/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to INSTALL

  • Committer: Teddy Hogeborn
  • Date: 2015-08-10 09:00:23 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150810090023-fz6vjqr7zf33e2tf
Support the standard org.freedesktop.DBus.ObjectManager interface.

Now that the D-Bus standard has an interface to keep track of new and
removed objects, use that instead of our own methods.  This deprecates
our D-Bus methods "GetAllClients" and "GetAllClientsWithProperties"
and the signals "ClientAdded" and "ClientRemoved", all on the server
interface "se.recompile.Mandos".

* DBUS-API: Removed references to deprecated methods and signals;
  insert reference to the org.freedesktop.DBus.ObjectManager
  interface.
* mandos (DBusObjectWithProperties._get_all_interface_names): New.
  (dbus.OBJECT_MANAGER_IFACE): If not present, monkey patch.
  (DBusObjectWithObjectManager): New.
  (main/MandosDBusService): Inherit from DBusObjectWithObjectManager.
  (main/MandosDBusService.ClientRemoved): Annotate as deprecated.
  (main/MandosDBusService.GetAllClients): - '' -
  (main/MandosDBusService.GetAllClientsWithProperties): Annotate as
                                                        deprecated.
                                                        Also only
                                                        return
                                                        properties on
                                                        client
                                                        interface.
  (main/MandosDBusService.RemoveClient): Call client_removed_signal
                                         instead of ClientRemoved.
  (main/MandosDBusService.GetManagedObjects): New.
  (main/MandosDBusService.client_added_signal): New.
  (main/MandosDBusService.client_removed_signal): - '' -
  (main/cleanup): Call "client_removed_signal" instead of sending
                  "ClientRemoved" signal directly.
  (main): Call "client_added_signal" instead of sending "ClientAdded"
          signal directly.
* mandos-ctl: Use GetManagedObjects instead of
              GetAllClientsWithProperties.  Also, show better error
              message in case of failure to connect to the D-Bus

* mandos-monitor (MandosClientPropertyCache.properties_changed):
  Bug fix; only update properties on client interface.
  (UserInterface.find_and_remove_client): Change to accept arguments
                                          from InterfacesRemoved
                                          signal.  Also, bug fix:
                                          working error message when
                                          removing unknown client.
  (UserInterface.add_new_client): Change to accept arguments from
                                  InterfacesRemoved signal.  Pass
                                  properties to MandosClientWidget
                                  constructor.
  (UserInterface.run): Connect find_and_remove_client method to
                       InterfacesRemoved signal and the add_new_client
                       method to the InterfacesAdded signal.

Show diffs side-by-side

added added

removed removed

Lines of Context:
4
4
  
5
5
** Operating System
6
6
   
7
 
   Debian 8.0 "jessie" or Ubuntu 15.10 "Wily Werewolf" (or later).
 
7
   Debian 6.0 "squeeze" or Ubuntu 10.10 "Maverick Meerkat" (or later).
8
8
   
9
9
   This is mostly for the support scripts which make sure that the
10
10
   client is installed and started in the initial RAM disk environment
38
38
    "man -l mandos.8".
39
39
    
40
40
*** Mandos Server
41
 
    + GnuTLS 3.3          https://www.gnutls.org/
42
 
      (but not 3.6.0 or later, until 3.6.6, which works)
43
 
    + Avahi 0.6.16        https://www.avahi.org/
44
 
    + Python 3           https://www.python.org/
45
 
      Note: Python 2.7 is still supported, if the "mandos",
46
 
      "mandos-ctl", and "mandos-monitor" files are edited to contain
47
 
      "#!/usr/bin/python" instead of python3.
48
 
    + dbus-python 0.82.4 https://dbus.freedesktop.org/doc/dbus-python/
49
 
    + PyGObject 3.8      https://wiki.gnome.org/Projects/PyGObject
50
 
    + pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
 
41
    + GnuTLS 2.4          http://www.gnutls.org/
 
42
      Note: GnuTLS 3 will only work with Python-GnuTLS 2
 
43
    + Avahi 0.6.16        http://www.avahi.org/
 
44
    + Python 2.7          https://www.python.org/
 
45
    + Python-GnuTLS 1.1.5 https://pypi.python.org/pypi/python-gnutls/
 
46
    + dbus-python 0.82.4  http://dbus.freedesktop.org/doc/dbus-python/
 
47
    + PyGObject 2.14.2    https://developer.gnome.org/pygobject/
 
48
    + pkg-config  http://www.freedesktop.org/wiki/Software/pkg-config/
51
49
    + Urwid 1.0.1         http://urwid.org/
52
50
      (Only needed by the "mandos-monitor" tool.)
53
51
    
56
54
    + ssh-keyscan from OpenSSH http://www.openssh.com/
57
55
    
58
56
    Package names:
59
 
    avahi-daemon python3 python3-dbus python3-gi python3-urwid
60
 
    pkg-config fping ssh-client
 
57
    python-gnutls avahi-daemon python python-avahi python-dbus
 
58
    python-gobject python-urwid pkg-config fping ssh-client
61
59
    
62
60
*** Mandos Client
63
 
    + GNU C Library 2.17 https://gnu.org/software/libc/
64
 
    + GnuTLS 3.3        https://www.gnutls.org/
65
 
      (but not 3.6.0 or later, until 3.6.6 which works)
66
 
    + Avahi 0.6.16      https://www.avahi.org/
 
61
    + initramfs-tools 0.85i
 
62
                        https://tracker.debian.org/pkg/initramfs-tools
 
63
    + GnuTLS 2.4        http://www.gnutls.org/
 
64
    + Avahi 0.6.16      http://www.avahi.org/
67
65
    + GnuPG 1.4.9       https://www.gnupg.org/
68
66
    + GPGME 1.1.6       https://www.gnupg.org/related_software/gpgme/
69
 
    + pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
70
 
    + libnl-route 3     https://www.infradead.org/~tgr/libnl/
71
 
    + GLib 2.40         http://www.gtk.org/
72
 
    
73
 
    One of:
74
 
    + initramfs-tools 0.85i
75
 
                        https://tracker.debian.org/pkg/initramfs-tools
76
 
    + dracut 044+241
77
 
         http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
 
67
    + pkg-config  http://www.freedesktop.org/wiki/Software/pkg-config/
78
68
    
79
69
    Strongly recommended:
80
70
    + OpenSSH           http://www.openssh.com/
81
71
    
82
72
    Package names:
83
 
    initramfs-tools dracut libgnutls-dev gnutls-bin libavahi-core-dev
84
 
    gnupg libgpgme11-dev pkg-config ssh libnl-route-3-dev
85
 
    libglib2.0-dev
 
73
    initramfs-tools libgnutls-dev libavahi-core-dev gnupg
 
74
    libgpgme11-dev pkg-config ssh
86
75
 
87
76
* Installing the Mandos server
88
77
  
90
79
  
91
80
  2. On the computer to run as a Mandos server, run the following
92
81
     command:
93
 
     For Debian: su - -c 'make install-server'
 
82
     For Debian: su -c 'make install-server'
94
83
     For Ubuntu: sudo make install-server
95
84
     
96
85
     (This creates a configuration without any clients configured; you
102
91
  
103
92
  2. On the computer to run as a Mandos client, run the following
104
93
     command:
105
 
     For Debian: su - -c 'make install-client'
 
94
     For Debian: su -c 'make install-client'
106
95
     For Ubuntu: sudo make install-client
107
96
     
108
97
     This will also create an OpenPGP key, which will take some time
109
98
     and entropy, so be patient.
110
99
  
111
100
  3. Run the following command:
112
 
     For Debian: su - -c 'mandos-keygen --password'
 
101
     For Debian: su -c 'mandos-keygen --password'
113
102
     For Ubuntu: sudo mandos-keygen --password
114
103
     
115
104
     When prompted, enter the password/passphrase for the encrypted
127
116
        # update-initramfs -k all -u
128
117
  
129
118
  5. On the server computer, start the server by running the command
130
 
     For Debian: su - -c 'invoke-rc.d mandos start'
 
119
     For Debian: su -c 'invoke-rc.d mandos start'
131
120
     For Ubuntu: sudo service mandos start
132
121
     
133
122
     At this point, it is possible to verify that the correct password
135
124
     
136
125
        # /usr/lib/mandos/plugins.d/mandos-client \
137
126
                --pubkey=/etc/keys/mandos/pubkey.txt \
138
 
                --seckey=/etc/keys/mandos/seckey.txt \
139
 
                --tls-privkey=/etc/keys/mandos/tls-privkey.pem \
140
 
                --tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
 
127
                --seckey=/etc/keys/mandos/seckey.txt; echo
141
128
     
142
129
     This command should retrieve the password from the server,
143
130
     decrypt it, and output it to standard output.