gpg-agent: no-allow-external-cache option

[cafkafk]

Description

This is a pretty common configuration option, and one that many people
will find useful to discover, specially if they're not using a desktop
environment.

I thought I would add it. It is also useful to have for
pass-secret-service in the future, since you'd likely want to avoid DE
keyrings.

Signed-off-by: Christina Sørensen [email protected]

Checklist

• Change is backwards compatible.

• Code formatted with ./format.

• Code tested through nix-shell --pure tests -A run.all
  or nix build --reference-lock-file flake.lock ./tests#test-all using Flakes.

• Test cases updated/added. See example.

• Commit messages are formatted like

  {component}: {description}
  
  {long description}
  

  See CONTRIBUTING for more information and recent commit messages for examples.

• If this PR adds a new module

  • Added myself as module maintainer. See example.

Maintainer CC

@rycee

[teto]

I am not much familiar with gpg.
is allow-external-cache allowed along with no-allow-external-cache ?

I like the effort to describe the option but I found it a bit long. Can this be summed up by ask pin not to cache password. What if the pin package ignores the request ? does it collide with other options like defaultCacheTtl in which case some warnings might be of interest ?

[cafkafk]

I took the description directly from gpg-agent, I think that without familiarity with gpg-agent and gpg, it wil likely not make much sense. It cannot be summed up as ask pin not to cache password.

It doesn't collide with other options. I am using it with all the options home manager currently provides.

[cafkafk]

Also, I'm not aware of an allow-external-cache option, at least it's not present in any documentation https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html.