[Pkg-gnupg-commit] [gnupg2] 02/05: create systemd user mode services for gpg-agent, dirmngr, and scdaemon

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jun 29 21:21:36 UTC 2016 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 78438c8e83d202beb853e4ab274ffc9ce13ff426
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Jun 28 13:46:19 2016 -0400

    create systemd user mode services for gpg-agent, dirmngr, and scdaemon
    
    provide information in README.Debian for these packages as well, and
    add a NEWS item to gpg-agent to indicate that the agent will no longer
    be auto-started by the X11 Xsession.d startup scripts.  (scdaemon and
    dirmngr never were)
---
 debian/Xsession.d/90gpg-agent         | 21 ++++++++++-----
 debian/dirmngr.NEWS                   | 22 ++++++++++++++++
 debian/dirmngr.README.Debian          | 48 +++++++++++++++++++++++++++++++++++
 debian/dirmngr.install                |  1 +
 debian/gnupg-agent.NEWS               |  9 +++++++
 debian/gnupg-agent.README.Debian      | 48 +++++++++++++++++++++++++++++++++++
 debian/gnupg-agent.install            |  1 +
 debian/scdaemon.README.Debian         | 48 +++++++++++++++++++++++++++++++++++
 debian/scdaemon.install               |  1 +
 debian/systemd-user/dirmngr.service   | 11 ++++++++
 debian/systemd-user/gpg-agent.service | 11 ++++++++
 debian/systemd-user/scdaemon.service  | 11 ++++++++
 12 files changed, 226 insertions(+), 6 deletions(-)

diff --git a/debian/Xsession.d/90gpg-agent b/debian/Xsession.d/90gpg-agent
index 506767f..b97c363 100644
--- a/debian/Xsession.d/90gpg-agent
+++ b/debian/Xsession.d/90gpg-agent
@@ -1,12 +1,21 @@
-# always launch the agent, and expose it via the environment to those
-# tools that need it:
-gpgconf --launch gpg-agent
+# On systems with systemd running, we expect the agent to be launched
+# via systemd's user mode (see /usr/lib/systemd/user/gpg-agent.service
+# and systemd.unit(5)).  This allows systemd to clean up the agent
+# automatically at logout.
+
+# If systemd is absent from your system, or you do not permit it to
+# run in user mode, then you may need to manually launch gpg-agent
+# from your session initialization with something like "gpgconf
+# --launch gpg-agent"
+
+# Nonetheless, ssh and older versions of gpg require environment
+# variables to be set in order to find the agent, so we will set those
+# here.
+
 agent_sock=$(gpgconf --list-dirs | grep ^agent-socket: | cut -d: -f2)
 export GPG_AGENT_INFO=${agent_sock}:0:1
 if [ -n "$(gpgconf --list-options gpg-agent | \
       awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
     export SSH_AUTH_SOCK=${agent_sock}.ssh
 fi
-# the downside to this approach is that the agent gets launched before
-# dbus session is initialized, so it doesn't know the native
-# parameters for launching pinentry (if it relies on the session dbus).
+
diff --git a/debian/dirmngr.NEWS b/debian/dirmngr.NEWS
index ae2c248..b133ff7 100644
--- a/debian/dirmngr.NEWS
+++ b/debian/dirmngr.NEWS
@@ -1,3 +1,25 @@
+dirmngr (2.1.13-3) experimental; urgency=medium
+
+  * gpg and most related processes will auto-launch dirmngr if needed.
+
+    Any user who wants to launch dirmngr manually should do so with:
+
+       gpgconf --launch dirmngr
+
+    and may want to terminate dirmngr when their session ends with:
+
+       gpgconf --kill dirmngr
+
+    Users on machines with systemd can ensure that dirmngr is always
+    running for their session (and that it gets terminated at logout)
+    with:
+
+       gpgconf --kill dirmngr
+       systemctl --user enable dirmngr
+       systemctl --user start dirmngr
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>  Tue, 28 Jun 2016 17:55:15 -0400
+
 dirmngr (2.1.0~beta895-1) experimental; urgency=medium
 
   No more dirmngr system service!
diff --git a/debian/dirmngr.README.Debian b/debian/dirmngr.README.Debian
new file mode 100644
index 0000000..93b8bc4
--- /dev/null
+++ b/debian/dirmngr.README.Debian
@@ -0,0 +1,48 @@
+dirmngr system integration
+==========================
+
+Since 2.1.x, gpg and most related processes will auto-launch dirmngr
+if needed.  These auto-launched processes will inherit whatever
+environment they started from, and they will not terminate
+automatically.
+
+systemd
+=======
+
+Users on machines with systemd can ensure that dirmngr is always
+running for their session, and that it gets terminated safely at
+logout by doing:
+
+   systemctl --user enable dirmngr
+
+If you do this from the middle of a running session, you probably also
+want to clean up any other running dirmngr, and ensure that the
+service is started for the current session as well:
+
+   gpgconf --kill dirmngr
+   systemctl --user start dirmngr
+
+Manual dirmngr startup
+======================
+
+Any user who wants to launch dirmngr manually (e.g., to talk to it
+with a tool from outside the GnuPG suite) should do so with:
+
+   gpgconf --launch dirmngr
+
+You may wish to add this to your session login scripts if you're not
+using systemd.
+
+dirmngr teardown
+================
+
+If dirmngr is launched manually or automatically (but not supervised
+by systemd), you probably want to ensure that it terminates when your
+session ends with:
+
+   gpgconf --kill dirmngr
+
+You may wish to add this to your session logout scripts if you're not
+using systemd.
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Tue, 28 Jun 2016 18:36:30 -0400
diff --git a/debian/dirmngr.install b/debian/dirmngr.install
index a543f7c..bcffe40 100644
--- a/debian/dirmngr.install
+++ b/debian/dirmngr.install
@@ -1,3 +1,4 @@
+debian/systemd-user/dirmngr.service usr/lib/systemd/user
 debian/tmp/usr/bin/dirmngr
 debian/tmp/usr/bin/dirmngr-client
 debian/tmp/usr/lib/gnupg/dirmngr_ldap
diff --git a/debian/gnupg-agent.NEWS b/debian/gnupg-agent.NEWS
new file mode 100644
index 0000000..c69efbd
--- /dev/null
+++ b/debian/gnupg-agent.NEWS
@@ -0,0 +1,9 @@
+gnupg-agent (2.1.13-3) experimental; urgency=medium
+
+  * gpg-agent is no longer auto-launched by
+    /etc/X11/Xsession.d/90gpg-agent.  Please read
+    /usr/share/doc/gnupg-agent/README.Debian for details about system
+    integration.
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>  Tue, 28 Jun 2016 17:29:46 -0400
+
diff --git a/debian/gnupg-agent.README.Debian b/debian/gnupg-agent.README.Debian
new file mode 100644
index 0000000..4f4e1ca
--- /dev/null
+++ b/debian/gnupg-agent.README.Debian
@@ -0,0 +1,48 @@
+gpg-agent system integration
+============================
+
+Since 2.1.x, gpg and most related processes will auto-launch gpg-agent
+if needed.  These auto-launched processes will inherit whatever
+environment they started from, and they will not terminate
+automatically.
+
+systemd
+=======
+
+Users on machines with systemd can ensure that gpg-agent is always
+running for their session, and that it gets terminated safely at
+logout by doing:
+
+   systemctl --user enable gpg-agent
+
+If you do this from the middle of a running session, you probably also
+want to clean up any other running gpg-agent, and ensure that the
+service is started for the current session as well:
+
+   gpgconf --kill gpg-agent
+   systemctl --user start gpg-agent
+
+Manual gpg-agent startup
+========================
+
+Any user who wants to launch gpg-agent manually (e.g., to talk to it
+with a tool from outside the GnuPG suite) should do so with:
+
+   gpgconf --launch gpg-agent
+
+You may wish to add this to your session login scripts if you're not
+using systemd.
+
+gpg-agent teardown
+==================
+
+If gpg-agent is launched manually or automatically (but not supervised
+by systemd), you probably want to ensure that it terminates when your
+session ends with:
+
+   gpgconf --kill gpg-agent
+
+You may wish to add this to your session logout scripts if you're not
+using systemd.
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Wed, 29 Jun 2016 13:40:35 -0400
diff --git a/debian/gnupg-agent.install b/debian/gnupg-agent.install
index 4529827..2689916 100644
--- a/debian/gnupg-agent.install
+++ b/debian/gnupg-agent.install
@@ -1,4 +1,5 @@
 debian/Xsession.d/90gpg-agent etc/X11/Xsession.d
+debian/systemd-user/gpg-agent.service usr/lib/systemd/user
 debian/tmp/usr/bin/gpg-agent
 debian/tmp/usr/bin/gpg-connect-agent
 debian/tmp/usr/bin/symcryptrun
diff --git a/debian/scdaemon.README.Debian b/debian/scdaemon.README.Debian
new file mode 100644
index 0000000..921e470
--- /dev/null
+++ b/debian/scdaemon.README.Debian
@@ -0,0 +1,48 @@
+scdaemon system integration
+===========================
+
+Since 2.1.x, gpg and most related processes will auto-launch scdaemon
+if needed.  These auto-launched processes will inherit whatever
+environment they started from, and they will not terminate
+automatically.
+
+systemd
+=======
+
+Users on machines with systemd can ensure that scdaemon is always
+running for their session, and that it gets terminated safely at
+logout by doing:
+
+   systemctl --user enable scdaemon
+
+If you do this from the middle of a running session, you probably also
+want to clean up any other running scdaemon, and ensure that the
+service is started for the current session as well:
+
+   gpgconf --kill scdaemon
+   systemctl --user start scdaemon
+
+Manual scdaemon startup
+=======================
+
+Any user who wants to launch scdaemon manually (e.g., to talk to it
+with a tool from outside the GnuPG suite) should do so with:
+
+   gpgconf --launch scdaemon
+
+You may wish to add this to your session login scripts if you're not
+using systemd.
+
+scdaemon teardown
+=================
+
+If scdaemon is launched manually or automatically (but not supervised
+by systemd), you probably want to ensure that it terminates when your
+session ends with:
+
+   gpgconf --kill scdaemon
+
+You may wish to add this to your session logout scripts if you're not
+using systemd.
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Wed, 29 Jun 2016 13:41:11 -0400
diff --git a/debian/scdaemon.install b/debian/scdaemon.install
index a2a79aa..ae6916c 100644
--- a/debian/scdaemon.install
+++ b/debian/scdaemon.install
@@ -1 +1,2 @@
+debian/systemd-user/scdaemon.service usr/lib/systemd/user
 debian/tmp/usr/lib/gnupg/scdaemon
diff --git a/debian/systemd-user/dirmngr.service b/debian/systemd-user/dirmngr.service
new file mode 100644
index 0000000..dadadc8
--- /dev/null
+++ b/debian/systemd-user/dirmngr.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/dirmngr --daemon --homedir %h/.gnupg
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/debian/systemd-user/gpg-agent.service b/debian/systemd-user/gpg-agent.service
new file mode 100644
index 0000000..224b05e
--- /dev/null
+++ b/debian/systemd-user/gpg-agent.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG secret key agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/gpg-agent --daemon --homedir %h/.gnupg
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/debian/systemd-user/scdaemon.service b/debian/systemd-user/scdaemon.service
new file mode 100644
index 0000000..39649f6
--- /dev/null
+++ b/debian/systemd-user/scdaemon.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG smartcard daemon
+Documentation=man:scdaemon(1)
+
+[Service]
+Type=forking
+ExecStart=/usr/lib/gnupg/scdaemon --daemon --homedir %h/.gnupg
+Restart=always
+
+[Install]
+WantedBy=default.target

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list