/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.lintian-overrides

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-hook

initramfs-tools-script

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

debian/mandos-client.lintian-overrides

1

# This directory contains secret client key files.

2

mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755

3

4

# The directory /usr/lib/<arch>/mandos/plugins.d contains setuid

5

# binaries which are only meant to be run inside an initial RAM disk

6

# environment (except for test purposes). It would be insecure to

7

# allow anyone to run them.

8

mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugins.d/ 0700 != 0755

9

# Likewise for helper executables for plugins

10

mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugin-helpers/ 0700 != 0755

11

12

# These binaries must be setuid root, since they need root powers, but

13

# are started by plugin-runner(8mandos), which runs all plugins as

14

# user/group "_mandos". These binaries are never run in a running

15

# system, but only in an initial RAM disk environment. Here they are

16

# protected from non-root access by the directory permissions, above.

17

mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/mandos-client 4755 root/root

18

mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/askpass-fifo 4755 root/root

19

mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/splashy 4755 root/root

20

mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/usplash 4755 root/root

21

mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/plymouth 4755 root/root

22

23

# The directory /etc/mandos/plugins.d can be used by local system

24

# administrators to place plugins in, overriding and complementing

25

# /usr/lib/<arch>/mandos/plugins.d, and must be likewise protected.

26

mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755

27

# Likewise for plugin-helpers directory

28

mandos-client binary: non-standard-dir-perm etc/mandos/plugin-helpers/ 0700 != 0755

29

30

# The debconf templates is only used for displaying information

31

# detected in the postinst, not for saving answers to questions, so we

32

# don't need a .config file.

33

mandos-client binary: no-debconf-config

34

35

# The notice displayed from the postinst script really is critical

36

mandos-client binary: postinst-uses-db-input

37

38

# These are very important to work around bugs or changes in the old

39

# versions, and there is no pressing need to remove them.

40

mandos-client binary: maintainer-script-supports-ancient-package-version *

Older »