=== modified file 'Makefile'
--- Makefile 2008-08-17 22:42:28 +0000
+++ Makefile 2008-08-18 05:24:20 +0000
@@ -56,13 +56,13 @@
doc: $(DOCS)
%.5: %.xml
- cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^) $(MANPOST) $@
+ cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^) $(MANPOST) $(notdir $@)
%.8: %.xml
- cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^); $(MANPOST) $@
+ cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^); $(MANPOST) $(notdir $@)
%.8mandos: %.xml
- cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^) $(MANPOST) $@
+ cd $(dir $^); $(DOCBOOKTOMAN) $(notdir $^); $(MANPOST) $(notdir $@)
plugins.d/password-request: plugins.d/password-request.o
$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
=== modified file 'TODO'
--- TODO 2008-08-18 03:50:28 +0000
+++ TODO 2008-08-18 05:24:20 +0000
@@ -2,87 +2,83 @@
* [#A] README file
-* Plugin-runner
+* plugin-runner
** [#B] Add more comments to code
** [#B] Add more if(debug) calls
** [#B] Seperate more code to function for more readability
** [#A] Man page: man8/plugin-runner.8mandos
*** EXIT STATUS
- Text needed
*** EXAMPLES
Examples of normal usage, debug usage, debugging single or all
plugins, etc.
*** FILES
- Text needed
*** SECURITY
- Text needed
*** BUGS
- Text needed
*** SEE ALSO
Explaining text on what you can read
** Keydir move: /etc/mandos -> /etc/keys/mandos
Must create in preinst if not pre-depending on cryptsetup
-* Password-request
+* password-request
** [#A] Man page: man8/password-request.8mandos
-** [#B] Temporarily lower kernel log level
- for less printouts during sucessfull boot.
+*** SYNOPSIS
+ Document short options
*** DESCRIPTION
- Move options to new OPTIONS section.
State that this command is not meant to be invoked directly, but
is run as a plugin from mandos-client(8) and only run in the
initrd environment, not the real system.
+*** PURPOSE
+ As in mandos.xml
+*** OVERVIEW
+ As in mandos.xml
*** EXIT STATUS
- Create this section
-*** EXAMPLES
+*** ENVIRONMENT
+ Note that it does *not* currently use cryptsource or crypttarget.
+*** FILES
+ Describe the key files and the key ring files. Also note that
+ they should normally have been automatically created.
+*** BUGS
+*** EXAMPLE
Examples of normal usage, debug usage, debugging by connecting
directly, etc.
-*** FILES
- Describe the key files and the key ring files. Also note that
- they should normally have been automatically created.
-*** DIAGNOSTICS
- Create this section
*** SECURITY
- Create this section
-*** BUGS
- Create this section
*** SEE ALSO
- Refer to mandos-client(8mandos) and password-prompt(8mandos)
-*** ENVIRONMENT
- Document use of "cryptsource" and "crypttarget".
+ Update from mandos.xml
+** [#B] Temporarily lower kernel log level
+ for less printouts during sucessfull boot.
** IPv4 support
** use strsep instead of strtok?
** Do not depend on GnuPG key rings on disk
This would mean creating new GnuPG key rings with GPGME by
importing the key files from scratch on every program start.
-* Password-prompt
+* password-prompt
** [#A] Man page: man8/password-prompt.8mandos
+*** SYNOPSIS
+ Document short options
*** DESCRIPTION
- Move options to new OPTIONS section.
Note that this is more or less a simple getpass(3) wrapper, even
though actual use of getpass(3) is not guaranteed.
*** EXIT STATUS
- Create this section
-*** EXAMPLES
+*** ENVIRONMENT
+ Document use of "cryptsource" and "crypttarget".
+*** FILES
+*** BUGS
+*** EXAMPLE
Examples of normal usage, debug usage, with a prefix, etc.
-*** DIAGNOSTICS
- Create this section
*** SECURITY
- Create this section
Not much to do here but it is noteworthy to state the danger of
not having a fallback option.
-*** BUGS
- Create this section
*** SEE ALSO
Refer to mandos-client(8mandos) and password-request(8mandos)
+ and also, perhaps, to cryptsetup(8)?
** Use getpass(3)?
Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]
does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and
[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also
[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]
-* Mandos (server)
+* mandos (server)
** [#A] Config file man page: man5/mandos.conf (mandos.conf)
** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)
** [#A] /etc/init.d/mandos-server :teddy:
@@ -115,12 +111,6 @@
*** [#A] Create /var/run/mandos directory with perm and ownership
** mandos-keygen
-*** [#A] Command man page: man8/mandos-keygen.8
-**** EXIT STATUS
-**** FILES
-**** BUGS
-**** EXAMPLES
-**** SECURITY
*** [#A] Output cut-and-paste ready snippet for clients.conf.
* [#A] Package
=== modified file 'mandos-keygen'
--- mandos-keygen 2008-08-12 23:13:41 +0000
+++ mandos-keygen 2008-08-18 05:24:20 +0000
@@ -70,7 +70,7 @@
-n|--name) KEYNAME="$2"; shift 2;;
-e|--email) KEYEMAIL="$2"; shift 2;;
-c|--comment) KEYCOMMENT="$2"; shift 2;;
- -x|--expire) KEYCOMMENT="$2"; shift 2;;
+ -x|--expire) KEYEXPIRE="$2"; shift 2;;
-f|--force) FORCE=yes; shift;;
-v|--version) echo "$0 $VERSION"; exit;;
-h|--help) help; exit;;
@@ -188,12 +188,12 @@
# Export keys from key rings to key files
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
- --no-default-keyring --secret-keyring "$SECRING" \
+ --no-default-keyring --no-options --secret-keyring "$SECRING" \
--keyring "$PUBRING" --export-options export-minimal \
--comment "$FILECOMMENT" --output "$SECKEYFILE" \
--export-secret-keys
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
- --no-default-keyring --secret-keyring "$SECRING" \
+ --no-default-keyring --no-options --secret-keyring "$SECRING" \
--keyring "$PUBRING" --export-options export-minimal \
--comment "$FILECOMMENT" --output "$PUBKEYFILE" \
--export
=== modified file 'mandos-keygen.xml'
--- mandos-keygen.xml 2008-08-18 03:50:28 +0000
+++ mandos-keygen.xml 2008-08-18 05:24:20 +0000
@@ -279,30 +279,107 @@
EXIT STATUS
+ The exit status will be 0 if new keys were successfully created,
+ otherwise not.
+
+ ENVIRONMENT
+
+
+ TMPDIR
+
+
+ If set, temporary files will be created here. See
+ mktemp
+ 1.
+
+
+
+
+
+
FILES
+ Use the option to change where
+ &COMMANDNAME; will write the key files. The
+ default file names are shown here.
+
+
+ /etc/mandos/seckey.txt
+
+
+ OpenPGP secret key file which will be created or
+ overwritten.
+
+
+
+
+ /etc/mandos/pubkey.txt
+
+
+ OpenPGP public key file which will be created or
+ overwritten.
+
+
+
+
+ /tmp
+
+
+ Temporary files will be written here if
+ TMPDIR is not set.
+
+
+
+ BUGS
+ None are known at this time.
EXAMPLE
-
-
+
+
+ Normal invocation needs no options:
+
+
+ mandos-keygen
+
+
+
+
+ Create keys in another directory and of another type. Force
+ overwriting old key files:
+
+
+
+
+mandos-keygen --dir ~/keydir --type RSA --force
+
+
+ SECURITY
+ The and
+ options can be used to create keys of insufficient security. If
+ in doubt, leave them to the default values.
+
+
+ The key expire time is not guaranteed to be honored by
+ mandos
+ 8.
=== modified file 'plugins.d/password-prompt.xml'
--- plugins.d/password-prompt.xml 2008-08-16 20:31:21 +0000
+++ plugins.d/password-prompt.xml 2008-08-18 05:24:20 +0000
@@ -165,8 +165,14 @@
-
- NOTES
+
+ ENVIRONMENT
+
+
+
+
+
+ FILES
@@ -177,8 +183,8 @@
-
- EXAMPLES
+
+ EXAMPLE
=== modified file 'plugins.d/password-request.xml'
--- plugins.d/password-request.xml 2008-08-17 06:01:58 +0000
+++ plugins.d/password-request.xml 2008-08-18 05:24:20 +0000
@@ -229,17 +229,17 @@
+
+ ENVIRONMENT
+
+
+
+
FILES
-
-
- NOTES
-
-
- BUGS
@@ -247,8 +247,8 @@
-
- EXAMPLES
+
+ EXAMPLE