/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2010-09-26">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2010</year>
 
35
      <year>2011</year>
 
36
      <year>2012</year>
 
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
 
40
      <year>2016</year>
 
41
      <year>2017</year>
 
42
      <year>2018</year>
35
43
      <holder>Teddy Hogeborn</holder>
36
44
      <holder>Björn Påhlsson</holder>
37
45
    </copyright>
46
54
  <refnamediv>
47
55
    <refname><command>&COMMANDNAME;</command></refname>
48
56
    <refpurpose>
49
 
      Control the operation of the Mandos server
 
57
      Control or query the operation of the Mandos server
50
58
    </refpurpose>
51
59
  </refnamediv>
52
60
  
53
61
  <refsynopsisdiv>
54
62
    <cmdsynopsis>
55
63
      <command>&COMMANDNAME;</command>
56
 
      <group>
57
 
        <arg choice="plain"><option>--enable</option></arg>
58
 
        <arg choice="plain"><option>-e</option></arg>
59
 
        <sbr/>
60
 
        <arg choice="plain"><option>--disable</option></arg>
61
 
        <arg choice="plain"><option>-d</option></arg>
62
 
      </group>
63
 
      <sbr/>
64
 
      <group>
65
 
        <arg choice="plain"><option>--bump-timeout</option></arg>
66
 
        <arg choice="plain"><option>-b</option></arg>
67
 
      </group>
68
 
      <sbr/>
69
 
      <group>
70
 
        <arg choice="plain"><option>--start-checker</option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--stop-checker</option></arg>
75
 
      </group>
76
 
      <sbr/>
77
 
      <group>
78
 
        <arg choice="plain"><option>--remove</option></arg>
79
 
        <arg choice="plain"><option>-r</option></arg>
80
 
      </group>
81
 
      <sbr/>
82
 
      <group>
83
 
        <arg choice="plain"><option>--checker
84
 
        <replaceable>COMMAND</replaceable></option></arg>
85
 
        <arg choice="plain"><option>-c
86
 
        <replaceable>COMMAND</replaceable></option></arg>
87
 
      </group>
88
 
      <sbr/>
89
 
      <group>
90
 
        <arg choice="plain"><option>--timeout
91
 
        <replaceable>TIME</replaceable></option></arg>
92
 
        <arg choice="plain"><option>-t
93
 
        <replaceable>TIME</replaceable></option></arg>
94
 
      </group>
95
 
      <sbr/>
96
 
      <group>
97
 
        <arg choice="plain"><option>--interval
98
 
        <replaceable>TIME</replaceable></option></arg>
99
 
        <arg choice="plain"><option>-i
100
 
        <replaceable>TIME</replaceable></option></arg>
101
 
      </group>
102
 
      <sbr/>
103
 
      <group>
104
 
        <arg choice="plain"><option>--approve-by-default</option
105
 
        ></arg>
106
 
        <sbr/>
107
 
        <arg choice="plain"><option>--deny-by-default</option></arg>
108
 
      </group>
109
 
      <sbr/>
110
 
      <group>
111
 
        <arg choice="plain"><option>--approval-delay
112
 
        <replaceable>TIME</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--approval-duration
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <group>
121
 
        <arg choice="plain"><option>--interval
122
 
        <replaceable>TIME</replaceable></option></arg>
123
 
        <arg choice="plain"><option>-i
124
 
        <replaceable>TIME</replaceable></option></arg>
125
 
      </group>
126
 
      <sbr/>
127
 
      <group>
128
 
        <arg choice="plain"><option>--host
129
 
        <replaceable>STRING</replaceable></option></arg>
130
 
        <arg choice="plain"><option>-H
131
 
        <replaceable>STRING</replaceable></option></arg>
132
 
      </group>
133
 
      <sbr/>
134
 
      <group>
135
 
        <arg choice="plain"><option>--secret
136
 
        <replaceable>FILENAME</replaceable></option></arg>
137
 
        <arg choice="plain"><option>-s
138
 
        <replaceable>FILENAME</replaceable></option></arg>
139
 
      </group>
140
 
      <sbr/>
141
 
      <group>
142
 
        <arg choice="plain"><option>--approve</option></arg>
143
 
        <arg choice="plain"><option>-A</option></arg>
144
 
        <sbr/>
145
 
        <arg choice="plain"><option>--deny</option></arg>
146
 
        <arg choice="plain"><option>-D</option></arg>
 
64
      <group choice="req">
 
65
        <group>
 
66
          <arg choice="plain"><option>--enable</option></arg>
 
67
          <arg choice="plain"><option>-e</option></arg>
 
68
          <sbr/>
 
69
          <arg choice="plain"><option>--disable</option></arg>
 
70
          <arg choice="plain"><option>-d</option></arg>
 
71
        </group>
 
72
        <sbr/>
 
73
        <group>
 
74
          <arg choice="plain"><option>--bump-timeout</option></arg>
 
75
          <arg choice="plain"><option>-b</option></arg>
 
76
        </group>
 
77
        <sbr/>
 
78
        <group>
 
79
          <arg choice="plain"><option>--start-checker</option></arg>
 
80
        </group>
 
81
        <sbr/>
 
82
        <group>
 
83
          <arg choice="plain"><option>--stop-checker</option></arg>
 
84
        </group>
 
85
        <sbr/>
 
86
        <group>
 
87
          <arg choice="plain"><option>--remove</option></arg>
 
88
          <arg choice="plain"><option>-r</option></arg>
 
89
        </group>
 
90
        <sbr/>
 
91
        <group>
 
92
          <arg choice="plain"><option>--checker
 
93
          <replaceable>COMMAND</replaceable></option></arg>
 
94
          <arg choice="plain"><option>-c
 
95
          <replaceable>COMMAND</replaceable></option></arg>
 
96
        </group>
 
97
        <sbr/>
 
98
        <group>
 
99
          <arg choice="plain"><option>--timeout
 
100
          <replaceable>TIME</replaceable></option></arg>
 
101
          <arg choice="plain"><option>-t
 
102
          <replaceable>TIME</replaceable></option></arg>
 
103
        </group>
 
104
        <sbr/>
 
105
        <group>
 
106
          <arg choice="plain"><option>--extended-timeout
 
107
          <replaceable>TIME</replaceable></option></arg>
 
108
        </group>
 
109
        <sbr/>
 
110
        <group>
 
111
          <arg choice="plain"><option>--interval
 
112
          <replaceable>TIME</replaceable></option></arg>
 
113
          <arg choice="plain"><option>-i
 
114
          <replaceable>TIME</replaceable></option></arg>
 
115
        </group>
 
116
        <sbr/>
 
117
        <group>
 
118
          <arg choice="plain"><option>--approve-by-default</option
 
119
          ></arg>
 
120
          <sbr/>
 
121
          <arg choice="plain"><option>--deny-by-default</option></arg>
 
122
        </group>
 
123
        <sbr/>
 
124
        <group>
 
125
          <arg choice="plain"><option>--approval-delay
 
126
          <replaceable>TIME</replaceable></option></arg>
 
127
        </group>
 
128
        <sbr/>
 
129
        <group>
 
130
          <arg choice="plain"><option>--approval-duration
 
131
          <replaceable>TIME</replaceable></option></arg>
 
132
        </group>
 
133
        <sbr/>
 
134
        <group>
 
135
          <arg choice="plain"><option>--interval
 
136
          <replaceable>TIME</replaceable></option></arg>
 
137
          <arg choice="plain"><option>-i
 
138
          <replaceable>TIME</replaceable></option></arg>
 
139
        </group>
 
140
        <sbr/>
 
141
        <group>
 
142
          <arg choice="plain"><option>--host
 
143
          <replaceable>STRING</replaceable></option></arg>
 
144
          <arg choice="plain"><option>-H
 
145
          <replaceable>STRING</replaceable></option></arg>
 
146
        </group>
 
147
        <sbr/>
 
148
        <group>
 
149
          <arg choice="plain"><option>--secret
 
150
          <replaceable>FILENAME</replaceable></option></arg>
 
151
          <arg choice="plain"><option>-s
 
152
          <replaceable>FILENAME</replaceable></option></arg>
 
153
        </group>
 
154
        <sbr/>
 
155
        <group>
 
156
          <arg choice="plain"><option>--approve</option></arg>
 
157
          <arg choice="plain"><option>-A</option></arg>
 
158
          <sbr/>
 
159
          <arg choice="plain"><option>--deny</option></arg>
 
160
          <arg choice="plain"><option>-D</option></arg>
 
161
        </group>
147
162
      </group>
148
163
      <sbr/>
149
164
      <group choice="req">
157
172
    <cmdsynopsis>
158
173
      <command>&COMMANDNAME;</command>
159
174
      <group>
160
 
        <arg choice="plain"><option>--verbose</option></arg>
161
 
        <arg choice="plain"><option>-v</option></arg>
 
175
          <arg choice="plain"><option>--verbose</option></arg>
 
176
          <arg choice="plain"><option>-v</option></arg>
 
177
          <sbr/>
 
178
          <arg choice="plain"><option>--dump-json</option></arg>
 
179
          <arg choice="plain"><option>-j</option></arg>
162
180
      </group>
163
181
      <group>
164
182
        <arg rep='repeat' choice='plain'>
188
206
        <arg choice="plain"><option>-v</option></arg>
189
207
      </group>
190
208
    </cmdsynopsis>
 
209
    <cmdsynopsis>
 
210
      <command>&COMMANDNAME;</command>
 
211
      <arg choice="plain"><option>--check</option></arg>
 
212
    </cmdsynopsis>
191
213
  </refsynopsisdiv>
192
214
  
193
215
  <refsect1 id="description">
194
216
    <title>DESCRIPTION</title>
195
217
    <para>
196
 
      <command>&COMMANDNAME;</command> is a program to control the
197
 
      operation of the Mandos server <citerefentry><refentrytitle
198
 
      >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
 
218
      <command>&COMMANDNAME;</command> is a program to control or
 
219
      query the operation of the Mandos server
 
220
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
 
221
      >8</manvolnum></citerefentry>.
199
222
    </para>
200
223
    <para>
201
224
      This program can be used to change client settings, approve or
317
340
          </para>
318
341
        </listitem>
319
342
      </varlistentry>
 
343
 
 
344
      <varlistentry>
 
345
        <term><option>--extended-timeout
 
346
        <replaceable>TIME</replaceable></option></term>
 
347
        <listitem>
 
348
          <para>
 
349
            Set the <varname>extended_timeout</varname> option of the
 
350
            specified client(s); see <citerefentry><refentrytitle
 
351
            >mandos-clients.conf</refentrytitle><manvolnum
 
352
            >5</manvolnum></citerefentry>.
 
353
          </para>
 
354
        </listitem>
 
355
      </varlistentry>
320
356
      
321
357
      <varlistentry>
322
358
        <term><option>--interval
446
482
      </varlistentry>
447
483
      
448
484
      <varlistentry>
 
485
        <term><option>--dump-json</option></term>
 
486
        <term><option>-j</option></term>
 
487
        <listitem>
 
488
          <para>
 
489
            Dump client settings as JSON to standard output.
 
490
          </para>
 
491
        </listitem>
 
492
      </varlistentry>
 
493
      
 
494
      <varlistentry>
449
495
        <term><option>--is-enabled</option></term>
450
496
        <term><option>-V</option></term>
451
497
        <listitem>
456
502
        </listitem>
457
503
      </varlistentry>
458
504
      
 
505
      <varlistentry>
 
506
        <term><option>--check</option></term>
 
507
        <listitem>
 
508
          <para>
 
509
            Run self-tests.  This includes any unit tests, etc.
 
510
          </para>
 
511
        </listitem>
 
512
      </varlistentry>
 
513
      
459
514
    </variablelist>
460
515
  </refsect1>
461
516
  
477
532
    </para>
478
533
  </refsect1>
479
534
  
480
 
<!--   <refsect1 id="bugs"> -->
481
 
<!--     <title>BUGS</title> -->
482
 
<!--     <para> -->
483
 
<!--     </para> -->
484
 
<!--   </refsect1> -->
 
535
  <refsect1 id="bugs">
 
536
    <title>BUGS</title>
 
537
    <xi:include href="bugs.xml"/>
 
538
  </refsect1>
485
539
  
486
540
  <refsect1 id="example">
487
541
    <title>EXAMPLE</title>
553
607
  <refsect1 id="see_also">
554
608
    <title>SEE ALSO</title>
555
609
    <para>
 
610
      <citerefentry><refentrytitle>intro</refentrytitle>
 
611
      <manvolnum>8mandos</manvolnum></citerefentry>,
556
612
      <citerefentry><refentrytitle>mandos</refentrytitle>
557
613
      <manvolnum>8</manvolnum></citerefentry>,
558
614
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>