/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2009-02-09 02:01:13 UTC
  • Revision ID: teddy@fukt.bsnet.se-20090209020113-726hq380zvp8zt97
Four new interrelated features:

1. Support using a different network interface via both initramfs.conf
   (the DEVICE setting) and the kernel command line (sixth field of
   the "ip=" option as in Linux' Documentation/nfsroot.txt).

2. Support connecting to a specified Mandos server directly using a
   kernel command line option ("mandos=connect:<ADDRESS>:<PORT>").

3. Support connecting directly to an IPv4 address (and port) using the
   "--connect" option of mandos-client.

4. Support an empty string to the --interface option to mandos-client.

* Makefile (WARN): Increase strictness by changing to
                   "-Wstrict-aliasing=1".

* debian/mandos-client.README.Debian (Use the Correct Network
  Interface): Changed to refer to initramfs.conf and nfsroot.txt.
  (Test the Server): Improve wording.
  (Non-local Connection): New section.
* initramfs-tools-script: Obey DEVICE environment variable and setting
                          from "/conf/initramfs.conf".  Also let any
                          "ip=" kernel command line option override
                          it.  Support new "mandos=connect" option.
                          Call "configure_networking" to set up IP
                          address on interface if necessary.
* plugin-runner.conf: Change example.
* plugins.d/mandos-client.c: Some whitespace and comment changes.
  (start_mandos_communication): Take an additional argument for
                                address family, all callers changed.
                                Connect to an IPv4 address if address
                                family is AF_INET.  Only set IPv6
                                scope_id for link-local addresses.
  (main): Accept empty interface name; this will not bring up any
         interface and leave the interface as unspecified.  Also do
         not restore kernel log level if lowering it failed.
* plugins.d/mandos-client.xml (OPTIONS): Document that the
                                         "--interface" option accepts
                                         an empty string.
  (EXAMPLE): Change example IPv6 address to a link-local address.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugin-runner.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2015-07-20">
 
5
<!ENTITY TIMESTAMP "2009-01-17">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
36
      <holder>Teddy Hogeborn</holder>
43
37
      <holder>Björn Påhlsson</holder>
44
38
    </copyright>
119
113
      <arg><option>--plugin-dir=<replaceable
120
114
      >DIRECTORY</replaceable></option></arg>
121
115
      <sbr/>
122
 
      <arg><option>--plugin-helper-dir=<replaceable
123
 
      >DIRECTORY</replaceable></option></arg>
124
 
      <sbr/>
125
116
      <arg><option>--config-file=<replaceable
126
117
      >FILE</replaceable></option></arg>
127
118
      <sbr/>
269
260
            Disable the plugin named
270
261
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
271
262
            started.
272
 
          </para>
 
263
          </para>       
273
264
        </listitem>
274
265
      </varlistentry>
275
266
      
328
319
      </varlistentry>
329
320
      
330
321
      <varlistentry>
331
 
        <term><option>--plugin-helper-dir
332
 
        <replaceable>DIRECTORY</replaceable></option></term>
333
 
        <listitem>
334
 
          <para>
335
 
            Specify a different plugin helper directory.  The default
336
 
            is <filename>/lib/mandos/plugin-helpers</filename>, which
337
 
            will exist in the initial <acronym>RAM</acronym> disk
338
 
            environment.  (This will simply be passed to all plugins
339
 
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
340
 
            variable.  See <xref linkend="writing_plugins"/>)
341
 
          </para>
342
 
        </listitem>
343
 
      </varlistentry>
344
 
      
345
 
      <varlistentry>
346
322
        <term><option>--config-file
347
323
        <replaceable>FILE</replaceable></option></term>
348
324
        <listitem>
449
425
      <para>
450
426
        The plugin will run in the initial RAM disk environment, so
451
427
        care must be taken not to depend on any files or running
452
 
        services not available there.  Any helper executables required
453
 
        by the plugin (which are not in the <envar>PATH</envar>) can
454
 
        be placed in the plugin helper directory, the name of which
455
 
        will be made available to the plugin via the
456
 
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
 
428
        services not available there.
457
429
      </para>
458
430
      <para>
459
431
        The plugin must exit cleanly and free all allocated resources
502
474
      only passes on its environment to all the plugins.  The
503
475
      environment passed to plugins can be modified using the
504
476
      <option>--global-env</option> and <option>--env-for</option>
505
 
      options.  Also, the <option>--plugin-helper-dir</option> option
506
 
      will affect the environment variable
507
 
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
 
477
      options.
508
478
    </para>
509
479
  </refsect1>
510
480
  
601
571
    </informalexample>
602
572
    <informalexample>
603
573
      <para>
604
 
        Read a different configuration file, run plugins from a
605
 
        different directory, specify an alternate plugin helper
606
 
        directory and add two options to the
 
574
        Run plugins from a different directory, read a different
 
575
        configuration file, and add two options to the
607
576
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
608
577
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
609
578
      </para>
610
579
      <para>
611
580
 
612
581
<!-- do not wrap this line -->
613
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
582
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
614
583
 
615
584
      </para>
616
585
    </informalexample>
648
617
  <refsect1 id="see_also">
649
618
    <title>SEE ALSO</title>
650
619
    <para>
651
 
      <citerefentry><refentrytitle>intro</refentrytitle>
652
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
653
620
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
654
621
      <manvolnum>8</manvolnum></citerefentry>,
655
622
      <citerefentry><refentrytitle>crypttab</refentrytitle>