/mandos/trunk

-*- org -*-

* [#A] README file

* Plugin-runner

** [#A] Free plugin name and args

   [[file:plugin-runner.c::free%20plugin_list][file:plugin-runner.c::free plugin_list]] (both places)

** [#A] Change syntax for arguments

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#B] Make free_plugin_list() function

** [#A] Man page: man8/plugin-runner.8mandos

*** DESCRIPTION

    Describe the plus sign syntax for passing options from crypttab

*** EXIT STATUS

    Text needed

*** EXAMPLES

    Examples of normal usage, debug usage, debugging single or all

    plugins, examples of crypttab lines with plus syntax, etc.

*** FILES

    Text needed

*** SECURITY

    Text needed

*** NOTES

    Text needed

*** BUGS

    Text needed

*** SEE ALSO

    Explaining test on what you can read

** Support in configuration file for environment variables

** Keydir move: /etc/mandos -> /etc/keys/mandos

   Must create in preinst if not pre-depending on cryptsetup

* Password-request

** [#A] Man page: man8/password-request.8mandos

** Make prompt exactly like the normal prompt

   Use environment variables:

   "Enter passphrase to unlock the disk $cryptsource ($crypttarget): "

   [[file:plugins.d/password-prompt.c::fprintf%20stderr%20s%20Password%20prefix][Here]]

** [#B] Temporarily lower kernel log level

   for less printouts during sucessfull boot.

*** DESCRIPTION

    Move options to new OPTIONS section.

    State that this command is not meant to be invoked directly, but

    is run as a plugin from mandos-client(8) and only run in the

    initrd environment, not the real system.

*** EXIT STATUS

    Create this section

*** EXAMPLES

    Examples of normal usage, debug usage, debugging by connecting

    directly, etc.

*** FILES

    Describe the key files and the key ring files.  Also note that

    they should normally have been automatically created.

*** DIAGNOSTICS

    Create this section

*** SECURITY

    Create this section

*** NOTES

    Create this section (if needed)

*** BUGS

    Create this section

*** SEE ALSO

    Refer to mandos-client(8mandos) and password-prompt(8mandos)

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GnuPG key rings on disk

   This would mean creating new GnuPG key rings with GPGME by

   importing the key files from scratch on every program start.

* Password-prompt

** [#A] Man page: man8/password-prompt.8mandos

** Show getenv("cryptsource") and getenv("crypttarget") if set

   cryptsource will be the device, like "/dev/sda3", and crypttarget

   will be the device mapper name, like "sda3_crypt".

*** DESCRIPTION

    Move options to new OPTIONS section.

*** EXIT STATUS

    Create this section

*** EXAMPLES

    Examples of normal usage, debug usage, with a prefix, etc.

*** DIAGNOSTICS

    Create this section

*** SECURITY

    Create this section

    Not much to do here but it is noteworthy to state the danger of

    not having a fallback option.

*** NOTES

    Note that this is more or less a simple getpass(3) wrapper, even

    though actual use of getpass(3) is not guaranteed.

*** BUGS

    Create this section

*** SEE ALSO

    Refer to mandos-client(8mandos) and password-request(8mandos)

** Use getpass(3)?

   Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

   does not.  See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

   [[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

   [[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

** Replace completely with "/lib/cryptsetup/askpass"?

* Mandos (server)

** [#A] Command man page: man8/mandos.8

*** DESCRIPTION

    Move options to new OPTIONS section

*** EXIT STATUS

    Create this section

*** EXAMPLES

    Create this section

*** FILES

    Describe briefly that the server gets global settings from

    mandos.conf and clients from clients.conf, but refer to their man

    pages for more details.

*** DIAGNOSTICS

    Create this section

*** SECURITY

    Create this section

*** NOTES

    Create this section (if needed)

*** BUGS

    Create this section

*** SEE ALSO

    Refer to the client man page

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

** [#A] /etc/init.d/mandos-server		:teddy:

** Log level

** /etc/mandos/clients.d/*.conf

   Watch this directory and add/remove/update clients?

** config for TXT record

** Run-time communication with server

   Probably using D-Bus

   See also [[*Mandos-tools]]

** Implement --foreground

   [[info:standards:Option%20Table][Table of Long Options]]

** Implement --socket

   [[info:standards:Option%20Table][Table of Long Options]]

** Date+time on console log messages

   Is this the default?

* Mandos-tools/utilities

  All of this probably using D-Bus

** List clients

** Disable client

** Enable client

* Installer

** Client

*** DONE [#A] Change initrd.img file to not be publically readable

    /usr/share/initramfs-tools/conf-hooks.d/mandos

    UMASK=027

*** Update initrd.img after installation

** Server

*** [#A] Create mandos user and group for server

*** [#A] Create /var/run/mandos directory with perm and ownership

** mandos-keygen

*** [#A] Command man page: man8/mandos-keygen.8

*** [#A] Output cut-and-paste ready snippet for clients.conf.

* [#A] Package

** /usr/share/initramfs-tools/hooks/mandos

*** Do not install in initrd.img if configured not to

    Use "/etc/initramfs-tools/conf.d/mandos"?  Definitely a debconf

    question.

** /etc/bash_completion.d/mandos

*** From xml sources directly?

** unperish

** bzr-builddeb

* INSTALL file

* Web site

* Mailing list

* Announce project on news

  [[news:comp.os.linux.announce]]

#+STARTUP: showall