/mandos/release : revision 123

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-08-31 08:47:38 UTC
Revision ID: teddy@fukt.bsnet.se-20080831084738-uu70kayyt876982d

* mandos-keygen: Minor help text change.

* mandos-keygen.xml: Changed plural "keys" to singular "key"
                     throughout.
  (NAME): Improved wording.
  (DESCRIPTION): Improved wording.
  (OPTIONS): Split options in <term> tags into separate <term> tags.
             Use <option> tags.  Move long options before short
             options.  Uppercase replaceables.
  (OVERVIEW): Improved wording.
  (EXIT STATUS): Also cover --password option.
  (EXAMPLE): Add two examples using the --password option.
  (SECURITY): Improved wording.

* overview.xml: Improved wording.

Show diffs side-by-side

added added

removed removed

TODO

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** EXIT STATUS

*** EXAMPLES

*** ENVIRONMENT

Environment is modified according to options and passed to plugins

*** EXAMPLE

Examples of normal usage, debug usage, debugging single or all

plugins, etc.

*** FILES

*** SECURITY

Note the danger of using this program, since you might lock

yourself out of your system without any means of entering the root

file system password. This is, however, very unlikely considering

the fallback to getpass(3).

*** BUGS

*** SEE ALSO

Explaining text on what you can read

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-request

** [#A] Man page: man8/password-request.8mandos

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-prompt

** [#A] Man page: man8/password-prompt.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** EXIT STATUS

*** ENVIRONMENT

Document use of "cryptsource" and "crypttarget".

*** FILES

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, with a prefix, etc.

*** SECURITY

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** SEE ALSO

Refer to mandos-client(8mandos) and password-request(8mandos)

and also, perhaps, to cryptsetup(8)?

** Use getpass(3)?

** [#C] Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

* mandos (server)

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

** /etc/mandos/clients.d/*.conf

102

** Disable client

103

** Enable client

104

* Man pages

** Tags

Go through all man pages to conform to the style of tags chosen in

[[http://svn.debian.org/wsvn/debian-xml-sgml/packages/docbook-xsl/trunk/debian/examples/foo.1.example_manpage.xml?op=file&rev=0&sc=0][foo.1.example_manpage.xml]]. In particular:

*** SYNOPSIS

<arg> with inner <option> and <replaceable> tags

Unify long and short options.

**** DONE mandos-clients.conf.xml

**** DONE mandos-keygen.xml

**** DONE mandos.conf.xml

100

**** DONE mandos.xml

101

**** DONE plugin-runner.xml

102

**** DONE plugins.d/password-prompt.xml

103

**** DONE plugins.d/password-request.xml

104

*** OPTIONS

105

Separate <term> tags with <option> and <replaceable> tags.

106

**** DONE mandos-clients.conf.xml

107

**** DONE mandos-keygen.xml

108

**** DONE mandos.conf.xml

109

**** TODO mandos.xml

110

**** TODO plugin-runner.xml

111

**** TODO plugins.d/password-prompt.xml

112

**** TODO plugins.d/password-request.xml

113

** Use xinclude for common sections

114

Like copyright, authors, etc.

115

116

105

117

* Installer

106

** Client

118

** Client-side

107

119

*** Update initrd.img after installation

108

120

This seems to use some kind of "trigger" system

109

** Server

121

[[file:/usr/share/doc/dpkg/triggers.txt.gz]]

122

dpkg-trigger(1), deb-triggers(5)

123

*** Keydir move: /etc/mandos -> /etc/keys/mandos

124

Must create in preinst if not pre-depending on cryptsetup

125

*** mandos-keygen

126

**** "--passfile" option

127

Using the "secfile" option instead of "secret"

128

**** [#A] "--test" option

129

For testing decryption before rebooting.

130

** Server-side

110

131

*** [#A] Create mandos user and group for server

111

132

*** [#A] Create /var/run/mandos directory with perm and ownership

112

133

113

** mandos-keygen

114

*** [#A] Output cut-and-paste ready snippet for clients.conf.

115

116

134

* [#A] Package

117

135

** /usr/share/initramfs-tools/hooks/mandos

118

136

*** Do not install in initrd.img if configured not to.

119

137

Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf

120

138

question.

121

139

** /etc/bash_completion.d/mandos

122

*** From XML sources directly?

140

From XML sources directly?

123

141

** unperish

124

142

** bzr-builddeb

125

143

Older »