/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
http://bugs.debian.org/894495
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
36
45
      <holder>Teddy Hogeborn</holder>
37
46
      <holder>Björn Påhlsson</holder>
38
47
    </copyright>
117
126
        <replaceable>TIME</replaceable></option></arg>
118
127
      </group>
119
128
      <sbr/>
120
 
      <arg><option>--force</option></arg>
 
129
      <group>
 
130
        <arg choice="plain"><option>--force</option></arg>
 
131
        <arg choice="plain"><option>-f</option></arg>
 
132
      </group>
121
133
    </cmdsynopsis>
122
134
    <cmdsynopsis>
123
135
      <command>&COMMANDNAME;</command>
143
155
        <arg choice="plain"><option>-n
144
156
        <replaceable>NAME</replaceable></option></arg>
145
157
      </group>
 
158
      <group>
 
159
        <arg choice="plain"><option>--no-ssh</option></arg>
 
160
        <arg choice="plain"><option>-S</option></arg>
 
161
      </group>
146
162
    </cmdsynopsis>
147
163
    <cmdsynopsis>
148
164
      <command>&COMMANDNAME;</command>
213
229
        <listitem>
214
230
          <para>
215
231
            Target directory for key files.  Default is
216
 
            <filename>/etc/mandos</filename>.
 
232
            <filename class="directory">/etc/mandos</filename>.
217
233
          </para>
218
234
        </listitem>
219
235
      </varlistentry>
225
241
        <replaceable>TYPE</replaceable></option></term>
226
242
        <listitem>
227
243
          <para>
228
 
            Key type.  Default is <quote>DSA</quote>.
 
244
            Key type.  Default is <quote>RSA</quote>.
229
245
          </para>
230
246
        </listitem>
231
247
      </varlistentry>
237
253
        <replaceable>BITS</replaceable></option></term>
238
254
        <listitem>
239
255
          <para>
240
 
            Key length in bits.  Default is 2048.
 
256
            Key length in bits.  Default is 4096.
241
257
          </para>
242
258
        </listitem>
243
259
      </varlistentry>
249
265
        <replaceable>KEYTYPE</replaceable></option></term>
250
266
        <listitem>
251
267
          <para>
252
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
268
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
253
269
            encryption-only).
254
270
          </para>
255
271
        </listitem>
262
278
        <replaceable>BITS</replaceable></option></term>
263
279
        <listitem>
264
280
          <para>
265
 
            Subkey length in bits.  Default is 2048.
 
281
            Subkey length in bits.  Default is 4096.
266
282
          </para>
267
283
        </listitem>
268
284
      </varlistentry>
286
302
        <replaceable>TEXT</replaceable></option></term>
287
303
        <listitem>
288
304
          <para>
289
 
            Comment field for key.  The default value is
290
 
            <quote><literal>Mandos client key</literal></quote>.
 
305
            Comment field for key.  Default is empty.
291
306
          </para>
292
307
        </listitem>
293
308
      </varlistentry>
345
360
          </para>
346
361
        </listitem>
347
362
      </varlistentry>
 
363
      <varlistentry>
 
364
        <term><option>--no-ssh</option></term>
 
365
        <term><option>-S</option></term>
 
366
        <listitem>
 
367
          <para>
 
368
            When <option>--password</option> or
 
369
            <option>--passfile</option> is given, this option will
 
370
            prevent <command>&COMMANDNAME;</command> from calling
 
371
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
372
            for this host and, if successful, output suitable config
 
373
            options to use this fingerprint as a
 
374
            <option>checker</option> option in the output.  This is
 
375
            otherwise the default behavior.
 
376
          </para>
 
377
        </listitem>
 
378
      </varlistentry>
348
379
    </variablelist>
349
380
  </refsect1>
350
381
  
410
441
        </listitem>
411
442
      </varlistentry>
412
443
      <varlistentry>
413
 
        <term><filename>/tmp</filename></term>
 
444
        <term><filename class="directory">/tmp</filename></term>
414
445
        <listitem>
415
446
          <para>
416
447
            Temporary files will be written here if
421
452
    </variablelist>
422
453
  </refsect1>
423
454
  
424
 
<!--   <refsect1 id="bugs"> -->
425
 
<!--     <title>BUGS</title> -->
426
 
<!--     <para> -->
427
 
<!--     </para> -->
428
 
<!--   </refsect1> -->
 
455
  <refsect1 id="bugs">
 
456
    <title>BUGS</title>
 
457
    <xi:include href="bugs.xml"/>
 
458
  </refsect1>
429
459
  
430
460
  <refsect1 id="example">
431
461
    <title>EXAMPLE</title>
451
481
    </informalexample>
452
482
    <informalexample>
453
483
      <para>
454
 
        Prompt for a password, encrypt it with the key in
455
 
        <filename>/etc/mandos</filename> and output a section suitable
456
 
        for <filename>clients.conf</filename>.
 
484
        Prompt for a password, encrypt it with the key in <filename
 
485
        class="directory">/etc/mandos</filename> and output a section
 
486
        suitable for <filename>clients.conf</filename>.
457
487
      </para>
458
488
      <para>
459
489
        <userinput>&COMMANDNAME; --password</userinput>
492
522
  <refsect1 id="see_also">
493
523
    <title>SEE ALSO</title>
494
524
    <para>
 
525
      <citerefentry><refentrytitle>intro</refentrytitle>
 
526
      <manvolnum>8mandos</manvolnum></citerefentry>,
495
527
      <citerefentry><refentrytitle>gpg</refentrytitle>
496
528
      <manvolnum>1</manvolnum></citerefentry>,
497
529
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
499
531
      <citerefentry><refentrytitle>mandos</refentrytitle>
500
532
      <manvolnum>8</manvolnum></citerefentry>,
501
533
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
502
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
534
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
535
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
536
      <manvolnum>1</manvolnum></citerefentry>
503
537
    </para>
504
538
  </refsect1>
505
539