[Pkg-gnupg-commit] [gnupg2] 85/112: dirmngr: Remove all system daemon features.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 30 17:48:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit d83ba4897bf217d1045c58d1b99e52bd31c58812
Author: Werner Koch <wk at gnupg.org>
Date: Thu Aug 18 11:23:40 2016 +0200
dirmngr: Remove all system daemon features.
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
common/asshelp.c | 47 ++------------
common/homedir.c | 50 +--------------
common/util.h | 3 +-
dirmngr/certcache.c | 3 -
dirmngr/crlcache.c | 2 +-
dirmngr/dirmngr.c | 180 ++--------------------------------------------------
dirmngr/dirmngr.h | 2 -
dirmngr/ocsp.c | 4 --
dirmngr/server.c | 48 ++------------
dirmngr/validate.c | 12 ++--
doc/dirmngr.texi | 27 +-------
sm/server.c | 4 +-
tools/gpgconf.c | 12 +---
13 files changed, 29 insertions(+), 365 deletions(-)
diff --git a/common/asshelp.c b/common/asshelp.c
index 5c32c6e..c03e67b 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -564,18 +564,7 @@ start_new_dirmngr (assuan_context_t *r_ctx,
return err;
}
- sockname = dirmngr_user_socket_name ();
- if (sockname)
- {
- /* First try the local socket name and only if that fails try
- the system socket. */
- err = assuan_socket_connect (ctx, sockname, 0, 0);
- if (err)
- sockname = dirmngr_sys_socket_name ();
- }
- else
- sockname = dirmngr_sys_socket_name ();
-
+ sockname = dirmngr_socket_name ();
err = assuan_socket_connect (ctx, sockname, 0, 0);
#ifdef USE_DIRMNGR_AUTO_START
@@ -583,22 +572,9 @@ start_new_dirmngr (assuan_context_t *r_ctx,
{
lock_spawn_t lock;
const char *argv[4];
- int try_system_daemon = 0;
char *abs_homedir;
- /* No connection: Try start a new Dirmngr. On Windows this will
- fail because the Dirmngr is expected to be a system service.
- However on WinCE we don't distinguish users and thus we can
- start it. */
-
- /* We prefer to start it as a user daemon. */
- sockname = dirmngr_user_socket_name ();
- if (!sockname)
- {
- sockname = dirmngr_sys_socket_name ();
- try_system_daemon = 1;
- }
-
+ /* No connection: Try start a new Dirmngr. */
if (!dirmngr_program || !*dirmngr_program)
dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
@@ -631,20 +607,11 @@ start_new_dirmngr (assuan_context_t *r_ctx,
}
argv[0] = "--daemon";
- if (try_system_daemon)
- argv[1] = NULL;
- else
- { /* Try starting as user daemon - dirmngr does this if the
- home directory is given on the command line. */
- argv[1] = "--homedir";
- argv[2] = abs_homedir;
- argv[3] = NULL;
- }
-
- /* On the use of HOMEDIR for locking: Under Windows HOMEDIR is
- not used thus it does not matter. Under Unix we should
- TRY_SYSTEM_DAEMON should never be true because
- dirmngr_user_socket_name() won't return NULL. */
+ /* Try starting the daemon. Versions of dirmngr < 2.1.15 do
+ * this only if the home directory is given on the command line. */
+ argv[1] = "--homedir";
+ argv[2] = abs_homedir;
+ argv[3] = NULL;
if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose))
&& assuan_socket_connect (ctx, sockname, 0, 0))
diff --git a/common/homedir.c b/common/homedir.c
index 9a69022..574561a 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -812,55 +812,9 @@ gnupg_cachedir (void)
}
-/* Return the system socket name used by DirMngr. */
+/* Return the user socket name used by DirMngr. */
const char *
-dirmngr_sys_socket_name (void)
-{
-#ifdef HAVE_W32_SYSTEM
- static char *name;
-
- if (!name)
- {
- char *p;
-# ifdef HAVE_W32CE_SYSTEM
- const char *s1, *s2;
-
- s1 = default_homedir ();
-# else
- char s1buf[MAX_PATH];
- const char *s1, *s2;
-
- s1 = default_homedir ();
- if (!w32_portable_app)
- {
- /* We need something akin CSIDL_COMMON_PROGRAMS, but local
- (non-roaming). This is because the file needs to be on
- the local machine and makes only sense on that machine.
- CSIDL_WINDOWS seems to be the only location which
- guarantees that. */
- if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1buf) < 0)
- strcpy (s1buf, "C:\\WINDOWS");
- s1 = s1buf;
- }
-# endif
- s2 = DIRSEP_S DIRMNGR_SOCK_NAME;
- name = xmalloc (strlen (s1) + strlen (s2) + 1);
- strcpy (stpcpy (name, s1), s2);
- for (p=name; *p; p++)
- if (*p == '/')
- *p = '\\';
- }
- return name;
-#else /*!HAVE_W32_SYSTEM*/
- return GNUPG_LOCALSTATEDIR "/run/" PACKAGE_NAME "/"DIRMNGR_SOCK_NAME;
-#endif /*!HAVE_W32_SYSTEM*/
-}
-
-
-/* Return the user socket name used by DirMngr. If a user specific
- dirmngr installation is not supported, NULL is returned. */
-const char *
-dirmngr_user_socket_name (void)
+dirmngr_socket_name (void)
{
static char *name;
diff --git a/common/util.h b/common/util.h
index 6680414..1c3cce9 100644
--- a/common/util.h
+++ b/common/util.h
@@ -227,8 +227,7 @@ const char *gnupg_libdir (void);
const char *gnupg_datadir (void);
const char *gnupg_localedir (void);
const char *gnupg_cachedir (void);
-const char *dirmngr_sys_socket_name (void);
-const char *dirmngr_user_socket_name (void);
+const char *dirmngr_socket_name (void);
char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info);
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 45be1f2..9e741c1 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -348,9 +348,6 @@ load_certs_from_dir (const char *dirname, int are_trusted)
dir = opendir (dirname);
if (!dir)
{
- if (opt.system_daemon)
- log_info (_("can't access directory '%s': %s\n"),
- dirname, strerror (errno));
return 0; /* We do not consider this a severe error. */
}
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index af2a956..388754b 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -115,7 +115,7 @@
#include "cdb.h"
/* Change this whenever the format changes */
-#define DBDIR_D (opt.system_daemon? "crls.d" : "dirmngr-cache.d")
+#define DBDIR_D "crls.d"
#define DBDIRFILE "DIR.txt"
#define DBDIRVERSION 1
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index cb17420..0667e59 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -70,15 +70,6 @@
#include "gc-opt-flags.h"
#include "dns-stuff.h"
-/* The plain Windows version uses the windows service system. For
- example to start the service you may use "sc start dirmngr".
- WindowsCE does not support this; the service system over there is
- based on a single process with all services being DLLs - we can't
- support this easily. */
-#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
-# define USE_W32_SERVICE 1
-#endif
-
#ifndef ENAMETOOLONG
# define ENAMETOOLONG EINVAL
#endif
@@ -94,7 +85,6 @@ enum cmd_and_opt_values {
aServer,
aDaemon,
- aService,
aListCRLs,
aLoadCRL,
aFetchCRL,
@@ -155,9 +145,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
-#ifdef USE_W32_SERVICE
- ARGPARSE_c (aService, "service", N_("run as windows service (background)")),
-#endif
ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
@@ -635,42 +622,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
}
-#ifdef USE_W32_SERVICE
-/* The global status of our service. */
-SERVICE_STATUS_HANDLE service_handle;
-SERVICE_STATUS service_status;
-
-DWORD WINAPI
-w32_service_control (DWORD control, DWORD event_type, LPVOID event_data,
- LPVOID context)
-{
- (void)event_type;
- (void)event_data;
- (void)context;
-
- /* event_type and event_data are not used here. */
- switch (control)
- {
- case SERVICE_CONTROL_SHUTDOWN:
- /* For shutdown we will try to force termination. */
- service_status.dwCurrentState = SERVICE_STOP_PENDING;
- SetServiceStatus (service_handle, &service_status);
- shutdown_pending = 3;
- break;
-
- case SERVICE_CONTROL_STOP:
- service_status.dwCurrentState = SERVICE_STOP_PENDING;
- SetServiceStatus (service_handle, &service_status);
- shutdown_pending = 1;
- break;
-
- default:
- break;
- }
- return 0;
-}
-#endif /*USE_W32_SERVICE*/
-
#ifndef HAVE_W32_SYSTEM
static int
pid_suffix_callback (unsigned long *r_suffix)
@@ -685,15 +636,9 @@ pid_suffix_callback (unsigned long *r_suffix)
#endif /*!HAVE_W32_SYSTEM*/
-#ifdef USE_W32_SERVICE
-# define main real_main
-#endif
int
main (int argc, char **argv)
{
-#ifdef USE_W32_SERVICE
-# undef main
-#endif
enum cmd_and_opt_values cmd = 0;
ARGPARSE_ARGS pargs;
int orig_argc;
@@ -714,34 +659,9 @@ main (int argc, char **argv)
#endif /*USE_LDAP*/
int debug_wait = 0;
int rc;
- int homedir_seen = 0;
struct assuan_malloc_hooks malloc_hooks;
early_system_init ();
-
-#ifdef USE_W32_SERVICE
- /* The option will be set by main() below if we should run as a
- system daemon. */
- if (opt.system_service)
- {
- service_handle
- = RegisterServiceCtrlHandlerEx ("DirMngr",
- &w32_service_control, NULL /*FIXME*/);
- if (service_handle == 0)
- log_error ("failed to register service control handler: ec=%d",
- (int) GetLastError ());
- service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
- service_status.dwCurrentState = SERVICE_START_PENDING;
- service_status.dwControlsAccepted
- = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
- service_status.dwWin32ExitCode = NO_ERROR;
- service_status.dwServiceSpecificExitCode = NO_ERROR;
- service_status.dwCheckPoint = 0;
- service_status.dwWaitHint = 10000; /* 10 seconds timeout. */
- SetServiceStatus (service_handle, &service_status);
- }
-#endif /*USE_W32_SERVICE*/
-
set_strusage (my_strusage);
log_set_prefix (DIRMNGR_NAME, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID);
@@ -830,44 +750,10 @@ main (int argc, char **argv)
else if (pargs.r_opt == oHomedir)
{
gnupg_set_homedir (pargs.r.ret_str);
- homedir_seen = 1;
}
- else if (pargs.r_opt == aDaemon)
- opt.system_daemon = 1;
- else if (pargs.r_opt == aService)
- {
- /* Redundant. The main function takes care of it. */
- opt.system_service = 1;
- opt.system_daemon = 1;
- }
-#ifdef HAVE_W32_SYSTEM
- else if (pargs.r_opt == aGPGConfList || pargs.r_opt == aGPGConfTest)
- /* We set this so we switch to the system configuration
- directory below. This is a crutch to solve the problem
- that the user configuration is never used on Windows. Also
- see below at aGPGConfList. */
- opt.system_daemon = 1;
-#endif
- }
-
- /* If --daemon has been given on the command line but not --homedir,
- we switch to /etc/gnupg as default home directory. Note, that
- this also overrides the GNUPGHOME environment variable. */
- if (opt.system_daemon && !homedir_seen)
- {
-#ifdef HAVE_W32CE_SYSTEM
- gnupg_set_homedir (DIRSEP_S "gnupg");
-#else
- gnupg_set_homedir (gnupg_sysconfdir ());
-#endif
- opt.homedir_cache = gnupg_cachedir ();
- socket_name = dirmngr_sys_socket_name ();
}
- else if (dirmngr_user_socket_name ())
- socket_name = dirmngr_user_socket_name ();
- else
- socket_name = dirmngr_sys_socket_name ();
+ socket_name = dirmngr_socket_name ();
if (default_config)
configname = make_filename (gnupg_homedir (), DIRMNGR_NAME".conf", NULL );
@@ -911,7 +797,6 @@ main (int argc, char **argv)
{
case aServer:
case aDaemon:
- case aService:
case aShutdown:
case aFlush:
case aListCRLs:
@@ -1039,8 +924,7 @@ main (int argc, char **argv)
if (!ldapfile)
{
ldapfile = make_filename (gnupg_homedir (),
- opt.system_daemon?
- "ldapservers.conf":"dirmngr_ldapservers.conf",
+ "dirmngr_ldapservers.conf",
NULL);
opt.ldapservers = parse_ldapserver_file (ldapfile);
xfree (ldapfile);
@@ -1058,9 +942,7 @@ main (int argc, char **argv)
#endif
/* Ready. Now to our duties. */
- if (!cmd && opt.system_service)
- cmd = aDaemon;
- else if (!cmd)
+ if (!cmd)
cmd = aServer;
rc = 0;
@@ -1288,23 +1170,9 @@ main (int argc, char **argv)
cert_cache_init ();
crl_cache_init ();
-#ifdef USE_W32_SERVICE
- if (opt.system_service)
- {
- service_status.dwCurrentState = SERVICE_RUNNING;
- SetServiceStatus (service_handle, &service_status);
- }
-#endif
handle_connections (fd);
assuan_sock_close (fd);
shutdown_reaper ();
-#ifdef USE_W32_SERVICE
- if (opt.system_service)
- {
- service_status.dwCurrentState = SERVICE_STOPPED;
- SetServiceStatus (service_handle, &service_status);
- }
-#endif
}
else if (cmd == aListCRLs)
{
@@ -1416,8 +1284,7 @@ main (int argc, char **argv)
also only usable on the command line. --batch is unused. */
filename = make_filename (gnupg_homedir (),
- opt.system_daemon?
- "ldapservers.conf":"dirmngr_ldapservers.conf",
+ "dirmngr_ldapservers.conf",
NULL);
filename_esc = percent_escape (filename, NULL);
es_printf ("ldapserverlist-file:%lu:\"%s\n", flags | GC_OPT_FLAG_DEFAULT,
@@ -1457,45 +1324,6 @@ main (int argc, char **argv)
}
-#ifdef USE_W32_SERVICE
-static void WINAPI
-call_real_main (DWORD argc, LPSTR *argv)
-{
- real_main (argc, argv);
-}
-
-int
-main (int argc, char *argv[])
-{
- int i;
-
- /* Find out if we run in daemon mode or on the command line. */
- for (i = 1; i < argc; i++)
- if (!strcmp (argv[i], "--service"))
- {
- opt.system_service = 1;
- opt.system_daemon = 1;
- break;
- }
-
- if (!opt.system_service)
- return real_main (argc, argv);
- else
- {
- SERVICE_TABLE_ENTRY DispatchTable [] =
- {
- { "DirMngr", &call_real_main },
- { NULL, NULL }
- };
-
- if (!StartServiceCtrlDispatcher (DispatchTable))
- return 1;
- return 0;
- }
-}
-#endif /*USE_W32_SERVICE*/
-
-
static void
cleanup (void)
{
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 8d90ae4..6127386 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -89,8 +89,6 @@ struct
char *http_wrapper_program; /* Override value for the HTTP wrapper
program. */
- int system_service; /* We are running as W32 service (implies daemon). */
- int system_daemon; /* We are running in system daemon mode. */
int running_detached; /* We are running in detached mode. */
int use_tor; /* Tor mode has been enabled. */
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index 561b7d7..8c893aa 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -330,10 +330,6 @@ validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
}
xfree (fpr);
}
- else if (opt.system_daemon)
- {
- err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_OCSP, NULL);
- }
else
{
/* We avoid duplicating the entire certificate validation code
diff --git a/dirmngr/server.c b/dirmngr/server.c
index db6f5a8..3ac4160 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2217,15 +2217,8 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "socket_name"))
{
- const char *s = dirmngr_user_socket_name ();
-
- if (!s)
- s = dirmngr_sys_socket_name ();
-
- if (s)
- err = assuan_send_data (ctx, s, strlen (s));
- else
- err = gpg_error (GPG_ERR_NO_DATA);
+ const char *s = dirmngr_socket_name ();
+ err = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "tor"))
{
@@ -2269,29 +2262,12 @@ static gpg_error_t
cmd_killdirmngr (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
- gpg_error_t err;
(void)line;
- if (opt.system_daemon)
- {
- if (opt.system_service)
- err = set_error (GPG_ERR_NOT_SUPPORTED,
- "can't do that whilst running as system service");
- else
- err = check_owner_permission (ctx,
- "no permission to kill this process");
- }
- else
- err = 0;
-
- if (!err)
- {
- ctrl->server_local->stopme = 1;
- assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
- err = gpg_error (GPG_ERR_EOF);
- }
- return err;
+ ctrl->server_local->stopme = 1;
+ assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
+ return gpg_error (GPG_ERR_EOF);
}
@@ -2306,20 +2282,6 @@ cmd_reloaddirmngr (assuan_context_t ctx, char *line)
(void)ctx;
(void)line;
- if (opt.system_daemon)
- {
-#ifndef HAVE_W32_SYSTEM
- {
- gpg_error_t err;
-
- err = check_owner_permission (ctx,
- "no permission to reload this process");
- if (err)
- return err;
- }
-#endif
- }
-
dirmngr_sighup_action ();
return 0;
}
diff --git a/dirmngr/validate.c b/dirmngr/validate.c
index 1a851b6..b3dc9d8 100644
--- a/dirmngr/validate.c
+++ b/dirmngr/validate.c
@@ -354,6 +354,10 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
return the closest expiration time in R_EXPTIME (this is useful for
caching issues). MODE is one of the VALIDATE_MODE_* constants.
+ Note that VALIDATE_MODE_OCSP is not used due to the removal of the
+ system service in 2.1.15. Instead only the callback to gpgsm to
+ validate a certificate is used.
+
If R_TRUST_ANCHOR is not NULL and the validation would fail only
because the root certificate is not trusted, the hexified
fingerprint of that root certificate is stored at R_TRUST_ANCHOR
@@ -382,14 +386,6 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (r_trust_anchor)
*r_trust_anchor = NULL;
- if (!opt.system_daemon)
- {
- /* For backward compatibility we only do this in daemon mode. */
- log_info (_("running in compatibility mode - "
- "certificate chain not checked!\n"));
- return 0; /* Okay. */
- }
-
if (DBG_X509)
dump_cert ("subject", cert);
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 033b5d3..d52fb89 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -34,11 +34,6 @@ providing access to OCSP providers. Dirmngr is invoked internally by
@command{gpg}, @command{gpgsm}, or via the @command{gpg-connect-agent}
tool.
-For historical reasons it is also possible to start @command{dirmngr}
-in a system daemon mode which uses a different directory layout.
-However, this mode is deprecated and may eventually be removed.
-
-
@manpause
@noindent
@xref{Option Index},for an index to @command{DIRMNGR}'s commands and
@@ -468,9 +463,7 @@ Dirmngr makes use of several directories when running in daemon mode:
@table @file
@item ~/.gnupg
- at itemx /etc/gnupg
-The first is the standard home directory for all configuration files.
-In the deprecated system daemon mode the second directory is used instead.
+This is the standard home directory for all configuration files.
@item /etc/gnupg/trusted-certs
This directory should be filled with certificates of Root CAs you
@@ -501,20 +494,10 @@ These certificates are first tried before going
out to the net to look for them. These certificates must also be
@acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}.
- at item @value{LOCALRUNDIR}
-This directory is only used in the deprecated system daemon mode. It
-keeps the socket file for accessing @command{dirmngr} services. The
-name of the socket file will be @file{S.dirmngr}. Make sure that this
-directory has the proper permissions to let @command{dirmngr} create
-the socket file and that eligible users may read and write to that
-socket.
-
@item ~/.gnupg/crls.d
- at itemx @value{LOCALCACHEDIR}/crls.d
-The first directory is used to store cached CRLs. The @file{crls.d}
+This directory is used to store cached CRLs. The @file{crls.d}
part will be created by dirmngr if it does not exists but you need to
-make sure that the upper directory exists. The second directory is
-used instead in the deprecated systems daemon mode.
+make sure that the upper directory exists.
@end table
@manpause
@@ -1040,10 +1023,6 @@ as a binary blob.
@c works. Note that mainly testing purposes this functionality may be
@c called directly using @cmd{dirmngr-client --validate @file{foo.crt}}.
@c
- at c For backward compatibility this function returns success if Dirmngr is
- at c not used as a system daemon. Thus not validating the certicates at
- at c all. FIXME: This is definitely not correct and should be fixed ASAP.
- at c
@c The function takes the target certificate and a mode argument as
@c parameters and returns an error code and optionally the closes
@c expiration time of all certificates in the chain.
diff --git a/sm/server.c b/sm/server.c
index cdccff3..ce8085d 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1318,9 +1318,7 @@ gpgsm_server (certlist_t default_recplist)
"%s",
gnupg_homedir (),
opt.config_filename,
- (dirmngr_user_socket_name ()
- ? dirmngr_user_socket_name ()
- : dirmngr_sys_socket_name ()),
+ dirmngr_socket_name (),
hello) > 0)
{
assuan_set_hello_line (ctx, tmp);
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index 69ea9c9..221e3e2 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -156,7 +156,6 @@ list_dirs (estream_t fp, char **names)
const char *name;
const char *(*fnc)(void);
const char *extra;
- int special;
} list[] = {
{ "sysconfdir", gnupg_sysconfdir, NULL },
{ "bindir", gnupg_bindir, NULL },
@@ -164,9 +163,7 @@ list_dirs (estream_t fp, char **names)
{ "libdir", gnupg_libdir, NULL },
{ "datadir", gnupg_datadir, NULL },
{ "localedir", gnupg_localedir, NULL },
- { "dirmngr-socket", dirmngr_user_socket_name, NULL, 1 },
- { "dirmngr-socket", dirmngr_sys_socket_name, NULL, 2 },
- { "dirmngr-sys-socket", dirmngr_sys_socket_name, NULL, 1 },
+ { "dirmngr-socket", dirmngr_socket_name, NULL,},
{ "agent-ssh-socket", gnupg_socketdir, GPG_AGENT_SSH_SOCK_NAME },
{ "agent-socket", gnupg_socketdir, GPG_AGENT_SOCK_NAME },
{ "homedir", gnupg_homedir, NULL }
@@ -178,13 +175,6 @@ list_dirs (estream_t fp, char **names)
for (idx = 0; idx < DIM (list); idx++)
{
- if (list[idx].special == 1 && dirmngr_user_socket_name ())
- ;
- else if (list[idx].special == 2 && !dirmngr_user_socket_name ())
- ;
- else if (list[idx].special == 1 || list[idx].special == 2)
- continue;
-
s = list[idx].fnc ();
if (list[idx].extra)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list