/mandos/trunk : revision 953

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/control

Committer: Teddy Hogeborn
Date: 2018-08-19 01:35:11 UTC
Revision ID: teddy@recompile.se-20180819013511-cku25q9yeub3dnr0

Adapt to changes in cryptsetup; use "cryptroot-unlock" program

* Makefile (install-client-nokey): Also install new script files
  "mandos-to-cryptroot-unlock" and "initramfs-tools-script-stop".
* debian/mandos-client.dirs: Add
  "usr/share/initramfs-tools/scripts/local-premount".
* initramfs-tools-hook: Also copy "mandos-to-cryptroot-unlock".
* initramfs-tools-script: Only modify keyscript setting in cryptroot
  file if the file exists, otherwise start
  "mandos-to-cryptroot-unlock" in background.
* initramfs-tools-script-stop: New script to make sure plugin-runner
  has stopped before continuing.
* mandos-to-cryptroot-unlock: New script to run plugin-runner and feed
  any password it gets into the "cryptroot-unlock" program.

files added:
initramfs-tools-hook-conf

files removed:
initramfs-tools-conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos-client.postrm

initramfs-tools-hook

initramfs-tools-script-stop *

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock *

mandos.lsm

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

Show diffs side-by-side

added added

removed removed

debian/control

Build-Depends: debhelper (>= 10), docbook-xml, docbook-xsl,

libavahi-core-dev, libgpgme-dev | libgpgme11-dev,

libgnutls28-dev (>= 3.3.0) | gnutls-dev (>= 3.3.0),

libgnutls28-dev (<< 3.6.0) | libgnutls30 (<< 3.6.0)

| libgnutls30 (>= 3.6.6),

libgnutls28-dev (<< 3.6.0) | libgnutls30 (<< 3.6.0),

xsltproc, pkg-config, libnl-route-3-dev

Build-Depends-Indep: systemd, python (>= 2.7), python (<< 3),

python-dbus, python-gi

Standards-Version: 4.2.1

Standards-Version: 4.1.3

Vcs-Bzr: https://ftp.recompile.se/pub/mandos/trunk

Vcs-Browser: https://bzr.recompile.se/loggerhead/mandos/trunk/files

Homepage: https://www.recompile.se/mandos

Rules-Requires-Root: binary-targets

Package: mandos

Architecture: all

Depends: ${misc:Depends}, python (>= 2.7), python (<< 3),

libgnutls28-dev (>= 3.3.0) | libgnutls30 (>= 3.3.0),

libgnutls28-dev (<< 3.6.0) | libgnutls30 (<< 3.6.0)

| libgnutls30 (>= 3.6.6),

libgnutls28-dev (<< 3.6.0) | libgnutls30 (<< 3.6.0),

python-dbus, python-gi, avahi-daemon, adduser, python-urwid,

gnupg2 | gnupg, systemd-sysv | lsb-base (>= 3.0-6)

Recommends: ssh-client | fping

The computers run a small client program in the initial RAM

disk environment which will communicate with a server over a

network. All network communication is encrypted using TLS.

The clients are identified by the server using a TLS public

The clients are identified by the server using an OpenPGP

key; each client has one unique to it. The server sends the

clients an encrypted password. The encrypted password is

decrypted by the clients using an OpenPGP key, and the

decrypted by the clients using the same OpenPGP key, and the

password is then used to unlock the root file system,

whereupon the computers can continue booting normally.

Package: mandos-client

Architecture: linux-any

Depends: ${shlibs:Depends}, ${misc:Depends}, adduser,

cryptsetup (<< 2:2.0.3-1) | cryptsetup-initramfs,

initramfs-tools (>= 0.99), dpkg-dev (>=1.16.0),

gnutls-bin (>= 3.6.6) | openssl (>= 1.1.0)

Recommends: ssh

Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, cryptsetup,

initramfs-tools, dpkg-dev (>=1.16.0)

Recommends: ssh, gnutls-bin | openssl

Breaks: dropbear (<= 0.53.1-1)

Enhances: cryptsetup

Description: do unattended reboots with an encrypted root file system