/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.conf.xml
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2018-02-08">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
7
9
]>
8
10
 
9
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
12
  <refentryinfo>
11
 
    <title>&CONFNAME;</title>
 
13
    <title>Mandos Manual</title>
12
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
 
    <productname>&CONFNAME;</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
15
18
    <authorgroup>
16
19
      <author>
17
20
        <firstname>Björn</firstname>
18
21
        <surname>Påhlsson</surname>
19
22
        <address>
20
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
21
24
        </address>
22
25
      </author>
23
26
      <author>
24
27
        <firstname>Teddy</firstname>
25
28
        <surname>Hogeborn</surname>
26
29
        <address>
27
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
28
31
        </address>
29
32
      </author>
30
33
    </authorgroup>
31
34
    <copyright>
32
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
33
46
      <holder>Teddy Hogeborn</holder>
34
47
      <holder>Björn Påhlsson</holder>
35
48
    </copyright>
36
 
    <legalnotice>
37
 
      <para>
38
 
        This manual page is free software: you can redistribute it
39
 
        and/or modify it under the terms of the GNU General Public
40
 
        License as published by the Free Software Foundation,
41
 
        either version 3 of the License, or (at your option) any
42
 
        later version.
43
 
      </para>
44
 
 
45
 
      <para>
46
 
        This manual page is distributed in the hope that it will
47
 
        be useful, but WITHOUT ANY WARRANTY; without even the
48
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
49
 
        PARTICULAR PURPOSE.  See the GNU General Public License
50
 
        for more details.
51
 
      </para>
52
 
 
53
 
      <para>
54
 
        You should have received a copy of the GNU General Public
55
 
        License along with this program; If not, see
56
 
        <ulink url="http://www.gnu.org/licenses/"/>.
57
 
      </para>
58
 
    </legalnotice>
 
49
    <xi:include href="legalnotice.xml"/>
59
50
  </refentryinfo>
60
 
 
 
51
  
61
52
  <refmeta>
62
53
    <refentrytitle>&CONFNAME;</refentrytitle>
63
54
    <manvolnum>5</manvolnum>
69
60
      Configuration file for the Mandos server
70
61
    </refpurpose>
71
62
  </refnamediv>
72
 
 
 
63
  
73
64
  <refsynopsisdiv>
74
 
    <synopsis>
75
 
      &CONFPATH;
76
 
    </synopsis>
 
65
    <synopsis>&CONFPATH;</synopsis>
77
66
  </refsynopsisdiv>
78
 
 
 
67
  
79
68
  <refsect1 id="description">
80
69
    <title>DESCRIPTION</title>
81
70
    <para>
93
82
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
94
83
      to provide comments.
95
84
    </para>
96
 
 
 
85
    
97
86
  </refsect1>
98
87
  <refsect1>
99
88
    <title>OPTIONS</title>
100
89
    
101
90
    <variablelist>
102
91
      <varlistentry>
103
 
        <term><varname>interface</varname></term>
 
92
        <term><option>interface<literal> = </literal><replaceable
 
93
        >NAME</replaceable></option></term>
104
94
        <listitem>
105
 
          <synopsis><literal>interface = </literal><replaceable
106
 
          >NAME</replaceable>
107
 
          </synopsis>
108
95
          <xi:include href="mandos-options.xml" xpointer="interface"/>
109
96
        </listitem>
110
97
      </varlistentry>
111
 
 
 
98
      
112
99
      <varlistentry>
113
 
        <term><varname>address</varname></term>
 
100
        <term><option>address<literal> = </literal><replaceable
 
101
          >ADDRESS</replaceable></option></term>
114
102
        <listitem>
115
 
          <synopsis><literal>address = </literal><replaceable
116
 
          >ADDRESS</replaceable>
117
 
          </synopsis>
118
103
          <xi:include href="mandos-options.xml" xpointer="address"/>
119
104
        </listitem>
120
105
      </varlistentry>
121
 
 
 
106
      
122
107
      <varlistentry>
123
 
        <term><varname>port</varname></term>
 
108
        <term><option>port<literal> = </literal><replaceable
 
109
        >NUMBER</replaceable></option></term>
124
110
        <listitem>
125
 
          <synopsis><literal>port = </literal><replaceable
126
 
          >NUMBER</replaceable>
127
 
          </synopsis>
128
111
          <xi:include href="mandos-options.xml" xpointer="port"/>
129
112
        </listitem>
130
113
      </varlistentry>
131
 
 
 
114
      
132
115
      <varlistentry>
133
 
        <term><varname>debug</varname></term>
134
 
        <listitem>
135
 
          <synopsis><literal>debug = </literal>{ <literal
 
116
        <term><option>debug<literal> = </literal>{ <literal
136
117
          >1</literal> | <literal>yes</literal> | <literal
137
118
          >true</literal> | <literal>on</literal> | <literal
138
119
          >0</literal> | <literal>no</literal> | <literal
139
 
          >false</literal> | <literal>off</literal> }
140
 
          </synopsis>
 
120
          >false</literal> | <literal>off</literal> }</option></term>
 
121
        <listitem>
141
122
          <xi:include href="mandos-options.xml" xpointer="debug"/>
142
123
        </listitem>
143
124
      </varlistentry>
144
 
 
 
125
      
145
126
      <varlistentry>
146
 
        <term><varname>priority</varname></term>
 
127
        <term><option>priority<literal> = </literal><replaceable
 
128
        >STRING</replaceable></option></term>
147
129
        <listitem>
148
 
          <synopsis><literal>priority = </literal><replaceable
149
 
          >STRING</replaceable>
150
 
          </synopsis>
151
130
          <xi:include href="mandos-options.xml" xpointer="priority"/>
152
131
        </listitem>
153
132
      </varlistentry>
154
 
 
 
133
      
155
134
      <varlistentry>
156
 
        <term><varname>servicename</varname></term>
 
135
        <term><option>servicename<literal> = </literal
 
136
        ><replaceable>NAME</replaceable></option></term>
157
137
        <listitem>
158
 
          <synopsis><literal>servicename = </literal><replaceable
159
 
          >NAME</replaceable>
160
 
          </synopsis>
161
138
          <xi:include href="mandos-options.xml"
162
139
                      xpointer="servicename"/>
163
140
        </listitem>
164
141
      </varlistentry>
165
142
      
 
143
      <varlistentry>
 
144
        <term><option>use_dbus<literal> = </literal>{ <literal
 
145
          >1</literal> | <literal>yes</literal> | <literal
 
146
          >true</literal> | <literal>on</literal> | <literal
 
147
          >0</literal> | <literal>no</literal> | <literal
 
148
          >false</literal> | <literal>off</literal> }</option></term>
 
149
        <listitem>
 
150
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
151
        </listitem>
 
152
      </varlistentry>
 
153
      
 
154
      <varlistentry>
 
155
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
156
          >1</literal> | <literal>yes</literal> | <literal
 
157
          >true</literal> | <literal>on</literal> | <literal
 
158
          >0</literal> | <literal>no</literal> | <literal
 
159
          >false</literal> | <literal>off</literal> }</option></term>
 
160
        <listitem>
 
161
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
162
        </listitem>
 
163
      </varlistentry>
 
164
      
 
165
      <varlistentry>
 
166
        <term><option>restore<literal> = </literal>{ <literal
 
167
          >1</literal> | <literal>yes</literal> | <literal
 
168
          >true</literal> | <literal>on</literal> | <literal
 
169
          >0</literal> | <literal>no</literal> | <literal
 
170
          >false</literal> | <literal>off</literal> }</option></term>
 
171
        <listitem>
 
172
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
173
        </listitem>
 
174
      </varlistentry>
 
175
      
 
176
      <varlistentry>
 
177
        <term><option>statedir<literal> = </literal><replaceable
 
178
        >DIRECTORY</replaceable></option></term>
 
179
        <listitem>
 
180
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
181
        </listitem>
 
182
      </varlistentry>
 
183
      
 
184
      <varlistentry>
 
185
        <term><option>socket<literal> = </literal><replaceable
 
186
        >NUMBER</replaceable></option></term>
 
187
        <listitem>
 
188
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
189
        </listitem>
 
190
      </varlistentry>
 
191
      
166
192
    </variablelist>
167
193
  </refsect1>
168
194
  
178
204
    <para>
179
205
      The <literal>[DEFAULT]</literal> is necessary because the Python
180
206
      built-in module <systemitem class="library">ConfigParser</systemitem>
181
 
      requres it.
 
207
      requires it.
182
208
    </para>
 
209
    <xi:include href="bugs.xml"/>
183
210
  </refsect1>
184
211
  
185
212
  <refsect1 id="example">
200
227
[DEFAULT]
201
228
# A configuration example
202
229
interface = eth0
203
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
address = fe80::aede:48ff:fe71:f6f2
204
231
port = 1025
205
 
debug = true
206
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
232
debug = True
 
233
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
207
234
servicename = Daena
 
235
use_dbus = False
 
236
use_ipv6 = True
 
237
restore = True
 
238
statedir = /var/lib/mandos
208
239
      </programlisting>
209
240
    </informalexample>
210
241
  </refsect1>
212
243
  <refsect1 id="see_also">
213
244
    <title>SEE ALSO</title>
214
245
    <para>
215
 
      <citerefentry>
216
 
        <refentrytitle>mandos</refentrytitle>
217
 
        <manvolnum>8</manvolnum></citerefentry>, <citerefentry>
218
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
219
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
220
 
        <refentrytitle>gnutls_priority_init</refentrytitle>
221
 
        <manvolnum>3</manvolnum></citerefentry>
 
246
      <citerefentry><refentrytitle>intro</refentrytitle>
 
247
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
248
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
249
      ><manvolnum>3</manvolnum></citerefentry>,
 
250
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
251
      <manvolnum>8</manvolnum></citerefentry>,
 
252
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
253
      <manvolnum>5</manvolnum></citerefentry>
222
254
    </para>
223
 
 
 
255
    
224
256
    <variablelist>
225
257
      <varlistentry>
226
258
        <term>
246
278
              <para>
247
279
                The clients use IPv6 link-local addresses, which are
248
280
                immediately usable since a link-local addresses is
249
 
                automatically assigned to a network interfaces when it
 
281
                automatically assigned to a network interface when it
250
282
                is brought up.
251
283
              </para>
252
284
            </listitem>
268
300
    </variablelist>
269
301
  </refsect1>
270
302
</refentry>
 
303
<!-- Local Variables: -->
 
304
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
305
<!-- time-stamp-end: "[\"']>" -->
 
306
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
307
<!-- End: -->