[pkg-gnupg-maint] [PATCH] dirmngr: implement --supervised command (for systemd, etc)
Werner Koch
wk at gnupg.org
Mon Aug 29 10:14:57 UTC 2016
On Fri, 12 Aug 2016 22:07, dkg at fifthhorseman.net said:
> I see this advice is in doc/tools.texi, but i don't see it used often.
> 'S.log' for GnuPG doesn't show up anywhere else in debian, for example:
I added remarks to the man page and also implement
log-file socket://
to print to a socket named S.log in GnuPG socket directory.
>> How do you convey the envvars to gpg-agent? What systemd does is
>> different from what gpg will do; for example the default tty, DISPLAY,
>> and locale may be different. gpg will also pass --homedir to the
>> invocation of gpg-agent if gpg has been started this way.
>
> gpg conveys envvars to gpg-agent during its use. This is what allows us
> to run a single daemon that responds to requests from multiple
> concurrent sessions, right?
For the use with screen(1) gpg-agent allows to fix some environment
variables to those used at startup (keep-tty and keep-display).
> projects. :) Even aside from the system service, there's still a lot of
> Win32-specific code, though. This is not meant as a critique -- i think
Removed with the last released. Thanks for the reminder.
>> For dirmngr this is not a good idea because we plan to add background
>> tasks (parcimonie).
>
> I'd be a little surprised if most people expected a parcimonie-style
> updater to run (and update their keyring, etc) when they weren't
Others already reponded to this.
> problem). It would still leave sessions open in the background for
> several minutes after logout in some common use cases, but it would be
> far better than having live code running indefinitely.
I guess that most users don't log out but hibernate their session.
> I'm assuming this would be a new configuration option for gpg-agent.
> Maybe --terminate-after-idle ? What should it default to? I can send
I do not think that it is important enough to rush this in. Let's track
it as issue2450.
> System-wide overviews and standardized tooling ("do one thing and do it
> well") aren't unix-like‽ We should probably change that ;) But
Yes, it is similar to unix in the same way VMS POSIX subsystem is
similar to Unix. But let's not get into this again. I can't fight
windmills.
> In particular, the ssh-agent model assumes one agent *per X11 session*,
> and gpg-agent assumes one agent *per user*. If the agent's
The ssh-agent has no such assumption; you can run several ssh agents on
your X11 server and session. it is jut a matter on how the distro
starts ssh-agent. GnuPG changed with --enable-standard-socket in 2.0
and made that the only option in 2.1.
> However we solve those problems, having process supervision and socket
> activation still seem like good things, so i'd still like these patches
> to be considered by upstream GnuPG. I don't think they break any
I will look at them in detail soon. I would however like a more
generalized approach using options like --listing-socket-foo and nothing
systemd specific.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160829/48b561a2/attachment.sig>
More information about the pkg-gnupg-maint
mailing list