mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
57e95f5413
-- These configuration files and instructions enable clean and simple daemon supervision on machines that run systemd. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> - Removed the detailed ChangeLog entry because that is not needed for doc changes. - Added an entry to doc/examples/README. Signed-off-by: Werner Koch <wk@gnupg.org>
67 lines
2.2 KiB
Plaintext
67 lines
2.2 KiB
Plaintext
Socket-activated dirmngr and gpg-agent with systemd
|
|
===================================================
|
|
|
|
When used on a GNU/Linux system supervised by systemd, you can ensure
|
|
that the GnuPG daemons dirmngr and gpg-agent are launched
|
|
automatically the first time they're needed, and shut down cleanly at
|
|
session logout. This is done by enabling user services via
|
|
socket-activation.
|
|
|
|
System distributors
|
|
-------------------
|
|
|
|
The *.service and *.socket files (from this directory) should be
|
|
placed in /usr/lib/systemd/user/ alongside other user-session services
|
|
and sockets.
|
|
|
|
To enable socket-activated dirmngr for all accounts on the system,
|
|
use:
|
|
|
|
systemctl --user --global enable dirmngr.socket
|
|
|
|
To enable socket-activated gpg-agent for all accounts on the system,
|
|
use:
|
|
|
|
systemctl --user --global enable gpg-agent.socket
|
|
|
|
Additionally, you can enable socket-activated gpg-agent ssh-agent
|
|
emulation for all accounts on the system with:
|
|
|
|
systemctl --user --global enable gpg-agent-ssh.socket
|
|
|
|
You can also enable restricted ("--extra-socket"-style) gpg-agent
|
|
sockets for all accounts on the system with:
|
|
|
|
systemctl --user --global enable gpg-agent-extra.socket
|
|
|
|
Individual users
|
|
----------------
|
|
|
|
A user on a system with systemd where this has not been installed
|
|
system-wide can place these files in ~/.config/systemd/user/ to make
|
|
them available.
|
|
|
|
If a given service isn't installed system-wide, or if it's installed
|
|
system-wide but not globally enabled, individual users will still need
|
|
to enable them. For example, to enable socket-activated dirmngr for
|
|
all future sessions:
|
|
|
|
systemctl --user enable dirmngr.socket
|
|
|
|
To enable socket-activated gpg-agent with ssh support, do:
|
|
|
|
systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
|
|
|
|
These changes won't take effect until your next login after you've
|
|
fully logged out (be sure to terminate any running daemons before
|
|
logging out).
|
|
|
|
If you'd rather try a socket-activated GnuPG daemon in an
|
|
already-running session without logging out (with or without enabling
|
|
it for all future sessions), kill any existing daemon and start the
|
|
user socket directly. For example, to set up socket-activated dirmgnr
|
|
in the current session:
|
|
|
|
gpgconf --kill dirmngr
|
|
systemctl --user start dirmngr.socket
|