diff --git a/gnupg-2.4.3-restore-systemd-sockets.patch b/gnupg-2.4.3-restore-systemd-sockets.patch new file mode 100644 index 0000000..9e741df --- /dev/null +++ b/gnupg-2.4.3-restore-systemd-sockets.patch @@ -0,0 +1,256 @@ +From eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 23 Jan 2023 16:34:19 +0100 +Subject: [PATCH] doc: Remove profile and systemd example files. + +-- + +The profiles are not any longer useful because global options are way +more powerful (/etc/gnupg/gpg.conf et al.). The use of systemd is +deprecated because of additional complexity and the race between +systemd based autolaunching and the explicit gnupg based and lockfile +protected autolaunching. + +GnuPG-bug-id: 6336 +--- +diff --git b/doc/Makefile.am a/doc/Makefile.am +index 390153c76..0093c43a8 100644 +--- b/doc/Makefile.am ++++ a/doc/Makefile.am +@@ -22,6 +22,14 @@ AM_CPPFLAGS = + examples/qualified.txt \ + examples/common.conf \ + examples/gpgconf.rnames examples/gpgconf.conf \ ++ examples/systemd-user/README \ ++ examples/systemd-user/dirmngr.service \ ++ examples/systemd-user/dirmngr.socket \ ++ examples/systemd-user/gpg-agent.service \ ++ examples/systemd-user/gpg-agent.socket \ ++ examples/systemd-user/gpg-agent-ssh.socket \ ++ examples/systemd-user/gpg-agent-browser.socket \ ++ examples/systemd-user/gpg-agent-extra.socket \ + examples/pwpattern.list + + helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ +diff --git b/doc/examples/README a/doc/examples/README +index cd341ab57..67508c471 100644 +--- b/doc/examples/README ++++ a/doc/examples/README +@@ -8,6 +8,8 @@ trustlist.txt A list of trustworthy root certificates + + gpgconf.conf A sample configuration file for gpgconf. + ++systemd-user Sample files for a Linux-only init system. ++ + qualified.txt Sample file for qualified.txt. + + common.conf Sample file for common options. +diff --git b/doc/examples/gpgconf.conf a/doc/examples/gpgconf.conf +index 314b955b9..a61d4d453 100644 +--- b/doc/examples/gpgconf.conf ++++ a/doc/examples/gpgconf.conf +@@ -1,9 +1,5 @@ + # gpgconf.conf - configuration for gpgconf + #---------------------------------------------------------------------- +-# +-# === The use of this feature is deprecated === +-# == Please use the more powerful global options. == +-# + # This file is read by gpgconf(1) to setup defaults for all or + # specified users and groups. It may be used to change the hardwired + # defaults in gpgconf and to enforce certain values for the various +diff --git b/doc/examples/systemd-user/README a/doc/examples/systemd-user/README +new file mode 100644 +index 000000000..43122f568 +--- /dev/null ++++ a/doc/examples/systemd-user/README +@@ -0,0 +1,66 @@ ++Socket-activated dirmngr and gpg-agent with systemd ++=================================================== ++ ++When used on a GNU/Linux system supervised by systemd, you can ensure ++that the GnuPG daemons dirmngr and gpg-agent are launched ++automatically the first time they're needed, and shut down cleanly at ++session logout. This is done by enabling user services via ++socket-activation. ++ ++System distributors ++------------------- ++ ++The *.service and *.socket files (from this directory) should be ++placed in /usr/lib/systemd/user/ alongside other user-session services ++and sockets. ++ ++To enable socket-activated dirmngr for all accounts on the system, ++use: ++ ++ systemctl --user --global enable dirmngr.socket ++ ++To enable socket-activated gpg-agent for all accounts on the system, ++use: ++ ++ systemctl --user --global enable gpg-agent.socket ++ ++Additionally, you can enable socket-activated gpg-agent ssh-agent ++emulation for all accounts on the system with: ++ ++ systemctl --user --global enable gpg-agent-ssh.socket ++ ++You can also enable restricted ("--extra-socket"-style) gpg-agent ++sockets for all accounts on the system with: ++ ++ systemctl --user --global enable gpg-agent-extra.socket ++ ++Individual users ++---------------- ++ ++A user on a system with systemd where this has not been installed ++system-wide can place these files in ~/.config/systemd/user/ to make ++them available. ++ ++If a given service isn't installed system-wide, or if it's installed ++system-wide but not globally enabled, individual users will still need ++to enable them. For example, to enable socket-activated dirmngr for ++all future sessions: ++ ++ systemctl --user enable dirmngr.socket ++ ++To enable socket-activated gpg-agent with ssh support, do: ++ ++ systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket ++ ++These changes won't take effect until your next login after you've ++fully logged out (be sure to terminate any running daemons before ++logging out). ++ ++If you'd rather try a socket-activated GnuPG daemon in an ++already-running session without logging out (with or without enabling ++it for all future sessions), kill any existing daemon and start the ++user socket directly. For example, to set up socket-activated dirmgnr ++in the current session: ++ ++ gpgconf --kill dirmngr ++ systemctl --user start dirmngr.socket +diff --git b/doc/examples/systemd-user/dirmngr.service a/doc/examples/systemd-user/dirmngr.service +new file mode 100644 +index 000000000..3c060cde5 +--- /dev/null ++++ a/doc/examples/systemd-user/dirmngr.service +@@ -0,0 +1,8 @@ ++[Unit] ++Description=GnuPG network certificate management daemon ++Documentation=man:dirmngr(8) ++Requires=dirmngr.socket ++ ++[Service] ++ExecStart=/usr/bin/dirmngr --supervised ++ExecReload=/usr/bin/gpgconf --reload dirmngr +diff --git b/doc/examples/systemd-user/dirmngr.socket a/doc/examples/systemd-user/dirmngr.socket +new file mode 100644 +index 000000000..ebabf896a +--- /dev/null ++++ a/doc/examples/systemd-user/dirmngr.socket +@@ -0,0 +1,11 @@ ++[Unit] ++Description=GnuPG network certificate management daemon ++Documentation=man:dirmngr(8) ++ ++[Socket] ++ListenStream=%t/gnupg/S.dirmngr ++SocketMode=0600 ++DirectoryMode=0700 ++ ++[Install] ++WantedBy=sockets.target +diff --git b/doc/examples/systemd-user/gpg-agent-browser.socket a/doc/examples/systemd-user/gpg-agent-browser.socket +new file mode 100644 +index 000000000..bc8d344e1 +--- /dev/null ++++ a/doc/examples/systemd-user/gpg-agent-browser.socket +@@ -0,0 +1,13 @@ ++[Unit] ++Description=GnuPG cryptographic agent and passphrase cache (access for web browsers) ++Documentation=man:gpg-agent(1) ++ ++[Socket] ++ListenStream=%t/gnupg/S.gpg-agent.browser ++FileDescriptorName=browser ++Service=gpg-agent.service ++SocketMode=0600 ++DirectoryMode=0700 ++ ++[Install] ++WantedBy=sockets.target +diff --git b/doc/examples/systemd-user/gpg-agent-extra.socket a/doc/examples/systemd-user/gpg-agent-extra.socket +new file mode 100644 +index 000000000..5b87d09df +--- /dev/null ++++ a/doc/examples/systemd-user/gpg-agent-extra.socket +@@ -0,0 +1,13 @@ ++[Unit] ++Description=GnuPG cryptographic agent and passphrase cache (restricted) ++Documentation=man:gpg-agent(1) ++ ++[Socket] ++ListenStream=%t/gnupg/S.gpg-agent.extra ++FileDescriptorName=extra ++Service=gpg-agent.service ++SocketMode=0600 ++DirectoryMode=0700 ++ ++[Install] ++WantedBy=sockets.target +diff --git b/doc/examples/systemd-user/gpg-agent-ssh.socket a/doc/examples/systemd-user/gpg-agent-ssh.socket +new file mode 100644 +index 000000000..798c1d967 +--- /dev/null ++++ a/doc/examples/systemd-user/gpg-agent-ssh.socket +@@ -0,0 +1,13 @@ ++[Unit] ++Description=GnuPG cryptographic agent (ssh-agent emulation) ++Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1) ++ ++[Socket] ++ListenStream=%t/gnupg/S.gpg-agent.ssh ++FileDescriptorName=ssh ++Service=gpg-agent.service ++SocketMode=0600 ++DirectoryMode=0700 ++ ++[Install] ++WantedBy=sockets.target +diff --git b/doc/examples/systemd-user/gpg-agent.service a/doc/examples/systemd-user/gpg-agent.service +new file mode 100644 +index 000000000..a050fccdc +--- /dev/null ++++ a/doc/examples/systemd-user/gpg-agent.service +@@ -0,0 +1,8 @@ ++[Unit] ++Description=GnuPG cryptographic agent and passphrase cache ++Documentation=man:gpg-agent(1) ++Requires=gpg-agent.socket ++ ++[Service] ++ExecStart=/usr/bin/gpg-agent --supervised ++ExecReload=/usr/bin/gpgconf --reload gpg-agent +diff --git b/doc/examples/systemd-user/gpg-agent.socket a/doc/examples/systemd-user/gpg-agent.socket +new file mode 100644 +index 000000000..4257c2c80 +--- /dev/null ++++ a/doc/examples/systemd-user/gpg-agent.socket +@@ -0,0 +1,12 @@ ++[Unit] ++Description=GnuPG cryptographic agent and passphrase cache ++Documentation=man:gpg-agent(1) ++ ++[Socket] ++ListenStream=%t/gnupg/S.gpg-agent ++FileDescriptorName=std ++SocketMode=0600 ++DirectoryMode=0700 ++ ++[Install] ++WantedBy=sockets.target +-- +2.41.0 + diff --git a/gnupg2.spec b/gnupg2.spec index 2151443..1fccce5 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -30,6 +30,8 @@ Patch31: gnupg2-revert-rfc4880bis.patch # https://dev.gnupg.org/rG2f872fa68c6576724b9dabee9fb0844266f55d0d # cherry-picked on top of gnupg 2.4.2 + gnupg-2.4.1-file-is-digest.patch Patch32: gnupg-2.4.2-gpg-Report-BEGIN_-status-before-examining-the-input.patch +# Mostly reverts https://dev.gnupg.org/rGeae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed +Patch33: gnupg-2.4.3-restore-systemd-sockets.patch URL: https://www.gnupg.org/ @@ -57,6 +59,7 @@ BuildRequires: gnutls-devel BuildRequires: sqlite-devel BuildRequires: fuse BuildRequires: make +BuildRequires: systemd-rpm-macros BuildRequires: tpm2-tss-devel # for tests BuildRequires: openssh-clients @@ -122,6 +125,7 @@ to the base GnuPG package %patch 30 -p1 -b .coverity %patch 31 -p1 -b .revert-rfc4880bis %patch 32 -p1 -b .report-begin +%patch 33 -p1 -b .restore-systemd-sockets # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # Note: this is just the name of the default shared lib to load in scdaemon, @@ -132,8 +136,7 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c %build -# can not regenerate makefiles because of automake-1.16.3 requirement -# ./autogen.sh +./autogen.sh %configure \ --disable-rpath \ --enable-g13 \ @@ -174,6 +177,11 @@ rm -f %{buildroot}%{_infodir}/dir # drop the gpg scheme interpreter rm -f %{buildroot}%{_bindir}/gpgscm +# Move the systemd user units to appropriate directory +install -d -m755 %{buildroot}%{_userunitdir} +mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.socket %{buildroot}%{_userunitdir} +mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.service %{buildroot}%{_userunitdir} + %check # need scratch gpg database for tests mkdir -p $HOME/.gnupg @@ -209,6 +217,7 @@ make -k check %{_libexecdir}/* %{_infodir}/*.info* %{_mandir}/man?/* +%{_userunitdir}/* %exclude %{_mandir}/man?/gpgsm* %files smime