/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2011-02-27">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2010</year>
35
35
      <year>2011</year>
 
36
      <year>2012</year>
 
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
 
40
      <year>2016</year>
 
41
      <year>2017</year>
 
42
      <year>2018</year>
36
43
      <holder>Teddy Hogeborn</holder>
37
44
      <holder>Björn Påhlsson</holder>
38
45
    </copyright>
47
54
  <refnamediv>
48
55
    <refname><command>&COMMANDNAME;</command></refname>
49
56
    <refpurpose>
50
 
      Control the operation of the Mandos server
 
57
      Control or query the operation of the Mandos server
51
58
    </refpurpose>
52
59
  </refnamediv>
53
60
  
54
61
  <refsynopsisdiv>
55
62
    <cmdsynopsis>
56
63
      <command>&COMMANDNAME;</command>
57
 
      <group>
58
 
        <arg choice="plain"><option>--enable</option></arg>
59
 
        <arg choice="plain"><option>-e</option></arg>
60
 
        <sbr/>
61
 
        <arg choice="plain"><option>--disable</option></arg>
62
 
        <arg choice="plain"><option>-d</option></arg>
63
 
      </group>
64
 
      <sbr/>
65
 
      <group>
66
 
        <arg choice="plain"><option>--bump-timeout</option></arg>
67
 
        <arg choice="plain"><option>-b</option></arg>
68
 
      </group>
69
 
      <sbr/>
70
 
      <group>
71
 
        <arg choice="plain"><option>--start-checker</option></arg>
72
 
      </group>
73
 
      <sbr/>
74
 
      <group>
75
 
        <arg choice="plain"><option>--stop-checker</option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--remove</option></arg>
80
 
        <arg choice="plain"><option>-r</option></arg>
81
 
      </group>
82
 
      <sbr/>
83
 
      <group>
84
 
        <arg choice="plain"><option>--checker
85
 
        <replaceable>COMMAND</replaceable></option></arg>
86
 
        <arg choice="plain"><option>-c
87
 
        <replaceable>COMMAND</replaceable></option></arg>
88
 
      </group>
89
 
      <sbr/>
90
 
      <group>
91
 
        <arg choice="plain"><option>--timeout
92
 
        <replaceable>TIME</replaceable></option></arg>
93
 
        <arg choice="plain"><option>-t
94
 
        <replaceable>TIME</replaceable></option></arg>
95
 
      </group>
96
 
      <sbr/>
97
 
      <group>
98
 
        <arg choice="plain"><option>--interval
99
 
        <replaceable>TIME</replaceable></option></arg>
100
 
        <arg choice="plain"><option>-i
101
 
        <replaceable>TIME</replaceable></option></arg>
102
 
      </group>
103
 
      <sbr/>
104
 
      <group>
105
 
        <arg choice="plain"><option>--approve-by-default</option
106
 
        ></arg>
107
 
        <sbr/>
108
 
        <arg choice="plain"><option>--deny-by-default</option></arg>
109
 
      </group>
110
 
      <sbr/>
111
 
      <group>
112
 
        <arg choice="plain"><option>--approval-delay
113
 
        <replaceable>TIME</replaceable></option></arg>
114
 
      </group>
115
 
      <sbr/>
116
 
      <group>
117
 
        <arg choice="plain"><option>--approval-duration
118
 
        <replaceable>TIME</replaceable></option></arg>
119
 
      </group>
120
 
      <sbr/>
121
 
      <group>
122
 
        <arg choice="plain"><option>--interval
123
 
        <replaceable>TIME</replaceable></option></arg>
124
 
        <arg choice="plain"><option>-i
125
 
        <replaceable>TIME</replaceable></option></arg>
126
 
      </group>
127
 
      <sbr/>
128
 
      <group>
129
 
        <arg choice="plain"><option>--host
130
 
        <replaceable>STRING</replaceable></option></arg>
131
 
        <arg choice="plain"><option>-H
132
 
        <replaceable>STRING</replaceable></option></arg>
133
 
      </group>
134
 
      <sbr/>
135
 
      <group>
136
 
        <arg choice="plain"><option>--secret
137
 
        <replaceable>FILENAME</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-s
139
 
        <replaceable>FILENAME</replaceable></option></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--approve</option></arg>
144
 
        <arg choice="plain"><option>-A</option></arg>
145
 
        <sbr/>
146
 
        <arg choice="plain"><option>--deny</option></arg>
147
 
        <arg choice="plain"><option>-D</option></arg>
 
64
      <group choice="req">
 
65
        <group>
 
66
          <arg choice="plain"><option>--enable</option></arg>
 
67
          <arg choice="plain"><option>-e</option></arg>
 
68
          <sbr/>
 
69
          <arg choice="plain"><option>--disable</option></arg>
 
70
          <arg choice="plain"><option>-d</option></arg>
 
71
        </group>
 
72
        <sbr/>
 
73
        <group>
 
74
          <arg choice="plain"><option>--bump-timeout</option></arg>
 
75
          <arg choice="plain"><option>-b</option></arg>
 
76
        </group>
 
77
        <sbr/>
 
78
        <group>
 
79
          <arg choice="plain"><option>--start-checker</option></arg>
 
80
        </group>
 
81
        <sbr/>
 
82
        <group>
 
83
          <arg choice="plain"><option>--stop-checker</option></arg>
 
84
        </group>
 
85
        <sbr/>
 
86
        <group>
 
87
          <arg choice="plain"><option>--remove</option></arg>
 
88
          <arg choice="plain"><option>-r</option></arg>
 
89
        </group>
 
90
        <sbr/>
 
91
        <group>
 
92
          <arg choice="plain"><option>--checker
 
93
          <replaceable>COMMAND</replaceable></option></arg>
 
94
          <arg choice="plain"><option>-c
 
95
          <replaceable>COMMAND</replaceable></option></arg>
 
96
        </group>
 
97
        <sbr/>
 
98
        <group>
 
99
          <arg choice="plain"><option>--timeout
 
100
          <replaceable>TIME</replaceable></option></arg>
 
101
          <arg choice="plain"><option>-t
 
102
          <replaceable>TIME</replaceable></option></arg>
 
103
        </group>
 
104
        <sbr/>
 
105
        <group>
 
106
          <arg choice="plain"><option>--extended-timeout
 
107
          <replaceable>TIME</replaceable></option></arg>
 
108
        </group>
 
109
        <sbr/>
 
110
        <group>
 
111
          <arg choice="plain"><option>--interval
 
112
          <replaceable>TIME</replaceable></option></arg>
 
113
          <arg choice="plain"><option>-i
 
114
          <replaceable>TIME</replaceable></option></arg>
 
115
        </group>
 
116
        <sbr/>
 
117
        <group>
 
118
          <arg choice="plain"><option>--approve-by-default</option
 
119
          ></arg>
 
120
          <sbr/>
 
121
          <arg choice="plain"><option>--deny-by-default</option></arg>
 
122
        </group>
 
123
        <sbr/>
 
124
        <group>
 
125
          <arg choice="plain"><option>--approval-delay
 
126
          <replaceable>TIME</replaceable></option></arg>
 
127
        </group>
 
128
        <sbr/>
 
129
        <group>
 
130
          <arg choice="plain"><option>--approval-duration
 
131
          <replaceable>TIME</replaceable></option></arg>
 
132
        </group>
 
133
        <sbr/>
 
134
        <group>
 
135
          <arg choice="plain"><option>--interval
 
136
          <replaceable>TIME</replaceable></option></arg>
 
137
          <arg choice="plain"><option>-i
 
138
          <replaceable>TIME</replaceable></option></arg>
 
139
        </group>
 
140
        <sbr/>
 
141
        <group>
 
142
          <arg choice="plain"><option>--host
 
143
          <replaceable>STRING</replaceable></option></arg>
 
144
          <arg choice="plain"><option>-H
 
145
          <replaceable>STRING</replaceable></option></arg>
 
146
        </group>
 
147
        <sbr/>
 
148
        <group>
 
149
          <arg choice="plain"><option>--secret
 
150
          <replaceable>FILENAME</replaceable></option></arg>
 
151
          <arg choice="plain"><option>-s
 
152
          <replaceable>FILENAME</replaceable></option></arg>
 
153
        </group>
 
154
        <sbr/>
 
155
        <group>
 
156
          <arg choice="plain"><option>--approve</option></arg>
 
157
          <arg choice="plain"><option>-A</option></arg>
 
158
          <sbr/>
 
159
          <arg choice="plain"><option>--deny</option></arg>
 
160
          <arg choice="plain"><option>-D</option></arg>
 
161
        </group>
148
162
      </group>
149
163
      <sbr/>
150
164
      <group choice="req">
158
172
    <cmdsynopsis>
159
173
      <command>&COMMANDNAME;</command>
160
174
      <group>
161
 
        <arg choice="plain"><option>--verbose</option></arg>
162
 
        <arg choice="plain"><option>-v</option></arg>
 
175
          <arg choice="plain"><option>--verbose</option></arg>
 
176
          <arg choice="plain"><option>-v</option></arg>
 
177
          <sbr/>
 
178
          <arg choice="plain"><option>--dump-json</option></arg>
 
179
          <arg choice="plain"><option>-j</option></arg>
163
180
      </group>
164
181
      <group>
165
182
        <arg rep='repeat' choice='plain'>
189
206
        <arg choice="plain"><option>-v</option></arg>
190
207
      </group>
191
208
    </cmdsynopsis>
 
209
    <cmdsynopsis>
 
210
      <command>&COMMANDNAME;</command>
 
211
      <arg choice="plain"><option>--check</option></arg>
 
212
    </cmdsynopsis>
192
213
  </refsynopsisdiv>
193
214
  
194
215
  <refsect1 id="description">
195
216
    <title>DESCRIPTION</title>
196
217
    <para>
197
 
      <command>&COMMANDNAME;</command> is a program to control the
198
 
      operation of the Mandos server <citerefentry><refentrytitle
199
 
      >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
 
218
      <command>&COMMANDNAME;</command> is a program to control or
 
219
      query the operation of the Mandos server
 
220
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
 
221
      >8</manvolnum></citerefentry>.
200
222
    </para>
201
223
    <para>
202
224
      This program can be used to change client settings, approve or
318
340
          </para>
319
341
        </listitem>
320
342
      </varlistentry>
 
343
 
 
344
      <varlistentry>
 
345
        <term><option>--extended-timeout
 
346
        <replaceable>TIME</replaceable></option></term>
 
347
        <listitem>
 
348
          <para>
 
349
            Set the <varname>extended_timeout</varname> option of the
 
350
            specified client(s); see <citerefentry><refentrytitle
 
351
            >mandos-clients.conf</refentrytitle><manvolnum
 
352
            >5</manvolnum></citerefentry>.
 
353
          </para>
 
354
        </listitem>
 
355
      </varlistentry>
321
356
      
322
357
      <varlistentry>
323
358
        <term><option>--interval
447
482
      </varlistentry>
448
483
      
449
484
      <varlistentry>
 
485
        <term><option>--dump-json</option></term>
 
486
        <term><option>-j</option></term>
 
487
        <listitem>
 
488
          <para>
 
489
            Dump client settings as JSON to standard output.
 
490
          </para>
 
491
        </listitem>
 
492
      </varlistentry>
 
493
      
 
494
      <varlistentry>
450
495
        <term><option>--is-enabled</option></term>
451
496
        <term><option>-V</option></term>
452
497
        <listitem>
457
502
        </listitem>
458
503
      </varlistentry>
459
504
      
 
505
      <varlistentry>
 
506
        <term><option>--check</option></term>
 
507
        <listitem>
 
508
          <para>
 
509
            Run self-tests.  This includes any unit tests, etc.
 
510
          </para>
 
511
        </listitem>
 
512
      </varlistentry>
 
513
      
460
514
    </variablelist>
461
515
  </refsect1>
462
516
  
478
532
    </para>
479
533
  </refsect1>
480
534
  
481
 
<!--   <refsect1 id="bugs"> -->
482
 
<!--     <title>BUGS</title> -->
483
 
<!--     <para> -->
484
 
<!--     </para> -->
485
 
<!--   </refsect1> -->
 
535
  <refsect1 id="bugs">
 
536
    <title>BUGS</title>
 
537
    <xi:include href="bugs.xml"/>
 
538
  </refsect1>
486
539
  
487
540
  <refsect1 id="example">
488
541
    <title>EXAMPLE</title>
554
607
  <refsect1 id="see_also">
555
608
    <title>SEE ALSO</title>
556
609
    <para>
 
610
      <citerefentry><refentrytitle>intro</refentrytitle>
 
611
      <manvolnum>8mandos</manvolnum></citerefentry>,
557
612
      <citerefentry><refentrytitle>mandos</refentrytitle>
558
613
      <manvolnum>8</manvolnum></citerefentry>,
559
614
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>