diff options
| author | Werner Koch <[email protected]> | 2016-08-18 09:23:40 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-08-18 09:23:40 +0000 |
| commit | d83ba4897bf217d1045c58d1b99e52bd31c58812 (patch) | |
| tree | 1eaf4c2976175b8dcedd5d3c3a721c3015fbf68a /doc | |
| parent | gpg: New option --sender (diff) | |
| download | gnupg-d83ba4897bf217d1045c58d1b99e52bd31c58812.tar.gz gnupg-d83ba4897bf217d1045c58d1b99e52bd31c58812.zip | |
dirmngr: Remove all system daemon features.
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/dirmngr.texi | 27 |
1 files changed, 3 insertions, 24 deletions
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 033b5d3ff..d52fb892a 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -34,11 +34,6 @@ providing access to OCSP providers. Dirmngr is invoked internally by @command{gpg}, @command{gpgsm}, or via the @command{gpg-connect-agent} tool. -For historical reasons it is also possible to start @command{dirmngr} -in a system daemon mode which uses a different directory layout. -However, this mode is deprecated and may eventually be removed. - - @manpause @noindent @xref{Option Index},for an index to @command{DIRMNGR}'s commands and @@ -468,9 +463,7 @@ Dirmngr makes use of several directories when running in daemon mode: @table @file @item ~/.gnupg -@itemx /etc/gnupg -The first is the standard home directory for all configuration files. -In the deprecated system daemon mode the second directory is used instead. +This is the standard home directory for all configuration files. @item /etc/gnupg/trusted-certs This directory should be filled with certificates of Root CAs you @@ -501,20 +494,10 @@ These certificates are first tried before going out to the net to look for them. These certificates must also be @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. -@item @value{LOCALRUNDIR} -This directory is only used in the deprecated system daemon mode. It -keeps the socket file for accessing @command{dirmngr} services. The -name of the socket file will be @file{S.dirmngr}. Make sure that this -directory has the proper permissions to let @command{dirmngr} create -the socket file and that eligible users may read and write to that -socket. - @item ~/.gnupg/crls.d -@itemx @value{LOCALCACHEDIR}/crls.d -The first directory is used to store cached CRLs. The @file{crls.d} +This directory is used to store cached CRLs. The @file{crls.d} part will be created by dirmngr if it does not exists but you need to -make sure that the upper directory exists. The second directory is -used instead in the deprecated systems daemon mode. +make sure that the upper directory exists. @end table @manpause @@ -1040,10 +1023,6 @@ as a binary blob. @c works. Note that mainly testing purposes this functionality may be @c called directly using @cmd{dirmngr-client --validate @file{foo.crt}}. @c -@c For backward compatibility this function returns success if Dirmngr is -@c not used as a system daemon. Thus not validating the certicates at -@c all. FIXME: This is definitely not correct and should be fixed ASAP. -@c @c The function takes the target certificate and a mode argument as @c parameters and returns an error code and optionally the closes @c expiration time of all certificates in the chain. |