/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.conf.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY CONFNAME "mandos.conf">

<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>&CONFNAME;</title>

<title>Mandos Manual</title>

<productname>&CONFNAME;</productname>

<productnumber>&VERSION;</productnumber>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&CONFNAME;</refentrytitle>

Configuration file for the Mandos server

</refpurpose>

</refnamediv>

&CONFPATH;

</synopsis>

<synopsis>&CONFPATH;</synopsis>

</refsynopsisdiv>

<title>DESCRIPTION</title>

<para>

The file &CONFPATH; is a simple configuration file for

<citerefentry><refentrytitle>mandos</refentrytitle>

<manvolnum>8</manvolnum></citerefentry>, and is read by it at

startup. The configuration file starts with

<quote><literal>[DEFAULT]</literal></quote> on a line by itself,

followed by any number of

<quote><varname><replaceable>option</replaceable></varname>=<replaceable>value</replaceable></quote>

entries, with continuations in the style of RFC 822.

<quote><varname><replaceable>option</replaceable></varname>:

<replaceable>value</replaceable></quote> is also accepted. Note

that leading whitespace is removed from values. Lines beginning

with <quote>#</quote> or <quote>;</quote> are ignored and may be

used to provide comments.

startup. The configuration file starts with <quote><literal

>[DEFAULT]</literal></quote> on a line by itself, followed by

any number of <quote><varname><replaceable>option</replaceable

></varname>=<replaceable>value</replaceable></quote> entries,

with continuations in the style of RFC 822. <quote><varname

><replaceable>option</replaceable></varname>: <replaceable

>value</replaceable></quote> is also accepted. Note that

leading whitespace is removed from values. Lines beginning with

<quote>#</quote> or <quote>;</quote> are ignored and may be used

to provide comments.

</para>

</refsect1>

100

<title>OPTIONS</title>

101

102

103

104

<term><varname>interface</varname></term>

<term><option>interface<literal> = </literal><replaceable

>NAME</replaceable></option></term>

105

106

<synopsis><literal>interface = </literal><arg

107

choice="plain"><replaceable>IF</replaceable></arg>

108

</synopsis>

109

<xi:include href="mandos-options.xml" xpointer="interface"/>

110

</listitem>

111

</varlistentry>

112

113

114

<term><varname>address</varname></term>

100

<term><option>address<literal> = </literal><replaceable

101

>ADDRESS</replaceable></option></term>

115

102

116

<synopsis><literal>address = </literal><arg

117

choice="plain"><replaceable>ADDRESS</replaceable></arg>

118

</synopsis>

119

103

<xi:include href="mandos-options.xml" xpointer="address"/>

120

104

</listitem>

121

105

</varlistentry>

122

106

123

107

124

108

<term><option>port<literal> = </literal><replaceable

109

>NUMBER</replaceable></option></term>

125

110

126

<synopsis><literal>port = </literal><arg

127

choice="plain"><replaceable>PORT</replaceable></arg>

128

</synopsis>

129

111

<xi:include href="mandos-options.xml" xpointer="port"/>

130

112

</listitem>

131

113

</varlistentry>

132

114

133

115

134

<term><varname>debug</varname></term>

116

<term><option>debug<literal> = </literal>{ <literal

117

>1</literal> | <literal>yes</literal> | <literal

118

>true</literal> | <literal>on</literal> | <literal

119

>0</literal> | <literal>no</literal> | <literal

120

>false</literal> | <literal>off</literal> }</option></term>

135

121

136

<synopsis><literal>debug =</literal><group choice="req">

137

138

139

140

141

142

143

<arg choice="plain">false</arg>

144

145

</group>

146

</synopsis>

147

122

<xi:include href="mandos-options.xml" xpointer="debug"/>

148

123

</listitem>

149

124

</varlistentry>

150

125

151

126

152

<term><varname>priority</varname></term>

127

<term><option>priority<literal> = </literal><replaceable

128

>STRING</replaceable></option></term>

153

129

154

<synopsis><literal>priority = </literal><arg

155

choice="plain"><replaceable>PRIORITY</replaceable></arg>

156

</synopsis>

157

130

<xi:include href="mandos-options.xml" xpointer="priority"/>

158

131

</listitem>

159

132

</varlistentry>

160

133

161

134

162

<term><varname>servicename</varname></term>

163

<synopsis><literal>servicename = </literal><arg

164

choice="plain"><replaceable>NAME</replaceable></arg>

165

</synopsis>

135

<term><option>servicename<literal> = </literal

136

><replaceable>NAME</replaceable></option></term>

166

137

167

138

<xi:include href="mandos-options.xml"

168

139

xpointer="servicename"/>

169

140

</listitem>

170

141

</varlistentry>

171

142

143

144

<term><option>use_dbus<literal> = </literal>{ <literal

145

>1</literal> | <literal>yes</literal> | <literal

146

>true</literal> | <literal>on</literal> | <literal

147

>0</literal> | <literal>no</literal> | <literal

148

>false</literal> | <literal>off</literal> }</option></term>

149

150

<xi:include href="mandos-options.xml" xpointer="dbus"/>

151

</listitem>

152

</varlistentry>

153

154

155

<term><option>use_ipv6<literal> = </literal>{ <literal

156

>1</literal> | <literal>yes</literal> | <literal

157

>true</literal> | <literal>on</literal> | <literal

158

>0</literal> | <literal>no</literal> | <literal

159

>false</literal> | <literal>off</literal> }</option></term>

160

161

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

162

</listitem>

163

</varlistentry>

164

165

166

<term><option>restore<literal> = </literal>{ <literal

167

>1</literal> | <literal>yes</literal> | <literal

168

>true</literal> | <literal>on</literal> | <literal

169

>0</literal> | <literal>no</literal> | <literal

170

>false</literal> | <literal>off</literal> }</option></term>

171

172

<xi:include href="mandos-options.xml" xpointer="restore"/>

173

</listitem>

174

</varlistentry>

175

176

177

<term><option>statedir<literal> = </literal><replaceable

178

>DIRECTORY</replaceable></option></term>

179

180

<xi:include href="mandos-options.xml" xpointer="statedir"/>

181

</listitem>

182

</varlistentry>

183

184

185

<term><option>socket<literal> = </literal><replaceable

186

>NUMBER</replaceable></option></term>

187

188

<xi:include href="mandos-options.xml" xpointer="socket"/>

189

</listitem>

190

</varlistentry>

191

172

192

</variablelist>

173

193

</refsect1>

174

194

183

203

184

204

<para>

185

205

The <literal>[DEFAULT]</literal> is necessary because the Python

186

module <systemitem class="library">ConfigParser</systemitem>

187

requres it.

206

built-in module <systemitem class="library">ConfigParser</systemitem>

207

requires it.

188

208

</para>

209

<xi:include href="bugs.xml"/>

189

210

</refsect1>

190

211

191

212

192

213

<title>EXAMPLE</title>

193

214

215

<para>

216

No options are actually required:

217

</para>

218

219

[DEFAULT]

220

</programlisting>

221

</informalexample>

222

223

<para>

224

An example using all the options:

225

</para>

194

226

195

227

[DEFAULT]

196

228

# A configuration example

197

229

interface = eth0

198

address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672

230

address = fe80::aede:48ff:fe71:f6f2

199

231

port = 1025

200

debug = true

201

priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP

202

servicename = Mandos

232

debug = True

233

priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA

234

servicename = Daena

235

use_dbus = False

236

use_ipv6 = True

237

restore = True

238

statedir = /var/lib/mandos

203

239

</programlisting>

204

240

</informalexample>

205

241

</refsect1>

242

243

244

245

<para>

246

<citerefentry><refentrytitle>intro</refentrytitle>

247

<manvolnum>8mandos</manvolnum></citerefentry>,

248

<citerefentry><refentrytitle>gnutls_priority_init</refentrytitle

249

><manvolnum>3</manvolnum></citerefentry>,

250

<citerefentry><refentrytitle>mandos</refentrytitle>

251

<manvolnum>8</manvolnum></citerefentry>,

252

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

253

254

</para>

255

256

257

258

<term>

259

RFC 4291: <citetitle>IP Version 6 Addressing

260

Architecture</citetitle>

261

</term>

262

263

264

265

<term>Section 2.2: <citetitle>Text Representation of

266

Addresses</citetitle></term>

267

268

</varlistentry>

269

270

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

271

Address</citetitle></term>

272

273

</varlistentry>

274

275

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

276

Addresses</citetitle></term>

277

278

<para>

279

The clients use IPv6 link-local addresses, which are

280

immediately usable since a link-local addresses is

281

automatically assigned to a network interface when it

282

is brought up.

283

</para>

284

</listitem>

285

</varlistentry>

286

</variablelist>

287

</listitem>

288

</varlistentry>

289

290

<term>

291

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

292

</term>

293

294

<para>

295

Zeroconf is the network protocol standard used by clients

296

for finding the Mandos server on the local network.

297

</para>

298

</listitem>

299

</varlistentry>

300

</variablelist>

301

</refsect1>

206

302

</refentry>

303

304

305

306

307

Older »