=== modified file 'Makefile' --- Makefile 2012-05-20 13:52:09 +0000 +++ Makefile 2012-06-01 18:39:03 +0000 @@ -23,7 +23,7 @@ OPTIMIZE=-Os LANGUAGE=-std=gnu99 htmldir=man -version=1.5.4 +version=1.5.5 SED=sed USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534))) @@ -71,8 +71,10 @@ /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \ $(notdir $<); \ $(MANPOST) $(notdir $@);\ - LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \ - --local-file $(notdir $@) >/dev/null) + if locale --all | grep --regexp='^en_US\.utf8$$' && type man \ + 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 man \ + --warnings --encoding=UTF-8 --local-file $(notdir $@); fi \ + >/dev/null) # DocBook-to-man post-processing to fix a '\n' escape bug MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g' === modified file 'NEWS' --- NEWS 2012-05-20 13:52:09 +0000 +++ NEWS 2012-06-01 18:39:03 +0000 @@ -1,6 +1,10 @@ This NEWS file records noteworthy changes, very tersely. See the manual for detailed information. +Version 1.5.5 (2012-06-01) +* Server +** Server takes new --socket option + Version 1.5.4 (2012-05-20) * Server ** Bug fix: Regression fix: Make non-zero approval timeout values work. === modified file 'TODO' --- TODO 2012-05-12 19:29:05 +0000 +++ TODO 2012-05-26 22:21:17 +0000 @@ -48,8 +48,6 @@ SetLogLevel D-Bus call ** TODO Implement --foreground :BUGS: [[info:standards:Option%20Table][Table of Long Options]] -** TODO Implement --socket - [[info:standards:Option%20Table][Table of Long Options]] ** TODO [#C] DBusServiceObjectUsingSuper ** TODO [#B] Global enable/disable flag ** TODO [#B] By-client countdown on number of secrets given === modified file 'common.ent' --- common.ent 2012-05-20 13:52:09 +0000 +++ common.ent 2012-06-01 18:39:03 +0000 @@ -1,3 +1,3 @@ - + === modified file 'debian/changelog' --- debian/changelog 2012-05-20 13:52:09 +0000 +++ debian/changelog 2012-06-01 18:39:03 +0000 @@ -1,3 +1,12 @@ +mandos (1.5.5-1) unstable; urgency=low + + * New upstream release. + * debian/copyright (Format): Updated to + "http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/". + * debian/control (Build-Depends): Removed "man, locales-all". + + -- Teddy Hogeborn Fri, 01 Jun 2012 20:30:41 +0200 + mandos (1.5.4-1) unstable; urgency=low * New upstream release. === modified file 'debian/control' --- debian/control 2012-05-12 19:54:59 +0000 +++ debian/control 2012-05-24 18:10:10 +0000 @@ -6,8 +6,8 @@ Björn Påhlsson Build-Depends: debhelper (>= 7), docbook-xml, docbook-xsl, libavahi-core-dev, libgpgme11-dev, libgnutls-dev, xsltproc, - pkg-config, man, locales-all -Standards-Version: 3.9.2 + pkg-config +Standards-Version: 3.9.3 Vcs-Bzr: http://ftp.recompile.se/pub/mandos/trunk Vcs-Browser: http://bzr.recompile.se/loggerhead/mandos/trunk/files Homepage: http://www.recompile.se/mandos === modified file 'debian/copyright' --- debian/copyright 2011-12-31 23:05:34 +0000 +++ debian/copyright 2012-05-24 18:10:10 +0000 @@ -1,4 +1,4 @@ -Format: http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision=202 +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Mandos Upstream-Contact: Mandos Source: === modified file 'mandos' --- mandos 2012-05-20 13:52:09 +0000 +++ mandos 2012-06-01 18:39:03 +0000 @@ -88,7 +88,7 @@ except ImportError: SO_BINDTODEVICE = None -version = "1.5.4" +version = "1.5.5" stored_state_file = "clients.pickle" logger = logging.getLogger() @@ -151,7 +151,7 @@ def __enter__(self): return self - def __exit__ (self, exc_type, exc_value, traceback): + def __exit__(self, exc_type, exc_value, traceback): self._cleanup() return False @@ -1016,7 +1016,7 @@ return xmlstring -def datetime_to_dbus (dt, variant_level=0): +def datetime_to_dbus(dt, variant_level=0): """Convert a UTC datetime.datetime() to a D-Bus type.""" if dt is None: return dbus.String("", variant_level = variant_level) @@ -1030,8 +1030,8 @@ interface names according to the "alt_interface_names" mapping. Usage: - @alternate_dbus_names({"org.example.Interface": - "net.example.AlternateInterface"}) + @alternate_dbus_interfaces({"org.example.Interface": + "net.example.AlternateInterface"}) class SampleDBusObject(dbus.service.Object): @dbus.service.method("org.example.Interface") def SampleDBusMethod(): @@ -1899,12 +1899,42 @@ use_ipv6: Boolean; to use IPv6 or not """ def __init__(self, server_address, RequestHandlerClass, - interface=None, use_ipv6=True): + interface=None, use_ipv6=True, socketfd=None): + """If socketfd is set, use that file descriptor instead of + creating a new one with socket.socket(). + """ self.interface = interface if use_ipv6: self.address_family = socket.AF_INET6 + if socketfd is not None: + # Save the file descriptor + self.socketfd = socketfd + # Save the original socket.socket() function + self.socket_socket = socket.socket + # To implement --socket, we monkey patch socket.socket. + # + # (When socketserver.TCPServer is a new-style class, we + # could make self.socket into a property instead of monkey + # patching socket.socket.) + # + # Create a one-time-only replacement for socket.socket() + @functools.wraps(socket.socket) + def socket_wrapper(*args, **kwargs): + # Restore original function so subsequent calls are + # not affected. + socket.socket = self.socket_socket + del self.socket_socket + # This time only, return a new socket object from the + # saved file descriptor. + return socket.fromfd(self.socketfd, *args, **kwargs) + # Replace socket.socket() function with wrapper + socket.socket = socket_wrapper + # The socketserver.TCPServer.__init__ will call + # socket.socket(), which might be our replacement, + # socket_wrapper(), if socketfd was set. socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass) + def server_bind(self): """This overrides the normal server_bind() function to bind to an interface if one was specified, and also NOT to @@ -1968,7 +1998,7 @@ """ def __init__(self, server_address, RequestHandlerClass, interface=None, use_ipv6=True, clients=None, - gnutls_priority=None, use_dbus=True): + gnutls_priority=None, use_dbus=True, socketfd=None): self.enabled = False self.clients = clients if self.clients is None: @@ -1978,7 +2008,8 @@ IPv6_TCPServer.__init__(self, server_address, RequestHandlerClass, interface = interface, - use_ipv6 = use_ipv6) + use_ipv6 = use_ipv6, + socketfd = socketfd) def server_activate(self): if self.enabled: return socketserver.TCPServer.server_activate(self) @@ -2165,6 +2196,9 @@ parser.add_argument("--no-restore", action="store_false", dest="restore", help="Do not restore stored" " state") + parser.add_argument("--socket", type=int, + help="Specify a file descriptor to a network" + " socket to use instead of creating one") parser.add_argument("--statedir", metavar="DIR", help="Directory to save/restore state in") @@ -2187,6 +2221,7 @@ "use_ipv6": "True", "debuglevel": "", "restore": "True", + "socket": "", "statedir": "/var/lib/mandos" } @@ -2204,6 +2239,15 @@ if server_settings["port"]: server_settings["port"] = server_config.getint("DEFAULT", "port") + if server_settings["socket"]: + server_settings["socket"] = server_config.getint("DEFAULT", + "socket") + # Later, stdin will, and stdout and stderr might, be dup'ed + # over with an opened os.devnull. But we don't want this to + # happen with a supplied network socket. + if 0 <= server_settings["socket"] <= 2: + server_settings["socket"] = os.dup(server_settings + ["socket"]) del server_config # Override the settings from the config file with command line @@ -2211,7 +2255,7 @@ for option in ("interface", "address", "port", "debug", "priority", "servicename", "configdir", "use_dbus", "use_ipv6", "debuglevel", "restore", - "statedir"): + "statedir", "socket"): value = getattr(options, option) if value is not None: server_settings[option] = value @@ -2265,7 +2309,9 @@ use_ipv6=use_ipv6, gnutls_priority= server_settings["priority"], - use_dbus=use_dbus) + use_dbus=use_dbus, + socketfd=(server_settings["socket"] + or None)) if not debug: pidfilename = "/var/run/mandos.pid" try: @@ -2316,6 +2362,8 @@ # Close all input and output, do double fork, etc. daemon() + # multiprocessing will use threads, so before we use gobject we + # need to inform gobject that threads will be used. gobject.threads_init() global main_loop === modified file 'mandos-clients.conf.xml' --- mandos-clients.conf.xml 2012-05-12 19:29:05 +0000 +++ mandos-clients.conf.xml 2012-05-26 22:48:45 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/clients.conf"> - + %common; ]> @@ -167,12 +167,12 @@ This option is optional. - This option allows you to override the default shell - command that the server will use to check if the client is - still up. Any output of the command will be ignored, only - the exit code is checked: If the exit code of the command - is zero, the client is considered up. The command will be - run using /bin/sh + This option overrides the default shell command that the + server will use to check if the client is still up. Any + output of the command will be ignored, only the exit code + is checked: If the exit code of the command is zero, the + client is considered up. The command will be run using + /bin/sh , so PATH will be searched. The default value for the checker command is mandos.conf 5, mandos + 8, + fping 8 === modified file 'mandos-ctl' --- mandos-ctl 2012-05-20 13:52:09 +0000 +++ mandos-ctl 2012-06-01 18:39:03 +0000 @@ -63,7 +63,7 @@ server_path = "/" server_interface = domain + ".Mandos" client_interface = domain + ".Mandos.Client" -version = "1.5.4" +version = "1.5.5" def timedelta_to_milliseconds(td): """Convert a datetime.timedelta object to milliseconds""" === modified file 'mandos-keygen' --- mandos-keygen 2012-05-20 13:52:09 +0000 +++ mandos-keygen 2012-06-01 18:39:03 +0000 @@ -21,7 +21,7 @@ # Contact the authors at . # -VERSION="1.5.4" +VERSION="1.5.5" KEYDIR="/etc/keys/mandos" KEYTYPE=DSA === modified file 'mandos-monitor' --- mandos-monitor 2012-05-20 13:52:09 +0000 +++ mandos-monitor 2012-06-01 18:39:03 +0000 @@ -55,7 +55,7 @@ domain = 'se.recompile' server_interface = domain + '.Mandos' client_interface = domain + '.Mandos.Client' -version = "1.5.4" +version = "1.5.5" # Always run in monochrome mode urwid.curses_display.curses.has_colors = lambda : False === modified file 'mandos-options.xml' --- mandos-options.xml 2012-01-01 04:02:00 +0000 +++ mandos-options.xml 2012-05-26 22:21:17 +0000 @@ -97,4 +97,10 @@ class="directory">/var/lib/mandos. + + If this option is used, the server will not create a new network + socket, but will instead use the supplied file descriptor. By + default, the server will create a new network socket. + + === modified file 'mandos.conf.xml' --- mandos.conf.xml 2011-12-31 23:05:34 +0000 +++ mandos.conf.xml 2012-05-26 22:21:17 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/mandos.conf"> - + %common; ]> @@ -174,6 +174,14 @@ + + + + + + + === modified file 'mandos.lsm' --- mandos.lsm 2012-05-20 13:52:09 +0000 +++ mandos.lsm 2012-06-01 18:39:03 +0000 @@ -1,7 +1,7 @@ Begin4 Title: Mandos -Version: 1.5.4 -Entered-date: 2012-05-20 +Version: 1.5.5 +Entered-date: 2012-06-01 Description: The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. @@ -12,9 +12,9 @@ Maintained-by: teddy@recompile.se (Teddy Hogeborn), belorn@recompile.se (Björn Påhlsson) Primary-site: http://www.recompile.se/mandos - 148K mandos_1.5.4.orig.tar.gz + 148K mandos_1.5.5.orig.tar.gz Alternate-site: ftp://ftp.recompile.se/pub/mandos - 148K mandos_1.5.4.orig.tar.gz + 148K mandos_1.5.5.orig.tar.gz Platforms: Requires GCC, GNU libC, Avahi, GnuPG, Python 2.6, and various other libraries. While made for Debian GNU/Linux, it is probably portable to other distributions, but not other Unixes. === modified file 'mandos.xml' --- mandos.xml 2012-01-15 21:01:13 +0000 +++ mandos.xml 2012-05-26 22:21:17 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -100,6 +100,9 @@ + + &COMMANDNAME; @@ -299,6 +302,15 @@ + + + + + + + + === modified file 'network-hooks.d/wireless' --- network-hooks.d/wireless 2012-04-24 06:55:34 +0000 +++ network-hooks.d/wireless 2012-05-25 15:59:39 +0000 @@ -35,8 +35,7 @@ exit fi -ifkeys=`env | sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" \ - | sort -u` +ifkeys=`sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" | sort -u` # Exit if DEVICE is set and is not any of the wireless interfaces if [ -n "$DEVICE" ]; then === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2011-12-31 23:05:34 +0000 +++ plugins.d/mandos-client.c 2012-05-24 18:45:45 +0000 @@ -41,7 +41,7 @@ #include /* fprintf(), stderr, fwrite(), stdout, ferror(), remove() */ -#include /* uint16_t, uint32_t */ +#include /* uint16_t, uint32_t, intptr_t */ #include /* NULL, size_t, ssize_t */ #include /* free(), EXIT_SUCCESS, srand(), strtof(), abort() */ @@ -821,8 +821,11 @@ goto mandos_end; } - /* Spurious warning from -Wint-to-pointer-cast */ - gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd); + /* This casting via intptr_t is to eliminate warning about casting + an int to a pointer type. This is exactly how the GnuTLS Guile + function "set-session-transport-fd!" does it. */ + gnutls_transport_set_ptr(session, + (gnutls_transport_ptr_t)(intptr_t)tcp_sd); if(quit_now){ errno = EINTR; === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2011-12-31 23:05:34 +0000 +++ plugins.d/mandos-client.xml 2012-05-27 07:30:49 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -661,7 +661,7 @@ Normal invocation needs no options, if the network interface - is eth0: + can be automatically determined: &COMMANDNAME;