Missing pinentry binary when invoking `gpgconf --check-programs`

Help
1

Hi,

I installed gnupg in home manager (NixOS 24.05) with KDE Plasma 6 using the following:

services.gpg-agent = {
    enabled = true;
    pinentryPackage = lib.mkForce pinentry-qt;
};

I also added pinentry-qt to my user packages in home-manager.

However, I cannot use pinentry at all. I checked ~/.gnupg/gpg-agent.conf and it contains the following lines:

grab
pinentry-program /nix/store/q3vr3pccsw3xyqapi3x139pz1x6694nx-pinentry-qt-1.2.1/bin/pinentry

The --pinentry-program flag in gpg-agent is also missing: ps aux | grep gpg-agent

karl       21093  0.0  0.0 450128  3584 ?        SLsl 23:48   0:00 /nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/gpg-agent --supervised

Likewise, it seems that gnupg is looking for pinentry in the wrong directory which has the pinentry program missing and it’s not using the pinentry-qt I configured. I checked that this is accessible from my shell and it is… When running gpgconf --check-programs, this is the output.

gpgconf: error running '/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/pinentry': probably not installed
gpg:OpenPGP:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/gpg:1:1:
gpgsm:S/MIME:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/gpgsm:1:1:
keyboxd:Public Keys:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/libexec/keyboxd:1:1:
gpg-agent:Private Keys:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/gpg-agent:1:1:
scdaemon:Smartcards:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/libexec/scdaemon:1:1:
tpm2daemon:TPM:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/libexec/tpm2daemon:1:1:
dirmngr:Network:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/pinentry:0:0:

Likewise, invoking systemctl --user status gpg-agent.socket shows:

● gpg-agent.service - GnuPG cryptographic agent and passphrase cache
     Loaded: loaded (/home/karl/.config/systemd/user/gpg-agent.service; linked; preset: enabled)
     Active: active (running) since Thu 2024-11-14 23:48:49 PST; 9min ago
TriggeredBy: ● gpg-agent.socket
       Docs: man:gpg-agent(1)
   Main PID: 21093 (gpg-agent)
      Tasks: 5 (limit: 16567)
     Memory: 1.4M (peak: 2.5M)
        CPU: 29ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/gpg-agent.service
             ├─21093 /nix/store/4zisizdxx9liz7vr8w29zjf8d66g1bdn-gnupg-2.4.5/bin/gpg-agent --supervised
             └─25072 scdaemon --multi-server

Nov 14 23:48:49 fireking systemd[1527]: Started GnuPG cryptographic agent and passphrase cache.
Nov 14 23:48:49 fireking gpg-agent[21093]: gpg-agent[21093]: WARNING: "--supervised" is a deprecated option
Nov 14 23:48:49 fireking gpg-agent[21093]: gpg-agent (GnuPG) 2.4.5 starting in supervised mode.
Nov 14 23:48:49 fireking gpg-agent[21093]: using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Nov 14 23:48:49 fireking gpg-agent[21093]: listening on: std=3 extra=-1 browser=-1 ssh=-1

which gives me no clue what’s wrong at all. Is there anything I’m missing?

Any help would be appreciated.

2

Did you reboot after changing the pinentry setting?

3

Yes. The post is here after I have done home-manager switch and then reboot.

4

Then I am out of ideas, in my past all the pinentry related problems were solved by a restart…