X-Loop: help-debbugs@HIDDEN
Subject: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'.
Resent-From: =?UTF-8?Q?S=C3=A9bastien?= Farge <sebastien-farge@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 15 Apr 2025 14:16:01 +0000
Resent-Message-ID: <handler.77826.B.174472651721848 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 77826
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 77826 <at> debbugs.gnu.org
Cc: =?UTF-8?Q?S=C3=A9bastien?= Farge <sebastien-farge@HIDDEN>
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.174472651721848
(code B ref -1); Tue, 15 Apr 2025 14:16:01 +0000
Received: (at submit) by debbugs.gnu.org; 15 Apr 2025 14:15:17 +0000
Received: from localhost ([127.0.0.1]:52918 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u4h4G-0005fX-IV
for submit <at> debbugs.gnu.org; Tue, 15 Apr 2025 10:15:17 -0400
Received: from lists.gnu.org ([2001:470:142::17]:55518)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <sebastien-farge@HIDDEN>)
id 1u4h4D-0005ao-69
for submit <at> debbugs.gnu.org; Tue, 15 Apr 2025 10:15:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sebastien-farge@HIDDEN>)
id 1u4h44-0004aA-Pb
for guix-patches@HIDDEN; Tue, 15 Apr 2025 10:15:05 -0400
Received: from smtp-outgoing-1901.laposte.net ([160.92.124.105])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sebastien-farge@HIDDEN>)
id 1u4h41-0004UV-AT
for guix-patches@HIDDEN; Tue, 15 Apr 2025 10:15:04 -0400
X-mail-filterd: {"version":"1.9.1","queueID":"4ZcR4R6tCtz10MQS","contextId":
"cc77c4a7-3825-441b-8f1a-834bce888b77"}
Received: from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1])
by mlpnf0120.laposte.net (SMTP Server) with ESMTP id 4ZcR4R6tCtz10MQS;
Tue, 15 Apr 2025 16:14:47 +0200 (CEST)
X-mail-filterd: {"version":"1.9.1","queueID":"4ZcR4R3pnMz10MQQ","contextId":
"d5861a15-366d-4b90-ad7b-0c65d89dda42"}
X-lpn-mailing: LEGIT
X-lpn-spamrating: 40
X-lpn-spamlevel: not-spam
Received: from localhost (91-173-200-211.subs.proxad.net [91.173.200.211])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
SHA256) (No client certificate requested)
by mlpnf0120.laposte.net (SMTP Server) with ESMTPSA id 4ZcR4R3pnMz10MQQ;
Tue, 15 Apr 2025 16:14:47 +0200 (CEST)
From: =?UTF-8?Q?S=C3=A9bastien?= Farge <sebastien-farge@HIDDEN>
Date: Tue, 15 Apr 2025 16:13:40 +0200
Message-ID: <20250415141428.3407-1-sebastien-farge@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laposte.net; s=lpn-wlmd;
t=1744726490; bh=KFGJnLZQ850+53AAqJksma23ghy3e42vaqdSqVWYn+M=;
h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=n7fL0Mp72iydL4r6MzdtW1dCqLLEtL+PXMpt5yoAGyls2u/mbe1Nf6459Hz2IeJCP/DdbR+XeXoUfKexKEe10VurGX0D4QktPBSnRjy2HVGuuTEuoiE3+DcTdS3sNsZ/tZkGa717YdgkuauJHIvQlxyuqIJkBuvpo8CZRRILbHNgG2CMY1eZGxWr2E7sth62gVevF1d514PGlLycUy/0CIpoej/bb/MJ/HpjKTNxxT1eDzZAiF0Gn0HeiZdb52Jmk+O0UYyMZS98KKhxVJYUgRx5/ZJlZO1xM9PnhBDnTbxyHbd36G32nAI94GwMnLDsFmAqtXQYPJDUlT8ExMO54g==;
Received-SPF: pass client-ip=160.92.124.105;
envelope-from=sebastien-farge@HIDDEN; helo=smtp-outgoing-1901.laposte.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)
* gnu/home/services/gnupg.scm: New parameter.
* doc/guix.texi (GNU Privacy Guard): New description.
* gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if bot=
h works
Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
---
doc/guix.texi | 5 +
gnu/home/services/gnupg.scm | 18 ++-
gnu/tests/gnupg.scm | 246 ++++++++++++++++++++++++++++++++++++
3 files changed, 268 insertions(+), 1 deletion(-)
create mode 100644 gnu/tests/gnupg.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..46b2115aad 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -49076,6 +49076,11 @@ Whether to enable @acronym{SSH,secure shell} sup=
port. When true,
@command{ssh-agent} program, taking care of OpenSSH secret keys and
directing passphrase requests to the chosen Pinentry program.
=20
+@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
+Whether to enable keyboxd and its keybox database instead of usual keyri=
ng. When true,
+@command{gpg-agent} call @command{keyboxd} who take care of keys managem=
ent process and database.=20
+The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyb=
oxd} for the switch to happen.
+
@item @code{default-cache-ttl} (default: @code{600}) (type: integer)
Time a cache entry is valid, in seconds.
=20
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 7fc99f793a..f7691f38e0 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -31,6 +31,7 @@ (define-module (gnu home services gnupg)
home-gpg-agent-configuration-gnupg
home-gpg-agent-configuration-pinentry-program
home-gpg-agent-configuration-ssh-support?
+ home-gpg-agent-configuration-use-keyboxd?
home-gpg-agent-configuration-default-cache-ttl
home-gpg-agent-configuration-max-cache-ttl
home-gpg-agent-configuration-max-cache-ttl-ssh
@@ -66,6 +67,11 @@ (define-configuration/no-serialization home-gpg-agent-=
configuration
@command{gpg-agent} acts as a drop-in replacement for OpenSSH's
@command{ssh-agent} program, taking care of OpenSSH secret keys and dire=
cting
passphrase requests to the chosen Pinentry program.")
+ (use-keyboxd?
+ (boolean #f)
+ "Whether to enable keyboxd and its keybox database instead of usual k=
eyring. When true,
+@command{gpg-agent} call @command{keyboxd} who take care of keys managem=
ent process and database.=20
+The @file{~/.gnupg/common.conf} is created with parameter @code{use-keyb=
oxd} for the switch to happen.")
(default-cache-ttl
(integer 600)
"Time a cache entry is valid, in seconds.")
@@ -101,6 +107,13 @@ (define (home-gpg-agent-configuration-file config)
(number->string max-cache-ttl-ssh) "\n"
extra-content)))
=20
+(define (home-gpg-common-configuration-file config)
+ "Return the @file{common.conf} file for @var{config}."
+ (match-record config <home-gpg-agent-configuration>
+ (use-keyboxd?)
+ (mixed-text-file "common.conf" "use-keyboxd\n")))
+
+
(define (home-gpg-agent-shepherd-services config)
"Return the possibly-empty list of Shepherd services for @var{config}.=
"
(match-record config <home-gpg-agent-configuration>
@@ -134,7 +147,10 @@ (define (home-gpg-agent-shepherd-services config)
'())))
=20
(define (home-gpg-agent-files config)
- `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)=
)))
+ (let ((files (cons `(".gnupg/gpg-agent.conf" ,(home-gpg-agent-configur=
ation-file config)) '())))
+ (if (home-gpg-agent-configuration-use-keyboxd? config)=20
+ (cons `(".gnupg/common.conf" ,(home-gpg-common-configuration-fil=
e config)) files)
+ files)))
=20
(define (home-gpg-agent-environment-variables config)
"Return GnuPG environment variables needed for @var{config}."
diff --git a/gnu/tests/gnupg.scm b/gnu/tests/gnupg.scm
new file mode 100644
index 0000000000..6be26b0073
--- /dev/null
+++ b/gnu/tests/gnupg.scm
@@ -0,0 +1,246 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2017, 2018 Cl=C3=A9ment Lassieur <clement@lassieur.=
org>
+;;; Copyright =C2=A9 2017 Marius Bakke <mbakke@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (a=
t
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests gnupg)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services guix)
+ #:use-module (gnu system shadow)=20
+ #:use-module (gnu services base)
+ #:use-module (gnu home)
+ #:use-module (gnu home services gnupg)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages base)
+ #:use-module (guix gexp)
+ #:export (%test-gnupg-keyboxd))
+
+(define %keyboxd-home
+ (home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820)
+ (use-keyboxd? #t))))
+ %base-home-services))
+ ))
+
+(define %keyring-home
+ (home-environment
+ (packages (list gnupg procps))
+ (services
+ (append (list
+ (service home-gpg-agent-service-type
+ (home-gpg-agent-configuration
+ (default-cache-ttl 820))))
+ %base-home-services))
+ ))
+
+(define %gnupg-os
+ (operating-system
+ (inherit (simple-operating-system (service guix-home-service-type `(=
("alice" ,%keyboxd-home)
+ =
("bob" ,%keyring-home)))))
+
+ (users (cons*
+ (user-account
+ (name "alice") =20
+ (comment "Bob's sister")
+ (password (crypt "alice" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ (user-account
+ (name "bob") =20
+ (comment "Alice's brother")
+ (password (crypt "bob" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ ))
+ =20
+(define* (run-gnupg-keyboxd-test)
+ "Run an OS using gnupg with and without keyboxd using 'use-keyboxd'? c=
onfiguration option."
+ (define os
+ (marionette-operating-system
+ %gnupg-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette)
+ (guix build syscalls))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (guix build syscalls)
+ (srfi srfi-1)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (define (file-get-all-strings fname)
+ (marionette-eval '(use-modules (rnrs io ports)) marionette)
+ (wait-for-file fname marionette #:read 'get-string-all))
+
+ (define (vm-type cmd-or-list)
+ (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cm=
d-or-list))))
+ (for-each
+ (lambda (cmd) (marionette-type cmd marionette) (sleep 1))
+ cmd-list)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "gnupg-keyboxd")
+ =20
+ (test-equal "Alice is logged on tty1"
+ "alice\n"
+ (begin
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'term-tty1))
+ marionette)
+ (vm-type (list
+ "alice\n"
+ "alice\n"
+ "id -un > alice.log\n"))
+ (file-get-all-strings "/home/alice/alice.log")))
+
+ (test-assert "Alice .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/alice/.gnupg")
+ marionette))
+ =20
+ (test-equal "Alice gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/alice/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/alice/.gnupg/gpg-agent.conf"=
)))
+ marionette))
+
+ (test-equal "Alice common.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/alice/.gnupg/common.conf")
+ (stat:type (lstat "/home/alice/.gnupg/common.conf")))
+ marionette))
+
+ (test-equal "Alice common.conf has keyboxd option set"
+ "use-keyboxd\n"
+ (file-get-all-strings "/home/alice/.gnupg/common.conf"))
+
+ (test-equal "Alice create a key that is saved in keybox format=
"
+ '("[keyboxd]" "enjoyguix")
+ (begin
+ (vm-type (list "gpg --batch --passphrase '' --quick-gen-ke=
y '<enjoyguix>' ed25519\n"
+ "gpg --list-keys > keybox\n"))
+ (let* ((output (file-get-all-strings "/home/alice/keybox")=
)
+ (keyboxd-hdr (if (string-contains output "[keyboxd]=
") "[keyboxd]" "fail"))
+ (key-id (if (string-contains output "enjoyguix") "e=
njoyguix" "fail")))
+ (list keyboxd-hdr key-id))
+ )
+ )
+
+ (test-assert "Alice private keys are registered"
+ (marionette-eval
+ `(file-exists? "/home/alice/.gnupg/private-keys-v1.d")
+ marionette))
+
+ (test-equal "Alice has keyboxd running at home"
+ 0
+ (marionette-eval
+ `(system* #$(file-append procps "/bin/pgrep") "keyboxd")
+ marionette))
+
+ ;; bob use gpg-agent
+ (test-equal "Bob is logged now"
+ "bob\n"
+ (begin
+ (vm-type
+ (list
+ "exit\n"
+ "bob\n"
+ "bob\n"
+ "id -un > logged-in\n"))
+ (file-get-all-strings "/home/bob/logged-in")))
+
+ (test-equal "Bob is at home"
+ "/home/bob\n"
+ (begin
+ (vm-type (list "printenv \"HOME\" > home.bob\n"))
+ (file-get-all-strings "/home/bob/home.bob")
+ ))
+
+ (test-assert "Bob .gnupg dir is created"
+ (marionette-eval
+ `(file-exists? "/home/bob/.gnupg")
+ marionette))
+ =20
+ (test-equal "Bob gpg-agent.conf exists and is a symlink"
+ 'symlink
+ (marionette-eval
+ `(and (file-exists? "/home/bob/.gnupg/gpg-agent.conf")
+ (stat:type (lstat "/home/bob/.gnupg/gpg-agent.conf"))=
)
+ marionette))
+
+ (test-assert "Bob common.conf doesn't exists"
+ (marionette-eval
+ `(not (file-exists? "/home/bob/.gnupg/common.conf"))
+ marionette))
+
+ (test-equal "Bob create a key that is saved in a pubring"
+ '("pubring" "enjoyguix")
+ (begin
+ (vm-type (list "gpg --batch --passphrase '' --quick-gen-ke=
y '<enjoyguix>' ed25519\n"
+ "gpg --list-keys > keybox\n"))
+ (let* ((output (file-get-all-strings "/home/bob/keybox"))
+ (agent-hdr (if (string-contains output "/home/bob/.=
gnupg/pubring.kbx") "pubring" (format #f "fail with ~s" output)))
+ (key-id (if (string-contains output "enjoyguix") "e=
njoyguix" (format #f "fail with ~s" output))))
+ (list agent-hdr key-id))
+ )
+ )
+
+ (test-assert "Bob private keys are registered"
+ (marionette-eval
+ `(file-exists? "/home/bob/.gnupg/private-keys-v1.d")
+ marionette))
+
+ (test-equal "Bob has gpg-agent running at home"
+ 0
+ (marionette-eval
+ `(system* #$(file-append procps "/bin/pgrep") "gpg-agent")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "gnupg-keyboxd" test))
+
+(define %test-gnupg-keyboxd
+ (system-test
+ (name "gnupg-keyboxd")
+ (description "Test gnupg using keyboxd or keyring.")
+ (value (run-gnupg-keyboxd-test))))
+
+
--=20
2.48.1
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: =?UTF-8?Q?S=C3=A9bastien?= Farge <sebastien-farge@HIDDEN> Subject: bug#77826: Acknowledgement ([PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'.) Message-ID: <handler.77826.B.174472651721848.ack <at> debbugs.gnu.org> References: <20250415141428.3407-1-sebastien-farge@HIDDEN> X-Gnu-PR-Message: ack 77826 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 77826 <at> debbugs.gnu.org Date: Tue, 15 Apr 2025 14:16:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 77826 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 77826: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D77826 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#77826] [PATCH] home: home-gpg-agent-service: add new parameter 'use-keyboxd?'.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Wed, 16 Apr 2025 16:27:03 +0000
Resent-Message-ID: <handler.77826.B77826.174482080928870 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 77826
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: =?UTF-8?Q?S=C3=A9bastien?= Farge <sebastien-farge@HIDDEN>
Cc: 77826 <at> debbugs.gnu.org
Received: via spool by 77826-submit <at> debbugs.gnu.org id=B77826.174482080928870
(code B ref 77826); Wed, 16 Apr 2025 16:27:03 +0000
Received: (at 77826) by debbugs.gnu.org; 16 Apr 2025 16:26:49 +0000
Received: from localhost ([127.0.0.1]:40834 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u55b3-0007Uw-3e
for submit <at> debbugs.gnu.org; Wed, 16 Apr 2025 12:26:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:35024)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u55a7-0007NN-W3
for 77826 <at> debbugs.gnu.org; Wed, 16 Apr 2025 12:25:48 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u55a2-0004QP-4A; Wed, 16 Apr 2025 12:25:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=Pv47fTSO93247K67gvmfK5sMbaFHqw/ZR1ooBBqkg/8=; b=IayGrirNApeu5O/FjD47
huStaSaYurot9oF+td+pWxs7aCHeW0IVv7soMDkFLwZitw2liqXPbGEz3gPL/YQ/Wpd/OfJO2teit
PqiKTmX+vJGiuiTpJMopoqlRLaInJscnN8vF3AJ3rD5w94IeoAm1VmqfriMCHRBCrDbyXeRYYZMKy
0NY9Z8ysDwoiw0X1QGhUGwLyrJbumDICYnZN6kpKK2tq0qbt8qPkOd9hg+ylO+2FPh1DM34RFPjfh
ljwH6afffsiOxnJkn6j1vVj5pnIy+D2dr4Bu0jVS7t/4rVygQDkXo4+zW4J7UxAIjjAvoiW8JL/+k
+gnWbUdwLEoCFA==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <20250415141428.3407-1-sebastien-farge@HIDDEN>
("=?UTF-8?Q?S=C3=A9bastien?=
Farge"'s message of "Tue, 15 Apr 2025 16:13:40 +0200")
References: <20250415141428.3407-1-sebastien-farge@HIDDEN>
Date: Wed, 16 Apr 2025 17:45:29 +0200
Message-ID: <87mscg9kkm.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi S=C3=A9bastien,
S=C3=A9bastien Farge <sebastien-farge@HIDDEN> writes:
> * gnu/home/services/gnupg.scm: New parameter.
> * doc/guix.texi (GNU Privacy Guard): New description.
> * gnu/tests/gnupg.scm: Alice use keyboxd, Bob normal keyring, test if bot=
h works
>
> Change-Id: I27b4f686086b9740943dbb5347a14ada245cc9fb
Nice!
Overall LGTM. Some comments below.
Please add the new file to =E2=80=98gnu/local.mk=E2=80=99 next to its frien=
ds.
> +@item @code{use-keyboxd?} (default: @code{#f}) (type: boolean)
> +Whether to enable keyboxd and its keybox database instead of usual keyri=
ng. When true,
> +@command{gpg-agent} call @command{keyboxd} who take care of keys managem=
ent process and database.=20
=E2=80=9C@command{gpg-agent} spawns a separate @command{keyboxd} process, w=
hich
is responsible for managing the key database.=E2=80=9D
Nitpick: Please leave two spaces after end-of-sentence periods.
It=E2=80=99s the first time I hear about keyboxd and the gnupg manual doesn=
=E2=80=99t
say much about it. When would you set it to #true?
> +(define (home-gpg-common-configuration-file config)
> + "Return the @file{common.conf} file for @var{config}."
> + (match-record config <home-gpg-agent-configuration>
> + (use-keyboxd?)
> + (mixed-text-file "common.conf" "use-keyboxd\n")))
You can remove =E2=80=98match-record=E2=80=99 altogether.
> +++ b/gnu/tests/gnupg.scm
> @@ -0,0 +1,246 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright =C2=A9 2016-2022, 2024 Ludovic Court=C3=A8s <ludo@HIDDEN>
> +;;; Copyright =C2=A9 2017, 2018 Cl=C3=A9ment Lassieur <clement@lassieur.=
org>
> +;;; Copyright =C2=A9 2017 Marius Bakke <mbakke@HIDDEN>
I think this is inaccurate. :-)
Very nice that you wrote tests for this!
> + (service home-gpg-agent-service-type
> + (home-gpg-agent-configuration
> + (default-cache-ttl 820))))
> + %base-home-services))
> + ))
No lonely parens please (throughout this file.)
> +(define %gnupg-os
> + (operating-system
> + (inherit (simple-operating-system (service guix-home-service-type `(=
("alice" ,%keyboxd-home)
> + =
("bob" ,%keyring-home)))))
> +
Please insert a newline after =E2=80=98simple-operating-system=E2=80=99.
> + (define (file-get-all-strings fname)
s/file-get-all-strings/file-contents/ maybe?
And s/fname/file/ (this is what=E2=80=99s usually done).
> + (define (vm-type cmd-or-list)
> + (let ((cmd-list (if (list? cmd-or-list) cmd-or-list (list cm=
d-or-list))))
Avoid polymorphic procedures; have it take either a list of a string.
> +(define %test-gnupg-keyboxd
> + (system-test
> + (name "gnupg-keyboxd")
> + (description "Test gnupg using keyboxd or keyring.")
s/gnupg/GnuPG/
=E2=80=9Cusing both keyboxd and a local keyring=E2=80=9D maybe?
Could you send an updated patch?
Thanks!
Ludo=E2=80=99.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.