/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-hook

Committer: Teddy Hogeborn
Date: 2019-02-10 08:41:14 UTC
Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5

Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

files added:
debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files removed:
initramfs-tools-hook-conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

initramfs-tools-hook

80

80

--mode=u=rwx "${DESTDIR}${PLUGINDIR}" \

81

81

"${DESTDIR}${PLUGINHELPERDIR}"

82

82

83

copy_exec "$libdir"/mandos/mandos-to-cryptroot-unlock "${MANDOSDIR}"

84

83

85

# Copy the Mandos plugin runner

84

86

copy_exec "$libdir"/mandos/plugin-runner "${MANDOSDIR}"

85

87

250

252

# initrd; it is intended to affect the initrd.img file itself, since

251

253

# it now contains secret key files. There is, however, no other way

252

254

# to set the permission of the initrd.img file without a race

253

# condition. This umask is set by "initramfs-tools-hook-conf",

254

# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)

255

# condition. This umask is set by "initramfs-tools-conf", installed

256

# as "/usr/share/initramfs-tools/conf.d/mandos-conf".)

255

257

#

256

258

for full in "${MANDOSDIR}" "${CONFDIR}"; do

257

259

while [ "$full" != "/" ]; do

Older »