/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.xml

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-agent">
5
 
<!ENTITY TIMESTAMP "2019-07-24">
 
5
<!ENTITY TIMESTAMP "2020-09-16">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2019</year>
 
35
      <year>2020</year>
35
36
      <holder>Teddy Hogeborn</holder>
36
37
      <holder>Björn Påhlsson</holder>
37
38
    </copyright>
113
114
      be a <citerefentry><refentrytitle>systemd</refentrytitle>
114
115
      <manvolnum>1</manvolnum></citerefentry> <quote>Password
115
116
      Agent</quote> (See <ulink
116
 
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
117
 
      >Password Agents</ulink>).  The aim of this program is therefore
118
 
      to acquire and then send a password to some other program which
 
117
      url="https://systemd.io/PASSWORD_AGENTS/">Password
 
118
      Agents</ulink>).  The aim of this program is therefore to
 
119
      acquire and then send a password to some other program which
119
120
      will use the password to unlock the encrypted root disk.
120
121
    </para>
121
122
    <para>
146
147
            Specify a different agent directory.  The default is
147
148
            <quote><filename class="directory"
148
149
            >/run/systemd/ask-password</filename ></quote> as per the
149
 
            <ulink
150
 
            url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
151
 
            >Password Agents</ulink> specification.
 
150
            <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
 
151
            Agents</ulink> specification.
152
152
          </para>
153
153
        </listitem>
154
154
      </varlistentry>
270
270
      responsible for getting a password from the Mandos client
271
271
      program itself, and to send that password to whatever is
272
272
      currently asking for a password using the systemd <ulink
273
 
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
274
 
      >Password Agents</ulink> mechanism.
 
273
      url="https://systemd.io/PASSWORD_AGENTS/">Password
 
274
      Agents</ulink> mechanism.
275
275
    </para>
276
276
    <para>To accomplish this, &COMMANDNAME; runs the
277
277
    <command>mandos-client</command> program (which is the actual
281
281
    password is acquired from the
282
282
    <replaceable>MANDOS_CLIENT</replaceable> program, sends that
283
283
    password (as per the <ulink
284
 
    url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
285
 
    >Password Agents</ulink> specification) to all currently
286
 
    unanswered password questions.
 
284
    url="https://systemd.io/PASSWORD_AGENTS/">Password Agents</ulink>
 
285
    specification) to all currently unanswered password questions.
287
286
    </para>
288
287
    <para>
289
288
      This program should be started (normally as a systemd service,
330
329
            <para>
331
330
              The default directory to watch for password questions as
332
331
              per the <ulink
333
 
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
334
 
              >Password Agents</ulink> specification; can be changed
335
 
              by the <option>--agent-directory</option> option.
 
332
              url="https://systemd.io/PASSWORD_AGENTS/">Password
 
333
              Agents</ulink> specification; can be changed by the
 
334
              <option>--agent-directory</option> option.
336
335
            </para>
337
336
          </listitem>
338
337
        </varlistentry>
401
400
      <para>
402
401
 
403
402
<!-- do not wrap this line -->
404
 
<userinput>&COMMANDNAME; -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem</userinput>
 
403
<userinput>&COMMANDNAME; -- /lib/mandos/plugins.d/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem</userinput>
405
404
 
406
405
      </para>
407
406
    </informalexample>
446
445
    <variablelist>
447
446
      <varlistentry>
448
447
        <term>
449
 
          <ulink
450
 
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
451
 
              >Password Agents</ulink>
 
448
          <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
 
449
          Agents</ulink>
452
450
        </term>
453
451
        <listitem>
454
452
          <para>