4
** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]]
5
** Intro: [[http://www.eyrie.org/~eagle/notes/debian/git.html#combine][Using Git for Debian Packaging]]
6
** Use: [[https://honk.sigxcpu.org/piki/projects/git-buildpackage/][git-buildpackage]]
9
Using bzr-fastimport: [[http://www.fusonic.net/en/blog/2013/03/26/migrating-from-bazaar-to-git/][Migrating from Bazaar to Git]]
10
** Unresolved: [[http://jameswestby.net/bzr/builddeb/user_manual/split.html][bzr builddeb split mode]]
11
Maybe: [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.import.html#GBP.IMPORT.UPSTREAM.GIT.NOTARBALL][git-buildpackage - No upstream tarballs]]
12
[[http://www.python.org/dev/peps/pep-0374/][PEP 374 - Choosing a distributed VCS for the Python project]]
13
[[http://www.emacswiki.org/emacs/GitForEmacsDevs][Git For Emacs Devs]]
15
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
23
** TODO [#B] Use capabilities instead of seteuid().
24
** TODO [#B] Use struct sockaddr_storage instead of a union
25
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
26
** TODO [#B] Prefer /run/tmp over /tmp, if it exists
27
** TODO [#C] Make start_mandos_communication() take "struct server".
30
** TODO [#B] use scandir(3) instead of readdir(3)
32
* usplash (Deprecated)
33
** TODO [#A] Make it work again
34
** TODO [#B] use scandir(3) instead of readdir(3)
37
** TODO [#B] Drop privileges after opening FIFO.
40
** TODO [#B] lock stdin (with flock()?)
6
** [#B] Add more comments to code
7
** [#B] Add more if(debug) calls
8
** [#B] Seperate more code to function for more readability
11
** [#A] Man page: man8/password-request.8mandos
13
Describe the key files and the key ring files. Also note that
14
they should normally have been automatically created.
17
Examples of normal usage, debug usage, debugging by connecting
21
Update from mandos.xml
22
** [#B] Temporarily lower kernel log level
23
for less printouts during sucessfull boot.
25
** use strsep instead of strtok?
26
** Do not depend on GnuPG key rings on disk
27
This would mean creating new GnuPG key rings with GPGME by
28
importing the key files from scratch on every program start.
29
** Keydir move: /etc/mandos -> /etc/keys/mandos
30
Must create in preinst if not pre-depending on cryptsetup
33
** [#C] Use getpass(3)?
34
Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]
35
does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and
36
[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also
37
[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]
47
** TODO handle printing for errors for plugins
48
*** Hook up stderr of plugins, buffer them, and prepend "Mandos Plugin [plugin name]"
49
** TODO [#B] use scandir(3) instead of readdir(3)
50
** TODO [#C] use same file name rules as run-parts(8)
51
** kernel command line option for debug info
52
** TODO [#B] Use openat()
40
** [#A] /etc/init.d/mandos-server :teddy:
41
** [#B] Log level :bugs:
42
** /etc/mandos/clients.d/*.conf
43
Watch this directory and add/remove/update clients?
44
** config for TXT record
45
** [#B] Run-time communication with server :bugs:
47
See also [[*Mandos-tools]]
48
** Implement --foreground :bugs:
49
[[info:standards:Option%20Table][Table of Long Options]]
51
[[info:standards:Option%20Table][Table of Long Options]]
52
** Date+time on console log messages :bugs:
55
* Mandos-tools/utilities
56
All of this probably using D-Bus
62
** Use xinclude for common sections
68
*** Update initrd.img after installation
69
This seems to use some kind of "trigger" system
70
[[file:/usr/share/doc/dpkg/triggers.txt.gz]]
71
dpkg-trigger(1), deb-triggers(5)
72
*** Keydir move: /etc/mandos -> /etc/keys/mandos
73
Must create in preinst if not pre-depending on cryptsetup
75
**** "--passfile" option
76
Using the "secfile" option instead of "secret"
77
**** [#A] "--test" option
78
For testing decryption before rebooting.
80
*** [#A] Create mandos user and group for server
81
*** [#A] Create /var/run/mandos directory with perm and ownership
55
** TODO [#B] Log level :BUGS:
56
*** TODO /etc/mandos/clients.d/*.conf
57
Watch this directory and add/remove/update clients?
58
** TODO [#C] config for TXT record
59
** TODO Log level dbus option
60
SetLogLevel D-Bus call
61
** TODO [#C] DBusServiceObjectUsingSuper
62
** TODO [#B] Global enable/disable flag
63
** TODO [#B] By-client countdown on number of secrets given
64
** D-Bus Client method NeedsPassword(50) - Timeout, default disapprove
65
+ SetPass(u"gazonk", True) -> Approval, persistent
66
+ Approve(False) -> Close client connection immediately
67
** TODO [#C] python-parsedatetime
68
** TODO Separate logging logic to own object
69
** TODO [#A] Limit approval_delay to max gnutls/tls timeout value
70
** TODO [#B] break the wait on approval_delay if connection dies
71
** TODO Generate Client.runtime_expansions from client options + extra
72
** TODO Allow %%(checker)s as a runtime expansion
73
** TODO Use python-tlslite?
74
** TODO D-Bus AddClient() method on server object
75
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2:
76
** TODO Emit [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties][org.freedesktop.DBus.Properties.PropertiesChanged]] signal :2:
77
TODO Deprecate se.recompile.Mandos.Client.PropertyChanged - annotate!
78
TODO Can use "invalidates" annotation to also emit on changed secret.
79
** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object :2:
80
Deprecate methods GetAllClients(), GetAllClientsWithProperties()
81
and signals ClientAdded and ClientRemoved.
82
** TODO Save state periodically to recover better from hard shutdowns
83
** TODO CheckerCompleted method, deprecate CheckedOK
84
** TODO Secret Service API?
85
http://standards.freedesktop.org/secret-service/
86
** TODO Remove D-Bus interfaces with old domain name :2:
87
** TODO Remove old string_to_delta format :2:
88
** TODO --no-zeroconf (only valid if port or socket is set)
91
** Add mandos contact info in manual pages
94
*** Handle "no D-Bus server" and/or "no Mandos server found" better
95
*** [#B] --dump option
96
** TODO Remove old string_to_delta format :2:
98
* TODO mandos-dispatch
99
Listens for specified D-Bus signals and spawns shell commands with
103
** TODO help should be toggleable
104
** Urwid client data displayer
105
Better view of client data in the listing
107
** Print a nice "We are sorry" message, save stack trace to log.
108
** Rename module "gobject" to "GObject".
111
** TODO "--secfile" option
112
Using the "secfile" option instead of "secret"
113
** TODO [#B] "--test" option
114
For testing decryption before rebooting.
84
117
** /usr/share/initramfs-tools/hooks/mandos
85
*** Do not install in initrd.img if configured not to.
86
Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf
88
** /etc/bash_completion.d/mandos
118
*** TODO [#C] use same file name rules as run-parts(8)
119
*** TODO [#C] Do not install in initrd.img if configured not to.
120
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
121
** TODO [#C] /etc/bash_completion.d/mandos
89
122
From XML sources directly?
99
* Announce project on news
100
[[news:comp.os.linux.announce]]
125
** TODO Locate which package moves the other bin/sh when busybox is deactivated
126
** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox
103
129
#+STARTUP: showall
added
removed
TODO
