[Pkg-gnupg-commit] [gnupg2] 03/04: updated systemd user gpg-agent units for socket activation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 7 12:29:40 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit f9f950db83591773ffddca29bb4cff2c61978623
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Oct 4 17:21:18 2016 -0400
updated systemd user gpg-agent units for socket activation
This depends on several recent additions to debian/patches/
---
debian/gnupg-agent.README.Debian | 23 +++++++++++++++--------
debian/gnupg-agent.install | 1 +
debian/systemd-user/gpg-agent-browser.socket | 13 +++++++++++++
debian/systemd-user/gpg-agent-restricted.socket | 13 +++++++++++++
debian/systemd-user/gpg-agent-ssh.socket | 13 +++++++++++++
debian/systemd-user/gpg-agent.service | 13 ++++++-------
debian/systemd-user/gpg-agent.socket | 12 ++++++++++++
7 files changed, 73 insertions(+), 15 deletions(-)
diff --git a/debian/gnupg-agent.README.Debian b/debian/gnupg-agent.README.Debian
index 4f4e1ca..b3229d6 100644
--- a/debian/gnupg-agent.README.Debian
+++ b/debian/gnupg-agent.README.Debian
@@ -10,17 +10,24 @@ systemd
=======
Users on machines with systemd can ensure that gpg-agent is always
-running for their session, and that it gets terminated safely at
+available for their session, and that it gets terminated safely at
logout by doing:
- systemctl --user enable gpg-agent
+ systemctl --user enable gpg-agent.socket
+
+If you also want the ssh or restricted sockets to be available, you
+might also add:
+
+ systemctl --user enable gpg-agent-ssh.socket
+ systemctl --user enable gpg-agent-restricted.socket
If you do this from the middle of a running session, you probably also
want to clean up any other running gpg-agent, and ensure that the
-service is started for the current session as well:
+socket is open and listening is started for the current session as
+well:
- gpgconf --kill gpg-agent
- systemctl --user start gpg-agent
+ gpgconf --kill gpg-agent
+ systemctl --user start gpg-agent.socket
Manual gpg-agent startup
========================
@@ -28,7 +35,7 @@ Manual gpg-agent startup
Any user who wants to launch gpg-agent manually (e.g., to talk to it
with a tool from outside the GnuPG suite) should do so with:
- gpgconf --launch gpg-agent
+ gpgconf --launch gpg-agent
You may wish to add this to your session login scripts if you're not
using systemd.
@@ -40,9 +47,9 @@ If gpg-agent is launched manually or automatically (but not supervised
by systemd), you probably want to ensure that it terminates when your
session ends with:
- gpgconf --kill gpg-agent
+ gpgconf --kill gpg-agent
You may wish to add this to your session logout scripts if you're not
using systemd.
- -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Wed, 29 Jun 2016 13:40:35 -0400
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Tue, 4 Oct 2016 17:20:49 -0400
diff --git a/debian/gnupg-agent.install b/debian/gnupg-agent.install
index 2689916..f4a11cd 100644
--- a/debian/gnupg-agent.install
+++ b/debian/gnupg-agent.install
@@ -1,5 +1,6 @@
debian/Xsession.d/90gpg-agent etc/X11/Xsession.d
debian/systemd-user/gpg-agent.service usr/lib/systemd/user
+debian/systemd-user/gpg-agent*.socket usr/lib/systemd/user
debian/tmp/usr/bin/gpg-agent
debian/tmp/usr/bin/gpg-connect-agent
debian/tmp/usr/bin/symcryptrun
diff --git a/debian/systemd-user/gpg-agent-browser.socket b/debian/systemd-user/gpg-agent-browser.socket
new file mode 100644
index 0000000..c451275
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-browser.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (access for web browsers)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.brwsr
+FileDescriptorName=browser
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent-restricted.socket b/debian/systemd-user/gpg-agent-restricted.socket
new file mode 100644
index 0000000..bb5e01a
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-restricted.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (restricted)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.rstrd
+FileDescriptorName=extra
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent-ssh.socket b/debian/systemd-user/gpg-agent-ssh.socket
new file mode 100644
index 0000000..798c1d9
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-ssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (ssh-agent emulation)
+Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.ssh
+FileDescriptorName=ssh
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent.service b/debian/systemd-user/gpg-agent.service
index 224b05e..9ab9220 100644
--- a/debian/systemd-user/gpg-agent.service
+++ b/debian/systemd-user/gpg-agent.service
@@ -1,11 +1,10 @@
[Unit]
-Description=GnuPG secret key agent and passphrase cache
+Description=GnuPG cryptographic agent and passphrase cache
Documentation=man:gpg-agent(1)
+Requires=gpg-agent.socket
+After=gpg-agent.socket
+## This is a socket-activated service:
+RefuseManualStart=true
[Service]
-Type=forking
-ExecStart=/usr/bin/gpg-agent --daemon --homedir %h/.gnupg
-Restart=always
-
-[Install]
-WantedBy=default.target
+ExecStart=/usr/bin/gpg-agent --supervised
diff --git a/debian/systemd-user/gpg-agent.socket b/debian/systemd-user/gpg-agent.socket
new file mode 100644
index 0000000..4257c2c
--- /dev/null
+++ b/debian/systemd-user/gpg-agent.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent
+FileDescriptorName=std
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list