/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to INSTALL

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
http://bugs.debian.org/894495
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
INSTALL
39
39
    
40
40
*** Mandos Server
41
41
    + GnuTLS 3.3          https://www.gnutls.org/
42
 
      (but not 3.6.0 or later, until 3.6.6, which works)
43
 
    + Avahi 0.6.16        https://www.avahi.org/
44
 
    + Python 3           https://www.python.org/
45
 
      Note: Python 2.7 is still supported, if the "mandos",
46
 
      "mandos-ctl", and "mandos-monitor" files are edited to contain
47
 
      "#!/usr/bin/python" instead of python3.
 
42
    + Avahi 0.6.16        http://www.avahi.org/
 
43
    + Python 2.7          https://www.python.org/
48
44
    + dbus-python 0.82.4 https://dbus.freedesktop.org/doc/dbus-python/
49
 
    + PyGObject 3.8      https://wiki.gnome.org/Projects/PyGObject
 
45
    + PyGObject 3.7.1     https://wiki.gnome.org/Projects/PyGObject
50
46
    + pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
51
47
    + Urwid 1.0.1         http://urwid.org/
52
48
      (Only needed by the "mandos-monitor" tool.)
56
52
    + ssh-keyscan from OpenSSH http://www.openssh.com/
57
53
    
58
54
    Package names:
59
 
    avahi-daemon python3 python3-dbus python3-gi python3-urwid
60
 
    pkg-config fping ssh-client
 
55
    avahi-daemon python python-dbus python-gi python-urwid pkg-config
 
56
    fping ssh-client
61
57
    
62
58
*** Mandos Client
63
 
    + GNU C Library 2.17 https://gnu.org/software/libc/
 
59
    + GNU C Library 2.16 https://gnu.org/software/libc/
 
60
    + initramfs-tools 0.85i
 
61
                        https://tracker.debian.org/pkg/initramfs-tools
64
62
    + GnuTLS 3.3        https://www.gnutls.org/
65
 
      (but not 3.6.0 or later, until 3.6.6 which works)
66
 
    + Avahi 0.6.16      https://www.avahi.org/
 
63
    + Avahi 0.6.16      http://www.avahi.org/
67
64
    + GnuPG 1.4.9       https://www.gnupg.org/
68
65
    + GPGME 1.1.6       https://www.gnupg.org/related_software/gpgme/
69
66
    + pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
70
 
    + libnl-route 3     https://www.infradead.org/~tgr/libnl/
71
 
    + GLib 2.40         http://www.gtk.org/
72
 
    
73
 
    One of:
74
 
    + initramfs-tools 0.85i
75
 
                        https://tracker.debian.org/pkg/initramfs-tools
76
 
    + dracut 044+241
77
 
         http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
78
67
    
79
68
    Strongly recommended:
80
69
    + OpenSSH           http://www.openssh.com/
81
70
    
82
71
    Package names:
83
 
    initramfs-tools dracut libgnutls-dev gnutls-bin libavahi-core-dev
84
 
    gnupg libgpgme11-dev pkg-config ssh libnl-route-3-dev
85
 
    libglib2.0-dev
 
72
    initramfs-tools libgnutls-dev libavahi-core-dev gnupg
 
73
    libgpgme11-dev pkg-config ssh
86
74
 
87
75
* Installing the Mandos server
88
76
  
135
123
     
136
124
        # /usr/lib/mandos/plugins.d/mandos-client \
137
125
                --pubkey=/etc/keys/mandos/pubkey.txt \
138
 
                --seckey=/etc/keys/mandos/seckey.txt \
139
 
                --tls-privkey=/etc/keys/mandos/tls-privkey.pem \
140
 
                --tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
 
126
                --seckey=/etc/keys/mandos/seckey.txt; echo
141
127
     
142
128
     This command should retrieve the password from the server,
143
129
     decrypt it, and output it to standard output.