[PATCH] home: Set 700 permissions on .gnupg with home-gpg-agent-service

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Richard Sent
Owner
unassigned
Submitted by
Richard Sent
Severity
normal

Debbugs page

Richard Sent wrote 8 months ago
(address . guix-patches@gnu.org)(name . Richard Sent)(address . richard@freakingpenguin.com)
435c04edbcf2dccbe9714a88c2fa9b75255de100.1719598591.git.richard@freakingpenguin.com
* gnu/home/services/gnupg.scm (gpg-agent-activation): New variable.
(home-gpg-agent-service-type) [extensions]: Extend
home-activation-service-type.

Change-Id: If3365c6cade2b03ee53a466ce1d63a5cdf654d6c
---

Followed a similar structure as openssh-activation in (gnu home
services ssh).

gnu/home/services/gnupg.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)

Toggle diff (43 lines)
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 04989666ed..1bd1deae5c 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -19,6 +19,7 @@
(define-module (gnu home services gnupg)
#:use-module (guix gexp)
+ #:use-module (guix modules)
#:use-module ((guix records) #:select (match-record))
#:use-module (gnu services)
#:use-module (gnu services configuration)
@@ -142,6 +143,17 @@ (define (home-gpg-agent-environment-variables config)
. "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"))
'()))
+(define gpg-agent-activation
+ (with-imported-modules (source-module-closure
+ '((gnu build activation)))
+ #~(begin
+ (use-modules (gnu build activation))
+
+ ;; Make sure ~/.gnupg is #o700.
+ (let* ((home (getenv "HOME"))
+ (dot-ssh (string-append home "/.gnupg")))
+ (mkdir-p/perms dot-ssh (getpw (getuid)) #o700)))))
+
(define home-gpg-agent-service-type
(service-type
(name 'home-gpg-agent)
@@ -150,6 +162,8 @@ (define home-gpg-agent-service-type
home-gpg-agent-files)
(service-extension home-shepherd-service-type
home-gpg-agent-shepherd-services)
+ (service-extension home-activation-service-type
+ (const gpg-agent-activation))
(service-extension home-environment-variables-service-type
home-gpg-agent-environment-variables)))
(default-value (home-gpg-agent-configuration))

base-commit: ae55410e0752000268b31c71dddea58e6106522a
--
2.45.1
Ludovic Courtès wrote 8 months ago
(name . Richard Sent)(address . richard@freakingpenguin.com)
871q3gcd7d.fsf@gnu.org
Richard Sent <richard@freakingpenguin.com> skribis:

Toggle quote (6 lines)
> * gnu/home/services/gnupg.scm (gpg-agent-activation): New variable.
> (home-gpg-agent-service-type) [extensions]: Extend
> home-activation-service-type.
>
> Change-Id: If3365c6cade2b03ee53a466ce1d63a5cdf654d6c

Applied, thanks!
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 71826@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 71826
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help