Prefer sequoia-sq for the option of OpenPGP implementation (#849)

* Add sequoia-sq for the preferred  option of OpenPGP implementation

* Replace "gnupg + gpg-agent + pass" with "sequoia-chameleon-gnupg + gpg-agent + gopass"

* Remove added gpg-sq alias for gpg, keep original gpg now now

config/powershell/Profile.ps1

@@ -21,7 +21,7 @@ function la {
 # https://github.com/microsoft/winget-cli/issues/2498#issuecomment-1553863082
 $env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
 # Specify `bash -i` to run the bash as interactive mode
-[Environment]::SetEnvironmentVariable("RCLONE_PASSWORD_COMMAND", 'wsl.exe --exec bash -ic "pass show rclone"')
+[Environment]::SetEnvironmentVariable("RCLONE_PASSWORD_COMMAND", 'wsl.exe --exec bash -ic "gopass show rclone"')
 Invoke-Expression (&starship init powershell)
 Invoke-Expression (& { (zoxide init powershell | Out-String) })
 

home-manager/common.nix

@@ -12,7 +12,7 @@
     ./bash.nix
     ./zsh.nix
     ./fish.nix
-    ./gpg.nix
+    ./pgp.nix
     ./ssh.nix
     ./git.nix
     ./editors.nix
@@ -65,8 +65,8 @@
 
       STACK_XDG = "https://github.com/commercialhaskell/stack/blob/72f0a1273dd1121740501a159988fc23df2fb362/doc/stack_root.md?plain=1#L7-L11";
 
-      # Don't add needless quotation in the arguments. For example `pass show 'rclone'` does not work. It should be `pass show rclone`.
-      RCLONE_PASSWORD_COMMAND = "${lib.getExe pkgs.pass} show rclone";
+      # Don't add needless quotation in the arguments. For example `gopass show 'rclone'` does not work. It should be `gopass show rclone`.
+      RCLONE_PASSWORD_COMMAND = "${lib.getExe pkgs.gopass} show rclone";
     };
 
     sessionPath = [

home-manager/git.nix

@@ -1,6 +1,7 @@
 {
   pkgs,
   homemade-pkgs,
+  edge-pkgs,
   lib,
   ...
 }:
@@ -57,9 +58,11 @@
       };
 
       gpg = {
-        # I prefer GPG sign rather than SSH key to consider revocation and expiration usecase.
+        # I prefer PGP sign rather than SSH key to consider revocation and expiration usecase.
         # See https://github.com/kachick/dotfiles/issues/289 for detail.
         format = "openpgp";
+
+        program = "${pkgs.lib.getBin edge-pkgs.sequoia-chameleon-gnupg}/bin/gpg-sq"; # GH-830
       };
 
       commit = {

home-manager/packages.nix

@@ -44,10 +44,13 @@
     gh
     ghq
 
-    # GPG
-    gnupg
+    edge-pkgs.sequoia-sq # Alt `gpg` - nixos-24.05 does not backport recent versions and the older requires to rebuild. https://github.com/NixOS/nixpkgs/pull/331099
+    edge-pkgs.sequoia-chameleon-gnupg
+    gnupg # Also keep original GPG for now. sequoia-chameleon-gnupg does not support some crucial toolset. etc: `gpg --edit-key`, `gpgconf`
 
-    pass
+    # Alt `pass` for password-store. Candidates: gopass, prs
+    gopass # They will respect pass comaptibility: https://github.com/gopasspw/gopass/issues/1365#issuecomment-719655627
+    # Do not use ripasso-cursive for now. It only provides TUI, not a replacement of CLI. And currently unstable on my NixOS.
 
     # Do not specify vim and the plugins at here, it made collisions from home-manager vim module.
     # See following issues

home-manager/gpg.nix → home-manager/pgp.nix

@@ -1,6 +1,25 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  edge-pkgs,
+  ...
+}:
 
-# ## FAQ - GPG
+# # FAQ
+#
+# ## sequoia-sq and gpg
+#
+# See GH-830
+#
+# If you faced to decrypt error with gpg-sq, check it with `sq decrypt`. It displays error details.
+# For example, `1: AEAD Encrypted Data Packet v1 is not considered secure`
+# This is caused by encrypted non configured gpg for the AEAD. Disable it with showpref/setpref if you still use gpg.
+#
+# ## sequoia-sq
+#
+# TODO: <UPDATE ME>
+#
+# ## GPG
 #
 # - How to list keys?
 #   - 1. `gpg --list-secret-keys --keyid-format=long` # The `sec` first section displays same text as `pub` by `gpg --list-keys --keyid-format=long`
@@ -23,6 +42,9 @@ let
   day = 60 * 60 * 24;
 in
 {
+  # Don't set $SEQUOIA_HOME, it unified config and data, cache to one directory as same as gpg era.
+  # Use default $HOME instead, it respects XDG Base Directory Specification
+
   # https://github.com/nix-community/home-manager/blob/release-24.05/modules/services/gpg-agent.nix
   services.gpg-agent = {
     enable = pkgs.stdenv.isLinux;
@@ -41,16 +63,23 @@ in
     enableSshSupport = false;
   };
 
-  # https://github.com/nix-community/home-manager/blob/release-24.05/modules/programs/gpg.nix
+  home.sessionVariables = {
+    GOPASS_GPG_BINARY = "${pkgs.lib.getBin edge-pkgs.sequoia-chameleon-gnupg}/bin/gpg-sq";
+  };
 
+  # https://github.com/nix-community/home-manager/blob/release-24.05/modules/programs/gpg.nix
   programs.gpg = {
     enable = true;
+    # package = edge-pkgs.sequoia-chameleon-gnupg; # Also will be respected in gpg-agent: https://github.com/nix-community/home-manager/blob/5171f5ef654425e09d9c2100f856d887da595437/modules/services/gpg-agent.nix#L8C3-L8C9
+    # However I prefer original gnupg for now, sequoia-chameleon-gnupg does not support crucial features for GPG toolset (etc. `gpg --edit-key`, `gpgconf`)
 
     # Preferring XDG_DATA_HOME rather than XDG_CONFIG_HOME from following examples
     #   - https://wiki.archlinux.org/title/XDG_Base_Directory
     #   - https://github.com/nix-community/home-manager/blob/5171f5ef654425e09d9c2100f856d887da595437/modules/programs/gpg.nix#L192
     homedir = "${config.xdg.dataHome}/gnupg";
 
+    # Used for `gpg.conf`. I don't know how to specify `gpgconf` with this.
+    # TODO: Set gpg binary as sequoia-chameleon-gnupg. AFAIK I don't actually need it for now, because I'm not using dependent tools. However it is ideal config.
     # - How to read `--list-keys` - https://unix.stackexchange.com/questions/613839/help-understanding-gpg-list-keys-output
     # - Ed448 in GitHub is not yet supported - https://github.com/orgs/community/discussions/45937
     settings = {
@@ -64,5 +93,6 @@ in
   # https://github.com/nix-community/home-manager/blob/release-24.05/modules/programs/password-store.nix
   programs.password-store = {
     enable = true;
+    package = pkgs.gopass; # Setting package is not a aliasing command, however I would try this for now. https://github.com/gopasspw/gopass/blob/70c56f9102999661b54e28c28fa2d63fa5fc813b/docs/setup.md?plain=1#L292-L298
   };
 }

home-manager/ssh.nix

@@ -24,9 +24,9 @@ in
     SSH_ASKPASS = pkgs.lib.getExe (
       pkgs.writeShellApplication {
         name = "ssh-ask-pass";
-        text = "pass show ssh-pass";
+        text = "gopass show ssh-pass";
         meta.description = "GH-714. Required to be wrapped with one command because of SSH_ASKPASS does not accept arguments.";
-        runtimeInputs = with pkgs; [ pass ];
+        runtimeInputs = with pkgs; [ gopass ];
       }
     );
   };