From 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 26 Oct 2016 16:37:08 -0400 Subject: [PATCH] dirmngr: Implement --supervised command (for systemd, etc). * dirmngr/dirmngr.c (main): Add new --supervised command, which is a mode designed for running under a process supervision system like systemd or runit. * doc/dirmngr.texi: document --supervised option. -- "dirmngr --supervised" is a way to invoke dirmngr such that a system supervisor like systemd can provide socket-activated startup, log management, and scheduled shutdown. When running in this mode, dirmngr: * Does not open its own listening socket; rather, it expects to be given a listening socket on file descriptor 3. * Does not detach from the invoking process, staying in the foreground instead. Signed-off-by: Daniel Kahn Gillmor --- dirmngr/dirmngr.c | 40 ++++++++++++++++++++++++++++++++++++++++ doc/dirmngr.texi | 7 +++++++ 2 files changed, 47 insertions(+) diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index c9e4a058b..29036812d 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -88,6 +88,7 @@ enum cmd_and_opt_values { aServer, aDaemon, + aSupervised, aListCRLs, aLoadCRL, aFetchCRL, @@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ), ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ), + ARGPARSE_c (aSupervised, "supervised", N_("run under supervision (e.g. systemd)")), ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")), ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")), ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")), @@ -814,6 +816,7 @@ main (int argc, char **argv) { case aServer: case aDaemon: + case aSupervised: case aShutdown: case aFlush: case aListCRLs: @@ -993,6 +996,43 @@ main (int argc, char **argv) start_command_handler (ASSUAN_INVALID_FD); shutdown_reaper (); } + else if (cmd == aSupervised) + { + /* In supervised mode, we expect file descriptor 3 to be an + already opened, listening socket. + + We will also not detach from the controlling process or close + stderr; the supervisor should handle all of that. */ + struct stat statbuf; + if (fstat (3, &statbuf) == -1 && errno ==EBADF) + { + log_error ("file descriptor 3 must be already open in --supervised mode\n"); + dirmngr_exit (1); + } + socket_name = gnupg_get_socket_name (3); + + /* Now start with logging to a file if this is desired. */ + if (logfile) + { + log_set_file (logfile); + log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX + |GPGRT_LOG_WITH_TIME + |GPGRT_LOG_WITH_PID)); + current_logfile = xstrdup (logfile); + } + else + log_set_prefix (NULL, 0); + + thread_init (); + cert_cache_init (); + crl_cache_init (); +#if USE_LDAP + ldap_wrapper_launch_thread (); +#endif /*USE_LDAP*/ + handle_connections (3); + assuan_sock_close (3); + shutdown_reaper (); + } else if (cmd == aDaemon) { assuan_fd_t fd; diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index bb8281d7d..69d7e5e8f 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -85,6 +85,13 @@ Run in background daemon mode and listen for commands on a socket. Note that this also changes the default home directory and enables the internal certificate validation code. This mode is deprecated. +@item --supervised +@opindex supervised +Run in the foreground, sending logs to stderr, and listening on file +descriptor 3, which must already be bound to a listening socket. This +is useful when running under systemd or other similar process +supervision schemes. + @item --list-crls @opindex list-crls List the contents of the CRL cache on @code{stdout}. This is probably