dirmngr: Remove all system daemon features.

* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and 'system_daemon'. * common/homedir.c (dirmngr_sys_socket_name): Remove. (dirmngr_user_socket_name): Rename to ... (dirmngr_socket_name): this. Change call callers. * common/asshelp.c (start_new_dirmngr): Remove the system socket feature. * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket". * sm/server.c (gpgsm_server): Adjust for removed system socket feature. * dirmngr/server.c (cmd_getinfo): Ditto. (cmd_killdirmngr): Remove check for system daemon. (cmd_reloaddirmngr): Ditto. * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro. (aService): Remove. (opts): Remove --service. (w32_service_control): Remove. (real_main, call_real_main) [W32]: Remove wrapper. (main): Remove Windows system service feature. Remove system dameon feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file. * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the system dameon case. * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d". * dirmngr/ocsp.c (validate_responder_cert): Do not call validate_cert_chain which was used only in system daemon mode. * dirmngr/validate.c (validate_cert_chain): Always use the code. -- We are now starting dirmngr as needed as a user daemon. The deprecated system daemon mode does not anymore make sense. In case a system wide daemon is required, it is better to setup a dedicated account to run dirmngr and tweak socket permissions accordingly. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2016-08-18 11:23:40 +02:00 · 2016-08-18 11:23:40 +02:00 · d83ba4897b
commit d83ba4897b
parent de6e3217cd
13 changed files with 29 additions and 365 deletions
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@ -34,11 +34,6 @@ providing access to OCSP providers.  Dirmngr is invoked internally by
@command{gpg}, @command{gpgsm}, or via the @command{gpg-connect-agent}
 tool.

-For historical reasons it is also possible to start @command{dirmngr}
-in a system daemon mode which uses a different directory layout.
-However, this mode is deprecated and may eventually be removed.
-
-
@manpause
@noindent
@xref{Option Index},for an index to @command{DIRMNGR}'s commands and
@ -468,9 +463,7 @@ Dirmngr makes use of several directories when running in daemon mode:
@table @file

@item ~/.gnupg
-@itemx /etc/gnupg
-The first is the standard home directory for all configuration files.
-In the deprecated system daemon mode the second directory is used instead.
+This is the standard home directory for all configuration files.

@item /etc/gnupg/trusted-certs
 This directory should be filled with certificates of Root CAs you
@ -501,20 +494,10 @@ These certificates are first tried before going
 out to the net to look for them.  These certificates must also be
@acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}.

-@item @value{LOCALRUNDIR}
-This directory is only used in the deprecated system daemon mode.  It
-keeps the socket file for accessing @command{dirmngr} services.  The
-name of the socket file will be @file{S.dirmngr}.  Make sure that this
-directory has the proper permissions to let @command{dirmngr} create
-the socket file and that eligible users may read and write to that
-socket.
-
@item ~/.gnupg/crls.d
-@itemx @value{LOCALCACHEDIR}/crls.d
-The first directory is used to store cached CRLs.  The @file{crls.d}
+This directory is used to store cached CRLs.  The @file{crls.d}
 part will be created by dirmngr if it does not exists but you need to
-make sure that the upper directory exists.  The second directory is
-used instead in the deprecated systems daemon mode.
+make sure that the upper directory exists.

@end table
@manpause
@ -1040,10 +1023,6 @@ as a binary blob.
@c works. Note that mainly testing purposes this functionality may be
@c called directly using @cmd{dirmngr-client --validate @file{foo.crt}}.
@c
-@c For backward compatibility this function returns success if Dirmngr is
-@c not used as a system daemon.  Thus not validating the certicates at
-@c all. FIXME:  This is definitely not correct and should be fixed ASAP.
-@c
@c The function takes the target certificate and a mode argument as
@c parameters and returns an error code and optionally the closes
@c expiration time of all certificates in the chain.