From a4fb2bb587fb1a0146cf97f039b671d3258488f9 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 8 Dec 2016 18:20:37 +0100 Subject: systemd: add per-user remoting socket This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc. --- p11-kit/Makefile.am | 11 +++++++++++ p11-kit/p11-kit-remote.socket | 10 ++++++++++ p11-kit/p11-kit-remote@.service.in | 10 ++++++++++ 3 files changed, 31 insertions(+) create mode 100644 p11-kit/p11-kit-remote.socket create mode 100644 p11-kit/p11-kit-remote@.service.in (limited to 'p11-kit') diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index f1c0583..507be5f 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -93,13 +93,23 @@ install-exec-hook: done $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) +install-data-hook: + $(MKDIR_P) $(DESTDIR)$(systemduserdir)/sockets.target.wants + $(LN_S) -f ../p11-kit-remote.socket $(DESTDIR)$(systemduserdir)/sockets.target.wants/p11-kit-remote.socket + uninstall-local: for i in so dylib; do \ rm -f $(DESTDIR)$(libdir)/p11-kit-proxy.$$i; \ done + rm -f $(DESTDIR)$(systemduserdir)/sockets.target.wants/p11-kit-remote.socket endif +systemduserdir = $(prefix)/lib/systemd/user +systemduser_DATA = \ + p11-kit/p11-kit-remote.socket \ + p11-kit/p11-kit-remote@.service + pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = p11-kit/p11-kit-1.pc @@ -108,6 +118,7 @@ example_DATA = p11-kit/pkcs11.conf.example EXTRA_DIST += \ p11-kit/docs.h \ + p11-kit/p11-kit-remote.socket \ $(NULL) bin_PROGRAMS += p11-kit/p11-kit diff --git a/p11-kit/p11-kit-remote.socket b/p11-kit/p11-kit-remote.socket new file mode 100644 index 0000000..37a277b --- /dev/null +++ b/p11-kit/p11-kit-remote.socket @@ -0,0 +1,10 @@ +[Unit] +Description=PKCS#11 Remote Access Socket + +[Socket] +Accept=true +ListenStream=%t/p11-kit-remote +SocketMode=0600 + +[Install] +WantedBy=sockets.target diff --git a/p11-kit/p11-kit-remote@.service.in b/p11-kit/p11-kit-remote@.service.in new file mode 100644 index 0000000..dd6d332 --- /dev/null +++ b/p11-kit/p11-kit-remote@.service.in @@ -0,0 +1,10 @@ +[Unit] +Description=PKCS#11 Remote Access +Documentation=man:p11-kit(8) +Requires=p11-kit-remote.socket + +[Service] +StandardInput=socket +StandardOutput=socket +StandardError=journal +ExecStart=@libdir@/p11-kit/p11-kit-remote @libdir@/p11-kit-proxy.so -- cgit v1.1