/mandos/trunk : revision 1322

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

Committer: Teddy Hogeborn
Date: 2025-10-27 20:41:11 UTC
Revision ID: teddy@recompile.se-20251027204111-kj8ighpkb6e2ei4f

http://bugs.debian.org/1118977

From: Carles Pina i Estany <carles@pina.cat>

Add Catalan debconf translation

* debian/po/ca.po: New.

Closes: #1118977
Acked-by: Teddy Hogeborn <teddy@recompile.se>

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.maintscript

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/ca.po

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "plugin-runner">

<!ENTITY TIMESTAMP "2008-09-04">

<!ENTITY TIMESTAMP "2025-06-27">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

Run Mandos plugins, pass data from first to succeed.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--global-env=<replaceable

>VAR</replaceable><literal>=</literal><replaceable

>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable></option></arg>

<arg choice="plain"><option>-G

<replaceable>VAR</replaceable><literal>=</literal><replaceable

<replaceable>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable> </option></arg>

</group>

<sbr/>

111

128

<arg><option>--plugin-dir=<replaceable

112

129

>DIRECTORY</replaceable></option></arg>

113

130

<sbr/>

131

<arg><option>--plugin-helper-dir=<replaceable

132

>DIRECTORY</replaceable></option></arg>

133

<sbr/>

114

134

<arg><option>--config-file=<replaceable

115

135

>FILE</replaceable></option></arg>

116

136

<sbr/>

170

190

171

191

172

192

<term><option>--global-env

173

<replaceable>VAR</replaceable><literal>=</literal><replaceable

193

<replaceable>ENV</replaceable><literal>=</literal><replaceable

174

194

>value</replaceable></option></term>

175

195

<term><option>-G

176

<replaceable>VAR</replaceable><literal>=</literal><replaceable

196

<replaceable>ENV</replaceable><literal>=</literal><replaceable

177

197

>value</replaceable></option></term>

178

198

179

199

<para>

247

267

</para>

248

268

</listitem>

249

269

</varlistentry>

250

270

251

271

252

272

<term><option>--disable

253

273

<replaceable>PLUGIN</replaceable></option></term>

258

278

Disable the plugin named

259

279

<replaceable>PLUGIN</replaceable>. The plugin will not be

260

280

started.

261

</para>

281

</para>

262

282

</listitem>

263

283

</varlistentry>

264

284

265

285

266

286

<term><option>--enable

267

287

<replaceable>PLUGIN</replaceable></option></term>

276

296

</para>

277

297

</listitem>

278

298

</varlistentry>

279

299

280

300

281

301

<term><option>--groupid

282

302

289

309

</para>

290

310

</listitem>

291

311

</varlistentry>

292

312

293

313

294

314

<term><option>--userid

295

315

302

322

</para>

303

323

</listitem>

304

324

</varlistentry>

305

325

306

326

307

327

<term><option>--plugin-dir

308

328

<replaceable>DIRECTORY</replaceable></option></term>

317

337

</varlistentry>

318

338

319

339

340

<term><option>--plugin-helper-dir

341

<replaceable>DIRECTORY</replaceable></option></term>

342

343

<para>

344

Specify a different plugin helper directory. The default

345

is <filename>/lib/mandos/plugin-helpers</filename>, which

346

will exist in the initial <acronym>RAM</acronym> disk

347

environment. (This will simply be passed to all plugins

348

via the <envar>MANDOSPLUGINHELPERDIR</envar> environment

349

variable. See <xref linkend="writing_plugins"/>)

350

</para>

351

</listitem>

352

</varlistentry>

353

354

320

355

<term><option>--config-file

321

356

322

357

365

400

</para>

366

401

</listitem>

367

402

</varlistentry>

368

403

369

404

370

405

<term><option>--version</option></term>

371

406

377

412

</varlistentry>

378

413

</variablelist>

379

414

</refsect1>

380

415

381

416

382

417

<title>OVERVIEW</title>

383

418

<xi:include href="overview.xml"/>

393

428

<title>PLUGINS</title>

394

429

<para>

395

430

This program will get a password by running a number of

396

<firstterm>plugins</firstterm>, which are simply executable

397

programs in a directory in the initial <acronym>RAM</acronym>

398

disk environment. The default directory is

431

<firstterm>plugins</firstterm>, which are executable programs in

432

a directory in the initial <acronym>RAM</acronym> disk

433

environment. The default directory is

399

434

<filename>/lib/mandos/plugins.d</filename>, but this can be

400

435

changed with the <option>--plugin-dir</option> option. The

401

436

plugins are started in parallel, and the first plugin to output

403

438

code will make this plugin-runner output the password from that

404

439

plugin, stop any other plugins, and exit.

405

440

</para>

406

441

407

442

408

443

<title>WRITING PLUGINS</title>

409

444

<para>

410

A plugin is simply a program which prints a password to its

411

standard output and then exits with a successful (zero) exit

412

status. If the exit status is not zero, any output on

445

A plugin is an executable program which prints a password to

446

its standard output and then exits with a successful (zero)

447

exit status. If the exit status is not zero, any output on

413

448

standard output will be ignored by the plugin runner. Any

414

449

output on its standard error channel will simply be passed to

415

450

the standard error of the plugin runner, usually the system

416

451

console.

417

452

</para>

418

453

<para>

454

If the password is a single-line, manually entered passprase,

455

a final trailing newline character should

456

<emphasis>not</emphasis> be printed.

457

</para>

458

<para>

419

459

The plugin will run in the initial RAM disk environment, so

420

460

care must be taken not to depend on any files or running

421

services not available there.

461

services not available there. Any helper executables required

462

by the plugin (which are not in the <envar>PATH</envar>) can

463

be placed in the plugin helper directory, the name of which

464

will be made available to the plugin via the

465

<envar>MANDOSPLUGINHELPERDIR</envar> environment variable.

422

466

</para>

423

467

<para>

424

468

The plugin must exit cleanly and free all allocated resources

467

511

only passes on its environment to all the plugins. The

468

512

environment passed to plugins can be modified using the

469

513

<option>--global-env</option> and <option>--env-for</option>

470

options.

514

options. Also, the <option>--plugin-helper-dir</option> option

515

will affect the environment variable

516

<envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.

471

517

</para>

472

518

</refsect1>

473

519

506

552

</para>

507

553

</listitem>

508

554

</varlistentry>

555

556

<term><filename class="directory"

557

>/lib/mandos/plugins.d</filename></term>

558

559

<para>

560

The default plugin directory; can be changed by the

561

<option>--plugin-dir</option> option.

562

</para>

563

</listitem>

564

</varlistentry>

565

566

<term><filename class="directory"

567

>/lib/mandos/plugin-helpers</filename></term>

568

569

<para>

570

The default plugin helper directory; can be changed by

571

the <option>--plugin-helper-dir</option> option.

572

</para>

573

</listitem>

574

</varlistentry>

509

575

</variablelist>

510

576

</para>

511

577

</refsect1>

516

582

The <option>--config-file</option> option is ignored when

517

583

specified from within a configuration file.

518

584

</para>

585

<xi:include href="bugs.xml"/>

519

586

</refsect1>

520

587

521

588

564

631

</informalexample>

565

632

566

633

<para>

567

Run plugins from a different directory and add two

568

options to the <citerefentry><refentrytitle

569

>password-request</refentrytitle>

634

Read a different configuration file, run plugins from a

635

different directory, specify an alternate plugin helper

636

directory and add four options to the

637

<citerefentry><refentrytitle >mandos-client</refentrytitle>

570

638

<manvolnum>8mandos</manvolnum></citerefentry> plugin:

571

639

</para>

572

640

<para>

573

641

574

642

575

<userinput>&COMMANDNAME; --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>

643

<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt,--tls-pubkey=tls-pubkey.pem,--tls-privkey=tls-privkey.pem</userinput>

576

644

577

645

</para>

578

646

</informalexample>

586

654

non-privileged. This user and group is then what all plugins

587

655

will be started as. Therefore, the only way to run a plugin as

588

656

a privileged user is to have the set-user-ID or set-group-ID bit

589

set on the plugin executable files (see <citerefentry>

657

set on the plugin executable file (see <citerefentry>

590

658

<refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>

591

659

</citerefentry>).

592

660

</para>

610

678

611

679

612

680

<para>

681

<citerefentry><refentrytitle>intro</refentrytitle>

682

<manvolnum>8mandos</manvolnum></citerefentry>,

613

683

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

614

684

<manvolnum>8</manvolnum></citerefentry>,

615

685

<citerefentry><refentrytitle>crypttab</refentrytitle>

620

690

<manvolnum>8</manvolnum></citerefentry>,

621

691

<citerefentry><refentrytitle>password-prompt</refentrytitle>

622

692

<manvolnum>8mandos</manvolnum></citerefentry>,

623

<citerefentry><refentrytitle>password-request</refentrytitle>

693

<citerefentry><refentrytitle>mandos-client</refentrytitle>

624

694

<manvolnum>8mandos</manvolnum></citerefentry>

625

695

</para>

626

696

</refsect1>

Older »