=== modified file 'INSTALL' --- INSTALL 2009-01-27 00:07:26 +0000 +++ INSTALL 2009-02-15 09:28:06 +0000 @@ -39,7 +39,7 @@ *** Mandos Server + GnuTLS 2.4 http://www.gnu.org/software/gnutls/ + Avahi 0.6.16 http://www.avahi.org/ - + Python 2.4 http://www.python.org/ + + Python 2.5 http://www.python.org/ + Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/ + dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/ + python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes === modified file 'Makefile' --- Makefile 2009-02-13 09:03:22 +0000 +++ Makefile 2009-02-15 09:09:27 +0000 @@ -39,8 +39,9 @@ GNUTLS_LIBS=$(shell libgnutls-config --libs) AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core) AVAHI_LIBS=$(shell pkg-config --libs avahi-core) -GPGME_CFLAGS=$(shell gpgme-config --cflags) -GPGME_LIBS=$(shell gpgme-config --libs) +GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS) +GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \ + getconf LFS_LDFLAGS) # Do not change these two CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \ @@ -151,7 +152,7 @@ # Update all these files with version number $(version) common.ent: Makefile $(SED) --in-place \ - --expression='s/^\($$/\1$(version)"/' \ + --expression='s/^\($$/\1$(version)">/' \ $@ mandos: Makefile === modified file 'README' --- README 2009-01-12 22:02:33 +0000 +++ README 2009-02-23 11:52:42 +0000 @@ -134,13 +134,15 @@ In the early designs, the mandos-client(8mandos) program (which retrieves a password from the Mandos server) also prompted for a password on the terminal, in case a Mandos server could not be - found. This duality of purpose was seen to be too complex to be a - viable way to continue. Instead, the programs are now separated - into mandos-client(8mandos) and password-prompt(8mandos), and a - plugin-runner(8mandos) exist to run them both in parallel, allowing - the first plugin to succeed to provide the password. This opened up - for any number of additional plugins to run, all competing to be the - first to find a password and provide it to the plugin runner. + found. Other ways of retrieving a password could easily be + envisoned, but this multiplicity of purpose was seen to be too + complex to be a viable way to continue. Instead, the original + program was separated into mandos-client(8mandos) and + password-prompt(8mandos), and a plugin-runner(8mandos) exist to run + them both in parallel, allowing the first successful plugin to + provide the password. This opened up for any number of additional + plugins to run, all competing to be the first to find a password and + provide it to the plugin runner. Three additional plugins are provided: * usplash(8mandos) @@ -152,7 +154,7 @@ cryptsetup, this plugin listens to the same FIFO as askpass would do. - More plugins could easily be written and added by the system + More plugins can easily be written and added by the system administrator; see the section called "WRITING PLUGINS" in plugin-runner(8mandos) to learn the plugin requirements. === modified file 'common.ent' --- common.ent 2008-09-30 07:23:39 +0000 +++ common.ent 2009-02-15 09:09:27 +0000 @@ -1,3 +1,3 @@ - + === modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2009-02-09 02:13:58 +0000 +++ initramfs-tools-hook 2009-02-18 13:19:26 +0000 @@ -55,12 +55,12 @@ || getent passwd mandos \ || getent passwd nobody \ || echo ::65534::::; } \ - | awk --field-separator=: '{ print $3 }'`" + | cut --delimiter=: --fields=3 --only-delimited mandos_group="`{ getent group _mandos \ || getent group mandos \ || getent group nogroup \ || echo ::65534:; } \ - | awk --field-separator=: '{ print $3 }'`" + | cut --delimiter=: --fields=3 --only-delimited # The Mandos network client uses the network auto_add_modules net === modified file 'mandos-clients.conf.xml' --- mandos-clients.conf.xml 2009-01-08 03:54:06 +0000 +++ mandos-clients.conf.xml 2009-02-15 09:09:27 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/clients.conf"> - + %common; ]> @@ -257,7 +257,7 @@ This option is optional, but highly recommended unless the option is modified to a - non-standard value without %(host)s in it. + non-standard value without %%(host)s in it. Host name for this client. This is not used by the server === modified file 'mandos.lsm' --- mandos.lsm 2009-02-13 09:03:22 +0000 +++ mandos.lsm 2009-02-15 09:28:06 +0000 @@ -15,7 +15,7 @@ 98K mandos_1.0.6.orig.tar.gz Alternate-site: ftp://ftp.fukt.bsnet.se/pub/mandos 98K mandos_1.0.6.orig.tar.gz -Platforms: Requires GCC, GNU libC, Avahi, GnuPG, Python 2.4, and +Platforms: Requires GCC, GNU libC, Avahi, GnuPG, Python 2.5, and various other libraries. While made for Debian GNU/Linux, it is probably portable to other distributions, but not other Unixes. Copying-policy: GNU General Public License version 3.0 or later === modified file 'mandos.xml' --- mandos.xml 2009-02-13 08:00:47 +0000 +++ mandos.xml 2009-02-24 11:49:59 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -445,7 +445,7 @@ Debug mode is conflated with running in the foreground. - The console log messages does not show a time stamp. + The console log messages do not show a time stamp. This server does not check the expire time of clients’ OpenPGP === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2009-02-12 23:17:14 +0000 +++ plugins.d/mandos-client.c 2009-02-14 18:07:05 +0000 @@ -30,8 +30,12 @@ */ /* Needed by GPGME, specifically gpgme_data_seek() */ +#ifndef _LARGEFILE_SOURCE #define _LARGEFILE_SOURCE +#endif +#ifndef _FILE_OFFSET_BITS #define _FILE_OFFSET_BITS 64 +#endif #define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */