[git] GnuPG - branch, master, updated. gnupg-2.1.15-355-g57e95f5
by Daniel Kahn Gillmor
cvs at cvs.gnupg.org
Fri Nov 11 08:49:06 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 57e95f5413e21cfcb957af2346b292686a5647b7 (commit)
via e51912f467fda963c7abcfcd4082d6eb084ba5be (commit)
via 1854f0f6112651c4fc3b92372b98c932e830ed21 (commit)
from 5d13581f4737c18430f6572dd4ef486d1ad80dd1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 57e95f5413e21cfcb957af2346b292686a5647b7
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Oct 27 14:19:18 2016 -0400
doc: Include config examples for socket-activated user services.
--
These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
- Removed the detailed ChangeLog entry because that is not needed for
doc changes.
- Added an entry to doc/examples/README.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 0791dbc..53cd639 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -21,7 +21,14 @@ AM_CPPFLAGS =
include $(top_srcdir)/am/cmacros.am
-examples = examples/README examples/scd-event examples/trustlist.txt \
+examples = examples/README examples/scd-event examples/trustlist.txt \
+ examples/systemd-user/README \
+ examples/systemd-user/dirmngr.service \
+ examples/systemd-user/dirmngr.socket \
+ examples/systemd-user/gpg-agent.service \
+ examples/systemd-user/gpg-agent.socket \
+ examples/systemd-user/gpg-agent-ssh.socket \
+ examples/systemd-user/gpg-agent-extra.socket \
examples/gpgconf.conf examples/pwpattern.list
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
diff --git a/doc/examples/README b/doc/examples/README
index 3444822..77ee807 100644
--- a/doc/examples/README
+++ b/doc/examples/README
@@ -3,7 +3,9 @@ Files in this directory:
scd-event A handler script used with scdaemon
-trustlist.txt A list of trustworthy root certificates
+trustlist.txt A list of trustworthy root certificates
(Please check yourself whether you actually trust them)
gpgconf.conf A sample configuration file for gpgconf.
+
+systemd-user Sample files for a Linux-only init system.
diff --git a/doc/examples/systemd-user/README b/doc/examples/systemd-user/README
new file mode 100644
index 0000000..43122f5
--- /dev/null
+++ b/doc/examples/systemd-user/README
@@ -0,0 +1,66 @@
+Socket-activated dirmngr and gpg-agent with systemd
+===================================================
+
+When used on a GNU/Linux system supervised by systemd, you can ensure
+that the GnuPG daemons dirmngr and gpg-agent are launched
+automatically the first time they're needed, and shut down cleanly at
+session logout. This is done by enabling user services via
+socket-activation.
+
+System distributors
+-------------------
+
+The *.service and *.socket files (from this directory) should be
+placed in /usr/lib/systemd/user/ alongside other user-session services
+and sockets.
+
+To enable socket-activated dirmngr for all accounts on the system,
+use:
+
+ systemctl --user --global enable dirmngr.socket
+
+To enable socket-activated gpg-agent for all accounts on the system,
+use:
+
+ systemctl --user --global enable gpg-agent.socket
+
+Additionally, you can enable socket-activated gpg-agent ssh-agent
+emulation for all accounts on the system with:
+
+ systemctl --user --global enable gpg-agent-ssh.socket
+
+You can also enable restricted ("--extra-socket"-style) gpg-agent
+sockets for all accounts on the system with:
+
+ systemctl --user --global enable gpg-agent-extra.socket
+
+Individual users
+----------------
+
+A user on a system with systemd where this has not been installed
+system-wide can place these files in ~/.config/systemd/user/ to make
+them available.
+
+If a given service isn't installed system-wide, or if it's installed
+system-wide but not globally enabled, individual users will still need
+to enable them. For example, to enable socket-activated dirmngr for
+all future sessions:
+
+ systemctl --user enable dirmngr.socket
+
+To enable socket-activated gpg-agent with ssh support, do:
+
+ systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
+
+These changes won't take effect until your next login after you've
+fully logged out (be sure to terminate any running daemons before
+logging out).
+
+If you'd rather try a socket-activated GnuPG daemon in an
+already-running session without logging out (with or without enabling
+it for all future sessions), kill any existing daemon and start the
+user socket directly. For example, to set up socket-activated dirmgnr
+in the current session:
+
+ gpgconf --kill dirmngr
+ systemctl --user start dirmngr.socket
diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service
new file mode 100644
index 0000000..c79dfc5
--- /dev/null
+++ b/doc/examples/systemd-user/dirmngr.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+Requires=dirmngr.socket
+After=dirmngr.socket
+## This is a socket-activated service:
+RefuseManualStart=true
+
+[Service]
+ExecStart=/usr/bin/dirmngr --supervised
diff --git a/doc/examples/systemd-user/dirmngr.socket b/doc/examples/systemd-user/dirmngr.socket
new file mode 100644
index 0000000..ebabf89
--- /dev/null
+++ b/doc/examples/systemd-user/dirmngr.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+
+[Socket]
+ListenStream=%t/gnupg/S.dirmngr
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/doc/examples/systemd-user/gpg-agent-browser.socket b/doc/examples/systemd-user/gpg-agent-browser.socket
new file mode 100644
index 0000000..bc8d344
--- /dev/null
+++ b/doc/examples/systemd-user/gpg-agent-browser.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.browser
+FileDescriptorName=browser
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/doc/examples/systemd-user/gpg-agent-extra.socket b/doc/examples/systemd-user/gpg-agent-extra.socket
new file mode 100644
index 0000000..5b87d09
--- /dev/null
+++ b/doc/examples/systemd-user/gpg-agent-extra.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (restricted)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.extra
+FileDescriptorName=extra
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/doc/examples/systemd-user/gpg-agent-ssh.socket b/doc/examples/systemd-user/gpg-agent-ssh.socket
new file mode 100644
index 0000000..798c1d9
--- /dev/null
+++ b/doc/examples/systemd-user/gpg-agent-ssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (ssh-agent emulation)
+Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.ssh
+FileDescriptorName=ssh
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service
new file mode 100644
index 0000000..9ab9220
--- /dev/null
+++ b/doc/examples/systemd-user/gpg-agent.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+Requires=gpg-agent.socket
+After=gpg-agent.socket
+## This is a socket-activated service:
+RefuseManualStart=true
+
+[Service]
+ExecStart=/usr/bin/gpg-agent --supervised
diff --git a/doc/examples/systemd-user/gpg-agent.socket b/doc/examples/systemd-user/gpg-agent.socket
new file mode 100644
index 0000000..4257c2c
--- /dev/null
+++ b/doc/examples/systemd-user/gpg-agent.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent
+FileDescriptorName=std
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
commit e51912f467fda963c7abcfcd4082d6eb084ba5be
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Nov 10 07:17:17 2016 -0600
agent: Clean up comments.
* agent/agent.h: Clean up comments.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/agent/agent.h b/agent/agent.h
index 9ba7dc8..2dfbf5c 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -154,12 +154,12 @@ struct
int keep_tty; /* Don't switch the TTY (for pinentry) on request */
int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
- /* This global options indicates the use of an extra socket. Note
+ /* This global option indicates the use of an extra socket. Note
that we use a hack for cleanup handling in gpg-agent.c: If the
value is less than 2 the name has not yet been malloced. */
int extra_socket;
- /* This global options indicates the use of an extra socket for web
+ /* This global option indicates the use of an extra socket for web
browsers. Note that we use a hack for cleanup handling in
gpg-agent.c: If the value is less than 2 the name has not yet
been malloced. */
commit 1854f0f6112651c4fc3b92372b98c932e830ed21
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 11 08:25:04 2016 +0100
doc: Clarify dirmngr option --daemon.
--
With commit d83ba4897bf217d1045c58d1b99e52bd31c58812 all system daemon
features have been removed and thus this should be reflected in the
man page.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 6620a87..300068e 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -82,8 +82,9 @@ This is only used for testing.
@item --daemon
@opindex daemon
Run in background daemon mode and listen for commands on a socket.
-Note that this also changes the default home directory and enables the
-internal certificate validation code. This mode is deprecated.
+This is the way @command{dirmngr} is started on demand by the other
+GnuPG components. To force starting @command{dirmngr} it is in
+general best to use @code{gpgconf --launch dirmngr}.
@item --supervised
@opindex supervised
@@ -141,21 +142,11 @@ per-user configuration file. The default configuration file is named
@item --homedir @var{dir}
@opindex options
Set the name of the home directory to @var{dir}. This option is only
-effective when used on the command line. The default depends on the
-running mode:
-
- at table @asis
-
- at item With @code{--daemon} given on the commandline
-the directory named @file{@value{SYSCONFDIR}} is used for configuration files
-and @file{@value{LOCALCACHEDIR}} for cached CRLs.
-
- at item Without @code{--daemon} given on the commandline
+effective when used on the command line. The default os
the directory named @file{.gnupg} directly below the home directory
of the user unless the environment variable @code{GNUPGHOME} has been set
in which case its value will be used. All kind of data is stored below
this directory.
- at end table
@item -v
@@ -345,8 +336,7 @@ configured LDAP server if the connection using the "proxy" failed.
@opindex ldapserverlist-file
Read the list of LDAP servers to consult for CRLs and certificates from
file instead of the default per-user ldap server list file. The default
-value for @var{file} is @file{dirmngr_ldapservers.conf} or
- at file{ldapservers.conf} when running in @option{--daemon} mode.
+value for @var{file} is @file{dirmngr_ldapservers.conf}.
This server list file contains one LDAP server per line in the format
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 4 +-
doc/Makefile.am | 9 ++-
doc/dirmngr.texi | 20 ++-----
doc/examples/README | 4 +-
doc/examples/systemd-user/README | 66 ++++++++++++++++++++++
doc/examples/systemd-user/dirmngr.service | 10 ++++
doc/examples/systemd-user/dirmngr.socket | 11 ++++
doc/examples/systemd-user/gpg-agent-browser.socket | 13 +++++
doc/examples/systemd-user/gpg-agent-extra.socket | 13 +++++
doc/examples/systemd-user/gpg-agent-ssh.socket | 13 +++++
doc/examples/systemd-user/gpg-agent.service | 10 ++++
doc/examples/systemd-user/gpg-agent.socket | 12 ++++
12 files changed, 166 insertions(+), 19 deletions(-)
create mode 100644 doc/examples/systemd-user/README
create mode 100644 doc/examples/systemd-user/dirmngr.service
create mode 100644 doc/examples/systemd-user/dirmngr.socket
create mode 100644 doc/examples/systemd-user/gpg-agent-browser.socket
create mode 100644 doc/examples/systemd-user/gpg-agent-extra.socket
create mode 100644 doc/examples/systemd-user/gpg-agent-ssh.socket
create mode 100644 doc/examples/systemd-user/gpg-agent.service
create mode 100644 doc/examples/systemd-user/gpg-agent.socket
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list