/mandos/release : revision 237.2.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
mto: (24.1.114 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 238.
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

initramfs-tools-hook-conf

files removed:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY TIMESTAMP "2008-10-03">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

127

116

128

117

</group>

129

118

<sbr/>

130

<group>

131

<arg choice="plain"><option>--tls-keytype

132

<replaceable>KEYTYPE</replaceable></option></arg>

133

<arg choice="plain"><option>-T

134

<replaceable>KEYTYPE</replaceable></option></arg>

135

</group>

136

<sbr/>

137

<group>

138

<arg choice="plain"><option>--force</option></arg>

139

140

</group>

119

<arg><option>--force</option></arg>

141

120

</cmdsynopsis>

142

121

143

122

<command>&COMMANDNAME;</command>

163

142

<arg choice="plain"><option>-n

164

143

165

144

</group>

166

<group>

167

168

169

</group>

170

145

</cmdsynopsis>

171

146

172

147

<command>&COMMANDNAME;</command>

188

163

<title>DESCRIPTION</title>

189

164

<para>

190

165

<command>&COMMANDNAME;</command> is a program to generate the

191

TLS and OpenPGP keys used by

166

OpenPGP key used by

192

167

<citerefentry><refentrytitle>mandos-client</refentrytitle>

193

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

194

normally written to /etc/keys/mandos for later installation into

195

the initrd image, but this, and most other things, can be

196

changed with command line options.

168

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

169

normally written to /etc/mandos for later installation into the

170

initrd image, but this, and most other things, can be changed

171

with command line options.

197

172

</para>

198

173

<para>

199

174

This program can also be used with the

236

211

<replaceable>DIRECTORY</replaceable></option></term>

237

212

238

213

<para>

239

Target directory for key files. Default is <filename

240

class="directory">/etc/keys/mandos</filename>.

214

Target directory for key files. Default is

215

<filename>/etc/mandos</filename>.

241

216

</para>

242

217

</listitem>

243

218

</varlistentry>

249

224

250

225

251

226

<para>

252

OpenPGP key type. Default is <quote>RSA</quote>.

227

Key type. Default is <quote>DSA</quote>.

253

228

</para>

254

229

</listitem>

255

230

</varlistentry>

261

236

262

237

263

238

<para>

264

OpenPGP key length in bits. Default is 4096.

239

Key length in bits. Default is 2048.

265

240

</para>

266

241

</listitem>

267

242

</varlistentry>

273

248

<replaceable>KEYTYPE</replaceable></option></term>

274

249

275

250

<para>

276

OpenPGP subkey type. Default is <quote>RSA</quote>

251

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

252

encryption-only).

277

253

</para>

278

254

</listitem>

279

255

</varlistentry>

285

261

286

262

287

263

<para>

288

OpenPGP subkey length in bits. Default is 4096.

264

Subkey length in bits. Default is 2048.

289

265

</para>

290

266

</listitem>

291

267

</varlistentry>

309

285

310

286

311

287

<para>

312

Comment field for key. Default is empty.

288

Comment field for key. The default value is

289

<quote><literal>Mandos client key</literal></quote>.

313

290

</para>

314

291

</listitem>

315

292

</varlistentry>

329

306

</varlistentry>

330

307

331

308

332

<term><option>--tls-keytype

333

<replaceable>KEYTYPE</replaceable></option></term>

334

<term><option>-T

335

<replaceable>KEYTYPE</replaceable></option></term>

336

337

<para>

338

TLS key type. Default is <quote>ed25519</quote>

339

</para>

340

</listitem>

341

</varlistentry>

342

343

344

309

<term><option>--force</option></term>

345

310

346

311

355

320

356

321

<para>

357

322

Prompt for a password and encrypt it with the key already

358

present in either <filename>/etc/keys/mandos</filename> or

359

the directory specified with the <option>--dir</option>

323

present in either <filename>/etc/mandos</filename> or the

324

directory specified with the <option>--dir</option>

360

325

option. Outputs, on standard output, a section suitable

361

326

for inclusion in <citerefentry><refentrytitle

362

327

>mandos-clients.conf</refentrytitle><manvolnum

379

344

</para>

380

345

</listitem>

381

346

</varlistentry>

382

383

384

385

386

<para>

387

When <option>--password</option> or

388

<option>--passfile</option> is given, this option will

389

prevent <command>&COMMANDNAME;</command> from calling

390

<command>ssh-keyscan</command> to get an SSH fingerprint

391

for this host and, if successful, output suitable config

392

options to use this fingerprint as a

393

<option>checker</option> option in the output. This is

394

otherwise the default behavior.

395

</para>

396

</listitem>

397

</varlistentry>

398

347

</variablelist>

399

348

</refsect1>

400

349

402

351

<title>OVERVIEW</title>

403

352

<xi:include href="overview.xml"/>

404

353

<para>

405

This program is a small utility to generate new TLS and OpenPGP

406

keys for new Mandos clients, and to generate sections for

407

inclusion in <filename>clients.conf</filename> on the server.

354

This program is a small utility to generate new OpenPGP keys for

355

new Mandos clients, and to generate sections for inclusion in

356

<filename>clients.conf</filename> on the server.

408

357

</para>

409

358

</refsect1>

410

359

442

391

</para>

443

392

444

393

445

<term><filename>/etc/keys/mandos/seckey.txt</filename></term>

394

<term><filename>/etc/mandos/seckey.txt</filename></term>

446

395

447

396

<para>

448

397

OpenPGP secret key file which will be created or

451

400

</listitem>

452

401

</varlistentry>

453

402

454

<term><filename>/etc/keys/mandos/pubkey.txt</filename></term>

403

<term><filename>/etc/mandos/pubkey.txt</filename></term>

455

404

456

405

<para>

457

406

OpenPGP public key file which will be created or

460

409

</listitem>

461

410

</varlistentry>

462

411

463

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

464

465

<para>

466

Private key file which will be created or overwritten.

467

</para>

468

</listitem>

469

</varlistentry>

470

471

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

472

473

<para>

474

Public key file which will be created or overwritten.

475

</para>

476

</listitem>

477

</varlistentry>

478

479

412

480

413

481

414

<para>

482

415

Temporary files will be written here if

487

420

</variablelist>

488

421

</refsect1>

489

422

490

491

492

<xi:include href="bugs.xml"/>

493

</refsect1>

423

424

425

426

427

494

428

495

429

496

430

<title>EXAMPLE</title>

516

450

</informalexample>

517

451

518

452

<para>

519

Prompt for a password, encrypt it with the keys in <filename

520

class="directory">/etc/keys/mandos</filename> and output a

521

section suitable for <filename>clients.conf</filename>.

453

Prompt for a password, encrypt it with the key in

454

<filename>/etc/mandos</filename> and output a section suitable

455

for <filename>clients.conf</filename>.

522

456

</para>

523

457

<para>

524

458

<userinput>&COMMANDNAME; --password</userinput>

526

460

</informalexample>

527

461

528

462

<para>

529

Prompt for a password, encrypt it with the keys in the

463

Prompt for a password, encrypt it with the key in the

530

464

<filename>client-key</filename> directory and output a section

531

465

suitable for <filename>clients.conf</filename>.

532

466

</para>

557

491

558

492

559

493

<para>

560

<citerefentry><refentrytitle>intro</refentrytitle>

561

<manvolnum>8mandos</manvolnum></citerefentry>,

562

494

563

495

<manvolnum>1</manvolnum></citerefentry>,

564

496

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

566

498

<citerefentry><refentrytitle>mandos</refentrytitle>

567

499

<manvolnum>8</manvolnum></citerefentry>,

568

500

<citerefentry><refentrytitle>mandos-client</refentrytitle>

569

<manvolnum>8mandos</manvolnum></citerefentry>,

570

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

571

501

<manvolnum>8mandos</manvolnum></citerefentry>

572

502

</para>

573

503

</refsect1>

574

504

Older »