local gpg-agent acting as ssh-agent should yield (#667) (#2253)

* gpg-agent: local agent acting as ssh-agent should yield

This happens commonly if someone using home manager with gpg-agent
acting as ssh-agent on both machines.

@rycee brought up how gpg-itself has some support for agents on both
ends, but in that case one is forwarding the gpg-agent socket rather
than forwardning the gpg-agent-as-ssh-agent socket. There is no need to
forward both.

So I think this is a good default:

 - Forward just gpg-agent socket and this doesn't matter.

 - Forward just the ssh-agent socket and this does the right thing.

 - Forward both sockets and now the ssh one takes priority instead, but
   forwarding both was always a silly thing to do.

Fix #667

* Update modules/services/gpg-agent.nix

Co-authored-by: Nicolas Berbiche <nic.berbiche@gmail.com>

Co-authored-by: Nicolas Berbiche <nic.berbiche@gmail.com>
This commit is contained in:
John Ericson 2021-08-21 01:43:41 -04:00 committed by GitHub
parent bf6b85136b
commit 4367119ca3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -203,10 +203,11 @@ in
[ cfg.extraConfig ]
);
home.sessionVariables =
optionalAttrs cfg.enableSshSupport {
SSH_AUTH_SOCK = "$(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)";
};
home.sessionVariablesExtra = optionalString cfg.enableSshSupport ''
if [[ -z "$SSH_AUTH_SOCK" ]]; then
export SSH_AUTH_SOCK="$(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)"
fi
'';
programs.bash.initExtra = gpgInitStr;
programs.zsh.initExtra = gpgInitStr;