/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2011-10-05">
 
5
<!ENTITY TIMESTAMP "2019-02-09">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
36
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
37
45
      <holder>Teddy Hogeborn</holder>
38
46
      <holder>Björn Påhlsson</holder>
39
47
    </copyright>
114
122
      <arg><option>--plugin-dir=<replaceable
115
123
      >DIRECTORY</replaceable></option></arg>
116
124
      <sbr/>
 
125
      <arg><option>--plugin-helper-dir=<replaceable
 
126
      >DIRECTORY</replaceable></option></arg>
 
127
      <sbr/>
117
128
      <arg><option>--config-file=<replaceable
118
129
      >FILE</replaceable></option></arg>
119
130
      <sbr/>
320
331
      </varlistentry>
321
332
      
322
333
      <varlistentry>
 
334
        <term><option>--plugin-helper-dir
 
335
        <replaceable>DIRECTORY</replaceable></option></term>
 
336
        <listitem>
 
337
          <para>
 
338
            Specify a different plugin helper directory.  The default
 
339
            is <filename>/lib/mandos/plugin-helpers</filename>, which
 
340
            will exist in the initial <acronym>RAM</acronym> disk
 
341
            environment.  (This will simply be passed to all plugins
 
342
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
 
343
            variable.  See <xref linkend="writing_plugins"/>)
 
344
          </para>
 
345
        </listitem>
 
346
      </varlistentry>
 
347
      
 
348
      <varlistentry>
323
349
        <term><option>--config-file
324
350
        <replaceable>FILE</replaceable></option></term>
325
351
        <listitem>
426
452
      <para>
427
453
        The plugin will run in the initial RAM disk environment, so
428
454
        care must be taken not to depend on any files or running
429
 
        services not available there.
 
455
        services not available there.  Any helper executables required
 
456
        by the plugin (which are not in the <envar>PATH</envar>) can
 
457
        be placed in the plugin helper directory, the name of which
 
458
        will be made available to the plugin via the
 
459
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
430
460
      </para>
431
461
      <para>
432
462
        The plugin must exit cleanly and free all allocated resources
475
505
      only passes on its environment to all the plugins.  The
476
506
      environment passed to plugins can be modified using the
477
507
      <option>--global-env</option> and <option>--env-for</option>
478
 
      options.
 
508
      options.  Also, the <option>--plugin-helper-dir</option> option
 
509
      will affect the environment variable
 
510
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
479
511
    </para>
480
512
  </refsect1>
481
513
  
514
546
            </para>
515
547
          </listitem>
516
548
        </varlistentry>
 
549
        <varlistentry>
 
550
          <term><filename class="directory"
 
551
          >/lib/mandos/plugins.d</filename></term>
 
552
          <listitem>
 
553
            <para>
 
554
              The default plugin directory; can be changed by the
 
555
              <option>--plugin-dir</option> option.
 
556
            </para>
 
557
          </listitem>
 
558
        </varlistentry>
 
559
        <varlistentry>
 
560
          <term><filename class="directory"
 
561
          >/lib/mandos/plugin-helpers</filename></term>
 
562
          <listitem>
 
563
            <para>
 
564
              The default plugin helper directory; can be changed by
 
565
              the <option>--plugin-helper-dir</option> option.
 
566
            </para>
 
567
          </listitem>
 
568
        </varlistentry>
517
569
      </variablelist>
518
570
    </para>
519
571
  </refsect1>
524
576
      The <option>--config-file</option> option is ignored when
525
577
      specified from within a configuration file.
526
578
    </para>
 
579
    <xi:include href="bugs.xml"/>
527
580
  </refsect1>
528
581
  
529
582
  <refsect1 id="examples">
572
625
    </informalexample>
573
626
    <informalexample>
574
627
      <para>
575
 
        Run plugins from a different directory, read a different
576
 
        configuration file, and add two options to the
 
628
        Read a different configuration file, run plugins from a
 
629
        different directory, specify an alternate plugin helper
 
630
        directory and add two options to the
577
631
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
578
632
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
579
633
      </para>
580
634
      <para>
581
635
 
582
636
<!-- do not wrap this line -->
583
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
637
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt,--tls-pubkey=tls-pubkey.pem,--tls-privkey=tls-privkey.pem</userinput>
584
638
 
585
639
      </para>
586
640
    </informalexample>