/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2009-09-17 02:42:49 UTC
mto: (24.1.142 mandos) (237.12.2 mandos-persistent) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 264.
Revision ID: teddy@fukt.bsnet.se-20090917024249-y6j76xtzz3i2vptv

* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
                                                   return immediately
                                                   if interrupted by
                                                   signal.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

1

1

-*- org -*-

2

2

3

* README file

4

Note that if someone takes all machines, then all systems will be encrypted and all they have is some

5

unusable key material.

3

* mandos-client

4

** TODO [#B] use scandir(3) instead of readdir(3)

5

** TODO [#B] Prefix all debug output with argv[0]

6

** TODO [#B] Retry a server which has a non-definite reply:

7

*** A closed connection during the TLS handshake

8

*** A TCP timeout

9

** TODO [#B] Use capabilities instead of seteuid().

10

11

* splashy

12

** TODO [#B] use scandir(3) instead of readdir(3)

13

** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]

14

15

* usplash

16

** TODO [#B] use scandir(3) instead of readdir(3)

17

** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]

18

19

* askpass-fifo

20

** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]

21

** TODO [#B] Drop privileges after opening FIFO.

22

23

* password-prompt

24

** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]

6

25

7

26

* plugin-runner

8

9

* password-request

10

** [#B] Temporarily lower kernel log level

11

for less printouts during sucessfull boot.

12

** IPv4 support

13

** use strsep instead of strtok?

14

** Do not depend on GnuPG key rings on disk

15

This would mean creating new GnuPG key rings with GPGME by

16

importing the key files from scratch on every program start.

17

** Keydir move: /etc/mandos -> /etc/keys/mandos

18

Must create in preinst if not pre-depending on cryptsetup

19

20

* password-prompt

27

** TODO [#B] use scandir(3) instead of readdir(3)

28

** TODO [#C] use same file name rules as run-parts(8)

21

29

22

30

* mandos (server)

23

** [#A] /etc/init.d/mandos-server :teddy:

24

** [#B] Log level :bugs:

25

** /etc/mandos/clients.d/*.conf

31

** TODO [#B] Log level :BUGS:

32

** TODO /etc/mandos/clients.d/*.conf

26

33

Watch this directory and add/remove/update clients?

27

** config for TXT record

28

** [#B] Run-time communication with server :bugs:

34

** TODO config for TXT record

35

** TODO [#B] Run-time communication with server :BUGS:

29

36

Probably using D-Bus

30

See also [[*Mandos-tools]]

31

** Implement --foreground :bugs:

32

[[info:standards:Option%20Table][Table of Long Options]]

33

** Implement --socket

34

[[info:standards:Option%20Table][Table of Long Options]]

35

** Date+time on console log messages :bugs:

37

*** Client class

38

*** Main server

39

+ SetLogLevel

40

syslogger.setLevel(logging.WARNING)

41

+ [[http://log.ometer.com/2007-05.html][Best D-Bus practices]]

42

** TODO Implement --foreground :BUGS:

43

[[info:standards:Option%20Table][Table of Long Options]]

44

** TODO Implement --socket

45

[[info:standards:Option%20Table][Table of Long Options]]

46

** TODO Date+time on console log messages :BUGS:

36

47

Is this the default?

37

** delete hook when clients fall out by timeout

38

39

* Mandos-tools/utilities

40

All of this probably using D-Bus

41

** List clients

42

** Disable client

43

** Enable client

44

** Reboot timer

45

46

* Man pages

47

** Use xinclude for common sections

48

Like authors, etc.

49

50

51

* Installer

52

** Client-side

53

*** Update initrd.img after installation

54

This seems to use some kind of "trigger" system

55

[[file:/usr/share/doc/dpkg/triggers.txt.gz]]

56

dpkg-trigger(1), deb-triggers(5)

57

*** Keydir move: /etc/mandos -> /etc/keys/mandos

58

Must create in preinst if not pre-depending on cryptsetup

59

*** mandos-keygen

60

**** "--passfile" option

61

Using the "secfile" option instead of "secret"

62

**** [#A] "--test" option

63

For testing decryption before rebooting.

64

** Server-side

65

*** [#A] Create mandos user and group for server

66

*** [#A] Create /var/run/mandos directory with perm and ownership

67

68

* [#A] Package

48

** TODO Split IPv6_TCPServer into a generic and Mandos-specific class

49

** TODO move handle_ipc out of IPv6_TCPServer

50

** TODO DBusServiceObjectUsingSuper

51

** Global enable/disable flag

52

** By-client countdown on secrets given

53

** Fix problem with fsck taking a really long time

54

Whenever a client successfully gets a secret it could get a

55

one-time timeout boost to allow for an fsck-incurred delay

56

57

* mandos.xml

58

** [[file:mandos.xml::XXX][Document D-Bus interface]]

59

60

* Provide and install /etc/dbus-1/system.d/mandos.conf

61

62

* mandos-ctl

63

*** Handle "no D-Bus server" and/or "no Mandos server found" better

64

*** [#B] --dump option

65

66

* mandos-name

67

** D-Bus mail loop w/ signal receiver

68

** Urwid/Newt client data displayer

69

*** Urwid scaffolding

70

*** Client Widgets

71

*** Properties popup

72

73

* mandos-keygen

74

** TODO Loop until passwords match when run interactively

75

** TODO "--secfile" option

76

Using the "secfile" option instead of "secret"

77

** TODO [#B] "--test" option

78

For testing decryption before rebooting.

79

80

* Makefile

81

** Implement DEB_BUILD_OPTIONS

82

http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options

83

84

* Package

69

85

** /usr/share/initramfs-tools/hooks/mandos

70

*** Do not install in initrd.img if configured not to.

71

Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf

72

question.

73

** /etc/bash_completion.d/mandos

86

*** TODO [#C] use same file name rules as run-parts(8)

87

*** TODO [#C] Do not install in initrd.img if configured not to.

88

Use "/etc/initramfs-tools/hooksconf.d/mandos"?

89

** TODO [#C] /etc/bash_completion.d/mandos

74

90

From XML sources directly?

75

** unperish

76

** bzr-builddeb

77

78

* INSTALL file

79

80

* Web site

81

82

* Mailing list

83

84

* Announce project on news

85

[[news:comp.os.linux.announce]]

86

91

87

92

88

93

#+STARTUP: showall

Older »