dirmngr (AUTHORS NEWS README doc/dirmngr.texi po/de.po)
cvs user wk
cvs at cvs.gnupg.org
Thu Nov 25 12:30:47 CET 2004
Date: Thursday, November 25, 2004 @ 12:37:38
Author: wk
Path: /cvs/dirmngr/dirmngr
Modified: AUTHORS NEWS README doc/dirmngr.texi po/de.po
Documentation updates - ready for a release
------------------+
AUTHORS | 4 +-
NEWS | 4 +-
README | 48 +++++++++++++++++++-----
doc/dirmngr.texi | 105 ++++++++++++++++++++++++++++++++++++++++++++++++-----
po/de.po | 4 +-
5 files changed, 141 insertions(+), 24 deletions(-)
Index: dirmngr/AUTHORS
diff -u dirmngr/AUTHORS:1.4 dirmngr/AUTHORS:1.5
--- dirmngr/AUTHORS:1.4 Fri Dec 12 18:36:49 2003
+++ dirmngr/AUTHORS Thu Nov 25 12:37:38 2004
@@ -21,10 +21,10 @@
The actual code is under the GNU GPL, except for src/cdb.h and
-src/cdblib.h which are in the opublic domain.
+src/cdblib.h which are in the public domain.
- Copyright 2003 g10 Code GmbH
+ Copyright 2003, 2004 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
Index: dirmngr/NEWS
diff -u dirmngr/NEWS:1.29 dirmngr/NEWS:1.30
--- dirmngr/NEWS:1.29 Wed Nov 24 13:25:53 2004
+++ dirmngr/NEWS Thu Nov 25 12:37:38 2004
@@ -2,8 +2,8 @@
------------------------------------------------
* New option --daemon to start dirmngr as a system daemon. This
- switched to the use of different directories and also does
- certificate validation on its own.
+ switches to the use of different directories and also does
+ CRl signing certificate validation on its own.
* New tool dirmngr-client.
Index: dirmngr/README
diff -u dirmngr/README:1.6 dirmngr/README:1.7
--- dirmngr/README:1.6 Tue Apr 6 10:24:58 2004
+++ dirmngr/README Thu Nov 25 12:37:38 2004
@@ -1,21 +1,49 @@
-DirMngr
+ Dirmngr - X.509 Directory Manager
+ -------------------------------------
+ Version 0.9.0
-===> Please see the info manual dirmngr.info <====
+ Intro
+ -----
-The subdirectory jnlib is copied from GnuPG 1.9.x
+ Dirmngr is a server for managing and downloading certificate
+ revocation lists (CRLs) for X.509 certificates and for downloading
+ the certificates themselves. Dirmngr also handles OCSP requests as
+ an alternative to CRLs. Dirmngr is either invoked internaly by
+ gpgsm (from gnupg 1.9) or when running as a system daemon trhough
+ the dirmngr-client tool.
-Short note about the --ldapserverlist-file fileformat:
+ See the file COPYING for copyright and warranty information. See
+ the file AUTHORS for contact addresses and code history.
-The default file is $GNUPGHOME/dirmngr_ldapservers.conf
-Each line contains a server formatted like this
+ Installation
+ ------------
+ Please read the file INSTALL. Here is a quick summary:
-# A '#' in the first column marks the line as a comment
-host:port:user:password:base
+ 1) Unpack the tarball. With GNU tar you can do it this way:
+ "tar xzvf dirmngr-x.y.z.tar.gz"
-base is the base DN used for searching in queries that dont specify a base
-themselves.
+ 2) "cd dirmngr-x.y.z"
+
+ 3) "./configure --sysconfdir=/etc --localstatedir=/var"
+ The two options make sure that the configuration data will
+ not be search under /usr/local/etc and that variable data will
+ be stored at a standard place too.
+
+ 4) "make"
+
+ 5) "make install" (you probably need to become root first)
+
+ 6) You end up with a a dirmngr and dirmngr-client binary in
+ /usr/local/bin. Some other files are also installed for
+ internal use.
+
+ If you are using dirmngr as part of gnupg 1.9 you are done now.
+ If you want to install it as a system daemon, please see the
+ manual by running the command "info dirmngr"
+
+
Index: dirmngr/doc/dirmngr.texi
diff -u dirmngr/doc/dirmngr.texi:1.17 dirmngr/doc/dirmngr.texi:1.18
--- dirmngr/doc/dirmngr.texi:1.17 Wed Nov 24 13:25:53 2004
+++ dirmngr/doc/dirmngr.texi Thu Nov 25 12:37:38 2004
@@ -1,4 +1,4 @@
-\input texinfo @c -*-texinfo-*-
+\input texinfo @c -*-texinfo-*-
@c Copyright (C) 2002 Klarälvdalens Datakonsult AB
@c Copyright (c) 2004 g10 Code GmbH
@c This is part of the Dirmngr manual.
@@ -104,15 +104,16 @@
@c man begin DESCRIPTION
-Dirmngr is a server for managing and downloading certificate
-revocation lists (CRLs) for X509 certificates and for downloading the
-certificates themselves. Dirmngr also handles OCSP requests as an
-alternative to CRLs. Dirmngr is usually invoked by gpgsm and in
-general not used directly.
+Dirmngr is a server for managing and downloading certificate revocation
+lists (CRLs) for X.509 certificates and for downloading the certificates
+themselves. Dirmngr also handles OCSP requests as an alternative to
+CRLs. Dirmngr is either invoked internally by gpgsm (from gnupg 1.9) or
+when running as a system daemon through the @command{dirmngr-client} tool.
@c man end
@menu
+* Installation:: How to install Dirmngr.
* Dirmngr Commands:: List of all commands.
* Dirmngr Options:: List of all options.
* Dirmngr Signals:: Use of signals.
@@ -128,6 +129,94 @@
* History:: Change history of this document.
@end menu
+
+ at node Installation
+ at chapter How to install Dirmngr.
+
+Installation is decribed in the file @file{INSTALL} and given that you
+are already reading this documentation we can only give some hints on
+further configuration. If you plan to use dirmngr as a system daemon
+and not only as a part of gnupg 1.9, you should read on.
+
+If @command{dirmngr} is started in system daemon mode, it uses a
+directory layout as common for system daemon and does not make use of
+the drefault @file{~/.gnupg} directory. To comply with the rules on
+GNU/Linux systems you should have build time configured
+ at command{dirmngr} using:
+
+ at example
+./configure --sysconfdir=/etc --localstatedir=/var
+ at end example
+
+This is to make sure that the configuration file is searched in the
+directory @file{/etc/dirmngr} and the variable data below @file{/var};
+the default would be to install them in the @file{/usr/local} too where
+the binaries get installed. If you selected to use the
+ at option{--prefix=/} you obviously don't need those option as they are
+the default then. Further on we assume that you used these options.
+
+Dirmngr makes use of several directories when running in daemon mode:
+
+ at table @file
+
+ at item /etc/dirmngr
+This is where all the configuration files are expected by default.
+
+ at item /etc/dirmngr/trusted-certs
+This directory should be filled with certificates of Root CAs you are
+trusting in checking the CRLS and signing OCSP Reponses. Usually these
+are the same certificates you use with the applications making use of
+dirmngr. It is expected that each of these certificates files contain
+exactly one @acronym{DER} encoded certificate in a file with the suffix
+ at file{.crt}. @command{dirmngr} reads those certificates on startup and
+when given a SIGHUP. Certificates which are not readable or do not make
+up a proper X.509 certificate are ignored; see the log file for details.
+
+ at item /var/lib/dirmngr/extra-certs
+This directory may contain extra certificates which are preloaded into
+the interal cache on startup. This is convenient in cases you have a
+couple intermediate CA certificates or certificates ususally used to
+sign OCSP reponses. These certificates are first tried before going out
+to the net to look for them. These certificates must also be
+ at acronym{DER} encoded and suffixed with @file{.crt}.
+
+ at item /var/run/dirmngr
+This directory keeps the socket file for accsing @command{dirmngr} services.
+The name of the socket file will be @file{socket}. Make sure that this
+directory has the proper permissions to let @command{dirmngr} create the
+socket file and that eligible users may read and write to that socket.
+
+ at item /var/cache/dirmngr/crls.d
+This directory is used to store cached CRLs. The @file{crls.d} part
+will be created by dirmngr if it does not exists but you need to make
+sure that the upper directory exists.
+
+ at end table
+
+To be able to see what's going on you should create the configure file
+ at file{/etc/dirmngr/dirmngr.conf} with at least one line:
+
+ at example
+log-file /var/log/dirmngr/dirmngr.log
+ at end example
+
+To be able to perform OCSP requests you probably want to add the line:
+
+ at example
+allow-ocsp
+ at end example
+
+Now you may start dirmngr as a system daemon using:
+
+ at example
+dirmngr --daemon
+ at end example
+
+Please ignore the output; it is not needed anymore. Check the log file
+to see whether all trusted root certificates have benn loaded correctly.
+
+
+
@c man begin COMMANDS
@node Dirmngr Commands
@@ -349,7 +438,7 @@
value for @var{file} is @file{dirmngr_ldapservers.conf} or
@file{ldapservers.conf} when running in @option{--daemon} mode.
-The server list file contains one LDAP server per line in the format
+This server list file contains one LDAP server per line in the format
@sc{hostname:port:username:password:base_dn}
@@ -668,7 +757,7 @@
dirmngr and test whether a certificate has been revoked --- either by
being listed in the corresponding CRL or by running the OCSP protocol.
If no dirmngr is running, a new instances will be started but this is
-in general not a good idea due tom the huge performace overhead.
+in general not a good idea due to the huge performance overhead.
@noindent
The usual way to run this tool is either:
Index: dirmngr/po/de.po
diff -u dirmngr/po/de.po:1.8 dirmngr/po/de.po:1.9
--- dirmngr/po/de.po:1.8 Wed Nov 24 15:44:01 2004
+++ dirmngr/po/de.po Thu Nov 25 12:37:38 2004
@@ -8,7 +8,7 @@
"Project-Id-Version: dirmngr 0.9.0\n"
"Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n"
"POT-Creation-Date: 2004-11-24 15:35+0100\n"
-"PO-Revision-Date: 2004-11-24 15:37+0100\n"
+"PO-Revision-Date: 2004-11-24 18:15+0100\n"
"Last-Translator: Werner Koch <wk at g10code.com>\n"
"Language-Team: de\n"
"MIME-Version: 1.0\n"
@@ -1033,7 +1033,7 @@
#: src/ldap.c:314
#, c-format
msgid "ldap wrapper %d ready: exit status %d\n"
-msgstr "LDAP Wrapper %d fertig: Beendigunsstatus %d\n"
+msgstr "LDAP Wrapper %d fertig: Beendigungsstatus %d\n"
#: src/ldap.c:327
#, c-format
More information about the Gnupg-commits
mailing list