=== modified file 'Makefile' --- Makefile 2008-09-26 19:47:21 +0000 +++ Makefile 2008-09-30 03:19:39 +0000 @@ -55,6 +55,18 @@ # DocBook-to-man post-processing to fix a '\n' escape bug MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g' +DOCBOOKTOHTML=xsltproc --nonet --xinclude \ + --param make.year.ranges 1 \ + --param make.single.year.ranges 1 \ + --param man.output.quietly 1 \ + --param man.authors.section.enabled 0 \ + --param citerefentry.link 1 \ + --output $@ \ + /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \ + $<; $(HTMLPOST) $@ +# Fix citerefentry links +HTMLPOST=sed --in-place --expression='s/$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g' + PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \ plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo PROGS=plugin-runner $(PLUGINS) @@ -63,48 +75,72 @@ plugins.d/password-prompt.8mandos mandos.conf.5 \ mandos-clients.conf.5 +htmldocs=$(addsuffix .xhtml,$(DOCS)) + objects=$(addsuffix .o,$(PROGS)) all: $(PROGS) doc: $(DOCS) +html: $(htmldocs) + %.5: %.xml legalnotice.xml $(DOCBOOKTOMAN) +%.5.xhtml: %.xml legalnotice.xml + $(DOCBOOKTOHTML) %.8: %.xml legalnotice.xml $(DOCBOOKTOMAN) +%.8.xhtml: %.xml legalnotice.xml + $(DOCBOOKTOHTML) %.8mandos: %.xml legalnotice.xml $(DOCBOOKTOMAN) +%.8mandos.xhtml: %.xml legalnotice.xml + $(DOCBOOKTOHTML) mandos.8: mandos.xml mandos-options.xml overview.xml legalnotice.xml $(DOCBOOKTOMAN) +mandos.8.xhtml: mandos.xml mandos-options.xml overview.xml \ + legalnotice.xml + $(DOCBOOKTOHTML) mandos-keygen.8: mandos-keygen.xml overview.xml legalnotice.xml $(DOCBOOKTOMAN) +mandos-keygen.8.xhtml: mandos-keygen.xml overview.xml legalnotice.xml + $(DOCBOOKTOHTML) mandos.conf.5: mandos.conf.xml mandos-options.xml legalnotice.xml $(DOCBOOKTOMAN) +mandos.conf.5.xhtml: mandos.conf.xml mandos-options.xml legalnotice.xml + $(DOCBOOKTOHTML) plugin-runner.8mandos: plugin-runner.xml overview.xml legalnotice.xml $(DOCBOOKTOMAN) +plugin-runner.8mandos.xhtml: plugin-runner.xml overview.xml \ + legalnotice.xml + $(DOCBOOKTOHTML) plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \ mandos-options.xml \ overview.xml legalnotice.xml $(DOCBOOKTOMAN) +plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \ + mandos-options.xml \ + overview.xml legalnotice.xml + $(DOCBOOKTOHTML) plugins.d/mandos-client: plugins.d/mandos-client.o $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \ $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@ -.PHONY : all doc clean distclean run-client run-server install \ +.PHONY : all doc html clean distclean run-client run-server install \ install-server install-client uninstall uninstall-server \ uninstall-client purge purge-server purge-client clean: - -rm --force $(PROGS) $(objects) $(DOCS) core + -rm --force $(PROGS) $(objects) $(htmldocs) $(DOCS) core distclean: clean mostlyclean: clean @@ -141,6 +177,10 @@ install: install-server install-client-nokey +install-html: $(htmldocs) + install --directory man + install --mode=u=rw,go=r --target-directory=man $(htmldocs) + install-server: doc install --directory $(CONFDIR) install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos === modified file 'README' --- README 2008-09-17 00:34:09 +0000 +++ README 2008-09-30 03:19:39 +0000 @@ -130,6 +130,34 @@ on your door and the sudden absence of all the servers in your server room. Which it does nicely. +* The Plugin System + In the early designs, the mandos-client(8mandos) program (which + retrieves a password from the Mandos server) also prompted for a + password on the terminal, in case a Mandos server could not be + found. This duality of purpose was seen to be too complex to be a + viable way to continue. Instead, the programs are now separated + into mandos-client(8mandos) and password-prompt(8mandos), and a + plugin-runner(8mandos) exist to run them both in parallel, allowing + the first plugin to succeed to provide the password. This opened up + for any number of additional plugins to run, all competing to be the + first to find a password and provide it to the plugin runner. + + Three additional plugins are provided: + * usplash + This prompts for a password when using usplash(8). + * splashy + This prompts for a password when using splashy(8). + * askpass-fifo + To provide compatibility with the "askpass" program from + cryptsetup, this plugin listens to the same FIFO as askpass would + do. + + (None of these take any options or reads any files.) + + More plugins could easily be written and added by the system + administrator; see the section called "WRITING PLUGINS" in + plugin-runner(8mandos) to learn the plugin requirements. + * Copyright Copyright © 2008 Teddy Hogeborn === modified file 'TODO' --- TODO 2008-09-21 14:05:44 +0000 +++ TODO 2008-09-30 03:19:39 +0000 @@ -58,7 +58,8 @@ * TODO Web site ** DONE http://www.fukt.bsnet.se/mandos Redirects to the wiki page -** DONE http://wiki.fukt.bsnet.se/wiki/Mandos +** TODO http://wiki.fukt.bsnet.se/wiki/Mandos + http://liw.fi/free-software-website/ * Mailing list ** DONE mandos-dev === modified file 'debian/control' --- debian/control 2008-09-21 13:42:34 +0000 +++ debian/control 2008-09-30 03:19:39 +0000 @@ -2,11 +2,14 @@ Section: admin Priority: extra Maintainer: Mandos Maintainers +Uploaders: Teddy Hogeborn , + Björn Påhlsson Build-Depends: debhelper (>= 7), docbook-xsl, libavahi-core-dev, libgpgme11-dev, libgnutls-dev, xsltproc, po-debconf, pkg-config Standards-Version: 3.8.0 -Vcs-Bzr: ftp://anonymous@ftp.fukt.bsnet.se/pub/mandos/latest +Vcs-Bzr: http://ftp.fukt.bsnet.se/pub/mandos/trunk +Vcs-Browser: http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/files Homepage: http://www.fukt.bsnet.se/mandos Package: mandos === modified file 'mandos-options.xml' --- mandos-options.xml 2008-09-06 16:31:49 +0000 +++ mandos-options.xml 2008-09-30 03:19:39 +0000 @@ -58,8 +58,8 @@ Zeroconf service name. The default is Mandos. This only needs to be - changed this if it, for some reason, is necessary to run more than - one server on the same host, which would not + changed if for some reason is would be necessary to run more than + one server on the same host. This would not normally be useful. If there are name collisions on the same network, the newer server will automatically rename itself to Mandos #2, and === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2008-09-12 19:12:40 +0000 +++ plugins.d/mandos-client.xml 2008-09-30 03:19:39 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - + ]> @@ -449,11 +449,11 @@ The only remaining weak point is that someone with physical access to the client hard drive might turn off the client computer, read the OpenPGP keys directly from the hard drive, - and communicate with the server. The defense against this is - that the server is supposed to notice the client disappearing - and will stop giving out the encrypted data. Therefore, it is - important to set the timeout and checker interval values tightly - on the server. See mandos8.