/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2019-03-04 20:39:48 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 382.
Revision ID: teddy@recompile.se-20190304203948-x8cdobs47h1f89xk

mandos-ctl: Bug fix: fix client/properties confusion

* mandos-ctl (Command.run_on_one_client): Take an additional
                                          "properties" argument.  All
                                          callers and users changed.
  (IsEnabledCmd.is_enabled): Don't run client.Get(); just look at the
                             "Enabled" property key.
  (TestCmd.setUp): Set self.clients to the correct form of dict, and
                   set self.one_client to be a dict with only one
                   client.  Also set self.other_client to other client
                   object.  All users of these attributes changed.
  (TestCmd.setUp.MockClient.__getitem__): Removed.
  (TestCmd.setUp.MockClient.__setitem__): - '' -
  (TestIsEnabled.test_is_enabled_does_get_attribute): Removed.
  (TestIsEnabled.test_is_enabled_run_exits_with_failure): Don't use []
  to alter client attribute; modify client.attributes dict directly.
  (TestRemoveCmd.test_remove): Run on full client list.
  (TestApproveCmd.test_approve): - '' -
  (TestDenyCmd.test_approve): - '' - and rename to "test_deny".

files removed:
debian/po/POTFILES.in

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

files modified:
.bzrignore

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.templates

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/rules

initramfs-unpack

intro.xml

mandos

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-04-10">

4

<!ENTITY TIMESTAMP "2019-02-10">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

131

131

</para>

132

132

<para>

133

133

So, at boot time, the Mandos client will ask for its encrypted

134

data over the network, decrypt the data to get the password, use

135

the password to decrypt the root file system, and the client can

136

then continue booting.

134

data over the network, decrypt it to get the password, use it to

135

decrypt the root file, and continue booting.

137

136

</para>

138

137

<para>

139

138

Now, of course the initial RAM disk image is not on the

145

144

long, and will no longer give out the encrypted key. The timing

146

145

here is the only real weak point, and the method, frequency and

147

146

timeout of the server’s checking can be adjusted to any desired

148

level of paranoia.

147

level of paranoia

149

148

</para>

150

149

<para>

151

150

(The encrypted keys on the Mandos server is on its normal file

Older »