=== modified file 'Makefile'
--- Makefile	2008-09-05 18:19:52 +0000
+++ Makefile	2008-09-05 23:39:07 +0000
@@ -126,7 +126,7 @@
 	install --mode=u=rw,go=r $^ $@
 confdir/clients.conf: clients.conf keydir/seckey.txt
 	install --directory confdir
-	install --mode=u=rw,g=r $< $@
+	install --mode=u=rw $< $@
 # Add a client password
 	./mandos-keygen --dir keydir --password >> $@
 
@@ -138,7 +138,7 @@
 	install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 	install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
 		mandos.conf
-	install --mode=u=rw,g=r --target-directory=$(CONFDIR) \
+	install --mode=u=rw --target-directory=$(CONFDIR) \
 		clients.conf
 	install --mode=u=rwx,go=rx init.d-mandos /etc/init.d/mandos
 	install --mode=u=rw,go=r default-mandos /etc/default/mandos
@@ -158,8 +158,9 @@
 		$(PREFIX)/lib/mandos/plugins.d
 	if [ "$(CONFDIR)/plugins.d" \
 			!= "$(PREFIX)/lib/mandos/plugins.d" ]; then \
-			install --directory "$(CONFDIR)/plugins.d"; \
-		fi
+		install --mode=u=rwx \
+			--directory "$(CONFDIR)/plugins.d"; \
+	fi
 	install --mode=u=rwx,go=rx \
 		--target-directory=$(PREFIX)/lib/mandos plugin-runner
 	install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
@@ -188,6 +189,7 @@
 		> $(MANDIR)/man8/password-prompt.8mandos.gz
 	gzip --best --to-stdout plugins.d/password-request.8mandos \
 		> $(MANDIR)/man8/password-request.8mandos.gz
+# Post-installation stuff
 	-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
 	update-initramfs -k all -u
 	echo "Now run mandos-keygen --password --dir $(KEYDIR)"
@@ -211,21 +213,24 @@
 		$(PREFIX)/lib/mandos/plugin-runner \
 		$(PREFIX)/lib/mandos/plugins.d/password-prompt \
 		$(PREFIX)/lib/mandos/plugins.d/password-request \
+		$(PREFIX)/lib/mandos/plugins.d/usplash \
 		/usr/share/initramfs-tools/hooks/mandos \
 		/usr/share/initramfs-tools/conf-hooks.d/mandos \
+		/usr/share/initramfs-tools/scripts/local-top/mandos \
 		$(MANDIR)/man8/plugin-runner.8mandos.gz \
 		$(MANDIR)/man8/mandos-keygen.8.gz \
 		$(MANDIR)/man8/password-prompt.8mandos.gz \
 		$(MANDIR)/man8/password-request.8mandos.gz
 	-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
-		 $(PREFIX)/lib/mandos $(CONFDIR)
+		 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 	update-initramfs -k all -u
 
 purge: purge-server purge-client
 
 purge-server: uninstall-server
 	-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
-		/etc/default/mandos /etc/init.d/mandos
+		/etc/default/mandos /etc/init.d/mandos \
+		/var/run/mandos.pid
 	-rmdir $(CONFDIR)
 
 purge-client: uninstall-client

=== modified file 'initramfs-tools-hook'
--- initramfs-tools-hook	2008-09-05 07:11:24 +0000
+++ initramfs-tools-hook	2008-09-05 23:39:07 +0000
@@ -51,6 +51,13 @@
     exit 1
 fi
 
+mandos_user="`{ getent passwd mandos \
+	|| getent passwd nobody \
+	|| echo ::65534::::; } | awk -F: '{ print $3 }'`" 
+mandos_group="`{ getent group mandos \
+	|| getent group nogroup \
+	|| echo ::65534:; } | awk -F: '{ print $3 }'`"
+
 # The Mandos network client uses the network
 auto_add_modules net
 # The Mandos network client uses IPv6
@@ -62,8 +69,10 @@
 PLUGINDIR="${MANDOSDIR}/plugins.d"
 
 # Make directories
-mkdir --parents "${DESTDIR}${CONFDIR}"
-mkdir --parents "${DESTDIR}${PLUGINDIR}"
+install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \
+	"${DESTDIR}${MANDOSDIR}"
+install --owner=${mandos_user} --group=${mandos_group} --directory \
+    --mode=u=rwx "${DESTDIR}${PLUGINDIR}"
 
 # Copy the Mandos plugin runner
 copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}"
@@ -100,12 +109,22 @@
     copy_exec /usr/bin/gpg
 fi
 
-# Config files and key files 
-for file in /etc/mandos/* "$keydir"/*; do
-    if [ -d "$file" ]; then
-	continue
-    fi
-    cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
+# Config files
+for file in /etc/mandos/*; do
+    if [ -d "$file" ]; then
+	continue
+    fi
+    cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
+done
+
+# Key files 
+for file in  "$keydir"/*; do
+    if [ -d "$file" ]; then
+	continue
+    fi
+    cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
+    chown ${mandos_user}:${mandos_group} \
+	"${DESTDIR}${CONFDIR}/`basename \"$file\"`"
 done
 
 # /lib/mandos/plugin-runner will drop priviliges, but needs access to
@@ -120,7 +139,7 @@
 # condition.  This umask is set by "initramfs-tools-hook-conf",
 # installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)
 # 
-for full in "${PLUGINDIR}" "${CONFDIR}"; do
+for full in "${MANDOSDIR}" "${CONFDIR}"; do
     while [ "$full" != "/" ]; do
 	chmod a+rX "${DESTDIR}$full"
 	full="`dirname \"$full\"`"
@@ -135,6 +154,6 @@
     fi
 done
 for dir in /lib /usr/lib; do
-    find "${DESTDIR}$dir" \! -perm /u+rw,g+r -prune -o -print0 \
+    find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -o -print0 \
 	| xargs --null --no-run-if-empty chmod a+rX
 done

=== modified file 'mandos-keygen'
--- mandos-keygen	2008-09-05 16:24:33 +0000
+++ mandos-keygen	2008-09-05 23:39:07 +0000
@@ -184,7 +184,7 @@
 stty echo; \
 " EXIT
 
-umask 027
+umask 077
 
 if [ "$mode" = keygen ]; then
     # Create batch file for GnuPG