diff --git a/doc/Makefile.am b/doc/Makefile.am index 0791dbcf1..53cd639dd 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,188 +1,195 @@ # Copyright (C) 2002, 2004 Free Software Foundation, Inc. # # This file is part of GnuPG. # # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . ## Process this file with automake to produce Makefile.in AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am -examples = examples/README examples/scd-event examples/trustlist.txt \ +examples = examples/README examples/scd-event examples/trustlist.txt \ + examples/systemd-user/README \ + examples/systemd-user/dirmngr.service \ + examples/systemd-user/dirmngr.socket \ + examples/systemd-user/gpg-agent.service \ + examples/systemd-user/gpg-agent.socket \ + examples/systemd-user/gpg-agent-ssh.socket \ + examples/systemd-user/gpg-agent-extra.socket \ examples/gpgconf.conf examples/pwpattern.list helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ help.da.txt help.de.txt help.el.txt help.eo.txt \ help.es.txt help.et.txt help.fi.txt help.fr.txt \ help.gl.txt help.hu.txt help.id.txt help.it.txt \ help.ja.txt help.nb.txt help.pl.txt help.pt.txt \ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ FAQ gnupg7.texi mkdefsinc.c defsincdate \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ defsincdate defs.inc info_TEXINFOS = gnupg.texi dist_pkgdata_DATA = $(helpfiles) nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \ $(examples) #dist_html_DATA = gnupg_TEXINFOS = \ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \ sysnotes.texi dirmngr.texi \ gnupg-module-overview.svg \ gnupg-card-architecture.fig \ howtos.texi howto-create-a-server-cert.texi gnupg.texi : defs.inc # We need EPS files for "make distcheck" but we do not want to distribute # them due to their size. Let's build them as needed. gnupg.dvi : gnupg-module-overview.eps gnupg-card-architecture.eps DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css YAT2M_OPTIONS = -I $(srcdir) \ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.1" myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ dirmngr.texi scdaemon.texi tools.texi myman_pages = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 \ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \ applygnupgdefaults.8 \ dirmngr-client.1 if USE_GPG2_HACK myman_pages += gpg2.1 gpgv2.1 else myman_pages += gpg.1 gpgv.1 endif man_MANS = $(myman_pages) gnupg.7 watchgnupg_SOURCE = gnupg.texi CLEANFILES = yat2m mkdefsinc defs.inc DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ gnupg-card-architecture.eps \ gnupg-module-overview.eps \ $(myman_pages) gpg-zip.1 gnupg.7 yat2m: yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c mkdefsinc: mkdefsinc.c Makefile ../config.h $(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \ -o $@ $(srcdir)/mkdefsinc.c .svg.eps: convert `test -f '$<' || echo '$(srcdir)/'`$< $@ .svg.png: convert `test -f '$<' || echo '$(srcdir)/'`$< $@ .svg.pdf: convert `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.png: fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.jpg: fig2dev -L jpeg `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.eps: fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.pdf: fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ yat2m-stamp: $(myman_sources) defs.inc @rm -f yat2m-stamp.tmp @touch yat2m-stamp.tmp incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ for file in $(myman_sources) ; do \ ./yat2m $(YAT2M_OPTIONS) --store \ --date "`cat $$incd 2>/dev/null`" \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ yat2m-stamp: yat2m $(myman_pages) gnupg.7 : yat2m-stamp defs.inc @if test -f $@; then :; else \ trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \ if mkdir yat2m-lock 2>/dev/null; then \ rm -f yat2m-stamp; \ $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \ rmdir yat2m-lock; \ else \ while test -d yat2m-lock; do sleep 1; done; \ test -f yat2m-stamp; exit $$?; \ fi; \ fi dist-hook: defsincdate defsincdate: $(gnupg_TEXINFOS) : >defsincdate ; \ if test -e $(top_srcdir)/.git; then \ (cd $(srcdir) && git log -1 --format='%ct' \ -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ fi defs.inc : defsincdate Makefile mkdefsinc incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ $(gnupg_TEXINFOS) >$@ online: gnupg.html gnupg.pdf gnupg-module-overview.png \ gnupg-card-architecture.png set -e; \ echo "Uploading current manuals to www.gnupg.org ..."; \ cp $(srcdir)/gnupg-logo-tr.png gnupg.html/; \ cp gnupg-module-overview.png gnupg.html/; \ cp gnupg-card-architecture.png gnupg.html/; \ user=werner ; webhost="ftp.gnupg.org" ; dashdevel="" ; \ if echo "@PACKAGE_VERSION@" | grep -- "-beta" >/dev/null; then \ dashdevel="-devel" ; \ else \ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \ fi ; \ cd gnupg.html ; \ rsync -vr --exclude='.git' . \ $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/ diff --git a/doc/examples/README b/doc/examples/README index 344482283..77ee80741 100644 --- a/doc/examples/README +++ b/doc/examples/README @@ -1,9 +1,11 @@ Files in this directory: scd-event A handler script used with scdaemon -trustlist.txt A list of trustworthy root certificates +trustlist.txt A list of trustworthy root certificates (Please check yourself whether you actually trust them) gpgconf.conf A sample configuration file for gpgconf. + +systemd-user Sample files for a Linux-only init system. diff --git a/doc/examples/systemd-user/README b/doc/examples/systemd-user/README new file mode 100644 index 000000000..43122f568 --- /dev/null +++ b/doc/examples/systemd-user/README @@ -0,0 +1,66 @@ +Socket-activated dirmngr and gpg-agent with systemd +=================================================== + +When used on a GNU/Linux system supervised by systemd, you can ensure +that the GnuPG daemons dirmngr and gpg-agent are launched +automatically the first time they're needed, and shut down cleanly at +session logout. This is done by enabling user services via +socket-activation. + +System distributors +------------------- + +The *.service and *.socket files (from this directory) should be +placed in /usr/lib/systemd/user/ alongside other user-session services +and sockets. + +To enable socket-activated dirmngr for all accounts on the system, +use: + + systemctl --user --global enable dirmngr.socket + +To enable socket-activated gpg-agent for all accounts on the system, +use: + + systemctl --user --global enable gpg-agent.socket + +Additionally, you can enable socket-activated gpg-agent ssh-agent +emulation for all accounts on the system with: + + systemctl --user --global enable gpg-agent-ssh.socket + +You can also enable restricted ("--extra-socket"-style) gpg-agent +sockets for all accounts on the system with: + + systemctl --user --global enable gpg-agent-extra.socket + +Individual users +---------------- + +A user on a system with systemd where this has not been installed +system-wide can place these files in ~/.config/systemd/user/ to make +them available. + +If a given service isn't installed system-wide, or if it's installed +system-wide but not globally enabled, individual users will still need +to enable them. For example, to enable socket-activated dirmngr for +all future sessions: + + systemctl --user enable dirmngr.socket + +To enable socket-activated gpg-agent with ssh support, do: + + systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket + +These changes won't take effect until your next login after you've +fully logged out (be sure to terminate any running daemons before +logging out). + +If you'd rather try a socket-activated GnuPG daemon in an +already-running session without logging out (with or without enabling +it for all future sessions), kill any existing daemon and start the +user socket directly. For example, to set up socket-activated dirmgnr +in the current session: + + gpgconf --kill dirmngr + systemctl --user start dirmngr.socket diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service new file mode 100644 index 000000000..c79dfc58a --- /dev/null +++ b/doc/examples/systemd-user/dirmngr.service @@ -0,0 +1,10 @@ +[Unit] +Description=GnuPG network certificate management daemon +Documentation=man:dirmngr(8) +Requires=dirmngr.socket +After=dirmngr.socket +## This is a socket-activated service: +RefuseManualStart=true + +[Service] +ExecStart=/usr/bin/dirmngr --supervised diff --git a/doc/examples/systemd-user/dirmngr.socket b/doc/examples/systemd-user/dirmngr.socket new file mode 100644 index 000000000..ebabf896a --- /dev/null +++ b/doc/examples/systemd-user/dirmngr.socket @@ -0,0 +1,11 @@ +[Unit] +Description=GnuPG network certificate management daemon +Documentation=man:dirmngr(8) + +[Socket] +ListenStream=%t/gnupg/S.dirmngr +SocketMode=0600 +DirectoryMode=0700 + +[Install] +WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-browser.socket b/doc/examples/systemd-user/gpg-agent-browser.socket new file mode 100644 index 000000000..bc8d344e1 --- /dev/null +++ b/doc/examples/systemd-user/gpg-agent-browser.socket @@ -0,0 +1,13 @@ +[Unit] +Description=GnuPG cryptographic agent and passphrase cache (access for web browsers) +Documentation=man:gpg-agent(1) + +[Socket] +ListenStream=%t/gnupg/S.gpg-agent.browser +FileDescriptorName=browser +Service=gpg-agent.service +SocketMode=0600 +DirectoryMode=0700 + +[Install] +WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-extra.socket b/doc/examples/systemd-user/gpg-agent-extra.socket new file mode 100644 index 000000000..5b87d09df --- /dev/null +++ b/doc/examples/systemd-user/gpg-agent-extra.socket @@ -0,0 +1,13 @@ +[Unit] +Description=GnuPG cryptographic agent and passphrase cache (restricted) +Documentation=man:gpg-agent(1) + +[Socket] +ListenStream=%t/gnupg/S.gpg-agent.extra +FileDescriptorName=extra +Service=gpg-agent.service +SocketMode=0600 +DirectoryMode=0700 + +[Install] +WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-ssh.socket b/doc/examples/systemd-user/gpg-agent-ssh.socket new file mode 100644 index 000000000..798c1d967 --- /dev/null +++ b/doc/examples/systemd-user/gpg-agent-ssh.socket @@ -0,0 +1,13 @@ +[Unit] +Description=GnuPG cryptographic agent (ssh-agent emulation) +Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1) + +[Socket] +ListenStream=%t/gnupg/S.gpg-agent.ssh +FileDescriptorName=ssh +Service=gpg-agent.service +SocketMode=0600 +DirectoryMode=0700 + +[Install] +WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service new file mode 100644 index 000000000..9ab922081 --- /dev/null +++ b/doc/examples/systemd-user/gpg-agent.service @@ -0,0 +1,10 @@ +[Unit] +Description=GnuPG cryptographic agent and passphrase cache +Documentation=man:gpg-agent(1) +Requires=gpg-agent.socket +After=gpg-agent.socket +## This is a socket-activated service: +RefuseManualStart=true + +[Service] +ExecStart=/usr/bin/gpg-agent --supervised diff --git a/doc/examples/systemd-user/gpg-agent.socket b/doc/examples/systemd-user/gpg-agent.socket new file mode 100644 index 000000000..4257c2c80 --- /dev/null +++ b/doc/examples/systemd-user/gpg-agent.socket @@ -0,0 +1,12 @@ +[Unit] +Description=GnuPG cryptographic agent and passphrase cache +Documentation=man:gpg-agent(1) + +[Socket] +ListenStream=%t/gnupg/S.gpg-agent +FileDescriptorName=std +SocketMode=0600 +DirectoryMode=0700 + +[Install] +WantedBy=sockets.target