/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

* debian/mandos-client.README.Debian: Document network hook facility.
* debian/mandos-client.docs (network-hooks.d): Added.
* initramfs-tools-hook: Also pass VERBOSITY to network hook.
* plugins.d/mandos-client.xml (DESCRIPTION): Document network
                                             interface selection
                                             algorithm.
  (OPTIONS/--interface): Refer to NETWORK HOOKS section.
  (OVERVIEW): Refer to password-prompt(8mandos) explicitly.
  (NETWORK HOOKS): New section.
  (FILES): Add "/lib/mandos/network-hooks.d".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2012-05-27">
 
5
<!ENTITY TIMESTAMP "2011-11-27">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2012</year>
 
36
      <year>2011</year>
37
37
      <holder>Teddy Hogeborn</holder>
38
38
      <holder>Björn Påhlsson</holder>
39
39
    </copyright>
468
468
      <para>
469
469
        A network hook must be an executable file, and its name must
470
470
        consist entirely of upper and lower case letters, digits,
471
 
        underscores, periods, and hyphens.
 
471
        underscores, and hyphens.
472
472
      </para>
473
473
      <para>
474
474
        A network hook will receive one argument, which can be one of
497
497
          <term><literal>files</literal></term>
498
498
          <listitem>
499
499
            <para>
500
 
              This should make the network hook print, <emphasis>one
501
 
              file per line</emphasis>, all the files needed for it to
502
 
              run.  (These files will be copied into the initial RAM
503
 
              filesystem.)  Typical use is for a network hook which is
504
 
              a shell script to print its needed binaries.
 
500
              This should make the network hook print, <emphasis>on
 
501
              separate lines</emphasis>, all the files needed for it
 
502
              to run.  (These files will be copied into the initial
 
503
              RAM filesystem.)  Intended use is for a network hook
 
504
              which is a shell script to print its needed binaries.
505
505
            </para>
506
506
            <para>
507
507
              It is not necessary to print any non-executable files
511
511
            </para>
512
512
          </listitem>
513
513
        </varlistentry>
514
 
        <varlistentry>
515
 
          <term><literal>modules</literal></term>
516
 
          <listitem>
517
 
            <para>
518
 
              This should make the network hook print, <emphasis>on
519
 
              separate lines</emphasis>, all the kernel modules needed
520
 
              for it to run.  (These modules will be copied into the
521
 
              initial RAM filesystem.)  For instance, a tunnel
522
 
              interface needs the
523
 
              <quote><literal>tun</literal></quote> module.
524
 
            </para>
525
 
          </listitem>
526
 
        </varlistentry>
527
514
      </variablelist>
528
515
      <para>
529
516
        The network hook will be provided with a number of environment
538
525
              <command>&COMMANDNAME;</command> by the
539
526
              <option>--network-hook-dir</option> option.  Note: this
540
527
              should <emphasis>always</emphasis> be used by the
541
 
              network hook to refer to itself or any files in the hook
542
 
              directory it may require.
 
528
              network hook to refer to itself or any files it may
 
529
              require.
543
530
            </para>
544
531
          </listitem>
545
532
        </varlistentry>
561
548
            <para>
562
549
              This will be the same as the first argument;
563
550
              i.e. <quote><literal>start</literal></quote>,
564
 
              <quote><literal>stop</literal></quote>,
565
 
              <quote><literal>files</literal></quote>, or
566
 
              <quote><literal>modules</literal></quote>.
 
551
              <quote><literal>stop</literal></quote>, or
 
552
              <quote><literal>files</literal></quote>.
567
553
            </para>
568
554
          </listitem>
569
555
        </varlistentry>
583
569
          <listitem>
584
570
            <para>
585
571
              This will be the same as the <option>--delay</option>
586
 
              option passed to <command>&COMMANDNAME;</command>.  Is
587
 
              only set if <envar>MODE</envar> is
588
 
              <quote><literal>start</literal></quote> or
589
 
              <quote><literal>stop</literal></quote>.
590
 
            </para>
591
 
          </listitem>
592
 
        </varlistentry>
593
 
        <varlistentry>
594
 
          <term><envar>CONNECT</envar></term>
595
 
          <listitem>
596
 
            <para>
597
 
              This will be the same as the <option>--connect</option>
598
 
              option passed to <command>&COMMANDNAME;</command>.  Is
599
 
              only set if <option>--connect</option> is passed and
600
 
              <envar>MODE</envar> is
601
 
              <quote><literal>start</literal></quote> or
602
 
              <quote><literal>stop</literal></quote>.
 
572
              option passed to <command>&COMMANDNAME;</command>.
603
573
            </para>
604
574
          </listitem>
605
575
        </varlistentry>
661
631
    <informalexample>
662
632
      <para>
663
633
        Normal invocation needs no options, if the network interface
664
 
        can be automatically determined:
 
634
        is <quote>eth0</quote>:
665
635
      </para>
666
636
      <para>
667
637
        <userinput>&COMMANDNAME;</userinput>