=== modified file 'Makefile' --- Makefile 2008-09-07 09:36:35 +0000 +++ Makefile 2008-09-12 19:12:40 +0000 @@ -138,11 +138,12 @@ # Add a client password ./mandos-keygen --dir keydir --password >> $@ -install: install-server install-client +install: install-server install-client-nokey install-server: doc install --directory $(CONFDIR) $(MANDIR)/man5 \ - $(MANDIR)/man8 + $(MANDIR)/man8 $(DESTDIR)/etc/init.d \ + $(DESTDIR)/etc/default $(PREFIX)/sbin install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos install --mode=u=rw,go=r --target-directory=$(CONFDIR) \ mandos.conf @@ -160,9 +161,12 @@ gzip --best --to-stdout mandos-clients.conf.5 \ > $(MANDIR)/man5/mandos-clients.conf.5.gz -install-client: all doc $(INITRAMFSTOOLS)/hooks/. +install-client-nokey: all doc install --directory $(PREFIX)/lib/mandos $(CONFDIR) \ - $(MANDIR)/man8 + $(MANDIR)/man8 $(PREFIX)/sbin \ + $(INITRAMFSTOOLS)/hooks \ + $(INITRAMFSTOOLS)/conf-hooks.d \ + $(INITRAMFSTOOLS)/scripts/local-top install --directory --mode=u=rwx $(KEYDIR) install --directory --mode=u=rwx \ $(PREFIX)/lib/mandos/plugins.d @@ -200,6 +204,8 @@ > $(MANDIR)/man8/password-prompt.8mandos.gz gzip --best --to-stdout plugins.d/mandos-client.8mandos \ > $(MANDIR)/man8/mandos-client.8mandos.gz + +install-client: install-client-nokey # Post-installation stuff -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)" update-initramfs -k all -u === modified file 'TODO' --- TODO 2008-09-06 16:31:49 +0000 +++ TODO 2008-09-12 19:12:40 +0000 @@ -1,84 +1,78 @@ -*- org -*- -* plugin-runner +* DONE plugin-runner * mandos-client -** [#B] Temporarily lower kernel log level +** TODO [#B] Temporarily lower kernel log level for less printouts during sucessfull boot. -** IPv4 support -** use strsep instead of strtok? -** Do not depend on GnuPG key rings on disk - This would mean creating new GnuPG key rings with GPGME by - importing the key files from scratch on every program start. -** Keydir move: /etc/mandos -> /etc/keys/mandos - Must create in preinst if not pre-depending on cryptsetup +** TODO IPv4 support +** TODO use strsep instead of strtok? -* password-prompt +* DONE password-prompt * mandos (server) -** [#A] /etc/init.d/mandos-server :teddy: -** [#B] Log level :bugs: -** /etc/mandos/clients.d/*.conf +** TODO [#B] Log level :bugs: +** TODO /etc/mandos/clients.d/*.conf Watch this directory and add/remove/update clients? -** config for TXT record -** [#B] Run-time communication with server :bugs: +** TODO config for TXT record +** TODO [#B] Run-time communication with server :bugs: Probably using D-Bus See also [[*Mandos-tools]] -** Implement --foreground :bugs: - [[info:standards:Option%20Table][Table of Long Options]] -** Implement --socket - [[info:standards:Option%20Table][Table of Long Options]] -** Date+time on console log messages :bugs: +** TODO Implement --foreground :bugs: + [[info:standards:Option%20Table][Table of Long Options]] +** TODO Implement --socket + [[info:standards:Option%20Table][Table of Long Options]] +** TODO Date+time on console log messages :bugs: Is this the default? -** delete hook when clients fall out by timeout +** TODO delete hook when clients fall out by timeout * Mandos-tools/utilities All of this probably using D-Bus -** List clients -** Disable client -** Enable client -** Reboot timer +** TODO List clients +** TODO Disable client +** TODO Enable client +** TODO Reset timer * Man pages -** Use xinclude for common sections +** TODO Use xinclude for all common sections Like authors, etc. * Installer ** Client-side -*** Update initrd.img after installation +*** TODO Update initrd.img after installation This seems to use some kind of "trigger" system [[file:/usr/share/doc/dpkg/triggers.txt.gz]] dpkg-trigger(1), deb-triggers(5) *** mandos-keygen -**** "--passfile" option +**** TODO [#A] Ask for password twice for confirmation +**** TODO "--passfile" option Using the "secfile" option instead of "secret" -**** [#A] "--test" option +**** TODO [#A] "--test" option For testing decryption before rebooting. ** Server-side -*** [#A] Create mandos user and group for server -*** [#A] Create /var/run/mandos directory with perm and ownership -*** [#A] install rc.d script and do update-rc.d - between config files and man pages +*** TODO [#A] Create mandos user and group for server * [#A] Package ** /usr/share/initramfs-tools/hooks/mandos -*** Do not install in initrd.img if configured not to. +*** TODO Do not install in initrd.img if configured not to. Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf question. -** /etc/bash_completion.d/mandos +** TODO /etc/bash_completion.d/mandos From XML sources directly? -** unperish -** bzr-builddeb - -* INSTALL file - -* Web site +** TODO unperish +** DONE bzr-builddeb + +* TODO Web site * Mailing list +** TODO mandos-dev +*** TODO http://gmane.org/subscribe.php +** TODO mandos-user +*** TODO http://gmane.org/subscribe.php -* Announce project on news +* TODO Announce project on news [[news:comp.os.linux.announce]] === added directory 'debian' === modified file 'mandos-clients.conf.xml' --- mandos-clients.conf.xml 2008-09-04 13:36:59 +0000 +++ mandos-clients.conf.xml 2008-09-12 19:12:40 +0000 @@ -4,7 +4,7 @@ /etc/mandos/clients.conf"> - + ]> @@ -37,7 +37,7 @@ - + &CONFNAME; 5 @@ -49,11 +49,11 @@ Configuration file for the Mandos server - + &CONFPATH; - + DESCRIPTION @@ -95,9 +95,9 @@ Unknown options are ignored. The used options are as follows: - + - + @@ -126,7 +126,7 @@ - + @@ -149,7 +149,7 @@ - + @@ -223,7 +223,7 @@ - + @@ -241,7 +241,7 @@ - + @@ -313,7 +313,7 @@ mode is needed to expose an error of this kind. - + @@ -373,7 +373,6 @@ fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27 secfile = /etc/mandos/bar-secret timeout = 15m - === modified file 'mandos-keygen.xml' --- mandos-keygen.xml 2008-09-06 16:31:49 +0000 +++ mandos-keygen.xml 2008-09-12 19:12:40 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -36,7 +36,7 @@ - + &COMMANDNAME; 8 @@ -48,7 +48,7 @@ Generate key and password for Mandos client and server. - + &COMMANDNAME; @@ -197,7 +197,7 @@ - + @@ -210,7 +210,7 @@ - + @@ -222,7 +222,7 @@ - + @@ -234,7 +234,7 @@ - + @@ -247,7 +247,7 @@ - + @@ -259,7 +259,7 @@ - + @@ -271,7 +271,7 @@ - + @@ -284,7 +284,7 @@ - + @@ -298,7 +298,7 @@ - + @@ -328,7 +328,7 @@ - + OVERVIEW @@ -338,7 +338,7 @@ clients.conf on the server. - + EXIT STATUS @@ -401,13 +401,13 @@ - + - + EXAMPLE @@ -454,7 +454,7 @@ - + SECURITY @@ -469,7 +469,7 @@ 8. - + SEE ALSO === modified file 'mandos.conf.xml' --- mandos.conf.xml 2008-09-04 13:36:59 +0000 +++ mandos.conf.xml 2008-09-12 19:12:40 +0000 @@ -4,7 +4,7 @@ /etc/mandos/mandos.conf"> - + ]> @@ -37,7 +37,7 @@ - + &CONFNAME; 5 @@ -49,11 +49,11 @@ Configuration file for the Mandos server - + &CONFPATH; - + DESCRIPTION @@ -71,7 +71,7 @@ # or ; are ignored and may be used to provide comments. - + OPTIONS @@ -84,7 +84,7 @@ - + @@ -92,7 +92,7 @@ - + @@ -100,7 +100,7 @@ - + - + @@ -119,7 +119,7 @@ - + @@ -185,7 +185,7 @@ mandos-clients.conf 5 - + === modified file 'mandos.xml' --- mandos.xml 2008-09-06 16:31:49 +0000 +++ mandos.xml 2008-09-12 19:12:40 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -36,7 +36,7 @@ - + &COMMANDNAME; 8 @@ -48,7 +48,7 @@ Gives encrypted passwords to authenticated Mandos clients - + &COMMANDNAME; @@ -100,7 +100,7 @@ - + DESCRIPTION @@ -186,7 +186,7 @@ - + @@ -194,7 +194,7 @@ - + @@ -203,7 +203,7 @@ xpointer="servicename"/> - + @@ -218,7 +218,7 @@ - + @@ -229,7 +229,7 @@ - + OVERVIEW @@ -239,7 +239,7 @@ RAM disk environment. - + NETWORK PROTOCOL @@ -297,7 +297,7 @@ - + CHECKING @@ -311,7 +311,7 @@ 5. - + LOGGING @@ -321,7 +321,7 @@ and also show them on the console. - + EXIT STATUS @@ -329,7 +329,7 @@ critical error is encountered. - + ENVIRONMENT @@ -349,7 +349,7 @@ - + FILES @@ -479,7 +479,7 @@ - + SECURITY @@ -534,7 +534,7 @@ - + SEE ALSO === modified file 'overview.xml' --- overview.xml 2008-09-01 08:29:23 +0000 +++ overview.xml 2008-09-12 19:12:40 +0000 @@ -7,7 +7,7 @@ remote and/or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. The clients are - identified by the server using a OpenPGP key; each client has one + identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file === modified file 'plugin-runner.xml' --- plugin-runner.xml 2008-09-06 16:31:49 +0000 +++ plugin-runner.xml 2008-09-12 19:12:40 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -36,7 +36,7 @@ - + &COMMANDNAME; 8mandos @@ -48,7 +48,7 @@ Run Mandos plugins, pass data from first to succeed. - + &COMMANDNAME; @@ -247,7 +247,7 @@ - + @@ -261,7 +261,7 @@ - + @@ -276,7 +276,7 @@ - + @@ -289,7 +289,7 @@ - + @@ -302,7 +302,7 @@ - + @@ -365,7 +365,7 @@ - + @@ -377,7 +377,7 @@ - + OVERVIEW @@ -403,7 +403,7 @@ code will make this plugin-runner output the password from that plugin, stop any other plugins, and exit. - + WRITING PLUGINS === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2008-09-06 16:33:08 +0000 +++ plugins.d/mandos-client.xml 2008-09-12 19:12:40 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -36,7 +36,7 @@ - + &COMMANDNAME; 8mandos @@ -48,7 +48,7 @@ Client for Mandos - + &COMMANDNAME; @@ -113,7 +113,7 @@ - + DESCRIPTION @@ -215,7 +215,7 @@ - + @@ -238,7 +238,7 @@ xpointer="priority"/> - + @@ -284,7 +284,7 @@ - + @@ -296,7 +296,7 @@ - + OVERVIEW @@ -368,7 +368,7 @@ - + EXAMPLE @@ -423,7 +423,7 @@ - + SECURITY @@ -470,7 +470,7 @@ confidential. - + SEE ALSO @@ -601,8 +601,8 @@ - +