=== modified file 'debian/mandos-client.README.Debian' --- debian/mandos-client.README.Debian 2024-09-08 00:11:24 +0000 +++ debian/mandos-client.README.Debian 2024-09-08 00:24:32 +0000 @@ -100,12 +100,16 @@ "mandos=connect::" on the kernel command line. - For very advanced users, it is possible to specify simply - "mandos=connect" on the kernel command line to make the system only - set up the network (using the data in the "ip=" option) and not pass - any extra "--connect" options to mandos-client at boot. For this to - work, "--options-for=mandos-client:--connect=
:" needs - to be manually added to the file "/etc/mandos/plugin-runner.conf". + For very advanced users, it is possible to specify "mandos=connect" + on the kernel command line to make the system only set up the + network (using the data in the "ip=" option) and not pass any extra + "--connect" options to mandos-client at boot. For this to work, + "--options-for=mandos-client:--connect=
:" needs to be + manually added to the file "/etc/mandos/plugin-runner.conf" or, if + dracut is used with systemd, the "--connect=
:" + options needs to be added to an environment variable in an override + file for the "ask-password-mandos" service, as detailed in the file + "/usr/lib/dracut/modules.d/90mandos/ask-password-mandos.service". * Diffie-Hellman Parameters === modified file 'dracut-module/ask-password-mandos.service' --- dracut-module/ask-password-mandos.service 2020-07-04 11:58:52 +0000 +++ dracut-module/ask-password-mandos.service 2024-09-08 00:24:32 +0000 @@ -1,7 +1,7 @@ # -*- systemd -*- # -# Copyright © 2019-2020 Teddy Hogeborn -# Copyright © 2019-2020 Björn Påhlsson +# Copyright © 2019-2023 Teddy Hogeborn +# Copyright © 2019-2023 Björn Påhlsson # # This file is part of Mandos. # @@ -49,3 +49,26 @@ [Service] ExecStart=/lib/mandos/password-agent $PASSWORD_AGENT_OPTIONS -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem $MANDOS_CLIENT_OPTIONS +# +# Please keep the above line intact, exactly as it is! To add extra +# options to mandos-client, instead create an override file (e.g. with +# the command "systemctl edit --force ask-password-mandos.service"), +# and, in that file, put something like the following: +# +# [Service] +# Environment=MANDOS_CLIENT_OPTIONS=--debug +# +# Rebuild the initramfs using this command: +# +# dpkg-reconfigure dracut +# +# Once the system has booted (possibly by typing in the password +# manually), you can see the log using this command: +# +# journalctl --unit=ask-password-mandos.service +# +# Lastly, to remove the override file with extra options, run: +# +# systemctl revert ask-password-mandos.service +# +# And rebuild the initramfs again, as above.