "symbolic": it only
;; specifies package names. To reproduce the exact same profile, you also
;; need to capture the channels being used, as returned by "guix describe".
;; See the "Replicating Guix" section in the manual.
(use-modules (gnu home)
(gnu packages)
(gnu packages gnupg)
(gnu services)
(guix gexp)
(gnu home services shells)
(gnu home services gnupg))
(home-environment
;; Below is the list of packages that will show up in your
;; Home profile, under ~/.guix-home/profile.
(packages (specifications->packages (list "emacs"
"password-store"
"pinentry"
"gnupg"
"evolution"
"icecat"
"git"
"mosh"
"wgetpaste"
"evolution-data-server"
"dino")))
;; Below is the list of Home services. To search for available
;; services, run 'guix home search KEYWORD' in a terminal.
(services
(list (service home-bash-service-type
(home-bash-configuration
(aliases '(("grep" . "grep --color=auto") ("ll" . "ls -l")
("ls" . "ls -p --color=auto")))
(bashrc (list (local-file ".bashrc" "bashrc")))
(bash-profile (list (local-file ".bash_profile"
"bash_profile")
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program
(file-append pinentry "/bin/pinentry"))
(ssh-support? #t))
caleb@bender ~$ guix describe
Generation 1Oct 04 2023 20:25:40(current)
guix 20df2ee
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 20df2ee697bb5057a476a926a363d71cc8944c84
caleb@bender ~$
--
Caleb
https://bluehome.net/csh/
Re: Guix Home: SSH won't ask for GPG password
Hi Caleb, Caleb Herbert writes: > Maxim Cournoyer wrote .. >> I now use the canonical 'pinentry' package, which seems most featureful. > > Changed to plain "pinentry". > > (service home-gpg-agent-service-type > (home-gpg-agent-configuration >(pinentry-program > (file-append pinentry "/bin/pinentry")) >(ssh-support? #t))) > > > I still get an error when trying to reconfigure. What do you mean by "still" ? It must have worked at some point? What changed in your configuration? > Loading /gnu/store/2hwp7i1xn24rlsnwmcc8hpbdynznv4an-shepherd.conf. > herd: error: exception caught while executing 'load' on service 'root': > In procedure fport_write: Input/output error > Comparing > /gnu/store/3jphbp9sisp54nshd8dimrnn4lks3p4d-home/profile/share/fonts and > > /gnu/store/vkkl9ymxkcq5a72z42rm4yx573k0wk1f-home/profile/share/fonts... done > (same) > Evaluating on-change gexps. > > On-change gexps evaluation finished. Hm. I'm not sure what that is trying to say, other than there was some error in the service definition. -- Thanks, Maxim
Re: Guix Home: SSH won't ask for GPG password
Hi, Caleb Herbert writes: > Guix System. > > In home-configuration.scm: > (service home-gpg-agent-service-type > (home-gpg-agent-configuration > (pinentry-program > (file-append pinentry-gnome3 "/bin/pinentry")) > (ssh-support? #t))) > > caleb@bender ~$ ssh c...@tty.sdf.org > c...@tty.sdf.org's password: > > This shouldn't happen. Pinentry should come up and ask me for my GPG password. > > gpg-agent.conf looks normal. > > caleb@bender ~$ cat /home/caleb/.gnupg/gpg-agent.conf > pinentry-program > /gnu/store/6rlqjdc9ginn4gnkwg8mhqwm015phhrm-pinentry-gnome3-1.2.1/bin/pinentry > default-cache-ttl 600 > max-cache-ttl 7200 > default-cache-ttl-ssh 1800 > max-cache-ttl-ssh 7200 I don't use guix home, but my hand-crafted gpg-agent.conf reads like: --8<---cut here---start->8--- # PIN entry program enable-ssh-support allow-emacs-pinentry # Remember GPG/SSH passwords for longer. default-cache-ttl 28800 # cache GPG on access for 8 hours max-cache-ttl 57600 # keep GPG on cache for a maximum of 16 hours default-cache-ttl-ssh 28800 # cache SSH on access for 8 hours max-cache-ttl-ssh 57600 # keep SSH on cache for a maximum of 16 hours --8<---cut here---end--->8--- Also, it could be caused by the pinentry-gnome3 variant. I remember wrestling with a similar problem in the past, only to find out that it was limited. I now use the canonical 'pinentry' package, which seems most featureful. HTH, -- Maxim
