Nixpkgs: pass, gpg: decryption failed: No secret key

Created on 12 Dec 2019 · 6Comments · Source: NixOS/nixpkgs

Describe the bug

[2] milan@nixos> pass show firefox                                                                                                    ~
gpg: decryption failed: No secret key
[2] milan@nixos>

To Reproduce

Current nixpkgs master, on NixOS.

Expected behavior

pass asks for master password and then shows whatever it should.

It used to work pretty fine up until ~two weeks old master.

When I boot that older instance of NixOS pass works as expected.

Metadata

Please run nix run nixpkgs.nix-info -c nix-info -m and paste the result.

milan@nixos> nix run nixpkgs.nix-info -c nix-info -m                                                                 /etc/nixos/nixpkgs
error: attribute 'nixpkgs' in selection path 'nixpkgs.nix-info' not found

bug

Source

tex

Most helpful comment

@devhell Thank you! This fixed it. Wondering if there is something I should have checked before asking here. Some change log, recommended settings, ...

tex on 12 Dec 2019

👍2 😄1

All 6 comments

Looks like gpg is unable to find pinentry. Could you try adding a line like this to your ~/.gnupg/gpg-agent.conf:

pinentry-program /nix/store/584m9sr7snb82a0421rjg0v9jgagqk26-pinentry-1.1.0/bin/pinentry

and then kill gpg-agent if it is running so that it reloads the config. The store path above can be obtained from nix-build -E 'with import <nixpkgs> {}; pinentry' and might be different for you depending on your nixpkgs version.

mat8913 on 12 Dec 2019

There was a change recently (sorry don't have time to find it right now) that caused this. However, you can easily fix it by adding the following to your configuration.nix:

programs.gnupg.agent.enable = true;

Hope it works out for you :)

devhell on 12 Dec 2019

@devhell Thank you! This fixed it. Wondering if there is something I should have checked before asking here. Some change log, recommended settings, ...

tex on 12 Dec 2019

👍2 😄1

Yeah, it's in the manual actually, although it's not very visible if you don't know what you're looking for exactly.

devhell on 12 Dec 2019

This is now broken on nixos-unstable too. If it is an intentional backwards incompatibility which will require users to update their configs, we should make sure we document it in the release notes for 20.03.