/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.lintian-overrides

Committer: Teddy Hogeborn
Date: 2019-08-05 21:14:05 UTC
Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9

Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/en_US.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-hook

initramfs-tools-script

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => plugin-runner.c

plugins.d/mandosclient.c => plugins.d/mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

debian/mandos-client.lintian-overrides

1

# This directory contains secret client key files.

2

#

3

mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755

4

5

# The directory /usr/lib/<arch>/mandos/plugins.d contains setuid

6

# binaries which are not meant to be run outside an initial RAM disk

7

# environment (except for test purposes). It would be insecure to

8

# allow anyone to run them.

9

#

10

mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugins.d/ 0700 != 0755

11

# Likewise for helper executables for plugins

12

mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugin-helpers/ 0700 != 0755

13

14

# These binaries must be setuid root, since they need root powers, but

15

# are started by plugin-runner(8mandos), which runs all plugins as

16

# user/group "_mandos". These binaries are not run in a running

17

# system, but in an initial RAM disk environment. Here they are

18

# protected from non-root access by the directory permissions, above.

19

#

20

mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/mandos-client 4755 root/root

21

mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/askpass-fifo 4755 root/root

22

mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/splashy 4755 root/root

23

mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/usplash 4755 root/root

24

mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/plymouth 4755 root/root

25

26

# The directory /etc/mandos/plugins.d can be used by local system

27

# administrators to place plugins in, overriding and complementing

28

# /usr/lib/<arch>/mandos/plugins.d, and must be likewise protected.

29

#

30

mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755

31

# Likewise for plugin-helpers directory

32

mandos-client binary: non-standard-dir-perm etc/mandos/plugin-helpers/ 0700 != 0755

33

34

# The debconf templates is only used for displaying information

35

# detected in the postinst, not for saving answers to questions, so we

36

# don't need a .config file.

37

mandos-client binary: no-debconf-config

38

39

# The notice displayed from the postinst script really is critical

40

mandos-client binary: postinst-uses-db-input

41

42

# These are very important to work around bugs or changes in the old

43

# versions, and there is no pressing need to remove them.

44

mandos-client binary: maintainer-script-supports-ancient-package-version *

Older »