[Pkg-gnupg-commit] [gnupg2] 03/04: updated systemd user gpg-agent units for socket activation

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 7 12:29:40 UTC 2016 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit f9f950db83591773ffddca29bb4cff2c61978623
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Oct 4 17:21:18 2016 -0400

    updated systemd user gpg-agent units for socket activation
    
    This depends on several recent additions to debian/patches/
---
 debian/gnupg-agent.README.Debian                | 23 +++++++++++++++--------
 debian/gnupg-agent.install                      |  1 +
 debian/systemd-user/gpg-agent-browser.socket    | 13 +++++++++++++
 debian/systemd-user/gpg-agent-restricted.socket | 13 +++++++++++++
 debian/systemd-user/gpg-agent-ssh.socket        | 13 +++++++++++++
 debian/systemd-user/gpg-agent.service           | 13 ++++++-------
 debian/systemd-user/gpg-agent.socket            | 12 ++++++++++++
 7 files changed, 73 insertions(+), 15 deletions(-)

diff --git a/debian/gnupg-agent.README.Debian b/debian/gnupg-agent.README.Debian
index 4f4e1ca..b3229d6 100644
--- a/debian/gnupg-agent.README.Debian
+++ b/debian/gnupg-agent.README.Debian
@@ -10,17 +10,24 @@ systemd
 =======
 
 Users on machines with systemd can ensure that gpg-agent is always
-running for their session, and that it gets terminated safely at
+available for their session, and that it gets terminated safely at
 logout by doing:
 
-   systemctl --user enable gpg-agent
+    systemctl --user enable gpg-agent.socket
+
+If you also want the ssh or restricted sockets to be available, you
+might also add:
+
+    systemctl --user enable gpg-agent-ssh.socket
+    systemctl --user enable gpg-agent-restricted.socket
 
 If you do this from the middle of a running session, you probably also
 want to clean up any other running gpg-agent, and ensure that the
-service is started for the current session as well:
+socket is open and listening is started for the current session as
+well:
 
-   gpgconf --kill gpg-agent
-   systemctl --user start gpg-agent
+    gpgconf --kill gpg-agent
+    systemctl --user start gpg-agent.socket
 
 Manual gpg-agent startup
 ========================
@@ -28,7 +35,7 @@ Manual gpg-agent startup
 Any user who wants to launch gpg-agent manually (e.g., to talk to it
 with a tool from outside the GnuPG suite) should do so with:
 
-   gpgconf --launch gpg-agent
+    gpgconf --launch gpg-agent
 
 You may wish to add this to your session login scripts if you're not
 using systemd.
@@ -40,9 +47,9 @@ If gpg-agent is launched manually or automatically (but not supervised
 by systemd), you probably want to ensure that it terminates when your
 session ends with:
 
-   gpgconf --kill gpg-agent
+    gpgconf --kill gpg-agent
 
 You may wish to add this to your session logout scripts if you're not
 using systemd.
 
- -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Wed, 29 Jun 2016 13:40:35 -0400
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>, Tue,  4 Oct 2016 17:20:49 -0400
diff --git a/debian/gnupg-agent.install b/debian/gnupg-agent.install
index 2689916..f4a11cd 100644
--- a/debian/gnupg-agent.install
+++ b/debian/gnupg-agent.install
@@ -1,5 +1,6 @@
 debian/Xsession.d/90gpg-agent etc/X11/Xsession.d
 debian/systemd-user/gpg-agent.service usr/lib/systemd/user
+debian/systemd-user/gpg-agent*.socket usr/lib/systemd/user
 debian/tmp/usr/bin/gpg-agent
 debian/tmp/usr/bin/gpg-connect-agent
 debian/tmp/usr/bin/symcryptrun
diff --git a/debian/systemd-user/gpg-agent-browser.socket b/debian/systemd-user/gpg-agent-browser.socket
new file mode 100644
index 0000000..c451275
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-browser.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (access for web browsers)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.brwsr
+FileDescriptorName=browser
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent-restricted.socket b/debian/systemd-user/gpg-agent-restricted.socket
new file mode 100644
index 0000000..bb5e01a
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-restricted.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (restricted)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.rstrd
+FileDescriptorName=extra
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent-ssh.socket b/debian/systemd-user/gpg-agent-ssh.socket
new file mode 100644
index 0000000..798c1d9
--- /dev/null
+++ b/debian/systemd-user/gpg-agent-ssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (ssh-agent emulation)
+Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.ssh
+FileDescriptorName=ssh
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd-user/gpg-agent.service b/debian/systemd-user/gpg-agent.service
index 224b05e..9ab9220 100644
--- a/debian/systemd-user/gpg-agent.service
+++ b/debian/systemd-user/gpg-agent.service
@@ -1,11 +1,10 @@
 [Unit]
-Description=GnuPG secret key agent and passphrase cache
+Description=GnuPG cryptographic agent and passphrase cache
 Documentation=man:gpg-agent(1)
+Requires=gpg-agent.socket
+After=gpg-agent.socket
+## This is a socket-activated service:
+RefuseManualStart=true
 
 [Service]
-Type=forking
-ExecStart=/usr/bin/gpg-agent --daemon --homedir %h/.gnupg
-Restart=always
-
-[Install]
-WantedBy=default.target
+ExecStart=/usr/bin/gpg-agent --supervised
diff --git a/debian/systemd-user/gpg-agent.socket b/debian/systemd-user/gpg-agent.socket
new file mode 100644
index 0000000..4257c2c
--- /dev/null
+++ b/debian/systemd-user/gpg-agent.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent
+FileDescriptorName=std
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list