4
** TODO [#B] Temporarily lower kernel log level
6
** [#B] Add more comments to code
7
** [#B] Add more if(debug) calls
8
** [#B] Seperate more code to function for more readability
11
** [#A] Man page: man8/password-request.8mandos
13
State that this command is not meant to be invoked directly, but
14
is run as a plugin from mandos-client(8) and only run in the
15
initrd environment, not the real system.
22
Note that it does *not* currently use cryptsource or crypttarget.
24
Describe the key files and the key ring files. Also note that
25
they should normally have been automatically created.
28
Examples of normal usage, debug usage, debugging by connecting
32
Update from mandos.xml
33
** [#B] Temporarily lower kernel log level
5
34
for less printouts during sucessfull boot.
6
klogctl(6, NULL, 0); klogctl(7, NULL, 0);
7
** TODO [#C] IPv4 support
36
** use strsep instead of strtok?
37
** Do not depend on GnuPG key rings on disk
38
This would mean creating new GnuPG key rings with GPGME by
39
importing the key files from scratch on every program start.
40
** Keydir move: /etc/mandos -> /etc/keys/mandos
41
Must create in preinst if not pre-depending on cryptsetup
44
** [#C] Use getpass(3)?
45
Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]
46
does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and
47
[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also
48
[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]
10
** TODO [#B] Log level :bugs:
11
** TODO /etc/mandos/clients.d/*.conf
51
** [#A] /etc/init.d/mandos-server :teddy:
52
** [#B] Log level :bugs:
53
** /etc/mandos/clients.d/*.conf
12
54
Watch this directory and add/remove/update clients?
13
** TODO config for TXT record
14
** TODO [#B] Run-time communication with server :bugs:
55
** config for TXT record
56
** [#B] Run-time communication with server :bugs:
15
57
Probably using D-Bus
16
58
See also [[*Mandos-tools]]
17
** TODO Implement --foreground :bugs:
18
[[info:standards:Option%20Table][Table of Long Options]]
19
** TODO Implement --socket
20
[[info:standards:Option%20Table][Table of Long Options]]
21
** TODO Date+time on console log messages :bugs:
59
** Implement --foreground :bugs:
60
[[info:standards:Option%20Table][Table of Long Options]]
62
[[info:standards:Option%20Table][Table of Long Options]]
63
** Date+time on console log messages :bugs:
22
64
Is this the default?
23
** TODO delete hook when clients fall out by timeout
25
66
* Mandos-tools/utilities
26
67
All of this probably using D-Bus
28
** TODO Disable client
33
** TODO "--secfile" option
34
Using the "secfile" option instead of "secret"
35
** TODO [#B] "--test" option
36
For testing decryption before rebooting.
73
** Use xinclude for common sections
79
*** Update initrd.img after installation
80
This seems to use some kind of "trigger" system
81
[[file:/usr/share/doc/dpkg/triggers.txt.gz]]
82
dpkg-trigger(1), deb-triggers(5)
83
*** Keydir move: /etc/mandos -> /etc/keys/mandos
84
Must create in preinst if not pre-depending on cryptsetup
86
**** "--passfile" option
87
Using the "secfile" option instead of "secret"
88
**** [#A] "--test" option
89
For testing decryption before rebooting.
91
*** [#A] Create mandos user and group for server
92
*** [#A] Create /var/run/mandos directory with perm and ownership
39
95
** /usr/share/initramfs-tools/hooks/mandos
40
*** TODO Do not install in initrd.img if configured not to.
96
*** Do not install in initrd.img if configured not to.
41
97
Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf
43
** TODO /etc/bash_completion.d/mandos
99
** /etc/bash_completion.d/mandos
44
100
From XML sources directly?
110
* Announce project on news
111
[[news:comp.os.linux.announce]]
47
114
#+STARTUP: showall
added
removed
TODO
