4
** TODO [#A] Clean up /tmp directory on signal
4
Note that if someone takes all machines, then all systems will be encrypted and all they have is some
7
** TODO [#B] use scandir(3) instead of readdir(3)
10
** [#B] Temporarily lower kernel log level
11
for less printouts during sucessfull boot.
13
** use strsep instead of strtok?
14
** Do not depend on GnuPG key rings on disk
15
This would mean creating new GnuPG key rings with GPGME by
16
importing the key files from scratch on every program start.
17
** Keydir move: /etc/mandos -> /etc/keys/mandos
18
Must create in preinst if not pre-depending on cryptsetup
10
** TODO [#B] Log level :BUGS:
11
** TODO /etc/mandos/clients.d/*.conf
23
** [#A] /etc/init.d/mandos-server :teddy:
24
** [#B] Log level :bugs:
25
** /etc/mandos/clients.d/*.conf
12
26
Watch this directory and add/remove/update clients?
13
** TODO config for TXT record
14
** TODO [#B] Run-time communication with server :BUGS:
27
** config for TXT record
28
** [#B] Run-time communication with server :bugs:
15
29
Probably using D-Bus
19
syslogger.setLevel(logging.WARNING)
20
+ [[http://log.ometer.com/2007-05.html][Best D-Bus practices]]
21
** TODO Implement --foreground :BUGS:
22
[[info:standards:Option%20Table][Table of Long Options]]
23
** TODO Implement --socket
24
[[info:standards:Option%20Table][Table of Long Options]]
25
** TODO Date+time on console log messages :BUGS:
30
See also [[*Mandos-tools]]
31
** Implement --foreground :bugs:
32
[[info:standards:Option%20Table][Table of Long Options]]
34
[[info:standards:Option%20Table][Table of Long Options]]
35
** Date+time on console log messages :bugs:
26
36
Is this the default?
29
** [[file:mandos.xml::XXX][Document D-Bus interface]]
31
* Provide and install /etc/dbus-1/system.d/mandos.conf
34
*** Handle "no D-Bus server" and/or "no Mandos server found" better
35
*** [#B] --dump option
40
** TODO Loop until passwords match when run interactively
41
** TODO "--secfile" option
42
Using the "secfile" option instead of "secret"
43
** TODO [#B] "--test" option
44
For testing decryption before rebooting.
37
** delete hook when clients fall out by timeout
39
* Mandos-tools/utilities
40
All of this probably using D-Bus
47
** Use xinclude for common sections
53
*** Update initrd.img after installation
54
This seems to use some kind of "trigger" system
55
[[file:/usr/share/doc/dpkg/triggers.txt.gz]]
56
dpkg-trigger(1), deb-triggers(5)
57
*** Keydir move: /etc/mandos -> /etc/keys/mandos
58
Must create in preinst if not pre-depending on cryptsetup
60
**** "--passfile" option
61
Using the "secfile" option instead of "secret"
62
**** [#A] "--test" option
63
For testing decryption before rebooting.
65
*** [#A] Create mandos user and group for server
66
*** [#A] Create /var/run/mandos directory with perm and ownership
47
69
** /usr/share/initramfs-tools/hooks/mandos
48
*** TODO [#C] Do not install in initrd.img if configured not to.
49
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
50
** TODO [#C] /etc/bash_completion.d/mandos
70
*** Do not install in initrd.img if configured not to.
71
Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf
73
** /etc/bash_completion.d/mandos
51
74
From XML sources directly?
84
* Announce project on news
85
[[news:comp.os.linux.announce]]
added
removed
TODO
