From 88aedcdca0aac7653fa4553a3276659415305fb4 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Sat, 20 May 2017 09:36:55 -0400
Subject: yubikey: Fix gpg-agent tty.

---
 config/yubikey.nix | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/config/yubikey.nix b/config/yubikey.nix
index 275a645..6275de0 100644
--- a/config/yubikey.nix
+++ b/config/yubikey.nix
@@ -13,7 +13,6 @@ let
 in
 {
   services.pcscd.enable = true;
-  environment.systemPackages = yubikey-pkgs;
   services.udev.packages = yubikey-pkgs;
 
   # Use GPG agent instead.
@@ -32,8 +31,19 @@ in
     };
   };
 
-  environment.variables = {
-    SSH_AUTH_SOCK =
-        ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh'';
+  environment = {
+    systemPackages = yubikey-pkgs;
+
+    # Without this, the gpg-agent has no way to ask the user for a password
+    # when invoked from ssh.
+    # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851440
+    extraInit = ''
+      gpg-connect-agent updatestartuptty /bye
+    '';
+
+    variables = {
+      SSH_AUTH_SOCK =
+          ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh'';
+    };
   };
 }
-- 
cgit v1.2.3