System wide dirmngr configuration with Gnupg 2.1
Andre Heinecke
aheinecke at intevation.de
Fri Dec 19 18:20:45 CET 2014
Hi,
we (at intevation) centrally configure the trusted certificates / ldap servers
dirmngr should use. Our Administrators verify and decide which certificates
users can trust.
Now that dirmngr has moved in into gnupg and is no longer supposed to be a
system demon I'm wondering how we can do this on our debian system. Ideally in
a way that would also work for others (have it configurable instead of just
hacking it.)
My current Idea would be to have an XSession startup script that launches
dirmngr on session startup similar to the old gpg-agent xsession script.
The downside of that idea is that this would not work for an update on a live
system with users, that it depends on an x session and that it might come out
of sync if the initial process is somehow replaced by another autostarted
dirmngr.
Imho it should be possible to configure dirmngr system wide to use a system-
wide configuration. Maybe something like
If /etc/gnupg2/dirmngr.conf exists and !opt.homedir:
opt.homedir = /etc/gnupg2
In dirmngr would be acceptable?
Or am I missing some mechanism that currently allows to use system-wide
configuration with dirmngr even when it is autostarted from gpg-agent?
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gnupg-devel
mailing list