security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

doc: Remove profile and systemd example files.

Browse Source 
--

The profiles are not any longer useful because global options are way
more powerful (/etc/gnupg/gpg.conf et al.).  The use of systemd is
deprecated because of additional complexity and the race between
systemd based autolaunching and the explicit gnupg based and lockfile
protected autolaunching.

GnuPG-bug-id: 6336
This commit is contained in:
Werner Koch 2023-01-23 16:34:19 +01:00
parent d98bf02a03
commit eae28f1bd4
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
13 changed files with 6 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/Makefile.am
View File

@ -22,18 +22,9 @@ AM_CPPFLAGS =
include $(top_srcdir)/am/cmacros.am include $(top_srcdir)/am/cmacros.am
examples = examples/README examples/scd-event examples/trustlist.txt \ examples = examples/README examples/scd-event examples/trustlist.txt \
examples/VS-NfD.prf examples/Automatic.prf \ examples/qualified.txt \
examples/debug.prf examples/qualified.txt \
examples/common.conf \ examples/common.conf \
examples/gpgconf.rnames examples/gpgconf.conf \ examples/gpgconf.rnames examples/gpgconf.conf \
examples/systemd-user/README \
examples/systemd-user/dirmngr.service \
examples/systemd-user/dirmngr.socket \
examples/systemd-user/gpg-agent.service \
examples/systemd-user/gpg-agent.socket \
examples/systemd-user/gpg-agent-ssh.socket \
examples/systemd-user/gpg-agent-browser.socket \
examples/systemd-user/gpg-agent-extra.socket \
examples/pwpattern.list examples/pwpattern.list
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
@ -44,8 +35,6 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \
help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
profiles =
EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \ EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-module-overview.png gnupg-module-overview.pdf \
@ -61,7 +50,7 @@ BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \
info_TEXINFOS = gnupg.texi info_TEXINFOS = gnupg.texi
dist_pkgdata_DATA = $(helpfiles) $(profiles) dist_pkgdata_DATA = $(helpfiles)
nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \ nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \
$(examples) $(examples)

2
doc/examples/README
View File

@ -8,8 +8,6 @@ trustlist.txt A list of trustworthy root certificates
gpgconf.conf A sample configuration file for gpgconf. gpgconf.conf A sample configuration file for gpgconf.
systemd-user Sample files for a Linux-only init system.
qualified.txt Sample file for qualified.txt. qualified.txt Sample file for qualified.txt.
common.conf Sample file for common options. common.conf Sample file for common options.

24
doc/examples/VS-NfD.prf
View File

@ -1,24 +0,0 @@
# VS-NfD.prf - Configure options for the VS-NfD mode -*- conf -*-
#
# The options for each tool are configured in a section ("[TOOL]");
# see the respective man page for a description of these options and
# the gpgconf manpage for a description of this file's syntax.
[gpg]
compliance de-vs
[gpgsm]
compliance de-vs
enable-crl-checks
[gpg-agent]
default-cache-ttl 900
max-cache-ttl 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints
min-passphrase-len 9
min-passphrase-nonalpha 0
[dirmngr]
allow-ocsp

29
doc/examples/debug.prf
View File

@ -1,29 +0,0 @@
# debug.prf - Configure options for easier debugging -*- conf -*-
#
# Note that the actual debug options for each component need to be set
# manually. Running the component with "--debug help" shows a list of
# supported values. To watch the logs this command can be used:
#
# watchgnupg --time-only --force $(gpgconf --list-dirs socketdir)/S.log
#
[gpg]
log-file socket://
verbose
#debug ipc
[gpgsm]
log-file socket://
verbose
#debug ipc
[gpg-agent]
log-file socket://
verbose
#debug ipc
#debug-pinentry
[dirmngr]
log-file socket://
verbose
#debug ipc,dns

4
doc/examples/gpgconf.conf
View File

@ -1,5 +1,9 @@
# gpgconf.conf - configuration for gpgconf # gpgconf.conf - configuration for gpgconf
#---------------------------------------------------------------------- #----------------------------------------------------------------------
#
# === The use of this feature is deprecated ===
# == Please use the more powerful global options. ==
#
# This file is read by gpgconf(1) to setup defaults for all or # This file is read by gpgconf(1) to setup defaults for all or
# specified users and groups. It may be used to change the hardwired # specified users and groups. It may be used to change the hardwired
# defaults in gpgconf and to enforce certain values for the various # defaults in gpgconf and to enforce certain values for the various

66
doc/examples/systemd-user/README
View File

@ -1,66 +0,0 @@
Socket-activated dirmngr and gpg-agent with systemd
===================================================
When used on a GNU/Linux system supervised by systemd, you can ensure
that the GnuPG daemons dirmngr and gpg-agent are launched
automatically the first time they're needed, and shut down cleanly at
session logout. This is done by enabling user services via
socket-activation.
System distributors
-------------------
The *.service and *.socket files (from this directory) should be
placed in /usr/lib/systemd/user/ alongside other user-session services
and sockets.
To enable socket-activated dirmngr for all accounts on the system,
use:
systemctl --user --global enable dirmngr.socket
To enable socket-activated gpg-agent for all accounts on the system,
use:
systemctl --user --global enable gpg-agent.socket
Additionally, you can enable socket-activated gpg-agent ssh-agent
emulation for all accounts on the system with:
systemctl --user --global enable gpg-agent-ssh.socket
You can also enable restricted ("--extra-socket"-style) gpg-agent
sockets for all accounts on the system with:
systemctl --user --global enable gpg-agent-extra.socket
Individual users
----------------
A user on a system with systemd where this has not been installed
system-wide can place these files in ~/.config/systemd/user/ to make
them available.
If a given service isn't installed system-wide, or if it's installed
system-wide but not globally enabled, individual users will still need
to enable them. For example, to enable socket-activated dirmngr for
all future sessions:
systemctl --user enable dirmngr.socket
To enable socket-activated gpg-agent with ssh support, do:
systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
These changes won't take effect until your next login after you've
fully logged out (be sure to terminate any running daemons before
logging out).
If you'd rather try a socket-activated GnuPG daemon in an
already-running session without logging out (with or without enabling
it for all future sessions), kill any existing daemon and start the
user socket directly. For example, to set up socket-activated dirmgnr
in the current session:
gpgconf --kill dirmngr
systemctl --user start dirmngr.socket

8
doc/examples/systemd-user/dirmngr.service
View File

@ -1,8 +0,0 @@
[Unit]
Description=GnuPG network certificate management daemon
Documentation=man:dirmngr(8)
Requires=dirmngr.socket
[Service]
ExecStart=/usr/bin/dirmngr --supervised
ExecReload=/usr/bin/gpgconf --reload dirmngr

11
doc/examples/systemd-user/dirmngr.socket
View File

@ -1,11 +0,0 @@
[Unit]
Description=GnuPG network certificate management daemon
Documentation=man:dirmngr(8)
[Socket]
ListenStream=%t/gnupg/S.dirmngr
SocketMode=0600
DirectoryMode=0700
[Install]
WantedBy=sockets.target

13
doc/examples/systemd-user/gpg-agent-browser.socket
View File

@ -1,13 +0,0 @@
[Unit]
Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
Documentation=man:gpg-agent(1)
[Socket]
ListenStream=%t/gnupg/S.gpg-agent.browser
FileDescriptorName=browser
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
[Install]
WantedBy=sockets.target

13
doc/examples/systemd-user/gpg-agent-extra.socket
View File

@ -1,13 +0,0 @@
[Unit]
Description=GnuPG cryptographic agent and passphrase cache (restricted)
Documentation=man:gpg-agent(1)
[Socket]
ListenStream=%t/gnupg/S.gpg-agent.extra
FileDescriptorName=extra
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
[Install]
WantedBy=sockets.target

13
doc/examples/systemd-user/gpg-agent-ssh.socket
View File

@ -1,13 +0,0 @@
[Unit]
Description=GnuPG cryptographic agent (ssh-agent emulation)
Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
[Socket]
ListenStream=%t/gnupg/S.gpg-agent.ssh
FileDescriptorName=ssh
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700
[Install]
WantedBy=sockets.target

8
doc/examples/systemd-user/gpg-agent.service
View File

@ -1,8 +0,0 @@
[Unit]
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
Requires=gpg-agent.socket
[Service]
ExecStart=/usr/bin/gpg-agent --supervised
ExecReload=/usr/bin/gpgconf --reload gpg-agent

12
doc/examples/systemd-user/gpg-agent.socket
View File

@ -1,12 +0,0 @@
[Unit]
Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
[Socket]
ListenStream=%t/gnupg/S.gpg-agent
FileDescriptorName=std
SocketMode=0600
DirectoryMode=0700
[Install]
WantedBy=sockets.target