/mandos/trunk : revision 1294

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

Committer: Teddy Hogeborn
Date: 2024-09-09 01:36:41 UTC
Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k

Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

files added:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

initramfs-tools-hook-conf

files renamed:
mandos-list => mandos-ctl

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "plugin-runner">

<!ENTITY TIMESTAMP "2008-09-30">

<!ENTITY TIMESTAMP "2023-04-30">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

112

123

<arg><option>--plugin-dir=<replaceable

113

124

>DIRECTORY</replaceable></option></arg>

114

125

<sbr/>

126

<arg><option>--plugin-helper-dir=<replaceable

127

>DIRECTORY</replaceable></option></arg>

128

<sbr/>

115

129

<arg><option>--config-file=<replaceable

116

130

>FILE</replaceable></option></arg>

117

131

<sbr/>

259

273

Disable the plugin named

260

274

<replaceable>PLUGIN</replaceable>. The plugin will not be

261

275

started.

262

</para>

276

</para>

263

277

</listitem>

264

278

</varlistentry>

265

279

318

332

</varlistentry>

319

333

320

334

335

<term><option>--plugin-helper-dir

336

<replaceable>DIRECTORY</replaceable></option></term>

337

338

<para>

339

Specify a different plugin helper directory. The default

340

is <filename>/lib/mandos/plugin-helpers</filename>, which

341

will exist in the initial <acronym>RAM</acronym> disk

342

environment. (This will simply be passed to all plugins

343

via the <envar>MANDOSPLUGINHELPERDIR</envar> environment

344

variable. See <xref linkend="writing_plugins"/>)

345

</para>

346

</listitem>

347

</varlistentry>

348

349

321

350

<term><option>--config-file

322

351

323

352

394

423

<title>PLUGINS</title>

395

424

<para>

396

425

This program will get a password by running a number of

397

<firstterm>plugins</firstterm>, which are simply executable

398

programs in a directory in the initial <acronym>RAM</acronym>

399

disk environment. The default directory is

426

<firstterm>plugins</firstterm>, which are executable programs in

427

a directory in the initial <acronym>RAM</acronym> disk

428

environment. The default directory is

400

429

<filename>/lib/mandos/plugins.d</filename>, but this can be

401

430

changed with the <option>--plugin-dir</option> option. The

402

431

plugins are started in parallel, and the first plugin to output

408

437

409

438

<title>WRITING PLUGINS</title>

410

439

<para>

411

A plugin is simply a program which prints a password to its

412

standard output and then exits with a successful (zero) exit

413

status. If the exit status is not zero, any output on

440

A plugin is an executable program which prints a password to

441

its standard output and then exits with a successful (zero)

442

exit status. If the exit status is not zero, any output on

414

443

standard output will be ignored by the plugin runner. Any

415

444

output on its standard error channel will simply be passed to

416

445

the standard error of the plugin runner, usually the system

424

453

<para>

425

454

The plugin will run in the initial RAM disk environment, so

426

455

care must be taken not to depend on any files or running

427

services not available there.

456

services not available there. Any helper executables required

457

by the plugin (which are not in the <envar>PATH</envar>) can

458

be placed in the plugin helper directory, the name of which

459

will be made available to the plugin via the

460

<envar>MANDOSPLUGINHELPERDIR</envar> environment variable.

428

461

</para>

429

462

<para>

430

463

The plugin must exit cleanly and free all allocated resources

473

506

only passes on its environment to all the plugins. The

474

507

environment passed to plugins can be modified using the

475

508

<option>--global-env</option> and <option>--env-for</option>

476

options.

509

options. Also, the <option>--plugin-helper-dir</option> option

510

will affect the environment variable

511

<envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.

477

512

</para>

478

513

</refsect1>

479

514

512

547

</para>

513

548

</listitem>

514

549

</varlistentry>

550

551

<term><filename class="directory"

552

>/lib/mandos/plugins.d</filename></term>

553

554

<para>

555

The default plugin directory; can be changed by the

556

<option>--plugin-dir</option> option.

557

</para>

558

</listitem>

559

</varlistentry>

560

561

<term><filename class="directory"

562

>/lib/mandos/plugin-helpers</filename></term>

563

564

<para>

565

The default plugin helper directory; can be changed by

566

the <option>--plugin-helper-dir</option> option.

567

</para>

568

</listitem>

569

</varlistentry>

515

570

</variablelist>

516

571

</para>

517

572

</refsect1>

522

577

The <option>--config-file</option> option is ignored when

523

578

specified from within a configuration file.

524

579

</para>

580

<xi:include href="bugs.xml"/>

525

581

</refsect1>

526

582

527

583

570

626

</informalexample>

571

627

572

628

<para>

573

Run plugins from a different directory, read a different

574

configuration file, and add two options to the

629

Read a different configuration file, run plugins from a

630

different directory, specify an alternate plugin helper

631

directory and add four options to the

575

632

<citerefentry><refentrytitle >mandos-client</refentrytitle>

576

633

<manvolnum>8mandos</manvolnum></citerefentry> plugin:

577

634

</para>

578

635

<para>

579

636

580

637

581

<userinput>&COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>

638

<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt,--tls-pubkey=tls-pubkey.pem,--tls-privkey=tls-privkey.pem</userinput>

582

639

583

640

</para>

584

641

</informalexample>

616

673

617

674

618

675

<para>

676

<citerefentry><refentrytitle>intro</refentrytitle>

677

<manvolnum>8mandos</manvolnum></citerefentry>,

619

678

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

620

679

<manvolnum>8</manvolnum></citerefentry>,

621

680

<citerefentry><refentrytitle>crypttab</refentrytitle>

Older »