/mandos/trunk : revision 87

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-08-18 05:24:20 UTC
Revision ID: teddy@fukt.bsnet.se-20080818052420-ab5eurrioz8n2qy6

* Makefile: Bug fix: fixed creation of man pages in "plugins.d".

* mandos-keygen Bug fix: make the --expire option modify
                KEYEXPIRE, not KEYCOMMENT.  Use the "--no-options"
                option to gpg when exporting keys from the temporary
                key ring files.

* mandos-keygen.xml (EXIT STATUS): Filled in.
  (ENVIRONMENT): New section, documenting use of TMPDIR.
  (FILES): Document use of key files and /tmp.
  (BUGS): Filled in.
  (EXAMPLE): Added two examples.
  (SECURITY): Added some text.

* plugins.d/password-prompt.xml (NOTES): Removed, since this is
                                         created automatically for
                                         footnotes.
  (ENVIRONMENT, FILES): Added empty sections.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).

* plugins.d/password-request.xml: Reordered sections.
  (ENVIRONMENT): New empty section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).

Show diffs side-by-side

added added

removed removed

TODO

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** EXIT STATUS

*** ENVIRONMENT

Environment is modified according to options and passed to plugins

*** EXAMPLE

*** EXAMPLES

Examples of normal usage, debug usage, debugging single or all

plugins, etc.

*** FILES

*** SECURITY

Note the danger of using this program, since you might lock

yourself out of your system without any means of entering the root

file system password. This is, however, very unlikely considering

the fallback to getpass(3).

*** BUGS

*** SEE ALSO

Explaining text on what you can read

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-request

** [#A] Man page: man8/password-request.8mandos

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-prompt

** [#C] Use getpass(3)?

** [#A] Man page: man8/password-prompt.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** EXIT STATUS

*** ENVIRONMENT

Document use of "cryptsource" and "crypttarget".

*** FILES

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, with a prefix, etc.

*** SECURITY

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** SEE ALSO

Refer to mandos-client(8mandos) and password-request(8mandos)

and also, perhaps, to cryptsetup(8)?

** Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

* mandos (server)

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

** /etc/mandos/clients.d/*.conf

102

** Disable client

103

** Enable client

104

* Man pages

** Tags

Go through all man pages to conform to the style of tags chosen in

[[http://svn.debian.org/wsvn/debian-xml-sgml/packages/docbook-xsl/trunk/debian/examples/foo.1.example_manpage.xml?op=file&rev=0&sc=0][foo.1.example_manpage.xml]]. In particular:

*** SYNOPSIS

<arg> with inner <replaceable> and <option> tags

**** DONE mandos-clients.conf.xml

**** DONE mandos-keygen.xml

**** DONE mandos.conf.xml

**** DONE mandos.xml

100

**** DONE plugin-runner.xml

101

**** TODO plugins.d/password-prompt.xml

102

**** DONE plugins.d/password-request.xml

103

*** OPTIONS

104

Separate <term> tags with <option> and <replaceable> tags

105

**** DONE mandos-clients.conf.xml

106

**** TODO mandos-keygen.xml

107

**** DONE mandos.conf.xml

108

**** TODO mandos.xml

109

**** TODO plugin-runner.xml

110

**** TODO plugins.d/password-prompt.xml

111

**** TODO plugins.d/password-request.xml

112

** Use xinclude for common sections

113

Like copyright, authors, etc.

114

115

116

105

* Installer

117

** Client-side

106

** Client

118

107

*** Update initrd.img after installation

119

108

This seems to use some kind of "trigger" system

120

[[file:/usr/share/doc/dpkg/triggers.txt.gz]]

121

dpkg-trigger(1), deb-triggers(5)

122

*** Keydir move: /etc/mandos -> /etc/keys/mandos

123

Must create in preinst if not pre-depending on cryptsetup

124

*** mandos-keygen

125

**** "--passfile" option

126

Using the "secfile" option instead of "secret"

127

**** [#A] "--test" option

128

For testing decryption before rebooting.

129

** Server-side

109

** Server

130

110

*** [#A] Create mandos user and group for server

131

111

*** [#A] Create /var/run/mandos directory with perm and ownership

132

112

113

** mandos-keygen

114

*** [#A] Output cut-and-paste ready snippet for clients.conf.

115

133

116

* [#A] Package

134

117

** /usr/share/initramfs-tools/hooks/mandos

135

118

*** Do not install in initrd.img if configured not to.

136

119

Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf

137

120

question.

138

121

** /etc/bash_completion.d/mandos

139

From XML sources directly?

122

*** From XML sources directly?

140

123

** unperish

141

124

** bzr-builddeb

142

125

Older »