[PATCH] dirmngr: implement --supervised command (for systemd, etc)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Aug 10 17:11:42 CEST 2016


Hi Justus--

Thanks for the feedback!

On Wed 2016-08-10 02:45:49 -0400, Justus Winter wrote:
> Commit log style nitpick:  We like to start with a capital letter after
> the colon, and end with a full stop.  Likewise for the patch subject.

gotcha.  a revised patch is on its way.

> I agree with this change.  If I were to implement starting gpg-agent on
> demand on the Hurd using translator records (think generalized decentral
> socket activation from the nineties, everything old is new again), I'd
> also need such an interface.

cool, i'm glad it's also useful for this use case.

The work for gpg-agent is slightly more complicated because gpg-agent
listens on multiple sockets and does different things with different
sockets, but i'm on it.

fwiw, for a socket-activated, supervised gpg-agent, i'm planning to use
the $LISTEN_FDS variable to store a count of file descriptors to listen
on, and to distinguish socket types based on text labels passed in
colon-delimited form in $LISTEN_FDNAMES.



The simplest use case would be:

   LISTEN_FDS=1
   LISTEN_FDNAMES=

That's an agent listening only on file descriptor 3, speaking the normal
gpg-agent protocol.




In the most complex example:

   LISTEN_FDS=4
   LISTEN_FDNAMES=:ssh:extra:browser

would mean that the open file descriptors would be treated as:

   3 -- normal gpg-agent socket
   4 -- socket for ssh-agent emulation
   5 -- "--extra-socket" restricted socket
   6 -- "--browser-socket" experimental restricted socket




See sd_listen_fds(3) for a description of this convention (though don't
worry, i don't plan on linking gpg-agent to libsystemd()).

I'm also going to propose a new feature for the runit suite
(http://smarden.org/runit) that should make it easy to supervise other
processes that use this convention on systems using that supervision
system.

> I guess it makes sense to ship these as well.  You need to add them to
> EXTRA_DIST, or they won't be included in releases.

right, i'll include that in the revision.

> Having said that, I believe none of us runs systemd, so we will have to
> rely on contributors to keep these up-to-date.  That likely means you ;)

That's fine with me.  I welcome other contributors' suggestions as well.
After a bit more experimentation and research yesterday, i've tweaked
these files a bit more, and i'm including them

>> "dirmngr --supervised" is a way to invoke dirmngr such that a system
>> supervisor like systemd can provide socket-activated startup, log
>> management, and scheduled shutdown.
>>
>> When running in this mode, dirmngr:
>>
>>  * does not open its own listening socket; rather, it expects to be
>>    given a listening socket on file descriptor 3
>
> Is that file descriptor fixed?  I remember systemd storing it in some
> environment variable.

It's fixed in a header file that's exposed to any process that builds
against libsystemd:

0 dkg at alice:~$ grep -B1 '^#define SD_LISTEN_FDS_START' /usr/include/systemd/sd-daemon.h
/* The first passed file descriptor is fd 3 */
#define SD_LISTEN_FDS_START 3
0 dkg at alice:~$ 

So this is something that cannot actually change without a rebuild of
everything that links to libsystemd.  I think it's safe to treat it as
fixed for purposes of systemd.

If you need it to be variable for dirmngr for Hurd or elsewhere, i'm
fine with adding an option or an envvar to set it explicitly, but i hope
you'll be OK with the default for that option being 3 ;)

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160810/408baf8f/attachment.sig>


More information about the Gnupg-devel mailing list