security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-28 21:50:02 +02:00
Code Activity
5c8fe54809
gnupg/doc/examples/systemd-user
History
Daniel Kahn Gillmor a20a450ac4 systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}" 
* doc/examples/systemd-user/*.service: Add ExecReload directives to
  indicate the canonical way to reload the services.

GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload".  if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-01-10 17:16:38 -05:00
..
dirmngr.service systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}" 2017-01-10 17:16:38 -05:00
dirmngr.socket doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00
gpg-agent-browser.socket doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00
gpg-agent-extra.socket doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00
gpg-agent-ssh.socket doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00
gpg-agent.service systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}" 2017-01-10 17:16:38 -05:00
gpg-agent.socket doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00
README doc: Include config examples for socket-activated user services. 2016-11-11 08:44:51 +01:00

README 

Socket-activated dirmngr and gpg-agent with systemd
===================================================

When used on a GNU/Linux system supervised by systemd, you can ensure
that the GnuPG daemons dirmngr and gpg-agent are launched
automatically the first time they're needed, and shut down cleanly at
session logout.  This is done by enabling user services via
socket-activation.

System distributors
-------------------

The *.service and *.socket files (from this directory) should be
placed in /usr/lib/systemd/user/ alongside other user-session services
and sockets.

To enable socket-activated dirmngr for all accounts on the system,
use:

    systemctl --user --global enable dirmngr.socket

To enable socket-activated gpg-agent for all accounts on the system,
use:

    systemctl --user --global enable gpg-agent.socket

Additionally, you can enable socket-activated gpg-agent ssh-agent
emulation for all accounts on the system with:

    systemctl --user --global enable gpg-agent-ssh.socket

You can also enable restricted ("--extra-socket"-style) gpg-agent
sockets for all accounts on the system with:

    systemctl --user --global enable gpg-agent-extra.socket

Individual users
----------------

A user on a system with systemd where this has not been installed
system-wide can place these files in ~/.config/systemd/user/ to make
them available.

If a given service isn't installed system-wide, or if it's installed
system-wide but not globally enabled, individual users will still need
to enable them.  For example, to enable socket-activated dirmngr for
all future sessions:

    systemctl --user enable dirmngr.socket

To enable socket-activated gpg-agent with ssh support, do:

    systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket

These changes won't take effect until your next login after you've
fully logged out (be sure to terminate any running daemons before
logging out).

If you'd rather try a socket-activated GnuPG daemon in an
already-running session without logging out (with or without enabling
it for all future sessions), kill any existing daemon and start the
user socket directly.  For example, to set up socket-activated dirmgnr
in the current session:

    gpgconf --kill dirmngr
    systemctl --user start dirmngr.socket