diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2016-12-08 18:20:37 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2017-01-20 16:08:01 +0100 |
commit | a4fb2bb587fb1a0146cf97f039b671d3258488f9 (patch) | |
tree | b3784d8d7c848714ad3457b8d55f393cb79a2ec6 | |
parent | 563606efe17cbf3b84679f5e54f60b8d68ba9015 (diff) |
systemd: add per-user remoting socket
This allows daemons outside user's session to use per-user PKCS#11
modules. Useful for letting VPN daemons or wpa_supplicant use
certificates stored in user's GNOME keyring, etc.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | p11-kit/Makefile.am | 11 | ||||
-rw-r--r-- | p11-kit/p11-kit-remote.socket | 10 | ||||
-rw-r--r-- | p11-kit/p11-kit-remote@.service.in | 10 |
5 files changed, 33 insertions, 0 deletions
@@ -102,6 +102,7 @@ x86_64-w64-mingw32 /p11-kit/p11-kit.pc /p11-kit/p11-kit-1.pc /p11-kit/pkcs11.conf.example +/p11-kit/p11-kit-remote@.service /po/POTFILES /po/stamp-po diff --git a/configure.ac b/configure.ac index a5f044a..b6ac61c 100644 --- a/configure.ac +++ b/configure.ac @@ -507,6 +507,7 @@ AC_CONFIG_FILES([Makefile po/Makefile.in p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example + p11-kit/p11-kit-remote@.service trust/trust-extract-compat trust/test-extract ]) diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index f1c0583..507be5f 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -93,13 +93,23 @@ install-exec-hook: done $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) +install-data-hook: + $(MKDIR_P) $(DESTDIR)$(systemduserdir)/sockets.target.wants + $(LN_S) -f ../p11-kit-remote.socket $(DESTDIR)$(systemduserdir)/sockets.target.wants/p11-kit-remote.socket + uninstall-local: for i in so dylib; do \ rm -f $(DESTDIR)$(libdir)/p11-kit-proxy.$$i; \ done + rm -f $(DESTDIR)$(systemduserdir)/sockets.target.wants/p11-kit-remote.socket endif +systemduserdir = $(prefix)/lib/systemd/user +systemduser_DATA = \ + p11-kit/p11-kit-remote.socket \ + p11-kit/p11-kit-remote@.service + pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = p11-kit/p11-kit-1.pc @@ -108,6 +118,7 @@ example_DATA = p11-kit/pkcs11.conf.example EXTRA_DIST += \ p11-kit/docs.h \ + p11-kit/p11-kit-remote.socket \ $(NULL) bin_PROGRAMS += p11-kit/p11-kit diff --git a/p11-kit/p11-kit-remote.socket b/p11-kit/p11-kit-remote.socket new file mode 100644 index 0000000..37a277b --- /dev/null +++ b/p11-kit/p11-kit-remote.socket @@ -0,0 +1,10 @@ +[Unit] +Description=PKCS#11 Remote Access Socket + +[Socket] +Accept=true +ListenStream=%t/p11-kit-remote +SocketMode=0600 + +[Install] +WantedBy=sockets.target diff --git a/p11-kit/p11-kit-remote@.service.in b/p11-kit/p11-kit-remote@.service.in new file mode 100644 index 0000000..dd6d332 --- /dev/null +++ b/p11-kit/p11-kit-remote@.service.in @@ -0,0 +1,10 @@ +[Unit] +Description=PKCS#11 Remote Access +Documentation=man:p11-kit(8) +Requires=p11-kit-remote.socket + +[Service] +StandardInput=socket +StandardOutput=socket +StandardError=journal +ExecStart=@libdir@/p11-kit/p11-kit-remote @libdir@/p11-kit-proxy.so |