[git] GnuPG - branch, master, updated. gnupg-2.1.15-286-g75f8aaf
by Daniel Kahn Gillmor
cvs at cvs.gnupg.org
Thu Oct 27 03:58:25 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9 (commit)
via 6316b28e896957adb76a61a41d2e1c2a08d9f716 (commit)
via 6bb6ac56cca8135666387a0b9d88dd6b50311418 (commit)
from bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed Oct 26 16:37:08 2016 -0400
dirmngr: Implement --supervised command (for systemd, etc).
* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
mode designed for running under a process supervision system like
systemd or runit.
* doc/dirmngr.texi: document --supervised option.
--
"dirmngr --supervised" is a way to invoke dirmngr such that a system
supervisor like systemd can provide socket-activated startup, log
management, and scheduled shutdown.
When running in this mode, dirmngr:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on file descriptor 3.
* Does not detach from the invoking process, staying in the
foreground instead.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index c9e4a05..2903681 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -88,6 +88,7 @@ enum cmd_and_opt_values {
aServer,
aDaemon,
+ aSupervised,
aListCRLs,
aLoadCRL,
aFetchCRL,
@@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
+ ARGPARSE_c (aSupervised, "supervised", N_("run under supervision (e.g. systemd)")),
ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
@@ -814,6 +816,7 @@ main (int argc, char **argv)
{
case aServer:
case aDaemon:
+ case aSupervised:
case aShutdown:
case aFlush:
case aListCRLs:
@@ -993,6 +996,43 @@ main (int argc, char **argv)
start_command_handler (ASSUAN_INVALID_FD);
shutdown_reaper ();
}
+ else if (cmd == aSupervised)
+ {
+ /* In supervised mode, we expect file descriptor 3 to be an
+ already opened, listening socket.
+
+ We will also not detach from the controlling process or close
+ stderr; the supervisor should handle all of that. */
+ struct stat statbuf;
+ if (fstat (3, &statbuf) == -1 && errno ==EBADF)
+ {
+ log_error ("file descriptor 3 must be already open in --supervised mode\n");
+ dirmngr_exit (1);
+ }
+ socket_name = gnupg_get_socket_name (3);
+
+ /* Now start with logging to a file if this is desired. */
+ if (logfile)
+ {
+ log_set_file (logfile);
+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+ |GPGRT_LOG_WITH_TIME
+ |GPGRT_LOG_WITH_PID));
+ current_logfile = xstrdup (logfile);
+ }
+ else
+ log_set_prefix (NULL, 0);
+
+ thread_init ();
+ cert_cache_init ();
+ crl_cache_init ();
+#if USE_LDAP
+ ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+ handle_connections (3);
+ assuan_sock_close (3);
+ shutdown_reaper ();
+ }
else if (cmd == aDaemon)
{
assuan_fd_t fd;
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index bb8281d..69d7e5e 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -85,6 +85,13 @@ Run in background daemon mode and listen for commands on a socket.
Note that this also changes the default home directory and enables the
internal certificate validation code. This mode is deprecated.
+ at item --supervised
+ at opindex supervised
+Run in the foreground, sending logs to stderr, and listening on file
+descriptor 3, which must already be bound to a listening socket. This
+is useful when running under systemd or other similar process
+supervision schemes.
+
@item --list-crls
@opindex list-crls
List the contents of the CRL cache on @code{stdout}. This is probably
commit 6316b28e896957adb76a61a41d2e1c2a08d9f716
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed Oct 26 16:37:07 2016 -0400
agent,common: move get_socket_name() into common.
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.
--
This allows us to use the same functionality in dirmngr as well.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 6f73fc7..7294c69 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -573,52 +573,6 @@ remove_socket (char *name, char *redir_name)
}
-/* Return a malloc'ed string that is the path to the passed
- * unix-domain socket (or return NULL if this is not a valid
- * unix-domain socket). We use a plain int here because it is only
- * used on Linux.
- *
- * FIXME: This function needs to be moved to libassuan. */
-#ifndef HAVE_W32_SYSTEM
-static char *
-get_socket_name (int fd)
-{
- struct sockaddr_un un;
- socklen_t len = sizeof(un);
- char *name = NULL;
-
- if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
- log_error ("could not getsockname(%d): %s\n", fd,
- gpg_strerror (gpg_error_from_syserror ()));
- else if (un.sun_family != AF_UNIX)
- log_error ("file descriptor %d is not a unix-domain socket\n", fd);
- else if (len <= offsetof (struct sockaddr_un, sun_path))
- log_error ("socket name not present for file descriptor %d\n", fd);
- else if (len > sizeof(un))
- log_error ("socket name for file descriptor %d was truncated "
- "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len);
- else
- {
- size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
-
- log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
- un.sun_path, namelen);
- name = xtrymalloc (namelen + 1);
- if (!name)
- log_error ("failed to allocate memory for name of fd %d: %s\n",
- fd, gpg_strerror (gpg_error_from_syserror ()));
- else
- {
- memcpy (name, un.sun_path, namelen);
- name[namelen] = 0;
- }
- }
-
- return name;
-}
-#endif /*!HAVE_W32_SYSTEM*/
-
-
/* Discover which inherited file descriptors correspond to which
* services/sockets offered by gpg-agent, using the LISTEN_FDS and
* LISTEN_FDNAMES convention. The understood labels are "ssh",
@@ -727,7 +681,7 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
log_fatal ("file descriptor 3 must be valid in --supervised mode"
" if LISTEN_FDNAMES is not set\n");
*r_fd = 3;
- socket_name = get_socket_name (3);
+ socket_name = gnupg_get_socket_name (3);
}
else if (fd_count != nfdnames)
{
@@ -749,7 +703,7 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
fd = 3 + i;
if (**tbl[j].fdaddr == -1)
{
- name = get_socket_name (fd);
+ name = gnupg_get_socket_name (fd);
if (name)
{
**tbl[j].fdaddr = fd;
diff --git a/common/sysutils.c b/common/sysutils.c
index 60483ac..71200a6 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -62,6 +62,9 @@
# include <winsock2.h>
# endif
# include <windows.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <sys/socket.h>
+# include <sys/un.h>
#endif
#ifdef HAVE_INOTIFY_INIT
# include <sys/inotify.h>
@@ -1090,3 +1093,49 @@ gnupg_inotify_has_name (int fd, const char *name)
return 0; /* Not found. */
}
+
+
+/* Return a malloc'ed string that is the path to the passed
+ * unix-domain socket (or return NULL if this is not a valid
+ * unix-domain socket). We use a plain int here because it is only
+ * used on Linux.
+ *
+ * FIXME: This function needs to be moved to libassuan. */
+#ifndef HAVE_W32_SYSTEM
+char *
+gnupg_get_socket_name (int fd)
+{
+ struct sockaddr_un un;
+ socklen_t len = sizeof(un);
+ char *name = NULL;
+
+ if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
+ log_error ("could not getsockname(%d): %s\n", fd,
+ gpg_strerror (gpg_error_from_syserror ()));
+ else if (un.sun_family != AF_UNIX)
+ log_error ("file descriptor %d is not a unix-domain socket\n", fd);
+ else if (len <= offsetof (struct sockaddr_un, sun_path))
+ log_error ("socket name not present for file descriptor %d\n", fd);
+ else if (len > sizeof(un))
+ log_error ("socket name for file descriptor %d was truncated "
+ "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len);
+ else
+ {
+ size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
+
+ log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
+ un.sun_path, namelen);
+ name = xtrymalloc (namelen + 1);
+ if (!name)
+ log_error ("failed to allocate memory for name of fd %d: %s\n",
+ fd, gpg_strerror (gpg_error_from_syserror ()));
+ else
+ {
+ memcpy (name, un.sun_path, namelen);
+ name[namelen] = 0;
+ }
+ }
+
+ return name;
+}
+#endif /*!HAVE_W32_SYSTEM*/
diff --git a/common/sysutils.h b/common/sysutils.h
index ea92e4c..7105107 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -66,6 +66,7 @@ char *gnupg_mkdtemp (char *template);
int gnupg_setenv (const char *name, const char *value, int overwrite);
int gnupg_unsetenv (const char *name);
char *gnupg_getcwd (void);
+char *gnupg_get_socket_name (int fd);
gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
int gnupg_inotify_has_name (int fd, const char *name);
commit 6bb6ac56cca8135666387a0b9d88dd6b50311418
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed Oct 26 16:37:06 2016 -0400
dirmngr: report actual socket name.
* dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
to report known socket name.
* dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
to report correct socket name.
--
This fixes the output of 'getinfo socket_name' when dirmngr is invoked
with --socket-name.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 41e897b..c9e4a05 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -2074,3 +2074,12 @@ handle_connections (assuan_fd_t listen_fd)
cleanup ();
log_info ("%s %s stopped\n", strusage(11), strusage(13));
}
+
+const char*
+dirmngr_get_current_socket_name (void)
+{
+ if (socket_name)
+ return socket_name;
+ else
+ return dirmngr_socket_name ();
+}
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index d823519..9e216cd 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -184,6 +184,7 @@ void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl);
void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);
+const char* dirmngr_get_current_socket_name (void);
/*-- Various housekeeping functions. --*/
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 57273c7..2d4f292 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2271,7 +2271,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "socket_name"))
{
- const char *s = dirmngr_socket_name ();
+ const char *s = dirmngr_get_current_socket_name ();
err = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "tor"))
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 50 ++------------------------------------------------
common/sysutils.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
common/sysutils.h | 1 +
dirmngr/dirmngr.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
dirmngr/dirmngr.h | 1 +
dirmngr/server.c | 2 +-
doc/dirmngr.texi | 7 +++++++
7 files changed, 110 insertions(+), 49 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list