/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2019-03-05 21:39:15 UTC
Revision ID: teddy@recompile.se-20190305213915-xm1vw00jyy3a5tfn

mandos-ctl: Add more tests, including tests for all commands

* mandos-ctl (Test_string_to_delta.test_handles_basic_rfc3339): Add a
                                                  few more test cases.
  (TestCmd.setUp.MockClient.Set, TestCmd.setUp.MockClient.Get): Don't
  append to self.calls, since nobody should use it to check for Set()
  or Get() calls; instead, the return value of Get() should be
  inspected, and the MockClient.attributes dict should be inspected
  after (implicitly) calling Set().
  (Unique): New; stand-in for unittest.mock.sentinel.
  (TestPropertyCmd): New; abstract class testing PropertyCmd classes.
  (TestBumpTimeoutCmd, TestStartCheckerCmd, TestStopCheckerCmd,
  TestApproveByDefaultCmd, TestDenyByDefaultCmd): New.
  (TestValueArgumentPropertyCmd): New; abstract class for testing
                                  those PropertyCmd classes which also
                                  inherit from ValueArgumentMixIn.
  (TestSetCheckerCmd, TestSetHostCmd, TestSetSecretCmd,
  TestSetTimeoutCmd, TestSetExtendedTimeoutCmd, TestSetIntervalCmd,
  TestSetApprovalDelayCmd, TestSetApprovalDurationCmd): New.

files removed:
debian/po/POTFILES.in

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

files modified:
.bzrignore

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.templates

debian/mandos.lintian-overrides

debian/mandos.templates

debian/rules

initramfs-unpack

intro.xml

mandos

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-04-10">

4

<!ENTITY TIMESTAMP "2019-02-10">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

131

131

</para>

132

132

<para>

133

133

So, at boot time, the Mandos client will ask for its encrypted

134

data over the network, decrypt the data to get the password, use

135

the password to decrypt the root file system, and the client can

136

then continue booting.

134

data over the network, decrypt it to get the password, use it to

135

decrypt the root file, and continue booting.

137

136

</para>

138

137

<para>

139

138

Now, of course the initial RAM disk image is not on the

145

144

long, and will no longer give out the encrypted key. The timing

146

145

here is the only real weak point, and the method, frequency and

147

146

timeout of the server’s checking can be adjusted to any desired

148

level of paranoia.

147

level of paranoia

149

148

</para>

150

149

<para>

151

150

(The encrypted keys on the Mandos server is on its normal file

Older »