* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--
This is required so that we can use this option in in gpgconf.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
directive.
--
systemd.socket(5) says:
Socket units will have a Before= dependency on the service which
they trigger added implicitly.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/examples/systemd-user/*.service: drop RefuseManualStart=true
--
These user services can be safely started manually as long as at least
their primary sockets are available. They'll just start with nothing
to do, which should be fine.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/examples/systemd-user/*.service: Add ExecReload directives to
indicate the canonical way to reload the services.
GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload". if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tools/gpgconf.c (aApplyProfile): New.
(opts): New command --apply-profile.
(main): Implement that command.
* tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
(change_options_program): Ditto.
(change_one_value): Ditto.
(gc_component_change_options): Ditto.
(gc_apply_profile): New.
--
Here is an example for a profile
--8<---------------cut here---------------start------------->8---
# foo.prf - Sample profile
[gpg]
compliance de-vs
default-new-key-algo brainpoolP256r1+brainpoolP256r1
[gpgsm]
enable-crl-checks
[gpg-agent]
default-cache-ttl 900
max-cache-ttl [] 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints
min-passphrase-len 9
min-passphrase-nonalpha 0
[dirmngr]
keyserver hkp://keys.gnupg.net
allow-ocsp
--8<---------------cut here---------------end--------------->8---
Note that flags inside of brackets are allowed after the option name.
The only defined flag for now is "[default]". In case the value
starts with a bracket, it is possible to insert "[]" as a nop-flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Removed the detailed ChangeLog entry because that is not needed for
doc changes.
- Added an entry to doc/examples/README.
Signed-off-by: Werner Koch <wk@gnupg.org>
* call-agent.c (start_agent): Don't use log_error when using the
fallback hack to start the agent. This is bug 782.
scripts/
* mail-to-translators: Copied from 1.4. and adjusted.
tools/
* gpgconf-comp.c: Allow changing of --allow-mark-trusted.
* gpg-connect-agent.c (main): New option --decode and commands
decode and undecode.
(read_and_print_response): Implement option.