/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2009-02-09 02:01:13 UTC
  • Revision ID: teddy@fukt.bsnet.se-20090209020113-726hq380zvp8zt97
Four new interrelated features:

1. Support using a different network interface via both initramfs.conf
   (the DEVICE setting) and the kernel command line (sixth field of
   the "ip=" option as in Linux' Documentation/nfsroot.txt).

2. Support connecting to a specified Mandos server directly using a
   kernel command line option ("mandos=connect:<ADDRESS>:<PORT>").

3. Support connecting directly to an IPv4 address (and port) using the
   "--connect" option of mandos-client.

4. Support an empty string to the --interface option to mandos-client.

* Makefile (WARN): Increase strictness by changing to
                   "-Wstrict-aliasing=1".

* debian/mandos-client.README.Debian (Use the Correct Network
  Interface): Changed to refer to initramfs.conf and nfsroot.txt.
  (Test the Server): Improve wording.
  (Non-local Connection): New section.
* initramfs-tools-script: Obey DEVICE environment variable and setting
                          from "/conf/initramfs.conf".  Also let any
                          "ip=" kernel command line option override
                          it.  Support new "mandos=connect" option.
                          Call "configure_networking" to set up IP
                          address on interface if necessary.
* plugin-runner.conf: Change example.
* plugins.d/mandos-client.c: Some whitespace and comment changes.
  (start_mandos_communication): Take an additional argument for
                                address family, all callers changed.
                                Connect to an IPv4 address if address
                                family is AF_INET.  Only set IPv6
                                scope_id for link-local addresses.
  (main): Accept empty interface name; this will not bring up any
         interface and leave the interface as unspecified.  Also do
         not restore kernel log level if lowering it failed.
* plugins.d/mandos-client.xml (OPTIONS): Document that the
                                         "--interface" option accepts
                                         an empty string.
  (EXAMPLE): Change example IPv6 address to a link-local address.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2015-06-28">
 
5
<!ENTITY TIMESTAMP "2009-01-17">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2012</year>
37
36
      <holder>Teddy Hogeborn</holder>
38
37
      <holder>Björn Påhlsson</holder>
39
38
    </copyright>
114
113
      <arg><option>--plugin-dir=<replaceable
115
114
      >DIRECTORY</replaceable></option></arg>
116
115
      <sbr/>
117
 
      <arg><option>--plugin-helper-dir=<replaceable
118
 
      >DIRECTORY</replaceable></option></arg>
119
 
      <sbr/>
120
116
      <arg><option>--config-file=<replaceable
121
117
      >FILE</replaceable></option></arg>
122
118
      <sbr/>
264
260
            Disable the plugin named
265
261
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
266
262
            started.
267
 
          </para>
 
263
          </para>       
268
264
        </listitem>
269
265
      </varlistentry>
270
266
      
323
319
      </varlistentry>
324
320
      
325
321
      <varlistentry>
326
 
        <term><option>--plugin-helper-dir
327
 
        <replaceable>DIRECTORY</replaceable></option></term>
328
 
        <listitem>
329
 
          <para>
330
 
            Specify a different plugin helper directory.  The default
331
 
            is <filename>/lib/mandos/plugin-helpers</filename>, which
332
 
            will exist in the initial <acronym>RAM</acronym> disk
333
 
            environment.  (This will simply be passed to all plugins
334
 
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
335
 
            variable.  See <xref linkend="writing_plugins"/>)
336
 
          </para>
337
 
        </listitem>
338
 
      </varlistentry>
339
 
      
340
 
      <varlistentry>
341
322
        <term><option>--config-file
342
323
        <replaceable>FILE</replaceable></option></term>
343
324
        <listitem>
444
425
      <para>
445
426
        The plugin will run in the initial RAM disk environment, so
446
427
        care must be taken not to depend on any files or running
447
 
        services not available there.  Any helper executables required
448
 
        by the plugin (which are not in the <envar>PATH</envar>) can
449
 
        be placed in the plugin helper directory, the name of which
450
 
        will be made available to the plugin via the
451
 
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
 
428
        services not available there.
452
429
      </para>
453
430
      <para>
454
431
        The plugin must exit cleanly and free all allocated resources
497
474
      only passes on its environment to all the plugins.  The
498
475
      environment passed to plugins can be modified using the
499
476
      <option>--global-env</option> and <option>--env-for</option>
500
 
      options.  Also, the <option>--plugin-helper-dir</option> option
501
 
      will affect the environment variable
502
 
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
 
477
      options.
503
478
    </para>
504
479
  </refsect1>
505
480
  
596
571
    </informalexample>
597
572
    <informalexample>
598
573
      <para>
599
 
        Read a different configuration file, run plugins from a
600
 
        different directory, specify an alternate plugin helper
601
 
        directory and add two options to the
 
574
        Run plugins from a different directory, read a different
 
575
        configuration file, and add two options to the
602
576
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
603
577
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
604
578
      </para>
605
579
      <para>
606
580
 
607
581
<!-- do not wrap this line -->
608
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
582
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
609
583
 
610
584
      </para>
611
585
    </informalexample>
643
617
  <refsect1 id="see_also">
644
618
    <title>SEE ALSO</title>
645
619
    <para>
646
 
      <citerefentry><refentrytitle>intro</refentrytitle>
647
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
648
620
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
649
621
      <manvolnum>8</manvolnum></citerefentry>,
650
622
      <citerefentry><refentrytitle>crypttab</refentrytitle>