gpg-agent is older than us: how to find "us"?

From what I understand, the gpg-agent is older than us warning happens when the gpg-agent version doesn't match the gpg version, often because there are two gpg-agents installed (and sharing the socket). Other answers I saw about this warning usually boil down to uninstalling the old gpg-agent or restarting it after an update. I have the opposite problem: I can't find what is this "us" that has a newer version.

$ pass email
gpg: WARNING: server 'gpg-agent' is older than us (2.2.27 < 2.2.32)

It's not just with pass, any use of gpg shows the warning. As far as I can tell, the only gpg and gpg-agent are the ones from the ubuntu repository:

$ gpgconf
gpg:OpenPGP:/usr/bin/gpg
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon
gpgsm:S/MIME:/usr/bin/gpgsm
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry

When I use gpg, it is indeed those binaries that I'm calling:

$ which gpg
/usr/bin/gpg

$ which gpg-agent
/usr/bin/gpg-agent

They are both version 2.2.27:

$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.4

$ gpg-agent --version
gpg-agent (GnuPG) 2.2.27
libgcrypt 1.9.4

If I uninstall gpg-agent, I can't use my gpg key anymore:

$ sudo apt remove gpg-agent
$ pass email
gpg: decryption failed: No secret key

If I uninstall gpg, there's no other gpg:

$ sudo apt remove gpg
$ gpg --version
Command 'gpg' not found, but can be installed with:
sudo apt install gpg

I tried to find if there was any other gpg binary in the path (I used to have newer versions installed with guix), and there aren't:

$ for folder in $PATH
$     find $folder -name "gpg*"
$ end
/usr/bin/gpg
/usr/bin/gpg-agent
/usr/bin/gpg-connect-agent
/usr/bin/gpg-wks-server
/usr/bin/gpgcompose
/usr/bin/gpgconf
/usr/bin/gpgparsemail
/usr/bin/gpgsm
/usr/bin/gpgsplit
/usr/bin/gpgtar
/usr/bin/gpgv

I ran gpgconf --kill all, systemctl --user restart gpg-agent, restarted the computer many times, but the warning persists.

So how do I find this mysterious gpg with version 2.2.32, or what else could be causing the warning?

This answer is going to be very specific to my case (being a guix user), but it turns out I do have gpg 2.2.32 on my system, even if it's not in the path, because it is a dependency of pass. Since I installed it using guix, pass (and the other software complaining about the version mismatch) is patched to call this specific version of gpg using its absolute path, instead of looking for gpg in $PATH.

To look for any version of gpg remaining in the gnu store:

$ find /gnu/store/ -type d -name '*gnupg-*'
/gnu/store/97xv2yyswpiq6p2mlm5zqdk23q8z8sdh-gnupg-2.2.32

To figure out which package depends on it:

$ guix gc --referrers /gnu/store/97xv2yyswpiq6p2mlm5zqdk23q8z8sdh-gnupg-2.2.32
/gnu/store/yiyhfm10gldx1g5lqyys49r6czna22dj-password-store-1.7.4

And this is indeed the pass I'm using:

$readlink (which pass)
/gnu/store/yiyhfm10gldx1g5lqyys49r6czna22dj-password-store-1.7.4/bin/pass

So in the case of users of guix over a foreign distribution, the possible choices are:

• Continue to use ubuntu's gpg-agent, guix's gpg client, and live with the warning if it doesn't prevent anything to work.

• Continue to use ubuntu's gpg-agent, and don't use any guix package depending on gnupg to ensure we use only ubuntu's gpg client.

• Stop using ubuntu's gpg-agent and use guix's instead. To disable ubuntu's service and make sure nothing will restart it:

  $ systemctl --user mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

  In my experience, uninstalling ubuntu's gpg-agent will only work temporarily, I think until ubuntu checks for updates and wants to verify signatures.

  It's fine to not explicitly install gnupg on the guix side: it seems pass will automatically start guix's gpg-agent. Problems only arise when both gpg-agent have to share the socket.