mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
doc: Include config examples for socket-activated user services.
-- These configuration files and instructions enable clean and simple daemon supervision on machines that run systemd. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Removed the detailed ChangeLog entry because that is not needed for doc changes. - Added an entry to doc/examples/README. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
e51912f467
commit
57e95f5413
@ -22,6 +22,13 @@ AM_CPPFLAGS =
|
|||||||
include $(top_srcdir)/am/cmacros.am
|
include $(top_srcdir)/am/cmacros.am
|
||||||
|
|
||||||
examples = examples/README examples/scd-event examples/trustlist.txt \
|
examples = examples/README examples/scd-event examples/trustlist.txt \
|
||||||
|
examples/systemd-user/README \
|
||||||
|
examples/systemd-user/dirmngr.service \
|
||||||
|
examples/systemd-user/dirmngr.socket \
|
||||||
|
examples/systemd-user/gpg-agent.service \
|
||||||
|
examples/systemd-user/gpg-agent.socket \
|
||||||
|
examples/systemd-user/gpg-agent-ssh.socket \
|
||||||
|
examples/systemd-user/gpg-agent-extra.socket \
|
||||||
examples/gpgconf.conf examples/pwpattern.list
|
examples/gpgconf.conf examples/pwpattern.list
|
||||||
|
|
||||||
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
|
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
|
||||||
|
@ -7,3 +7,5 @@ trustlist.txt A list of trustworthy root certificates
|
|||||||
(Please check yourself whether you actually trust them)
|
(Please check yourself whether you actually trust them)
|
||||||
|
|
||||||
gpgconf.conf A sample configuration file for gpgconf.
|
gpgconf.conf A sample configuration file for gpgconf.
|
||||||
|
|
||||||
|
systemd-user Sample files for a Linux-only init system.
|
||||||
|
66
doc/examples/systemd-user/README
Normal file
66
doc/examples/systemd-user/README
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
Socket-activated dirmngr and gpg-agent with systemd
|
||||||
|
===================================================
|
||||||
|
|
||||||
|
When used on a GNU/Linux system supervised by systemd, you can ensure
|
||||||
|
that the GnuPG daemons dirmngr and gpg-agent are launched
|
||||||
|
automatically the first time they're needed, and shut down cleanly at
|
||||||
|
session logout. This is done by enabling user services via
|
||||||
|
socket-activation.
|
||||||
|
|
||||||
|
System distributors
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
The *.service and *.socket files (from this directory) should be
|
||||||
|
placed in /usr/lib/systemd/user/ alongside other user-session services
|
||||||
|
and sockets.
|
||||||
|
|
||||||
|
To enable socket-activated dirmngr for all accounts on the system,
|
||||||
|
use:
|
||||||
|
|
||||||
|
systemctl --user --global enable dirmngr.socket
|
||||||
|
|
||||||
|
To enable socket-activated gpg-agent for all accounts on the system,
|
||||||
|
use:
|
||||||
|
|
||||||
|
systemctl --user --global enable gpg-agent.socket
|
||||||
|
|
||||||
|
Additionally, you can enable socket-activated gpg-agent ssh-agent
|
||||||
|
emulation for all accounts on the system with:
|
||||||
|
|
||||||
|
systemctl --user --global enable gpg-agent-ssh.socket
|
||||||
|
|
||||||
|
You can also enable restricted ("--extra-socket"-style) gpg-agent
|
||||||
|
sockets for all accounts on the system with:
|
||||||
|
|
||||||
|
systemctl --user --global enable gpg-agent-extra.socket
|
||||||
|
|
||||||
|
Individual users
|
||||||
|
----------------
|
||||||
|
|
||||||
|
A user on a system with systemd where this has not been installed
|
||||||
|
system-wide can place these files in ~/.config/systemd/user/ to make
|
||||||
|
them available.
|
||||||
|
|
||||||
|
If a given service isn't installed system-wide, or if it's installed
|
||||||
|
system-wide but not globally enabled, individual users will still need
|
||||||
|
to enable them. For example, to enable socket-activated dirmngr for
|
||||||
|
all future sessions:
|
||||||
|
|
||||||
|
systemctl --user enable dirmngr.socket
|
||||||
|
|
||||||
|
To enable socket-activated gpg-agent with ssh support, do:
|
||||||
|
|
||||||
|
systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
|
||||||
|
|
||||||
|
These changes won't take effect until your next login after you've
|
||||||
|
fully logged out (be sure to terminate any running daemons before
|
||||||
|
logging out).
|
||||||
|
|
||||||
|
If you'd rather try a socket-activated GnuPG daemon in an
|
||||||
|
already-running session without logging out (with or without enabling
|
||||||
|
it for all future sessions), kill any existing daemon and start the
|
||||||
|
user socket directly. For example, to set up socket-activated dirmgnr
|
||||||
|
in the current session:
|
||||||
|
|
||||||
|
gpgconf --kill dirmngr
|
||||||
|
systemctl --user start dirmngr.socket
|
10
doc/examples/systemd-user/dirmngr.service
Normal file
10
doc/examples/systemd-user/dirmngr.service
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG network certificate management daemon
|
||||||
|
Documentation=man:dirmngr(8)
|
||||||
|
Requires=dirmngr.socket
|
||||||
|
After=dirmngr.socket
|
||||||
|
## This is a socket-activated service:
|
||||||
|
RefuseManualStart=true
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/dirmngr --supervised
|
11
doc/examples/systemd-user/dirmngr.socket
Normal file
11
doc/examples/systemd-user/dirmngr.socket
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG network certificate management daemon
|
||||||
|
Documentation=man:dirmngr(8)
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=%t/gnupg/S.dirmngr
|
||||||
|
SocketMode=0600
|
||||||
|
DirectoryMode=0700
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
13
doc/examples/systemd-user/gpg-agent-browser.socket
Normal file
13
doc/examples/systemd-user/gpg-agent-browser.socket
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
|
||||||
|
Documentation=man:gpg-agent(1)
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=%t/gnupg/S.gpg-agent.browser
|
||||||
|
FileDescriptorName=browser
|
||||||
|
Service=gpg-agent.service
|
||||||
|
SocketMode=0600
|
||||||
|
DirectoryMode=0700
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
13
doc/examples/systemd-user/gpg-agent-extra.socket
Normal file
13
doc/examples/systemd-user/gpg-agent-extra.socket
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG cryptographic agent and passphrase cache (restricted)
|
||||||
|
Documentation=man:gpg-agent(1)
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=%t/gnupg/S.gpg-agent.extra
|
||||||
|
FileDescriptorName=extra
|
||||||
|
Service=gpg-agent.service
|
||||||
|
SocketMode=0600
|
||||||
|
DirectoryMode=0700
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
13
doc/examples/systemd-user/gpg-agent-ssh.socket
Normal file
13
doc/examples/systemd-user/gpg-agent-ssh.socket
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG cryptographic agent (ssh-agent emulation)
|
||||||
|
Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=%t/gnupg/S.gpg-agent.ssh
|
||||||
|
FileDescriptorName=ssh
|
||||||
|
Service=gpg-agent.service
|
||||||
|
SocketMode=0600
|
||||||
|
DirectoryMode=0700
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
10
doc/examples/systemd-user/gpg-agent.service
Normal file
10
doc/examples/systemd-user/gpg-agent.service
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG cryptographic agent and passphrase cache
|
||||||
|
Documentation=man:gpg-agent(1)
|
||||||
|
Requires=gpg-agent.socket
|
||||||
|
After=gpg-agent.socket
|
||||||
|
## This is a socket-activated service:
|
||||||
|
RefuseManualStart=true
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/gpg-agent --supervised
|
12
doc/examples/systemd-user/gpg-agent.socket
Normal file
12
doc/examples/systemd-user/gpg-agent.socket
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=GnuPG cryptographic agent and passphrase cache
|
||||||
|
Documentation=man:gpg-agent(1)
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=%t/gnupg/S.gpg-agent
|
||||||
|
FileDescriptorName=std
|
||||||
|
SocketMode=0600
|
||||||
|
DirectoryMode=0700
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
Loading…
x
Reference in New Issue
Block a user