1sign.conf(8) System Manager's Manual sign.conf(8)
2
3
4
6 sign.conf - sign and signd configuration file
7
8
10 /etc/sign.conf
11
12
14 This file holds the configuration both for the sign program and the
15 signd daemon. Each line in the file has the format "key: value
16 [value...]". Empty lines or lines starting with "#" are ignored.
17
18 The following keys are recognized:
19
20
21 server: hostname
22 Forward all unknown requests to the specified server.
23
24 port: port
25 Use the specified port number instead of the default port "5167".
26 Also sets the proxyport.
27
28 proxyport: port
29 Listen on the specified port number for incoming requests.
30
31 user: user
32 Set a default user to use for signing.
33
34 hash: hash
35 Set a default hash to use for signing. The default hash is SHA1.
36
37 allow: ip subnet hostname...
38 Allow only connections from the specified ip addresses, subnets ex‐
39 pressed in CIDR notation, and/or hostnames. Note that hostnames
40 are resolved using reverse DNS lookups, so there must be reverse
41 entries in the DNS server, and it should be secured against DNS
42 poisoning attacks. Must be present.
43
44 gpg: path_to_gpg
45 Select the gpg program to use instead of "/usr/bin/gpg".
46
47 phrases: phrases_directory
48 Set the directory containing gpg phrases for every user. A phrase
49 file is fed into gpg with the "--passphrase-fd=0" option.
50
51 map: [hash:]from_signuser to_signuser
52 Modify the signuser. This can be used to map hashes and users to
53 unambiguous key ids.
54
55 allowuser: username|uid
56 Grant the user the right to sign. the sign binary must be installed
57 suid-root for this to work. Multiple users can be specified by us‐
58 ing multiple allowuser lines in the configuration.
59
60 allow-unprivileged-ports: true|false
61 Allow signd to accept connections from source ports > 1024. De‐
62 faults to false.
63
64 logfile: filename
65 Log requests to the specified filename instead of stdout.
66
67 gnupghome: dirname
68 Configures the directory for gpg to use by setting the GNUPGHOME
69 environment variable.
70
71 use_agent: true|false
72 Make signd directly talk to the gpg-agent for signing instead of
73 calling gpg. This is the default if the --files-are-digest option
74 is not available in gpg.
75
76 keycache: dirname
77 Cache the result of finding the signing key for a username. This is
78 only done if the gpg-agent is used for signing. The cache is auto‐
79 matically invalidated if there is a change in the gpg keyring.
80
81
83 /etc/sign.conf
84
85
87 sign(8), signd(8)
88
89
90
91 Apr 2007 sign.conf(8)