sign.conf man page

/etc/sign.conf

This file holds the configuration both for the sign program and the signd daemon. Each line in the file has the format "key: value [value...]". Empty lines or lines starting with "#" are ignored.

The following keys are recognized:

server: hostname

Forward all unknown requests to the specified server.

port: port

Use the specified port number instead of the default port "5167". Also sets the proxyport.

proxyport: port

Listen on the specified port number for incoming requests.

user: user

Set a default user to use for signing.

hash: hash

Set a default hash to use for signing. The default hash is SHA1.

allow: ip1 ip2 ip3...

Allow only connections from the specified ip addresses. Must be present.

gpg: path_to_gpg

Select the gpg program to use instead of "/usr/bin/gpg".

phrases: phrases_directory

Set the directory containing gpg phrases for every user. A phrase file is fed into gpg with the "--passphrase-fd=0" option.

map: [hash:]from_signuser to_signuser

Modify the signuser. This can be used to map hashes and users to unambiguous key ids.

allowuser: username|uid

Grant the user the right to sign. the sign binary must be installed suid-root for this to work. Multiple users can be specified by using multiple allowuser lines in the configuration.

/etc/sign.conf

sign(8), signd(8)

sign(8), signd(8).