/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.conf.xml
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY TIMESTAMP "2008-08-30">
 
6
<!ENTITY TIMESTAMP "2018-02-08">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
15
    <productname>Mandos</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
16
    <productnumber>&version;</productnumber>
16
17
    <date>&TIMESTAMP;</date>
17
18
    <authorgroup>
18
19
      <author>
19
20
        <firstname>Björn</firstname>
20
21
        <surname>Påhlsson</surname>
21
22
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
23
24
        </address>
24
25
      </author>
25
26
      <author>
26
27
        <firstname>Teddy</firstname>
27
28
        <surname>Hogeborn</surname>
28
29
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
30
31
        </address>
31
32
      </author>
32
33
    </authorgroup>
33
34
    <copyright>
34
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
35
46
      <holder>Teddy Hogeborn</holder>
36
47
      <holder>Björn Påhlsson</holder>
37
48
    </copyright>
38
 
    <legalnotice>
39
 
      <para>
40
 
        This manual page is free software: you can redistribute it
41
 
        and/or modify it under the terms of the GNU General Public
42
 
        License as published by the Free Software Foundation,
43
 
        either version 3 of the License, or (at your option) any
44
 
        later version.
45
 
      </para>
46
 
 
47
 
      <para>
48
 
        This manual page is distributed in the hope that it will
49
 
        be useful, but WITHOUT ANY WARRANTY; without even the
50
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
51
 
        PARTICULAR PURPOSE.  See the GNU General Public License
52
 
        for more details.
53
 
      </para>
54
 
 
55
 
      <para>
56
 
        You should have received a copy of the GNU General Public
57
 
        License along with this program; If not, see
58
 
        <ulink url="http://www.gnu.org/licenses/"/>.
59
 
      </para>
60
 
    </legalnotice>
 
49
    <xi:include href="legalnotice.xml"/>
61
50
  </refentryinfo>
62
 
 
 
51
  
63
52
  <refmeta>
64
53
    <refentrytitle>&CONFNAME;</refentrytitle>
65
54
    <manvolnum>5</manvolnum>
71
60
      Configuration file for the Mandos server
72
61
    </refpurpose>
73
62
  </refnamediv>
74
 
 
 
63
  
75
64
  <refsynopsisdiv>
76
65
    <synopsis>&CONFPATH;</synopsis>
77
66
  </refsynopsisdiv>
78
 
 
 
67
  
79
68
  <refsect1 id="description">
80
69
    <title>DESCRIPTION</title>
81
70
    <para>
93
82
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
94
83
      to provide comments.
95
84
    </para>
96
 
 
 
85
    
97
86
  </refsect1>
98
87
  <refsect1>
99
88
    <title>OPTIONS</title>
106
95
          <xi:include href="mandos-options.xml" xpointer="interface"/>
107
96
        </listitem>
108
97
      </varlistentry>
109
 
 
 
98
      
110
99
      <varlistentry>
111
100
        <term><option>address<literal> = </literal><replaceable
112
101
          >ADDRESS</replaceable></option></term>
114
103
          <xi:include href="mandos-options.xml" xpointer="address"/>
115
104
        </listitem>
116
105
      </varlistentry>
117
 
 
 
106
      
118
107
      <varlistentry>
119
108
        <term><option>port<literal> = </literal><replaceable
120
109
        >NUMBER</replaceable></option></term>
122
111
          <xi:include href="mandos-options.xml" xpointer="port"/>
123
112
        </listitem>
124
113
      </varlistentry>
125
 
 
 
114
      
126
115
      <varlistentry>
127
116
        <term><option>debug<literal> = </literal>{ <literal
128
117
          >1</literal> | <literal>yes</literal> | <literal
133
122
          <xi:include href="mandos-options.xml" xpointer="debug"/>
134
123
        </listitem>
135
124
      </varlistentry>
136
 
 
 
125
      
137
126
      <varlistentry>
138
127
        <term><option>priority<literal> = </literal><replaceable
139
128
        >STRING</replaceable></option></term>
141
130
          <xi:include href="mandos-options.xml" xpointer="priority"/>
142
131
        </listitem>
143
132
      </varlistentry>
144
 
 
 
133
      
145
134
      <varlistentry>
146
135
        <term><option>servicename<literal> = </literal
147
136
        ><replaceable>NAME</replaceable></option></term>
151
140
        </listitem>
152
141
      </varlistentry>
153
142
      
 
143
      <varlistentry>
 
144
        <term><option>use_dbus<literal> = </literal>{ <literal
 
145
          >1</literal> | <literal>yes</literal> | <literal
 
146
          >true</literal> | <literal>on</literal> | <literal
 
147
          >0</literal> | <literal>no</literal> | <literal
 
148
          >false</literal> | <literal>off</literal> }</option></term>
 
149
        <listitem>
 
150
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
151
        </listitem>
 
152
      </varlistentry>
 
153
      
 
154
      <varlistentry>
 
155
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
156
          >1</literal> | <literal>yes</literal> | <literal
 
157
          >true</literal> | <literal>on</literal> | <literal
 
158
          >0</literal> | <literal>no</literal> | <literal
 
159
          >false</literal> | <literal>off</literal> }</option></term>
 
160
        <listitem>
 
161
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
162
        </listitem>
 
163
      </varlistentry>
 
164
      
 
165
      <varlistentry>
 
166
        <term><option>restore<literal> = </literal>{ <literal
 
167
          >1</literal> | <literal>yes</literal> | <literal
 
168
          >true</literal> | <literal>on</literal> | <literal
 
169
          >0</literal> | <literal>no</literal> | <literal
 
170
          >false</literal> | <literal>off</literal> }</option></term>
 
171
        <listitem>
 
172
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
173
        </listitem>
 
174
      </varlistentry>
 
175
      
 
176
      <varlistentry>
 
177
        <term><option>statedir<literal> = </literal><replaceable
 
178
        >DIRECTORY</replaceable></option></term>
 
179
        <listitem>
 
180
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
181
        </listitem>
 
182
      </varlistentry>
 
183
      
 
184
      <varlistentry>
 
185
        <term><option>socket<literal> = </literal><replaceable
 
186
        >NUMBER</replaceable></option></term>
 
187
        <listitem>
 
188
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
189
        </listitem>
 
190
      </varlistentry>
 
191
      
154
192
    </variablelist>
155
193
  </refsect1>
156
194
  
166
204
    <para>
167
205
      The <literal>[DEFAULT]</literal> is necessary because the Python
168
206
      built-in module <systemitem class="library">ConfigParser</systemitem>
169
 
      requres it.
 
207
      requires it.
170
208
    </para>
 
209
    <xi:include href="bugs.xml"/>
171
210
  </refsect1>
172
211
  
173
212
  <refsect1 id="example">
188
227
[DEFAULT]
189
228
# A configuration example
190
229
interface = eth0
191
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
address = fe80::aede:48ff:fe71:f6f2
192
231
port = 1025
193
 
debug = true
194
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
232
debug = True
 
233
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
195
234
servicename = Daena
 
235
use_dbus = False
 
236
use_ipv6 = True
 
237
restore = True
 
238
statedir = /var/lib/mandos
196
239
      </programlisting>
197
240
    </informalexample>
198
241
  </refsect1>
200
243
  <refsect1 id="see_also">
201
244
    <title>SEE ALSO</title>
202
245
    <para>
 
246
      <citerefentry><refentrytitle>intro</refentrytitle>
 
247
      <manvolnum>8mandos</manvolnum></citerefentry>,
203
248
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
204
249
      ><manvolnum>3</manvolnum></citerefentry>,
205
250
      <citerefentry><refentrytitle>mandos</refentrytitle>
207
252
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
208
253
      <manvolnum>5</manvolnum></citerefentry>
209
254
    </para>
210
 
 
 
255
    
211
256
    <variablelist>
212
257
      <varlistentry>
213
258
        <term>
233
278
              <para>
234
279
                The clients use IPv6 link-local addresses, which are
235
280
                immediately usable since a link-local addresses is
236
 
                automatically assigned to a network interfaces when it
 
281
                automatically assigned to a network interface when it
237
282
                is brought up.
238
283
              </para>
239
284
            </listitem>