=== modified file 'Makefile' --- Makefile 2008-08-18 23:55:28 +0000 +++ Makefile 2008-08-19 13:25:14 +0000 @@ -32,7 +32,7 @@ $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) LDFLAGS=$(COVERAGE) -DOCBOOKTOMAN=xsltproc --nonet \ +DOCBOOKTOMAN=xsltproc --nonet --xinclude \ --param man.charmap.use.subset 0 \ --param make.year.ranges 1 \ --param make.single.year.ranges 1 \ === added file 'mandos-options.xml' --- mandos-options.xml 1970-01-01 00:00:00 +0000 +++ mandos-options.xml 2008-08-19 13:25:14 +0000 @@ -0,0 +1,66 @@ + + + + + + + + + <para id="interface"> + If this is specified, the server will only announce the service + and listen to requests on network interface + <replaceable>IF</replaceable>. Default is to use all available + interfaces. <emphasis>Note:</emphasis> a failure to bind to the + specified interface is not considered critical, and the server + does not exit. + </para> + + <para id="address"> + If this option is used, the server will only listen to a specific + address. This must currently be an IPv6 address; an IPv4 address + can only be specified using the <quote><systemitem + class="ipaddress">::FFFF:192.0.2.3</systemitem></quote> format. + Also, if a link-local address is specified, an interface should be + set, since a link-local address is only valid on a single + interface. By default, the server will listen to all available + addresses. + </para> + + <para id="port"> + If this option is used, the server will bind to that port. By + default, the server will listen to an arbitrary port given by the + operating system. + </para> + + <para id="debug"> + If the server is run in debug mode, it will run in the foreground + and print a lot of debugging information. The default is + <emphasis>not</emphasis> to run in debug mode. + </para> + + <para id="priority"> + GnuTLS priority string for the TLS handshake with the clients. + The default is + <quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>. + See <citerefentry><refentrytitle>gnutls_priority_init + </refentrytitle><manvolnum>3</manvolnum></citerefentry> for the + syntax. <emphasis>Warning</emphasis>: changing this may make the + TLS handshake fail, making communication with clients impossible. + </para> + + <para id="servicename"> + Zeroconf service name. The default is + <quote><literal>Mandos</literal></quote>. This only needs to be + changed this if it, for some reason, is necessary to run more than + one server on the same <emphasis>host</emphasis>, which would not + normally be useful. If there are name collisions on the same + <emphasis>network</emphasis>, the newer server will automatically + rename itself to <quote><literal>Mandos #2</literal></quote>, and + so on; therefore, this option is not needed in that case. + </para> + +</simplesect> === modified file 'mandos.conf.xml' --- mandos.conf.xml 2008-08-18 23:55:28 +0000 +++ mandos.conf.xml 2008-08-19 13:25:14 +0000 @@ -7,7 +7,7 @@ <!ENTITY OVERVIEW SYSTEM "overview.xml"> ]> -<refentry> +<refentry xmlns:xi="http://www.w3.org/2001/XInclude"> <refentryinfo> <title>&CONFNAME; @@ -95,104 +95,112 @@ used to provide comments. - - The options are: - - + + + OPTIONS + - interface - - - This option allows you to override the default network - interfaces. By default mandos will not bind to any - specific interface but instead use default avahi-server - behaviour. - - - - - - address - - - This option allows you to override the default network - address. By default mandos will not bind to any - specific address but instead use default avahi-server - behaviour. - - - - - - port - - - This option allows you to override the default port to - listen on. By default mandos will not specify any specific - port and instead use a random port given by the OS from - the use of INADDR_ANY. - - - - - - debug - - - This option allows you to modify debug mode with a true/false - boolean value. By default is debug set to false. - - - - - - priority - - - This option allows you to override the default gnutls - priority that will be used in gnutls session. See - gnutls_priority_init - 3for - more information on gnutls priority strings. - - - - - - servicename - - - This option allows you to override the default Zeroconf - service name use to announce mandos as a avahi service. By - default mandos will use "Mandos". - + interface + + interface = IF + + + + + + + address + + address = ADDRESS + + + + + + + port + + port = PORT + + + + + + + debug + + debug = + 1 + yes + true + on + 0 + no + false + off + + + + + + + + priority + + priority = PRIORITY + + + + + + + servicename + servicename = NAME + + + - - - EXAMPLES + + + FILES + + The file described here is &CONFPATH; + + + + + BUGS + + The [DEFAULT] is necessary because the Python + module ConfigParser + requres it. + + + + + EXAMPLE - [server] - # A configuration example - interface = eth0 - address = 2001:DB8: - port = 1025 - debug = true - priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP - servicename = Mandos +[DEFAULT] +# A configuration example +interface = eth0 +address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672 +port = 1025 +debug = true +priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP +servicename = Mandos - - - - FILES - - The file described here is &CONFPATH; - === modified file 'mandos.xml' --- mandos.xml 2008-08-18 03:50:28 +0000 +++ mandos.xml 2008-08-19 13:25:14 +0000 @@ -3,10 +3,9 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - ]> - + &COMMANDNAME; @@ -154,13 +153,7 @@ -i, --interface IF - - Only announce the server and listen to requests on network - interface IF. Default is to - use all available interfaces. Note: - a failure to bind to the specified interface is not - considered critical, and the server does not exit. - + @@ -168,16 +161,7 @@ -a, --address ADDRESS - - If this option is used, the server will only listen to a - specific address. This must currently be an IPv6 address; - an IPv4 address can be specified using the - ::FFFF:192.0.2.3 syntax. - Also, if a link-local address is specified, an interface - should be set, since a link-local address is only valid on - a single interface. By default, the server will listen to - all available addresses. - + @@ -185,11 +169,7 @@ -p, --port PORT - - If this option is used, the server to bind to that - port. By default, the server will listen to an arbitrary - port given by the operating system. - + @@ -206,11 +186,7 @@ --debug - - If the server is run in debug mode, it will run in the - foreground and print a lot of debugging information. The - default is not to run in debug mode. - + @@ -218,16 +194,7 @@ --priority PRIORITY - - GnuTLS priority string for the TLS handshake with the - clients. The default is - SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP. - See gnutls_priority_init - 3 - for the syntax. Warning: changing - this may make the TLS handshake fail, making communication - with clients impossible. - + @@ -235,18 +202,8 @@ --servicename NAME - - Zeroconf service name. The default is - Mandos. This only needs - to be changed this if it, for some reason, is necessary to - run more than one server on the same - host, which would not normally be - useful. If there are name collisions on the same - network, the newer server will - automatically rename itself to Mandos - #2, and so on; therefore, this option is - not needed in that case. - + @@ -278,7 +235,7 @@ OVERVIEW - &OVERVIEW; + This program is the server part. It is a normal server program and will run in a normal system environment, not in an initial === modified file 'overview.xml' --- overview.xml 2008-08-17 22:42:28 +0000 +++ overview.xml 2008-08-19 13:25:14 +0000 @@ -1,4 +1,6 @@ + This is part of the Mandos system for allowing host computers to have encrypted root file systems and also be capable of remote and