181 lines
5.4 KiB
Diff
181 lines
5.4 KiB
Diff
|
From 8fde13d07c0059040ed531ca3ac365f5780ff240 Mon Sep 17 00:00:00 2001
|
||
|
From: Shea Levy <shea@shealevy.com>
|
||
|
Date: Tue, 18 Nov 2014 14:34:53 -0500
|
||
|
Subject: [PATCH] gpg-agent: Enable socket activation
|
||
|
|
||
|
This allows gpg-agent to be managed by tools such as systemd or launchd
|
||
|
---
|
||
|
agent/gpg-agent.c | 62 ++++++++++++++++++++++++++++++++++++------------------
|
||
|
doc/gpg-agent.texi | 21 +++++++++++++++++-
|
||
|
2 files changed, 61 insertions(+), 22 deletions(-)
|
||
|
|
||
|
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
|
||
|
index 5960fe3..2f06982 100644
|
||
|
--- a/agent/gpg-agent.c
|
||
|
+++ b/agent/gpg-agent.c
|
||
|
@@ -124,7 +124,9 @@ enum cmd_and_opt_values
|
||
|
oPuttySupport,
|
||
|
oDisableScdaemon,
|
||
|
oDisableCheckOwnSocket,
|
||
|
- oWriteEnvFile
|
||
|
+ oWriteEnvFile,
|
||
|
+ oAgentFD,
|
||
|
+ oSSHAgentFD
|
||
|
};
|
||
|
|
||
|
|
||
|
@@ -138,6 +140,8 @@ static ARGPARSE_OPTS opts[] = {
|
||
|
{ 301, NULL, 0, N_("@Options:\n ") },
|
||
|
|
||
|
{ oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
|
||
|
+ { oAgentFD, "agent-fd", 1, "@" },
|
||
|
+ { oSSHAgentFD, "ssh-agent-fd", 1, "@" },
|
||
|
{ oServer, "server", 0, N_("run in server mode (foreground)") },
|
||
|
{ oVerbose, "verbose", 0, N_("verbose") },
|
||
|
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
||
|
@@ -596,6 +600,31 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||
|
return 1; /* handled */
|
||
|
}
|
||
|
|
||
|
+/* Handle agent socket(s) */
|
||
|
+static void
|
||
|
+handle_agent_socks(int fd, int fd_ssh)
|
||
|
+{
|
||
|
+#ifndef HAVE_W32_SYSTEM
|
||
|
+ if (chdir("/"))
|
||
|
+ {
|
||
|
+ log_error ("chdir to / failed: %s\n", strerror (errno));
|
||
|
+ exit (1);
|
||
|
+ }
|
||
|
+
|
||
|
+ {
|
||
|
+ struct sigaction sa;
|
||
|
+
|
||
|
+ sa.sa_handler = SIG_IGN;
|
||
|
+ sigemptyset (&sa.sa_mask);
|
||
|
+ sa.sa_flags = 0;
|
||
|
+ sigaction (SIGPIPE, &sa, NULL);
|
||
|
+ }
|
||
|
+#endif /*!HAVE_W32_SYSTEM*/
|
||
|
+
|
||
|
+ log_info ("%s %s started\n", strusage(11), strusage(13) );
|
||
|
+ handle_connections (fd, fd_ssh);
|
||
|
+ assuan_sock_close (fd);
|
||
|
+}
|
||
|
|
||
|
/* The main entry point. */
|
||
|
int
|
||
|
@@ -612,6 +641,8 @@ main (int argc, char **argv )
|
||
|
int default_config =1;
|
||
|
int pipe_server = 0;
|
||
|
int is_daemon = 0;
|
||
|
+ int fd_agent = GNUPG_INVALID_FD;
|
||
|
+ int fd_ssh_agent = GNUPG_INVALID_FD;
|
||
|
int nodetach = 0;
|
||
|
int csh_style = 0;
|
||
|
char *logfile = NULL;
|
||
|
@@ -819,6 +850,8 @@ main (int argc, char **argv )
|
||
|
case oSh: csh_style = 0; break;
|
||
|
case oServer: pipe_server = 1; break;
|
||
|
case oDaemon: is_daemon = 1; break;
|
||
|
+ case oAgentFD: fd_agent = pargs.r.ret_int; break;
|
||
|
+ case oSSHAgentFD: fd_ssh_agent = pargs.r.ret_int; break;
|
||
|
|
||
|
case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
|
||
|
case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
|
||
|
@@ -904,7 +937,8 @@ main (int argc, char **argv )
|
||
|
bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
|
||
|
#endif
|
||
|
|
||
|
- if (!pipe_server && !is_daemon && !gpgconf_list)
|
||
|
+ if (!pipe_server && !is_daemon && !gpgconf_list &&
|
||
|
+ fd_agent == GNUPG_INVALID_FD)
|
||
|
{
|
||
|
/* We have been called without any options and thus we merely
|
||
|
check whether an agent is already running. We do this right
|
||
|
@@ -1054,6 +1088,10 @@ main (int argc, char **argv )
|
||
|
agent_deinit_default_ctrl (ctrl);
|
||
|
xfree (ctrl);
|
||
|
}
|
||
|
+ else if (fd_agent != GNUPG_INVALID_FD)
|
||
|
+ {
|
||
|
+ handle_agent_socks(fd_agent, fd_ssh_agent);
|
||
|
+ }
|
||
|
else if (!is_daemon)
|
||
|
; /* NOTREACHED */
|
||
|
else
|
||
|
@@ -1238,26 +1276,8 @@ main (int argc, char **argv )
|
||
|
log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
|
||
|
opt.running_detached = 1;
|
||
|
}
|
||
|
-
|
||
|
- if (chdir("/"))
|
||
|
- {
|
||
|
- log_error ("chdir to / failed: %s\n", strerror (errno));
|
||
|
- exit (1);
|
||
|
- }
|
||
|
-
|
||
|
- {
|
||
|
- struct sigaction sa;
|
||
|
-
|
||
|
- sa.sa_handler = SIG_IGN;
|
||
|
- sigemptyset (&sa.sa_mask);
|
||
|
- sa.sa_flags = 0;
|
||
|
- sigaction (SIGPIPE, &sa, NULL);
|
||
|
- }
|
||
|
#endif /*!HAVE_W32_SYSTEM*/
|
||
|
-
|
||
|
- log_info ("%s %s started\n", strusage(11), strusage(13) );
|
||
|
- handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);
|
||
|
- assuan_sock_close (fd);
|
||
|
+ handle_agent_socks(fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
|
||
|
index a4079d7..1556e54 100644
|
||
|
--- a/doc/gpg-agent.texi
|
||
|
+++ b/doc/gpg-agent.texi
|
||
|
@@ -43,7 +43,15 @@
|
||
|
.IR file ]
|
||
|
.RI [ options ]
|
||
|
.B \-\-daemon
|
||
|
-.RI [ command_line ]
|
||
|
+.br
|
||
|
+.B gpg-agent
|
||
|
+.RB [ \-\-homedir
|
||
|
+.IR dir ]
|
||
|
+.RB [ \-\-options
|
||
|
+.IR file ]
|
||
|
+.RI [ options ]
|
||
|
+.B \-\-agent-fd
|
||
|
+.IR fd
|
||
|
@end ifset
|
||
|
|
||
|
@mansect description
|
||
|
@@ -186,6 +194,11 @@ Yet another way is creating
|
||
|
a new process as a child of gpg-agent: @code{gpg-agent --daemon
|
||
|
/bin/sh}. This way you get a new shell with the environment setup
|
||
|
properly; if you exit from this shell, gpg-agent terminates as well.
|
||
|
+
|
||
|
+@item --agent-fd @var{fd}
|
||
|
+@opindex agent-fd
|
||
|
+Start the gpg-agent using @var{fd} as the listening socket. This is useful for
|
||
|
+socket activation a la systemd and launchd.
|
||
|
@end table
|
||
|
|
||
|
@mansect options
|
||
|
@@ -532,6 +545,12 @@ Ignore requests to change the current @code{tty} or X window system's
|
||
|
@code{DISPLAY} variable respectively. This is useful to lock the
|
||
|
pinentry to pop up at the @code{tty} or display you started the agent.
|
||
|
|
||
|
+@item --ssh-agent-fd @var{fd}
|
||
|
+@opindex ssh-agent-fd
|
||
|
+
|
||
|
+When starting the agent with @option{--agent-fd}, use this to pass in a socket
|
||
|
+to be used for the OpenSSH agent protocol.
|
||
|
+
|
||
|
@anchor{option --enable-ssh-support}
|
||
|
@item --enable-ssh-support
|
||
|
@opindex enable-ssh-support
|