System wide dirmngr configuration with Gnupg 2.1

Andre Heinecke aheinecke at intevation.de
Fri Dec 19 18:20:45 CET 2014


Hi,

we (at intevation) centrally configure the trusted certificates / ldap servers 
dirmngr should use. Our Administrators verify and decide which certificates 
users can trust.

Now that dirmngr has moved in into gnupg and is no longer supposed to be a 
system demon I'm wondering how we can do this on our debian system. Ideally in 
a way that would also work for others  (have it configurable instead of just 
hacking it.)

My current Idea would be to have an XSession startup script that launches 
dirmngr on session startup similar to the old gpg-agent xsession script. 

The downside of that idea is that this would not work for an update on a live 
system with users, that it depends on an x session and that it might come out 
of sync if the initial process is somehow replaced by another autostarted 
dirmngr.

Imho it should be possible to configure dirmngr system wide to use a system-
wide configuration. Maybe something like

If /etc/gnupg2/dirmngr.conf exists and !opt.homedir:
     opt.homedir = /etc/gnupg2

In dirmngr would be acceptable?

Or am I missing some mechanism that currently allows to use system-wide 
configuration with dirmngr even when it is autostarted from gpg-agent?


Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner



More information about the Gnupg-devel mailing list