/mandos/trunk : revision 833

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2016-03-17 20:40:55 UTC
Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu

Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.

files added:
initramfs-tools-hook-conf

files removed:
initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY TIMESTAMP "2016-03-05">

<!ENTITY % common SYSTEM "common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

127

125

</group>

128

126

<sbr/>

129

127

<group>

130

<arg choice="plain"><option>--tls-keytype

131

<replaceable>KEYTYPE</replaceable></option></arg>

132

<arg choice="plain"><option>-T

133

<replaceable>KEYTYPE</replaceable></option></arg>

134

</group>

135

<sbr/>

136

<group>

137

128

<arg choice="plain"><option>--force</option></arg>

138

129

139

130

</group>

187

178

<title>DESCRIPTION</title>

188

179

<para>

189

180

<command>&COMMANDNAME;</command> is a program to generate the

190

TLS and OpenPGP keys used by

181

OpenPGP key used by

191

182

<citerefentry><refentrytitle>mandos-client</refentrytitle>

192

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

183

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

193

184

normally written to /etc/mandos for later installation into the

194

185

initrd image, but this, and most other things, can be changed

195

186

with command line options.

248

239

249

240

250

241

<para>

251

OpenPGP key type. Default is <quote>RSA</quote>.

242

Key type. Default is <quote>RSA</quote>.

252

243

</para>

253

244

</listitem>

254

245

</varlistentry>

260

251

261

252

262

253

<para>

263

OpenPGP key length in bits. Default is 4096.

254

Key length in bits. Default is 4096.

264

255

</para>

265

256

</listitem>

266

257

</varlistentry>

272

263

<replaceable>KEYTYPE</replaceable></option></term>

273

264

274

265

<para>

275

OpenPGP subkey type. Default is <quote>RSA</quote>

266

Subkey type. Default is <quote>RSA</quote> (Elgamal

267

encryption-only).

276

268

</para>

277

269

</listitem>

278

270

</varlistentry>

284

276

285

277

286

278

<para>

287

OpenPGP subkey length in bits. Default is 4096.

279

Subkey length in bits. Default is 4096.

288

280

</para>

289

281

</listitem>

290

282

</varlistentry>

328

320

</varlistentry>

329

321

330

322

331

<term><option>--tls-keytype

332

<replaceable>KEYTYPE</replaceable></option></term>

333

<term><option>-T

334

<replaceable>KEYTYPE</replaceable></option></term>

335

336

<para>

337

TLS key type. Default is <quote>ed25519</quote>

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

323

<term><option>--force</option></term>

344

324

345

325

401

381

<title>OVERVIEW</title>

402

382

<xi:include href="overview.xml"/>

403

383

<para>

404

This program is a small utility to generate new TLS and OpenPGP

405

keys for new Mandos clients, and to generate sections for

406

inclusion in <filename>clients.conf</filename> on the server.

384

This program is a small utility to generate new OpenPGP keys for

385

new Mandos clients, and to generate sections for inclusion in

386

<filename>clients.conf</filename> on the server.

407

387

</para>

408

388

</refsect1>

409

389

459

439

</listitem>

460

440

</varlistentry>

461

441

462

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

463

464

<para>

465

Private key file which will be created or overwritten.

466

</para>

467

</listitem>

468

</varlistentry>

469

470

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

471

472

<para>

473

Public key file which will be created or overwritten.

474

</para>

475

</listitem>

476

</varlistentry>

477

478

442

479

443

480

444

<para>

Older »