summary refs log tree commit diff
path: root/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/gnupg/socket-activate-2.1.1.patch')
-rw-r--r--pkgs/tools/security/gnupg/socket-activate-2.1.1.patch170
1 files changed, 170 insertions, 0 deletions
diff --git a/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch b/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch
new file mode 100644
index 00000000000..2c2d7b54250
--- /dev/null
+++ b/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch
@@ -0,0 +1,170 @@
+Port Shea Levy's socket activation patch to version 2.1.1.
+
+diff -Naur gnupg-2.1.1-upstream/agent/gpg-agent.c gnupg-2.1.1/agent/gpg-agent.c
+--- gnupg-2.1.1-upstream/agent/gpg-agent.c	2014-12-01 05:04:57.000000000 -0430
++++ gnupg-2.1.1/agent/gpg-agent.c	2014-12-23 17:13:48.029286035 -0430
+@@ -125,7 +125,9 @@
+   oPuttySupport,
+   oDisableScdaemon,
+   oDisableCheckOwnSocket,
+-  oWriteEnvFile
++  oWriteEnvFile,
++  oAgentFD,
++  oSSHAgentFD
+ };
+ 
+ 
+@@ -143,6 +145,8 @@
+   ARGPARSE_group (301, N_("@Options:\n ")),
+ 
+   ARGPARSE_s_n (oDaemon,  "daemon", N_("run in daemon mode (background)")),
++  ARGPARSE_s_i (oAgentFD,  "agent-fd", "@"),
++  ARGPARSE_s_i (oSSHAgentFD,  "ssh-agent-fd", "@"),
+   ARGPARSE_s_n (oServer,  "server", N_("run in server mode (foreground)")),
+   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+   ARGPARSE_s_n (oQuiet,	  "quiet",     N_("be somewhat more quiet")),
+@@ -627,6 +631,31 @@
+   return 1; /* handled */
+ }
+ 
++/* Handle agent socket(s) */
++static void
++handle_agent_socks(int fd, int fd_extra, int fd_ssh)
++{
++#ifndef HAVE_W32_SYSTEM
++  if (chdir("/"))
++    {
++      log_error ("chdir to / failed: %s\n", strerror (errno));
++      exit (1);
++    }
++
++  {
++    struct sigaction sa;
++
++    sa.sa_handler = SIG_IGN;
++    sigemptyset (&sa.sa_mask);
++    sa.sa_flags = 0;
++    sigaction (SIGPIPE, &sa, NULL);
++  }
++#endif /*!HAVE_W32_SYSTEM*/
++
++  log_info ("%s %s started\n", strusage(11), strusage(13) );
++  handle_connections (fd, fd_extra, fd_ssh);
++  assuan_sock_close (fd);
++}
+ 
+ /* The main entry point.  */
+ int
+@@ -643,6 +672,8 @@
+   int default_config =1;
+   int pipe_server = 0;
+   int is_daemon = 0;
++  int fd_agent = GNUPG_INVALID_FD;
++  int fd_ssh_agent = GNUPG_INVALID_FD;
+   int nodetach = 0;
+   int csh_style = 0;
+   char *logfile = NULL;
+@@ -850,6 +881,8 @@
+         case oSh: csh_style = 0; break;
+         case oServer: pipe_server = 1; break;
+         case oDaemon: is_daemon = 1; break;
++        case oAgentFD: fd_agent = pargs.r.ret_int; break;
++        case oSSHAgentFD: fd_ssh_agent = pargs.r.ret_int; break;
+ 
+         case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
+         case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
+@@ -940,7 +973,8 @@
+     bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
+ #endif
+ 
+-  if (!pipe_server && !is_daemon && !gpgconf_list)
++  if (!pipe_server && !is_daemon && !gpgconf_list &&
++                                                  fd_agent == GNUPG_INVALID_FD)
+     {
+      /* We have been called without any options and thus we merely
+         check whether an agent is already running.  We do this right
+@@ -1090,6 +1124,10 @@
+       agent_deinit_default_ctrl (ctrl);
+       xfree (ctrl);
+     }
++  else if (fd_agent != GNUPG_INVALID_FD)
++    {
++      handle_agent_socks(fd_agent, GNUPG_INVALID_FD, fd_ssh_agent);
++    }
+   else if (!is_daemon)
+     ; /* NOTREACHED */
+   else
+@@ -1287,26 +1325,8 @@
+           log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
+           opt.running_detached = 1;
+         }
+-
+-      if (chdir("/"))
+-        {
+-          log_error ("chdir to / failed: %s\n", strerror (errno));
+-          exit (1);
+-        }
+-
+-      {
+-        struct sigaction sa;
+-
+-        sa.sa_handler = SIG_IGN;
+-        sigemptyset (&sa.sa_mask);
+-        sa.sa_flags = 0;
+-        sigaction (SIGPIPE, &sa, NULL);
+-      }
+-#endif /*!HAVE_W32_SYSTEM*/
+-
+-      log_info ("%s %s started\n", strusage(11), strusage(13) );
+-      handle_connections (fd, fd_extra, fd_ssh);
+-      assuan_sock_close (fd);
++#endif /*!HAVE_W32_SYSTEM*/      
++      handle_agent_socks(fd, fd_extra, fd_ssh);
+     }
+ 
+   return 0;
+diff -Naur gnupg-2.1.1-upstream/doc/gpg-agent.texi gnupg-2.1.1/doc/gpg-agent.texi
+--- gnupg-2.1.1-upstream/doc/gpg-agent.texi	2014-12-05 09:56:37.000000000 -0430
++++ gnupg-2.1.1/doc/gpg-agent.texi	2014-12-23 16:26:38.366391186 -0430
+@@ -43,7 +43,15 @@
+ .IR file ]
+ .RI [ options ]
+ .B  \-\-daemon
+-.RI [ command_line ]
++.br
++.B  gpg-agent
++.RB [ \-\-homedir
++.IR dir ]
++.RB [ \-\-options
++.IR file ]
++.RI [ options ]
++.B  \-\-agent-fd
++.IR fd
+ @end ifset
+ 
+ @mansect description
+@@ -186,6 +194,11 @@
+ a new process as a child of gpg-agent: @code{gpg-agent --daemon
+ /bin/sh}.  This way you get a new shell with the environment setup
+ properly; if you exit from this shell, gpg-agent terminates as well.
++
++@item --agent-fd @var{fd}
++@opindex  agent-fd
++Start the gpg-agent using @var{fd} as the listening socket. This is useful for
++socket activation a la systemd and launchd.
+ @end table
+ 
+ @mansect options
+@@ -545,6 +558,12 @@
+ remote machine.
+ 
+ 
++@item --ssh-agent-fd @var{fd}
++@opindex ssh-agent-fd
++
++When starting the agent with @option{--agent-fd}, use this to pass in a socket
++to be used for the OpenSSH agent protocol.
++
+ @anchor{option --enable-ssh-support}
+ @item --enable-ssh-support
+ @opindex enable-ssh-support
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-30 03:34:28 +0000