sign.conf man page
sign.conf — sign and signd configuration file
This file holds the configuration both for the sign program and the signd daemon. Each line in the file has the format "key: value [value...]". Empty lines or lines starting with "#" are ignored.
The following keys are recognized:
- server: hostname
Forward all unknown requests to the specified server.
- port: port
Use the specified port number instead of the default port "5167". Also sets the proxyport.
- proxyport: port
Listen on the specified port number for incoming requests.
- user: user
Set a default user to use for signing.
- hash: hash
Set a default hash to use for signing. The default hash is SHA1.
- allow: ip1 ip2 ip3...
Allow only connections from the specified ip addresses. Must be present.
- gpg: path_to_gpg
Select the gpg program to use instead of "/usr/bin/gpg".
- phrases: phrases_directory
Set the directory containing gpg phrases for every user. A phrase file is fed into gpg with the "--passphrase-fd=0" option.
- map: [hash:]from_signuser to_signuser
Modify the signuser. This can be used to map hashes and users to unambiguous key ids.
- allowuser: username|uid
Grant the user the right to sign. the sign binary must be installed suid-root for this to work. Multiple users can be specified by using multiple allowuser lines in the configuration.