/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.conf.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY TIMESTAMP "2008-08-31">
 
6
<!ENTITY TIMESTAMP "2018-02-08">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
15
    <productname>Mandos</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
16
    <productnumber>&version;</productnumber>
16
17
    <date>&TIMESTAMP;</date>
17
18
    <authorgroup>
18
19
      <author>
19
20
        <firstname>Björn</firstname>
20
21
        <surname>Påhlsson</surname>
21
22
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
23
24
        </address>
24
25
      </author>
25
26
      <author>
26
27
        <firstname>Teddy</firstname>
27
28
        <surname>Hogeborn</surname>
28
29
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
30
31
        </address>
31
32
      </author>
32
33
    </authorgroup>
33
34
    <copyright>
34
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
35
46
      <holder>Teddy Hogeborn</holder>
36
47
      <holder>Björn Påhlsson</holder>
37
48
    </copyright>
38
49
    <xi:include href="legalnotice.xml"/>
39
50
  </refentryinfo>
40
 
 
 
51
  
41
52
  <refmeta>
42
53
    <refentrytitle>&CONFNAME;</refentrytitle>
43
54
    <manvolnum>5</manvolnum>
49
60
      Configuration file for the Mandos server
50
61
    </refpurpose>
51
62
  </refnamediv>
52
 
 
 
63
  
53
64
  <refsynopsisdiv>
54
65
    <synopsis>&CONFPATH;</synopsis>
55
66
  </refsynopsisdiv>
56
 
 
 
67
  
57
68
  <refsect1 id="description">
58
69
    <title>DESCRIPTION</title>
59
70
    <para>
71
82
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
72
83
      to provide comments.
73
84
    </para>
74
 
 
 
85
    
75
86
  </refsect1>
76
87
  <refsect1>
77
88
    <title>OPTIONS</title>
84
95
          <xi:include href="mandos-options.xml" xpointer="interface"/>
85
96
        </listitem>
86
97
      </varlistentry>
87
 
 
 
98
      
88
99
      <varlistentry>
89
100
        <term><option>address<literal> = </literal><replaceable
90
101
          >ADDRESS</replaceable></option></term>
92
103
          <xi:include href="mandos-options.xml" xpointer="address"/>
93
104
        </listitem>
94
105
      </varlistentry>
95
 
 
 
106
      
96
107
      <varlistentry>
97
108
        <term><option>port<literal> = </literal><replaceable
98
109
        >NUMBER</replaceable></option></term>
100
111
          <xi:include href="mandos-options.xml" xpointer="port"/>
101
112
        </listitem>
102
113
      </varlistentry>
103
 
 
 
114
      
104
115
      <varlistentry>
105
116
        <term><option>debug<literal> = </literal>{ <literal
106
117
          >1</literal> | <literal>yes</literal> | <literal
111
122
          <xi:include href="mandos-options.xml" xpointer="debug"/>
112
123
        </listitem>
113
124
      </varlistentry>
114
 
 
 
125
      
115
126
      <varlistentry>
116
127
        <term><option>priority<literal> = </literal><replaceable
117
128
        >STRING</replaceable></option></term>
119
130
          <xi:include href="mandos-options.xml" xpointer="priority"/>
120
131
        </listitem>
121
132
      </varlistentry>
122
 
 
 
133
      
123
134
      <varlistentry>
124
135
        <term><option>servicename<literal> = </literal
125
136
        ><replaceable>NAME</replaceable></option></term>
129
140
        </listitem>
130
141
      </varlistentry>
131
142
      
 
143
      <varlistentry>
 
144
        <term><option>use_dbus<literal> = </literal>{ <literal
 
145
          >1</literal> | <literal>yes</literal> | <literal
 
146
          >true</literal> | <literal>on</literal> | <literal
 
147
          >0</literal> | <literal>no</literal> | <literal
 
148
          >false</literal> | <literal>off</literal> }</option></term>
 
149
        <listitem>
 
150
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
151
        </listitem>
 
152
      </varlistentry>
 
153
      
 
154
      <varlistentry>
 
155
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
156
          >1</literal> | <literal>yes</literal> | <literal
 
157
          >true</literal> | <literal>on</literal> | <literal
 
158
          >0</literal> | <literal>no</literal> | <literal
 
159
          >false</literal> | <literal>off</literal> }</option></term>
 
160
        <listitem>
 
161
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
162
        </listitem>
 
163
      </varlistentry>
 
164
      
 
165
      <varlistentry>
 
166
        <term><option>restore<literal> = </literal>{ <literal
 
167
          >1</literal> | <literal>yes</literal> | <literal
 
168
          >true</literal> | <literal>on</literal> | <literal
 
169
          >0</literal> | <literal>no</literal> | <literal
 
170
          >false</literal> | <literal>off</literal> }</option></term>
 
171
        <listitem>
 
172
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
173
        </listitem>
 
174
      </varlistentry>
 
175
      
 
176
      <varlistentry>
 
177
        <term><option>statedir<literal> = </literal><replaceable
 
178
        >DIRECTORY</replaceable></option></term>
 
179
        <listitem>
 
180
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
181
        </listitem>
 
182
      </varlistentry>
 
183
      
 
184
      <varlistentry>
 
185
        <term><option>socket<literal> = </literal><replaceable
 
186
        >NUMBER</replaceable></option></term>
 
187
        <listitem>
 
188
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
189
        </listitem>
 
190
      </varlistentry>
 
191
      
132
192
    </variablelist>
133
193
  </refsect1>
134
194
  
144
204
    <para>
145
205
      The <literal>[DEFAULT]</literal> is necessary because the Python
146
206
      built-in module <systemitem class="library">ConfigParser</systemitem>
147
 
      requres it.
 
207
      requires it.
148
208
    </para>
 
209
    <xi:include href="bugs.xml"/>
149
210
  </refsect1>
150
211
  
151
212
  <refsect1 id="example">
166
227
[DEFAULT]
167
228
# A configuration example
168
229
interface = eth0
169
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
address = fe80::aede:48ff:fe71:f6f2
170
231
port = 1025
171
 
debug = true
172
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
232
debug = True
 
233
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
173
234
servicename = Daena
 
235
use_dbus = False
 
236
use_ipv6 = True
 
237
restore = True
 
238
statedir = /var/lib/mandos
174
239
      </programlisting>
175
240
    </informalexample>
176
241
  </refsect1>
178
243
  <refsect1 id="see_also">
179
244
    <title>SEE ALSO</title>
180
245
    <para>
 
246
      <citerefentry><refentrytitle>intro</refentrytitle>
 
247
      <manvolnum>8mandos</manvolnum></citerefentry>,
181
248
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
182
249
      ><manvolnum>3</manvolnum></citerefentry>,
183
250
      <citerefentry><refentrytitle>mandos</refentrytitle>
185
252
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
186
253
      <manvolnum>5</manvolnum></citerefentry>
187
254
    </para>
188
 
 
 
255
    
189
256
    <variablelist>
190
257
      <varlistentry>
191
258
        <term>
211
278
              <para>
212
279
                The clients use IPv6 link-local addresses, which are
213
280
                immediately usable since a link-local addresses is
214
 
                automatically assigned to a network interfaces when it
 
281
                automatically assigned to a network interface when it
215
282
                is brought up.
216
283
              </para>
217
284
            </listitem>