yubikey-agent can't find pinentry

[gador]

Describe the bug

The new change to yubikey-agent here breaks yubikey-agent on NixOS. The upstream library used to be github.com/gopasspw/gopass and switched to github.com/gopasspw/pinentry. This new repo is a copy of the pinentry code of gopass, but without the commit history. Unfortunately the behavior of finding the pinentry binary changed here from just returning pinentry of the PATH variable to actually using gpgconf to determine the path.
gpgconf returns the (hard-coded) path to the relative pinentry binary in the gnupg folder. Since there is none (and the choice of pinentry flavor is left up to the gpg-agent so it didn't concern anyone), it now fails.

This is a known problem of gpgconf, and something that is probably not easily fixed. For reference, here are the somewhat related issues: #92084, #97861.

Steps To Reproduce

Steps to reproduce the behavior:

1. Enable yubikey-agent (services.yubikey-agent.enable)
2. start yubikey-agent

It returns PIN entry program "/nix/store/w1vdk0pi7jakzc8ndwgrzc2z9ic1x1wa-gnupg-2.2.27/bin/pinentry" not found!

Expected behavior

Yubikey-agent should start.

Additional context

I submitted an upstream PR with a small fix that allows the upstream library to fall back to the PATH pinentry when the path returned by gpgconf doesn't exist. See here.
If @dominikschulz agrees with the changes, and yubikey-agent uses the new version of the library, it should work again.

Notify maintainers

@philandstuff and @rawkode

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.10.76, NixOS, 21.11 (Porcupine)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.5pre20211007_844dd90`
 - channels(florian): `"agenix"`
 - channels(root): `"nixos-21.11pre328987.c935f5e0add, agenix, nixpkgs-21.11pre327990.4789953e5c1"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module:

[gador]

Pinentry already approved the PR.
A PR for an updated yubikey-agent is underway.

For anyone interested in testing this, here is the snipped I use in my configuration.nix to override the yubikey-agent version with the commit of the PR:

nixpkgs.overlays = [
      (self: super: {
      # use PR commit here to use new version of pinentry
      yubikey-agent = super.buildGoModule {
        inherit (super.yubikey-agent.drvAttrs)
        pname doCheck nativeBuildInputs buildInputs
        buildPhase installPhase postPatch subPackages postInstall;
        inherit (super.yubikey-agent) meta;
        version = "0.1.5+pr";
        src = super.fetchFromGitHub {
          owner = "FiloSottile";
          repo = "yubikey-agent";
          rev = "8190e59004113c1c5aee031ea37a4a5513900456";
          sha256 = "wV8SYaRQs7vH2qRkbACCmyu/ynQHGllyeLSQMHwUDxs==";
        };
        vendorSha256 = "gTZERpmX/1bXXqjK5jTirXBEo+LAvoBdHF7ugsc0HkE=";
      };
    })
  ];

and yes, it works ;-)

Edit 2021-11-13: Changed Rev and sha256 to reflect changes in Yubikey PR

[philandstuff]

Thanks for the clear bug report, @gador! I don't think there's much we can do until FiloSottile/yubikey-agent#107 is merged, and its maintainer can take months to approve PRs.

[gador]

@philandstuff thanks for looking at the code! I updated my comment and I agree, now we wait.

[philandstuff]

Great, the upstream PR has been merged, now we just need to await a new version tag