gpg-agent: invert grab and no-grab behavior

The GNU Privacy Guard 2.3 man page for `gpg-agent` describes the
`--grab` and `--no-grab` options as follows:

> Tell the pinentry to grab the keyboard and mouse. This option should
> be used on X-Servers to avoid X-sniffing attacks. Any use of the
> option --grab overrides an used option --no-grab. The default is
> --no-grab.

Therefore Home Manager should explicitly output `grab` when
`cfg.grabKeyboardAndMouse` is true. Previously Home Manager emitted
`no-grab` when `cfg.grabKeyboardAndMouse` was false.

PR #3192
This commit is contained in:
Jim Fowler 2022-08-30 14:18:36 -04:00 committed by Robert Helgesson
parent 5bd66dc6cd
commit 7b512c94ff
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89

View file

@ -216,7 +216,7 @@ in {
{ {
home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n" home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n"
(optional (cfg.enableSshSupport) "enable-ssh-support" (optional (cfg.enableSshSupport) "enable-ssh-support"
++ optional (!cfg.grabKeyboardAndMouse) "no-grab" ++ optional cfg.grabKeyboardAndMouse "grab"
++ optional (!cfg.enableScDaemon) "disable-scdaemon" ++ optional (!cfg.enableScDaemon) "disable-scdaemon"
++ optional (cfg.defaultCacheTtl != null) ++ optional (cfg.defaultCacheTtl != null)
"default-cache-ttl ${toString cfg.defaultCacheTtl}" "default-cache-ttl ${toString cfg.defaultCacheTtl}"