1 files changed, 17 insertions, 3 deletions

diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 04989666ed..7fc99f793a 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -19,6 +19,7 @@
 
 (define-module (gnu home services gnupg)
   #:use-module (guix gexp)
+  #:use-module (guix modules)
   #:use-module ((guix records) #:select (match-record))
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
@@ -142,6 +143,17 @@ agent, with support for handling OpenSSH material."))))
          . "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"))
       '()))
 
+(define gpg-agent-activation
+  (with-imported-modules (source-module-closure
+                          '((gnu build activation)))
+    #~(begin
+        (use-modules (gnu build activation))
+
+        ;; Make sure ~/.gnupg is #o700.
+        (let* ((home (getenv "HOME"))
+               (dot-ssh (string-append home "/.gnupg")))
+          (mkdir-p/perms dot-ssh (getpw (getuid)) #o700)))))
+
 (define home-gpg-agent-service-type
   (service-type
    (name 'home-gpg-agent)
@@ -150,6 +162,8 @@ agent, with support for handling OpenSSH material."))))
                              home-gpg-agent-files)
           (service-extension home-shepherd-service-type
                              home-gpg-agent-shepherd-services)
+          (service-extension home-activation-service-type
+                             (const gpg-agent-activation))
           (service-extension home-environment-variables-service-type
                              home-gpg-agent-environment-variables)))
    (default-value (home-gpg-agent-configuration))
@@ -166,7 +180,7 @@ enabled, @command{gpg-agent} acts as a drop-in replacement for OpenSSH's
   (verbose?
     (boolean #f)
     "Provide extra output to the log file.")
-  (gnupg-aleady-torified?
+  (gnupg-already-torified?
     (boolean #f)
     "GnuPG is already configured to use tor and parcimonie won't attempt to use
 tor directly.")
@@ -180,7 +194,7 @@ tor directly.")
 (define (home-parcimonie-shepherd-service config)
   "Return a user service to run parcimonie."
   (match-record config <home-parcimonie-configuration>
-    (parcimonie verbose? gnupg-aleady-torified?
+    (parcimonie verbose? gnupg-already-torified?
                 refresh-guix-keyrings? extra-content)
     (let ((log-file #~(string-append %user-log-dir "/parcimonie.log")))
       (list (shepherd-service
@@ -194,7 +208,7 @@ tor directly.")
                            #$@(if verbose?
                                 '("--verbose")
                                 '())
-                           #$@(if gnupg-aleady-torified?
+                           #$@(if gnupg-already-torified?
                                 '("--gnupg_already_torified")
                                 '())
                            #$@(if (not (string=? extra-content ""))