gnupg: Invoking gpgconf
10.4.1 Invoking gpgconf
-----------------------
One of the following commands must be given:
‘--list-components’
List all components. This is the default command used if none is
specified.
‘--check-programs’
List all available backend programs and test whether they are
runnable.
‘--list-options COMPONENT’
List all options of the component COMPONENT.
‘--change-options COMPONENT’
Change the options of the component COMPONENT.
‘--check-options COMPONENT’
Check the options for the component COMPONENT.
‘--apply-profile FILE’
Apply the configuration settings listed in FILE to the
configuration files. If FILE has no suffix and no slashes the
command first tries to read a file with the suffix ‘.prf’ from the
data directory (‘gpgconf --list-dirs datadir’) before it reads the
file verbatim. A profile is divided into sections using the
bracketed component name. Each section then lists the option which
shall go into the respective configuration file.
‘--apply-defaults’
Update all configuration files with values taken from the global
configuration file (usually ‘/etc/gnupg/gpgconf.conf’). Note: This
is a legacy mechanism. Please use global configuration files
instead.
‘--list-dirs [NAMES]’
‘-L’
Lists the directories used by ‘gpgconf’. One directory is listed
per line, and each line consists of a colon-separated list where
the first field names the directory type (for example ‘sysconfdir’)
and the second field contains the percent-escaped directory.
Although they are not directories, the socket file names used by
‘gpg-agent’ and ‘dirmngr’ are printed as well. Note that the
socket file names and the ‘homedir’ lines are the default names and
they may be overridden by command line switches. If NAMES are
given only the directories or file names specified by the list
names are printed without any escaping.
‘--list-config [FILENAME]’
List the global configuration file in a colon separated format. If
FILENAME is given, check that file instead.
‘--check-config [FILENAME]’
Run a syntax check on the global configuration file. If FILENAME
is given, check that file instead.
‘--query-swdb PACKAGE_NAME [VERSION_STRING]’
Returns the current version for PACKAGE_NAME and if VERSION_STRING
is given also an indicator on whether an update is available. The
actual file with the software version is automatically downloaded
and checked by ‘dirmngr’. ‘dirmngr’ uses a thresholds to avoid
download the file too often and it does this by default only if it
can be done via Tor. To force an update of that file this command
can be used:
gpg-connect-agent --dirmngr 'loadswdb --force' /bye
‘--reload [COMPONENT]’
‘-R’
Reload all or the given component. This is basically the same as
sending a SIGHUP to the component. Components which don't support
reloading are ignored. Without COMPONENT or by using "all" for
COMPONENT all components which are daemons are reloaded.
‘--launch [COMPONENT]’
If the COMPONENT is not already running, start it. ‘component’
must be a daemon. This is in general not required because the
system starts these daemons as needed. However, external software
making direct use of ‘gpg-agent’ or ‘dirmngr’ may use this command
to ensure that they are started. Using "all" for COMPONENT
launches all components which are daemons.
‘--kill [COMPONENT]’
‘-K’
Kill the given component that runs as a daemon, including
‘gpg-agent’, ‘dirmngr’, and ‘scdaemon’. A ‘component’ which does
not run as a daemon will be ignored. Using "all" for COMPONENT
kills all components running as daemons. Note that as of now
reload and kill have the same effect for ‘scdaemon’.
‘--create-socketdir’
Create a directory for sockets below /run/user or /var/run/user.
This is command is only required if a non default home directory is
used and the /run based sockets shall be used. For the default
home directory GnuPG creates a directory on the fly.
‘--remove-socketdir’
Remove a directory created with command ‘--create-socketdir’.
‘--unlock NAME’
‘--lock NAME’
Remove a stale lock file hold for ‘file’. The file is expected in
the current GnuPG home directory. This command is usually not
required because GnuPG is able to detect and remove stale lock
files. Before using the command make sure that the file protected
by the lock file is actually not in use. The lock command may be
used to lock an accidentally removed lock file. Note that the
commands have no effect on Windows because the mere existence of a
lock file does not mean that the lock is active.
The following options may be used:
‘-o FILE’
‘--output FILE’
Write output to FILE. Default is to write to stdout.
‘-v’
‘--verbose’
Outputs additional information while running. Specifically, this
extends numerical field values by human-readable descriptions.
‘-q’
‘--quiet’
Try to be as quiet as possible.
‘--homedir DIR’
Set the name of the home directory to DIR. If this option is not
used, the home directory defaults to ‘~/.gnupg’. It is only
recognized when given on the command line. It also overrides any
home directory stated through the environment variable ‘GNUPGHOME’
or (on Windows systems) by means of the Registry entry
HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is
considered, all other ways to set a home directory are ignored.
‘--chuid UID’
Change the current user to UID which may either be a number or a
name. This can be used from the root account to get information on
the GnuPG environment of the specified user or to start or kill
daemons. If UID is not the current UID a standard PATH is set and
the envvar GNUPGHOME is unset. To override the latter the option
‘--homedir’ can be used. This option has currently no effect on
Windows.
‘-n’
‘--dry-run’
Do not actually change anything. This is currently only
implemented for ‘--change-options’ and can be used for testing
purposes.
‘-r’
‘--runtime’
Only used together with ‘--change-options’. If one of the modified
options can be changed in a running daemon process, signal the
running daemon to ask it to reparse its configuration file after
changing.
This means that the changes will take effect at run-time, as far as
this is possible. Otherwise, they will take effect at the next
start of the respective backend programs.
‘--status-fd N’
Write special status strings to the file descriptor N. This
program returns the status messages SUCCESS or FAILURE which are
helpful when the caller uses a double fork approach and can't
easily get the return code of the process.