Gpg-agent socket activation stopped working

luke-clifton · October 20, 2022, 2:04pm

A few months ago gpg stopped working for me. The symptoms are that it can not find a pinentry program. I can work around this by manually starting the agent, however, I have the following in my configuration.nix which should start it for me.

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

However, journalctl --user -u gpg-agent suggests that the service has not been activated since Sep 21.

$ systemctl --user status gpg-agent.service
○ gpg-agent.service - GnuPG cryptographic agent and passphrase cache
     Loaded: loaded (/etc/systemd/user/gpg-agent.service; linked-runtime; vendor preset: enab>
    Drop-In: /nix/store/plawdzg6rj2993finc1nb0lnkls3ympw-user-units/gpg-agent.service.d
             └─overrides.conf
     Active: inactive (dead)
       Docs: man:gpg-agent(1)

Ok, so I try and start it

$ systemctl --user start gpg-agent.service
Failed to start gpg-agent.service: Unit gpg-agent.socket not found.

And indeed

$ systemctl --user status gpg-agent.socket
Unit gpg-agent.socket could not be found.

Poking around in the directories:

$ cat /etc/systemd/user/gpg-agent.socket
[Unit]
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)

[Socket]
ListenStream=%t/gnupg/S.gpg-agent
FileDescriptorName=std
SocketMode=0600
DirectoryMode=0700

[Install]
WantedBy=sockets.target

$ cat /etc/systemd/user/gpg-agent.socket.d/overrides.conf
[Unit]

[Socket]

Any ideas why the socket activation is suddenly broken?

mmarx · October 21, 2022, 11:34pm

Have you tried explicitly setting programs.gnupg.agent.pinentryFlavor? The documentation says it should default to curses if not set and X11 is not enabled, but indeed the gpg-agent.service is only configured if pinentryFlavor is not null.

luke-clifton · October 24, 2022, 1:09pm

It unfortunately makes no difference. pinentryFlavor is not null by default, so the case were the service isn’t enabled due to pinentryFlavor being null would be hard to hit.

luke-clifton · October 29, 2022, 2:24am

So, it turned out that something had generated some files in ~/.config/systemd which seemed to be overriding the systemd user services set up by NixOS (including gpg-agent). I don’t know what caused those to be created, but they had links into the nix store. I simply deleted the whole ~/config/systemd directory and the problem was solved.