> Hi Karn, > > is there any particular reason why you created a new patch file and kept > the old one around? It seems like "socket-activate.patch" is now unused. > Is that intentional? > > Best regards, > Peter
Hi Peter, The new patch file with 2.1.1 in the name was intended to indicate the gnupg version to which it could be applied, since that had changed. Not removing the original patch file was a mistake. Attached is another patch removing the old file.
>From feb5e0862274ac8dbb3721b4a0ff09e14a420179 Mon Sep 17 00:00:00 2001 From: Karn Kallio <[email protected]> Date: Tue, 23 Dec 2014 21:50:04 -0430 Subject: [PATCH] gnupg: Port socket activation patch to version 2.1.1. --- pkgs/tools/security/gnupg/21.nix | 2 +- .../security/gnupg/socket-activate-2.1.1.patch | 170 +++++++++++++++++++ pkgs/tools/security/gnupg/socket-activate.patch | 180 --------------------- 3 files changed, 171 insertions(+), 181 deletions(-) create mode 100644 pkgs/tools/security/gnupg/socket-activate-2.1.1.patch delete mode 100644 pkgs/tools/security/gnupg/socket-activate.patch diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index d6fe93b..75510c9 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "0jffj23a02gw7gmrh9j9ynp50bvl2pc2y74i9ii65nvm50fx1v3h"; }; - patches = [ ./socket-activate.patch ]; + patches = [ ./socket-activate-2.1.1.patch ]; buildInputs = [ pkgconfig libgcrypt libassuan libksba npth diff --git a/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch b/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch new file mode 100644 index 0000000..2c2d7b5 --- /dev/null +++ b/pkgs/tools/security/gnupg/socket-activate-2.1.1.patch @@ -0,0 +1,170 @@ +Port Shea Levy's socket activation patch to version 2.1.1. + +diff -Naur gnupg-2.1.1-upstream/agent/gpg-agent.c gnupg-2.1.1/agent/gpg-agent.c +--- gnupg-2.1.1-upstream/agent/gpg-agent.c 2014-12-01 05:04:57.000000000 -0430 ++++ gnupg-2.1.1/agent/gpg-agent.c 2014-12-23 17:13:48.029286035 -0430 +@@ -125,7 +125,9 @@ + oPuttySupport, + oDisableScdaemon, + oDisableCheckOwnSocket, +- oWriteEnvFile ++ oWriteEnvFile, ++ oAgentFD, ++ oSSHAgentFD + }; + + +@@ -143,6 +145,8 @@ + ARGPARSE_group (301, N_("@Options:\n ")), + + ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), ++ ARGPARSE_s_i (oAgentFD, "agent-fd", "@"), ++ ARGPARSE_s_i (oSSHAgentFD, "ssh-agent-fd", "@"), + ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), + ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), + ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), +@@ -627,6 +631,31 @@ + return 1; /* handled */ + } + ++/* Handle agent socket(s) */ ++static void ++handle_agent_socks(int fd, int fd_extra, int fd_ssh) ++{ ++#ifndef HAVE_W32_SYSTEM ++ if (chdir("/")) ++ { ++ log_error ("chdir to / failed: %s\n", strerror (errno)); ++ exit (1); ++ } ++ ++ { ++ struct sigaction sa; ++ ++ sa.sa_handler = SIG_IGN; ++ sigemptyset (&sa.sa_mask); ++ sa.sa_flags = 0; ++ sigaction (SIGPIPE, &sa, NULL); ++ } ++#endif /*!HAVE_W32_SYSTEM*/ ++ ++ log_info ("%s %s started\n", strusage(11), strusage(13) ); ++ handle_connections (fd, fd_extra, fd_ssh); ++ assuan_sock_close (fd); ++} + + /* The main entry point. */ + int +@@ -643,6 +672,8 @@ + int default_config =1; + int pipe_server = 0; + int is_daemon = 0; ++ int fd_agent = GNUPG_INVALID_FD; ++ int fd_ssh_agent = GNUPG_INVALID_FD; + int nodetach = 0; + int csh_style = 0; + char *logfile = NULL; +@@ -850,6 +881,8 @@ + case oSh: csh_style = 0; break; + case oServer: pipe_server = 1; break; + case oDaemon: is_daemon = 1; break; ++ case oAgentFD: fd_agent = pargs.r.ret_int; break; ++ case oSSHAgentFD: fd_ssh_agent = pargs.r.ret_int; break; + + case oDisplay: default_display = xstrdup (pargs.r.ret_str); break; + case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break; +@@ -940,7 +973,8 @@ + bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); + #endif + +- if (!pipe_server && !is_daemon && !gpgconf_list) ++ if (!pipe_server && !is_daemon && !gpgconf_list && ++ fd_agent == GNUPG_INVALID_FD) + { + /* We have been called without any options and thus we merely + check whether an agent is already running. We do this right +@@ -1090,6 +1124,10 @@ + agent_deinit_default_ctrl (ctrl); + xfree (ctrl); + } ++ else if (fd_agent != GNUPG_INVALID_FD) ++ { ++ handle_agent_socks(fd_agent, GNUPG_INVALID_FD, fd_ssh_agent); ++ } + else if (!is_daemon) + ; /* NOTREACHED */ + else +@@ -1287,26 +1325,8 @@ + log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED); + opt.running_detached = 1; + } +- +- if (chdir("/")) +- { +- log_error ("chdir to / failed: %s\n", strerror (errno)); +- exit (1); +- } +- +- { +- struct sigaction sa; +- +- sa.sa_handler = SIG_IGN; +- sigemptyset (&sa.sa_mask); +- sa.sa_flags = 0; +- sigaction (SIGPIPE, &sa, NULL); +- } +-#endif /*!HAVE_W32_SYSTEM*/ +- +- log_info ("%s %s started\n", strusage(11), strusage(13) ); +- handle_connections (fd, fd_extra, fd_ssh); +- assuan_sock_close (fd); ++#endif /*!HAVE_W32_SYSTEM*/ ++ handle_agent_socks(fd, fd_extra, fd_ssh); + } + + return 0; +diff -Naur gnupg-2.1.1-upstream/doc/gpg-agent.texi gnupg-2.1.1/doc/gpg-agent.texi +--- gnupg-2.1.1-upstream/doc/gpg-agent.texi 2014-12-05 09:56:37.000000000 -0430 ++++ gnupg-2.1.1/doc/gpg-agent.texi 2014-12-23 16:26:38.366391186 -0430 +@@ -43,7 +43,15 @@ + .IR file ] + .RI [ options ] + .B \-\-daemon +-.RI [ command_line ] ++.br ++.B gpg-agent ++.RB [ \-\-homedir ++.IR dir ] ++.RB [ \-\-options ++.IR file ] ++.RI [ options ] ++.B \-\-agent-fd ++.IR fd + @end ifset + + @mansect description +@@ -186,6 +194,11 @@ + a new process as a child of gpg-agent: @code{gpg-agent --daemon + /bin/sh}. This way you get a new shell with the environment setup + properly; if you exit from this shell, gpg-agent terminates as well. ++ ++@item --agent-fd @var{fd} ++@opindex agent-fd ++Start the gpg-agent using @var{fd} as the listening socket. This is useful for ++socket activation a la systemd and launchd. + @end table + + @mansect options +@@ -545,6 +558,12 @@ + remote machine. + + ++@item --ssh-agent-fd @var{fd} ++@opindex ssh-agent-fd ++ ++When starting the agent with @option{--agent-fd}, use this to pass in a socket ++to be used for the OpenSSH agent protocol. ++ + @anchor{option --enable-ssh-support} + @item --enable-ssh-support + @opindex enable-ssh-support diff --git a/pkgs/tools/security/gnupg/socket-activate.patch b/pkgs/tools/security/gnupg/socket-activate.patch deleted file mode 100644 index 02aa065..0000000 --- a/pkgs/tools/security/gnupg/socket-activate.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 8fde13d07c0059040ed531ca3ac365f5780ff240 Mon Sep 17 00:00:00 2001 -From: Shea Levy <[email protected]> -Date: Tue, 18 Nov 2014 14:34:53 -0500 -Subject: [PATCH] gpg-agent: Enable socket activation - -This allows gpg-agent to be managed by tools such as systemd or launchd ---- - agent/gpg-agent.c | 62 ++++++++++++++++++++++++++++++++++++------------------ - doc/gpg-agent.texi | 21 +++++++++++++++++- - 2 files changed, 61 insertions(+), 22 deletions(-) - -diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c -index 5960fe3..2f06982 100644 ---- a/agent/gpg-agent.c -+++ b/agent/gpg-agent.c -@@ -124,7 +124,9 @@ enum cmd_and_opt_values - oPuttySupport, - oDisableScdaemon, - oDisableCheckOwnSocket, -- oWriteEnvFile -+ oWriteEnvFile, -+ oAgentFD, -+ oSSHAgentFD - }; - - -@@ -138,6 +140,8 @@ static ARGPARSE_OPTS opts[] = { - { 301, NULL, 0, N_("@Options:\n ") }, - - { oDaemon, "daemon", 0, N_("run in daemon mode (background)") }, -+ { oAgentFD, "agent-fd", 1, "@" }, -+ { oSSHAgentFD, "ssh-agent-fd", 1, "@" }, - { oServer, "server", 0, N_("run in server mode (foreground)") }, - { oVerbose, "verbose", 0, N_("verbose") }, - { oQuiet, "quiet", 0, N_("be somewhat more quiet") }, -@@ -596,6 +600,31 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) - return 1; /* handled */ - } - -+/* Handle agent socket(s) */ -+static void -+handle_agent_socks(int fd, int fd_ssh) -+{ -+#ifndef HAVE_W32_SYSTEM -+ if (chdir("/")) -+ { -+ log_error ("chdir to / failed: %s\n", strerror (errno)); -+ exit (1); -+ } -+ -+ { -+ struct sigaction sa; -+ -+ sa.sa_handler = SIG_IGN; -+ sigemptyset (&sa.sa_mask); -+ sa.sa_flags = 0; -+ sigaction (SIGPIPE, &sa, NULL); -+ } -+#endif /*!HAVE_W32_SYSTEM*/ -+ -+ log_info ("%s %s started\n", strusage(11), strusage(13) ); -+ handle_connections (fd, fd_ssh); -+ assuan_sock_close (fd); -+} - - /* The main entry point. */ - int -@@ -612,6 +641,8 @@ main (int argc, char **argv ) - int default_config =1; - int pipe_server = 0; - int is_daemon = 0; -+ int fd_agent = GNUPG_INVALID_FD; -+ int fd_ssh_agent = GNUPG_INVALID_FD; - int nodetach = 0; - int csh_style = 0; - char *logfile = NULL; -@@ -819,6 +850,8 @@ main (int argc, char **argv ) - case oSh: csh_style = 0; break; - case oServer: pipe_server = 1; break; - case oDaemon: is_daemon = 1; break; -+ case oAgentFD: fd_agent = pargs.r.ret_int; break; -+ case oSSHAgentFD: fd_ssh_agent = pargs.r.ret_int; break; - - case oDisplay: default_display = xstrdup (pargs.r.ret_str); break; - case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break; -@@ -904,7 +937,8 @@ main (int argc, char **argv ) - bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); - #endif - -- if (!pipe_server && !is_daemon && !gpgconf_list) -+ if (!pipe_server && !is_daemon && !gpgconf_list && -+ fd_agent == GNUPG_INVALID_FD) - { - /* We have been called without any options and thus we merely - check whether an agent is already running. We do this right -@@ -1054,6 +1088,10 @@ main (int argc, char **argv ) - agent_deinit_default_ctrl (ctrl); - xfree (ctrl); - } -+ else if (fd_agent != GNUPG_INVALID_FD) -+ { -+ handle_agent_socks(fd_agent, fd_ssh_agent); -+ } - else if (!is_daemon) - ; /* NOTREACHED */ - else -@@ -1238,26 +1276,8 @@ main (int argc, char **argv ) - log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED); - opt.running_detached = 1; - } -- -- if (chdir("/")) -- { -- log_error ("chdir to / failed: %s\n", strerror (errno)); -- exit (1); -- } -- -- { -- struct sigaction sa; -- -- sa.sa_handler = SIG_IGN; -- sigemptyset (&sa.sa_mask); -- sa.sa_flags = 0; -- sigaction (SIGPIPE, &sa, NULL); -- } - #endif /*!HAVE_W32_SYSTEM*/ -- -- log_info ("%s %s started\n", strusage(11), strusage(13) ); -- handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); -- assuan_sock_close (fd); -+ handle_agent_socks(fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); - } - - return 0; -diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi -index a4079d7..1556e54 100644 ---- a/doc/gpg-agent.texi -+++ b/doc/gpg-agent.texi -@@ -43,7 +43,15 @@ - .IR file ] - .RI [ options ] - .B \-\-daemon --.RI [ command_line ] -+.br -+.B gpg-agent -+.RB [ \-\-homedir -+.IR dir ] -+.RB [ \-\-options -+.IR file ] -+.RI [ options ] -+.B \-\-agent-fd -+.IR fd - @end ifset - - @mansect description -@@ -186,6 +194,11 @@ Yet another way is creating - a new process as a child of gpg-agent: @code{gpg-agent --daemon - /bin/sh}. This way you get a new shell with the environment setup - properly; if you exit from this shell, gpg-agent terminates as well. -+ -+@item --agent-fd @var{fd} -+@opindex agent-fd -+Start the gpg-agent using @var{fd} as the listening socket. This is useful for -+socket activation a la systemd and launchd. - @end table - - @mansect options -@@ -532,6 +545,12 @@ Ignore requests to change the current @code{tty} or X window system's - @code{DISPLAY} variable respectively. This is useful to lock the - pinentry to pop up at the @code{tty} or display you started the agent. - -+@item --ssh-agent-fd @var{fd} -+@opindex ssh-agent-fd -+ -+When starting the agent with @option{--agent-fd}, use this to pass in a socket -+to be used for the OpenSSH agent protocol. -+ - @anchor{option --enable-ssh-support} - @item --enable-ssh-support - @opindex enable-ssh-support -- 2.1.4
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
