/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 01:36:41 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k
Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2015-07-20">
 
5
<!ENTITY TIMESTAMP "2019-07-29">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
37
37
      <year>2013</year>
38
38
      <year>2014</year>
39
39
      <year>2015</year>
 
40
      <year>2016</year>
 
41
      <year>2017</year>
 
42
      <year>2018</year>
 
43
      <year>2019</year>
40
44
      <holder>Teddy Hogeborn</holder>
41
45
      <holder>Björn Påhlsson</holder>
42
46
    </copyright>
51
55
  <refnamediv>
52
56
    <refname><command>&COMMANDNAME;</command></refname>
53
57
    <refpurpose>
54
 
      Control the operation of the Mandos server
 
58
      Control or query the operation of the Mandos server
55
59
    </refpurpose>
56
60
  </refnamediv>
57
61
  
59
63
    <cmdsynopsis>
60
64
      <command>&COMMANDNAME;</command>
61
65
      <group>
62
 
        <arg choice="plain"><option>--enable</option></arg>
63
 
        <arg choice="plain"><option>-e</option></arg>
64
 
        <sbr/>
65
 
        <arg choice="plain"><option>--disable</option></arg>
66
 
        <arg choice="plain"><option>-d</option></arg>
67
 
      </group>
68
 
      <sbr/>
69
 
      <group>
70
 
        <arg choice="plain"><option>--bump-timeout</option></arg>
71
 
        <arg choice="plain"><option>-b</option></arg>
72
 
      </group>
73
 
      <sbr/>
74
 
      <group>
75
 
        <arg choice="plain"><option>--start-checker</option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--stop-checker</option></arg>
80
 
      </group>
81
 
      <sbr/>
82
 
      <group>
83
 
        <arg choice="plain"><option>--remove</option></arg>
84
 
        <arg choice="plain"><option>-r</option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--checker
89
 
        <replaceable>COMMAND</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-c
91
 
        <replaceable>COMMAND</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--timeout
96
 
        <replaceable>TIME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-t
98
 
        <replaceable>TIME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--extended-timeout
103
 
        <replaceable>TIME</replaceable></option></arg>
104
 
      </group>
105
 
      <sbr/>
106
 
      <group>
107
 
        <arg choice="plain"><option>--interval
108
 
        <replaceable>TIME</replaceable></option></arg>
109
 
        <arg choice="plain"><option>-i
110
 
        <replaceable>TIME</replaceable></option></arg>
111
 
      </group>
112
 
      <sbr/>
113
 
      <group>
114
 
        <arg choice="plain"><option>--approve-by-default</option
115
 
        ></arg>
116
 
        <sbr/>
117
 
        <arg choice="plain"><option>--deny-by-default</option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <group>
121
 
        <arg choice="plain"><option>--approval-delay
122
 
        <replaceable>TIME</replaceable></option></arg>
123
 
      </group>
124
 
      <sbr/>
125
 
      <group>
126
 
        <arg choice="plain"><option>--approval-duration
127
 
        <replaceable>TIME</replaceable></option></arg>
128
 
      </group>
129
 
      <sbr/>
130
 
      <group>
131
 
        <arg choice="plain"><option>--interval
132
 
        <replaceable>TIME</replaceable></option></arg>
133
 
        <arg choice="plain"><option>-i
134
 
        <replaceable>TIME</replaceable></option></arg>
135
 
      </group>
136
 
      <sbr/>
137
 
      <group>
138
 
        <arg choice="plain"><option>--host
139
 
        <replaceable>STRING</replaceable></option></arg>
140
 
        <arg choice="plain"><option>-H
141
 
        <replaceable>STRING</replaceable></option></arg>
142
 
      </group>
143
 
      <sbr/>
144
 
      <group>
145
 
        <arg choice="plain"><option>--secret
146
 
        <replaceable>FILENAME</replaceable></option></arg>
147
 
        <arg choice="plain"><option>-s
148
 
        <replaceable>FILENAME</replaceable></option></arg>
149
 
      </group>
150
 
      <sbr/>
151
 
      <group>
152
 
        <arg choice="plain"><option>--approve</option></arg>
153
 
        <arg choice="plain"><option>-A</option></arg>
154
 
        <sbr/>
 
66
          <arg choice="plain"><option>--verbose</option></arg>
 
67
          <arg choice="plain"><option>-v</option></arg>
 
68
          <sbr/>
 
69
          <arg choice="plain"><option>--dump-json</option></arg>
 
70
          <arg choice="plain"><option>-j</option></arg>
 
71
      </group>
 
72
      <arg><option>--debug</option></arg>
 
73
      <group>
 
74
        <arg rep='repeat' choice='plain'>
 
75
          <replaceable>CLIENT</replaceable>
 
76
        </arg>
 
77
      </group>
 
78
    </cmdsynopsis>
 
79
    <cmdsynopsis>
 
80
      <command>&COMMANDNAME;</command>
 
81
      <group choice="req">
 
82
        <group>
 
83
          <arg choice="plain"><option>--enable</option></arg>
 
84
          <arg choice="plain"><option>-e</option></arg>
 
85
          <sbr/>
 
86
          <arg choice="plain"><option>--disable</option></arg>
 
87
          <arg choice="plain"><option>-d</option></arg>
 
88
        </group>
 
89
        <sbr/>
 
90
        <group>
 
91
          <arg choice="plain"><option>--bump-timeout</option></arg>
 
92
          <arg choice="plain"><option>-b</option></arg>
 
93
        </group>
 
94
        <sbr/>
 
95
        <group>
 
96
          <arg choice="plain"><option>--start-checker</option></arg>
 
97
          <arg choice="plain"><option>--stop-checker</option></arg>
 
98
        </group>
 
99
        <sbr/>
 
100
        <group>
 
101
          <arg choice="plain"><option>--checker
 
102
          <replaceable>COMMAND</replaceable></option></arg>
 
103
          <arg choice="plain"><option>-c
 
104
          <replaceable>COMMAND</replaceable></option></arg>
 
105
        </group>
 
106
        <sbr/>
 
107
        <group>
 
108
          <arg choice="plain"><option>--timeout
 
109
          <replaceable>TIME</replaceable></option></arg>
 
110
          <arg choice="plain"><option>-t
 
111
          <replaceable>TIME</replaceable></option></arg>
 
112
        </group>
 
113
        <sbr/>
 
114
        <group>
 
115
          <arg choice="plain"><option>--extended-timeout
 
116
          <replaceable>TIME</replaceable></option></arg>
 
117
        </group>
 
118
        <sbr/>
 
119
        <group>
 
120
          <arg choice="plain"><option>--interval
 
121
          <replaceable>TIME</replaceable></option></arg>
 
122
          <arg choice="plain"><option>-i
 
123
          <replaceable>TIME</replaceable></option></arg>
 
124
        </group>
 
125
        <sbr/>
 
126
        <group>
 
127
          <arg choice="plain"><option>--approve-by-default</option
 
128
          ></arg>
 
129
          <sbr/>
 
130
          <arg choice="plain"><option>--deny-by-default</option></arg>
 
131
        </group>
 
132
        <sbr/>
 
133
        <group>
 
134
          <arg choice="plain"><option>--approval-delay
 
135
          <replaceable>TIME</replaceable></option></arg>
 
136
        </group>
 
137
        <sbr/>
 
138
        <group>
 
139
          <arg choice="plain"><option>--approval-duration
 
140
          <replaceable>TIME</replaceable></option></arg>
 
141
        </group>
 
142
        <sbr/>
 
143
        <group>
 
144
          <arg choice="plain"><option>--host
 
145
          <replaceable>STRING</replaceable></option></arg>
 
146
          <arg choice="plain"><option>-H
 
147
          <replaceable>STRING</replaceable></option></arg>
 
148
        </group>
 
149
        <sbr/>
 
150
        <group>
 
151
          <arg choice="plain"><option>--secret
 
152
          <replaceable>FILENAME</replaceable></option></arg>
 
153
          <arg choice="plain"><option>-s
 
154
          <replaceable>FILENAME</replaceable></option></arg>
 
155
        </group>
 
156
        <sbr/>
 
157
        <group>
 
158
          <arg choice="plain"><option>--approve</option></arg>
 
159
          <arg choice="plain"><option>-A</option></arg>
 
160
          <sbr/>
 
161
          <arg choice="plain"><option>--deny</option></arg>
 
162
          <arg choice="plain"><option>-D</option></arg>
 
163
        </group>
 
164
      </group>
 
165
      <sbr/>
 
166
      <arg><option>--debug</option></arg>
 
167
      <group choice="req">
 
168
        <arg choice="plain"><option>--all</option></arg>
 
169
        <arg choice="plain"><option>-a</option></arg>
 
170
        <arg rep='repeat' choice='plain'>
 
171
          <replaceable>CLIENT</replaceable>
 
172
        </arg>
 
173
      </group>
 
174
    </cmdsynopsis>
 
175
    <cmdsynopsis>
 
176
      <command>&COMMANDNAME;</command>
 
177
      <group>
155
178
        <arg choice="plain"><option>--deny</option></arg>
156
179
        <arg choice="plain"><option>-D</option></arg>
157
180
      </group>
 
181
      <group choice="req">
 
182
          <arg choice="plain"><option>--remove</option></arg>
 
183
          <arg choice="plain"><option>-r</option></arg>
 
184
      </group>
158
185
      <sbr/>
 
186
      <arg><option>--debug</option></arg>
159
187
      <group choice="req">
160
188
        <arg choice="plain"><option>--all</option></arg>
161
189
        <arg choice="plain"><option>-a</option></arg>
166
194
    </cmdsynopsis>
167
195
    <cmdsynopsis>
168
196
      <command>&COMMANDNAME;</command>
169
 
      <group>
170
 
        <arg choice="plain"><option>--verbose</option></arg>
171
 
        <arg choice="plain"><option>-v</option></arg>
172
 
      </group>
173
 
      <group>
174
 
        <arg rep='repeat' choice='plain'>
175
 
          <replaceable>CLIENT</replaceable>
176
 
        </arg>
177
 
      </group>
178
 
    </cmdsynopsis>
179
 
    <cmdsynopsis>
180
 
      <command>&COMMANDNAME;</command>
181
197
      <group choice="req">
182
198
        <arg choice="plain"><option>--is-enabled</option></arg>
183
199
        <arg choice="plain"><option>-V</option></arg>
184
200
      </group>
 
201
      <arg><option>--debug</option></arg>
185
202
      <arg choice='plain'><replaceable>CLIENT</replaceable></arg>
186
203
    </cmdsynopsis>
187
204
    <cmdsynopsis>
207
224
  <refsect1 id="description">
208
225
    <title>DESCRIPTION</title>
209
226
    <para>
210
 
      <command>&COMMANDNAME;</command> is a program to control the
211
 
      operation of the Mandos server <citerefentry><refentrytitle
212
 
      >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
 
227
      <command>&COMMANDNAME;</command> is a program to control or
 
228
      query the operation of the Mandos server
 
229
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
 
230
      >8</manvolnum></citerefentry>.
213
231
    </para>
214
232
    <para>
215
233
      This program can be used to change client settings, approve or
473
491
      </varlistentry>
474
492
      
475
493
      <varlistentry>
 
494
        <term><option>--dump-json</option></term>
 
495
        <term><option>-j</option></term>
 
496
        <listitem>
 
497
          <para>
 
498
            Dump client settings as JSON to standard output.
 
499
          </para>
 
500
        </listitem>
 
501
      </varlistentry>
 
502
      
 
503
      <varlistentry>
476
504
        <term><option>--is-enabled</option></term>
477
505
        <term><option>-V</option></term>
478
506
        <listitem>
484
512
      </varlistentry>
485
513
      
486
514
      <varlistentry>
 
515
        <term><option>--debug</option></term>
 
516
        <listitem>
 
517
          <para>
 
518
            Show debug output; currently, this means show D-Bus calls.
 
519
          </para>
 
520
        </listitem>
 
521
      </varlistentry>
 
522
      
 
523
      <varlistentry>
487
524
        <term><option>--check</option></term>
488
525
        <listitem>
489
526
          <para>
513
550
    </para>
514
551
  </refsect1>
515
552
  
516
 
<!--   <refsect1 id="bugs"> -->
517
 
<!--     <title>BUGS</title> -->
518
 
<!--     <para> -->
519
 
<!--     </para> -->
520
 
<!--   </refsect1> -->
 
553
  <refsect1 id="bugs">
 
554
    <title>BUGS</title>
 
555
    <xi:include href="bugs.xml"/>
 
556
  </refsect1>
521
557
  
522
558
  <refsect1 id="example">
523
559
    <title>EXAMPLE</title>
 
560
    <!-- Name of test methods in class Test_commands_from_options are
 
561
         written in comments below.  When adding an example, add a
 
562
         test too which tests the documented behavior. -->
524
563
    <informalexample>
 
564
      <!-- Test method: test_manual_page_example_1() -->
525
565
      <para>
526
566
        To list all clients:
527
567
      </para>
531
571
    </informalexample>
532
572
    
533
573
    <informalexample>
 
574
      <!-- Test method: test_manual_page_example_2() -->
534
575
      <para>
535
576
        To list <emphasis>all</emphasis> settings for the clients
536
577
        named <quote>foo1.example.org</quote> and <quote
545
586
    </informalexample>
546
587
    
547
588
    <informalexample>
 
589
      <!-- Test method: test_manual_page_example_3() -->
548
590
      <para>
549
591
        To enable all clients:
550
592
      </para>
554
596
    </informalexample>
555
597
    
556
598
    <informalexample>
 
599
      <!-- Test method: test_manual_page_example_4() -->
557
600
      <para>
558
601
        To change timeout and interval value for the clients
559
602
        named <quote>foo1.example.org</quote> and <quote
562
605
      <para>
563
606
 
564
607
<!-- do not wrap this line -->
565
 
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
 
608
<userinput>&COMMANDNAME; --timeout=PT5M --interval=PT1M foo1.example.org foo2.example.org</userinput>
566
609
 
567
610
      </para>
568
611
    </informalexample>
569
612
    
570
613
    <informalexample>
 
614
      <!-- Test method: test_manual_page_example_5() -->
571
615
      <para>
572
 
        To approve all clients currently waiting for it:
 
616
        To approve all clients currently waiting for approval:
573
617
      </para>
574
618
      <para>
575
619
        <userinput>&COMMANDNAME; --approve --all</userinput>