/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to overview.xml

Committer: Teddy Hogeborn
Date: 2024-09-08 05:08:20 UTC
Revision ID: teddy@recompile.se-20240908050820-jpkid6ufjb9n107o

http://bugs.debian.org/1079588

Fix #1079588 by not outputting to stdout in maintainer scripts

From The Debconf Programmer's Tutorial: "Anything your maintainer
scripts output to standard output is passed into the frontend as a
command".  We must make sure to redirect stdout to stderr for every
command in the postinst and postrm scripts which might output to
stdout.

* debian/mandos-client.postinst (update_initramfs): Add "1>&2" to
  invocations of update-initramfs and /etc/kernel/postinst.d/dracut.
  (add_mandos_user): Add "1>&2" to invocations of usermod, groupmod,
  and adduser.
  (create_keys): Add "1>&2" to invocations of mandos-keygen,
  gpg-connect-agent, certtool, and openssl.
  (create_dh_params): Add "1>&2" to invocations of certtool and
  openssl.  Add "--force" option to "rm".
* debian/mandos-client.postrm (update_initramfs): Add "1>&2" to
  invocations of update-initramfs and /etc/kernel/postinst.d/dracut.

Closes: #1079588
Reported-By: Ben Hutchings <ben@decadent.org.uk>

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.maintscript

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
etc-plugins.d-README

initramfs-tools-hook-conf

plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

6

6

encrypted root file systems and at the same time be capable of

7

7

remote and/or unattended reboots. The computers run a small client

8

8

program in the initial <acronym>RAM</acronym> disk environment which

9

will communicate with a server over a network. The clients are

10

identified by the server using a OpenPGP key; each client has one

11

unique to it. The server sends the clients an encrypted password.

12

The encrypted password is decrypted by the clients using the same

13

OpenPGP key, and the password is then used to unlock the root file

14

system, whereupon the computers can continue booting normally.

9

will communicate with a server over a network. All network

10

communication is encrypted using <acronym>TLS</acronym>. The

11

clients are identified by the server using a TLS key; each client

12

has one unique to it. The server sends the clients an encrypted

13

password. The encrypted password is decrypted by the clients using

14

a separate OpenPGP key, and the password is then used to unlock the

15

root file system, whereupon the computers can continue booting

16

normally.

15

17

</para>

Older »