SYSTEMD

=== modified file 'Makefile' --- Makefile 2019-08-03 12:54:59 +0000 +++ Makefile 2019-08-04 04:30:33 +0000 @@ -41,6 +41,7 @@ #COVERAGE=--coverage OPTIMIZE:=-Os -fno-strict-aliasing LANGUAGE:=-std=gnu11 +FEATURES:=-D_FILE_OFFSET_BITS=64 htmldir:=man version:=1.8.6 SED:=sed @@ -102,8 +103,8 @@ GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0) # Do not change these two -CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \ - $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"' +CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \ + $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"' LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \ ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag)) === modified file 'debian/mandos-client.lintian-overrides' --- debian/mandos-client.lintian-overrides 2019-07-25 22:44:36 +0000 +++ debian/mandos-client.lintian-overrides 2019-08-05 21:14:05 +0000 @@ -38,3 +38,7 @@ # The notice displayed from the postinst script really is critical mandos-client binary: postinst-uses-db-input + +# These are very important to work around bugs or changes in the old +# versions, and there is no pressing need to remove them. +mandos-client binary: maintainer-script-supports-ancient-package-version * === modified file 'debian/mandos-client.postrm' --- debian/mandos-client.postrm 2019-02-09 23:23:26 +0000 +++ debian/mandos-client.postrm 2019-08-05 14:31:51 +0000 @@ -31,7 +31,17 @@ # Update the initial RAM file system image update_initramfs() { - update-initramfs -u -k all || : + if command -v update-initramfs >/dev/null; then + update-initramfs -k all -u + elif command -v dracut >/dev/null; then + # Logic taken from dracut.postinst + for kernel in /boot/vmlinu[xz]-*; do + kversion="${kernel#/boot/vmlinu[xz]-}" + if [ "$kversion" != "*" ]; then + /etc/kernel/postinst.d/dracut "$kversion" + fi + done + fi } case "$1" in === modified file 'debian/mandos-client.templates' --- debian/mandos-client.templates 2019-07-27 19:28:14 +0000 +++ debian/mandos-client.templates 2019-08-05 21:00:35 +0000 @@ -5,7 +5,7 @@ file, otherwise this computer most likely will not reboot unattended. This option: . - ${key_id} + ${key_id} . must be added (all on one line!) on the Mandos server host, in the file /etc/mandos/clients.conf, right before the "fingerprint" option for this === modified file 'debian/mandos.lintian-overrides' --- debian/mandos.lintian-overrides 2019-07-26 00:44:35 +0000 +++ debian/mandos.lintian-overrides 2019-08-05 21:14:05 +0000 @@ -10,3 +10,7 @@ # The notice displayed from the postinst script really is critical mandos binary: postinst-uses-db-input + +# These are very important to work around bugs or changes in the old +# versions, and there is no pressing need to remove them. +mandos binary: maintainer-script-supports-ancient-package-version * === modified file 'debian/mandos.templates' --- debian/mandos.templates 2019-07-27 19:28:14 +0000 +++ debian/mandos.templates 2019-08-05 21:00:35 +0000 @@ -4,14 +4,14 @@ A new "key_id" client option is REQUIRED in the clients.conf file, otherwise the client most likely will not reboot unattended. This option: . - key_id = + key_id = . must be added in the file /etc/mandos/clients.conf, right before the "fingerprint" option, for each Mandos client. You must edit that file and add this option for all clients. To see the correct key ID for each client, run this command (on each client): . - mandos-keygen -F/dev/null|grep ^key_id + mandos-keygen -F/dev/null|grep ^key_id . Note: the clients must all also be using GnuTLS 3.6.6 or later; the server cannot serve passwords for both old and new clients! === added file 'debian/po/en_US.po' --- debian/po/en_US.po 1970-01-01 00:00:00 +0000 +++ debian/po/en_US.po 2019-08-05 21:00:35 +0000 @@ -0,0 +1,150 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the mandos package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: mandos\n" +"Report-Msgid-Bugs-To: mandos@packages.debian.org\n" +"POT-Creation-Date: 2019-08-05 22:57+0200\n" +"PO-Revision-Date: 2019-08-05 22:59+0200\n" +"Last-Translator: Teddy Hogeborn \n" +"Language-Team: English\n" +"Language: en_US\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid "New client option \"key_id\" is REQUIRED on server" +msgstr "New client option “key_id” is REQUIRED on server" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid "" +"A new \"key_id\" client option is REQUIRED in the clients.conf file, " +"otherwise the client most likely will not reboot unattended. This option:" +msgstr "" +"A new “key_id” client option is REQUIRED in the clients.conf file, otherwise " +"the client most likely will not reboot unattended. This option:" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid " key_id = " +msgstr " key_id = " + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid "" +"must be added in the file /etc/mandos/clients.conf, right before the " +"\"fingerprint\" option, for each Mandos client. You must edit that file and " +"add this option for all clients. To see the correct key ID for each client, " +"run this command (on each client):" +msgstr "" +"must be added in the file /etc/mandos/clients.conf, right before the " +"“fingerprint” option, for each Mandos client. You must edit that file and " +"add this option for all clients. To see the correct key ID for each client, " +"run this command (on each client):" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid " mandos-keygen -F/dev/null|grep ^key_id" +msgstr " mandos-keygen -F/dev/null|grep ^key id" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid "" +"Note: the clients must all also be using GnuTLS 3.6.6 or later; the server " +"cannot serve passwords for both old and new clients!" +msgstr "" +"Note: the clients must all also be using GnuTLS 3.6.6 or later; the server " +"cannot serve passwords for both old and new clients!" + +#. Type: note +#. Description +#: ../mandos.templates:1001 +msgid "" +"Rationale: With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP " +"keys as TLS session keys. A new TLS key pair will be generated on each " +"client and will be used as identification, but the key ID of the public key " +"needs to be added to this server, since this will now be used to identify " +"the client to the server." +msgstr "" +"Rationale: With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP " +"keys as TLS session keys. A new TLS key pair will be generated on each " +"client and will be used as identification, but the key ID of the public key " +"needs to be added to this server, since this will now be used to identify " +"the client to the server. " + +#. Type: note +#. Description +#: ../mandos.templates:2001 +msgid "Bad key IDs have been removed from clients.conf" +msgstr "Bad key IDs have been removed from clients.conf" + +#. Type: note +#. Description +#: ../mandos.templates:2001 +msgid "" +"Bad key IDs, which were created by a bug in Mandos client 1.8.0, have been " +"removed from /etc/mandos/clients.conf" +msgstr "" +"Bad key IDs, which were created by a bug in Mandos client 1.8.0, have been " +"removed from /etc/mandos/clients.conf" + +#. Type: note +#. description +#: ../mandos-client.templates:1001 +msgid "New client option \"${key_id}\" is REQUIRED on server" +msgstr "New client option “${key_id}” is REQUIRED on server" + +#. Type: note +#. description +#: ../mandos-client.templates:1001 +msgid "" +"A new \"key_id\" client option is REQUIRED in the server's clients.conf " +"file, otherwise this computer most likely will not reboot unattended. This " +"option:" +msgstr "" +"A new “key_id” client option is REQUIRED in the server’s clients.conf file, " +"otherwise this computer most likely will not reboot unattended. This option:" + +#. Type: note +#. description +#: ../mandos-client.templates:1001 +msgid " ${key_id}" +msgstr " ${key_id}" + +#. Type: note +#. description +#: ../mandos-client.templates:1001 +msgid "" +"must be added (all on one line!) on the Mandos server host, in the file /etc/" +"mandos/clients.conf, right before the \"fingerprint\" option for this Mandos " +"client. You must edit that file on that server and add this option." +msgstr "" +"must be added (all on one line!) on the Mandos server host, in the file /" +"etc/ mandos/clients.conf, right before the “fingerprint” option for this " +"Mandos client. You must edit that file on that server and add this option." + +#. Type: note +#. description +#: ../mandos-client.templates:1001 +msgid "" +"With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP keys as TLS " +"session keys. A new TLS key pair has been generated and will be used as " +"identification, but the key ID of the public key needs to be added to the " +"server, since this will now be used to identify the client to the server." +msgstr "" +"With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP keys as TLS " +"session keys. A new TLS key pair has been generated and will be used as " +"identification, but the key ID of the public key needs to be added to the " +"server, since this will now be used to identify the client to the server." === modified file 'debian/po/templates.pot' --- debian/po/templates.pot 2019-07-27 19:28:14 +0000 +++ debian/po/templates.pot 2019-08-05 21:00:35 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: mandos\n" "Report-Msgid-Bugs-To: mandos@packages.debian.org\n" -"POT-Creation-Date: 2019-07-27 21:06+0200\n" +"POT-Creation-Date: 2019-08-05 22:57+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -34,7 +34,7 @@ #. Type: note #. Description #: ../mandos.templates:1001 -msgid "key_id = " +msgid " key_id = " msgstr "" #. Type: note @@ -50,7 +50,7 @@ #. Type: note #. Description #: ../mandos.templates:1001 -msgid "mandos-keygen -F/dev/null|grep ^key_id" +msgid " mandos-keygen -F/dev/null|grep ^key_id" msgstr "" #. Type: note @@ -104,7 +104,7 @@ #. Type: note #. description #: ../mandos-client.templates:1001 -msgid "${key_id}" +msgid " ${key_id}" msgstr "" #. Type: note === modified file 'debian/source/lintian-overrides' --- debian/source/lintian-overrides 2019-07-27 19:48:18 +0000 +++ debian/source/lintian-overrides 2019-08-05 21:03:31 +0000 @@ -2,3 +2,6 @@ # .asc signature can not exist until after the orig.tar.gz has been # built as part of the Debian package build. mandos source: orig-tarball-missing-upstream-signature mandos_*.tar.gz + +# We want to backport to stretch for as long as reasonably practical +mandos source: package-uses-old-debhelper-compat-version 10 === added file 'debian/upstream/metadata' --- debian/upstream/metadata 1970-01-01 00:00:00 +0000 +++ debian/upstream/metadata 2019-08-04 12:39:39 +0000 @@ -0,0 +1,13 @@ +# -*- yaml -*- +--- +Bug-Submit: mailto:mandos-dev@recompile.se +Changelog: https://bzr.recompile.se/loggerhead/mandos/trunk/view/head:/NEWS +Contact: mandos@recompile.se +Documentation: https://www.recompile.se/mandos/man/intro.8mandos +FAQ: https://www.recompile.se/mandos/man/intro.8mandos#faq +Name: Mandos +Other-References: https://www.recompile.se/mandos +Registration: https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev +Repository: https://ftp.recompile.se/pub/mandos/trunk +Repository-Browse: https://bzr.recompile.se/loggerhead/mandos/trunk/files +Security-Contact: mandos@recompile.se === modified file 'intro.xml' --- intro.xml 2019-04-10 20:33:13 +0000 +++ intro.xml 2019-08-04 12:42:49 +0000 @@ -1,7 +1,7 @@ + %common; ]> @@ -384,7 +384,36 @@ plugin requirements. - + + + SYSTEMD + + More advanced startup systems like systemd1, + already have their own plugin-like mechanisms for allowing + multiple agents to independently retrieve a password and deliver + it to the subsystem requesting a password to unlock the root + file system. On these systems, it would make no sense to run + plugin-runner8mandos, the plugins of + which would largely duplicate the work of (and conflict with) + the existing systems prompting for passwords. + + + As for systemd1 in particular, it has + its own Password Agents system. Mandos uses this via its + password-agent8mandos program, which + is run instead of plugin-runner8mandos when systemd1 + is used during system startup. + + BUGS @@ -405,6 +434,8 @@ 8, plugin-runner 8mandos, + password-agent + 8mandos, mandos-client 8mandos, password-prompt === modified file 'mandos.lsm' --- mandos.lsm 2019-08-03 12:54:59 +0000 +++ mandos.lsm 2019-08-03 13:42:21 +0000 @@ -12,9 +12,9 @@ Maintained-by: teddy@recompile.se (Teddy Hogeborn), belorn@recompile.se (Björn Påhlsson) Primary-site: https://www.recompile.se/mandos - 230K mandos_1.8.6.orig.tar.gz + 233K mandos_1.8.6.orig.tar.gz Alternate-site: ftp://ftp.recompile.se/pub/mandos - 230K mandos_1.8.6.orig.tar.gz + 233K mandos_1.8.6.orig.tar.gz Platforms: Requires GCC, GNU libC, Avahi, GnuPG, Python 2.7, and various other libraries. While made for Debian GNU/Linux, it is probably portable to other