I am using Win11 WSL-Ubuntu 22.04 inside powershell, I installed stand alone home-manager v24.05 using curl and used Nixpkgs v24.05 channel. I removed the existing gpg installation using:
$ sudo apt --purge remove gnupg
$ sudo apt --purge remove gpg
$ sudo apt --purge remove gpg-agent
Afterwards, I setup my gpg setup from Nix HM. I get my git commits signed but there are failed warnings and references to the deleted gpg path all along the way. Am I missing some key gpg config options in Nix home-manager?
If I do home-manager switch, I get this output:
/nix/store/b5gbcz8ay7crirgy9zwmmdzy4xhqrkl6-home-manager-generation
Starting Home Manager activation
Activating checkFilesChanged
Activating checkLinkTargets
Activating writeBoundary
Activating createGpgHomedir
Activating installPackages
replacing old 'home-manager-path'
installing 'home-manager-path'
Activating linkGeneration
Cleaning up orphan links from /home/username
No change so reusing latest profile generation 31
Creating home file links in /home/username
Activating onFilesChange
Activating reloadSystemd
The user systemd session is degraded:
UNIT LOAD ACTIVE SUB DESCRIPTION
● gpg-agent.service loaded failed failed GnuPG cryptographic agent and passphrase cache
● gpg-agent-browser.socket not-found failed failed gpg-agent-browser.socket
● gpg-agent-extra.socket not-found failed failed gpg-agent-extra.socket
● gpg-agent-ssh.socket loaded failed failed GnuPG cryptographic agent (ssh-agent emulation)
Legend: LOAD → Reflects whether the unit definition was properly loaded.
ACTIVE → The high-level unit activation state, i.e. generalization of SUB.
SUB → The low-level unit activation state, values depend on unit type.
4 loaded units listed.
Attempting to reload services anyway...
There are 162 unread and relevant news items.
Read them by running the command "home-manager news".
But if I start a new WSL session, and run command:
$ gpg-agent
Output:
gpg-agent[541531]: gpg-agent running and available
Running this command:
$ systemctl --user status gpg-agent
Output
× gpg-agent.service - GnuPG cryptographic agent and passphrase cache
Loaded: loaded (/home/username/.config/systemd/user/gpg-agent.service; linked; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2024-07-20 19:48:58 +03; 24h ago
TriggeredBy: × gpg-agent-ssh.socket
● gpg-agent.socket
Docs: man:gpg-agent(1)
Main PID: 381562 (code=exited, status=203/EXEC)
Jul 20 19:48:58 win11i12 systemd[390]: Started GnuPG cryptographic agent and passphrase cache.
Jul 20 19:48:58 win11i12 systemd[381562]: gpg-agent.service: Failed to locate executable /usr/bin/gpg-agent: No such file>
Jul 20 19:48:58 win11i12 systemd[381562]: gpg-agent.service: Failed at step EXEC spawning /usr/bin/gpg-agent: No such fle>
Jul 20 19:48:58 win11i12 systemd[390]: gpg-agent.service: Main process exited, code=exited, status=203/EXEC
Jul 20 19:48:58 win11i12 systemd[390]: gpg-agent.service: Failed with result 'exit-code'.
Note the references to Failed at step EXEC spawning /usr/bin/gpg-agent – it seems that systemd is still trying to initialise the gpg-agent from /usr/bin.
$ ls -al ~/.config/systemd/user/
Output:
lrwxrwxrwx 1 username username 104 Jul 21 20:14 gpg-agent-ssh.socket -> /nix/store/lg76kyiz9dims1i5kqmpxksrc930p6ph-home-manager-files/.config/systemd/user/gpg-agent-ssh.socket
lrwxrwxrwx 1 username username 101 Jul 21 20:14 gpg-agent.service -> /nix/store/lg76kyiz9dims1i5kqmpxksrc930p6ph-home-manager-files/.config/systemd/user/gpg-agent.service
lrwxrwxrwx 1 username username 100 Jul 21 20:14 gpg-agent.socket -> /nix/store/lg76kyiz9dims1i5kqmpxksrc930p6ph-home-manager-files/.config/systemd/user/gpg-agent.socket
drwxr-xr-x 2 username username 4096 Jul 21 20:14 sockets.target.wants/
$ cat ~/.gnupg/gpg.conf
Output
cert-digest-algo SHA512
charset utf-8
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
fixed-list-mode
keyid-format 0xlong
list-options show-uid-validity
no-comments
no-emit-version
no-symkey-cache
personal-cipher-preferences AES256 AES192 AES
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
personal-digest-preferences SHA512 SHA384 SHA256
require-cross-certification
s2k-cipher-algo AES256
s2k-digest-algo SHA512
use-agent
verify-options show-uid-validity
with-fingerprint
$ cat ~/.gnupg/gpg-agent.conf
Output:
grab
pinentry-program /nix/store/pgnh0xykd6r78h4s8mn5ixf0bggis9fk-pinentry-curses-1.2.1/bin/pinentry
I generated gpg keys using gpg-tui and set it up with my git config. I can
My ~/.config/home-manager/home.nix file:
{ config, pkgs, ... }:
{
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = "username";
home.homeDirectory = "/home/username";
# Enable XDG
xdg.enable = true;
home.stateVersion = "24.05"; # Please read the comment before changing.
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
};
programs.ssh = {
enable = true;
matchBlocks = {
bserv = {
port = 22;
hostname = "106.403.111.118";
user = "username-c";
identityFile = "${config.home.homeDirectory}/.ssh/id_ssh";
};
};
};
programs.git = {
enable = true;
includes = [
{ path = "~/.git/.config-global"; }
{
path = "~/.git/.config-pri";
condition = "gitdir:wa/pri/";
}
];
aliases = {
ap = "add -p";
aa = "add -A";
};
extraConfig = {
core = {
whitespace = "trailing-space,space-before-tab";
};
};
};
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = [
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
pkgs.openssh
pkgs.curl
pkgs.git
pkgs.rsync
pkgs.neovim
pkgs.gpg-tui
pkgs.xplr
pkgs.wl-clipboard
pkgs.cryptsetup
pkgs.lvm2
pkgs.difftastic
pkgs.ripgrep-all
pkgs.eza
pkgs.fd
pkgs.sd
pkgs.bat
pkgs.fastfetch
pkgs.just
pkgs.nushell
pkgs.ansible
];
home.file = {};
home.sessionVariables = {
};
programs.bash = {
enable = true;
enableCompletion = true;
profileExtra = ''
if [ -f "$HOME/.dotfiles/.profile_base" ]; then
. "$HOME/.dotfiles/.profile_base"
fi
'';
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}