debian/0000755000000000000000000000000011767455005007200 5ustar debian/changelog0000644000000000000000000003012011767455003011044 0ustar mandos (1.6.0-1) unstable; urgency=low * New upstream release. * debian/copyright (Copyright): Join the two lines to a single line. * debian/mandos-client.README.Debian: Update to refer to the new location of the example network hooks, and the new feature of using all network interfaces. * debian/mandos-client.docs (network-hooks.d): Removed. * debian/mandos-client.examples (network-hooks.d): New. * debian/rules (binary-common): Added "dh_installexamples". (binary-common/dh_fixperms): Exclude new location of "network-hooks.d". -- Teddy Hogeborn Mon, 18 Jun 2012 00:15:23 +0200 mandos (1.5.5-1) unstable; urgency=low * New upstream release. * debian/copyright (Format): Updated to "http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/". * debian/control (Build-Depends): Removed "man, locales-all". -- Teddy Hogeborn Fri, 01 Jun 2012 20:30:41 +0200 mandos (1.5.4-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sun, 20 May 2012 15:38:34 +0200 mandos (1.5.3-1.2) unstable; urgency=low * Non-maintainer upload. * Set Architecture to linux-any. (Closes: #647670) -- Robert Millan Sun, 22 Apr 2012 16:22:01 +0200 mandos (1.5.3-1.1) unstable; urgency=low * Non-maintainer upload. * Fix "mandos FTBFS on buildds": add build-dependency on locales-all and pass LC_ALL to dh_auto_build to make sure we have and use the en_US.UTF-8 locale for manpage creation. (Closes: #656178) -- gregor herrmann Tue, 31 Jan 2012 17:56:05 +0100 mandos (1.5.3-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sun, 15 Jan 2012 22:05:54 +0100 mandos (1.5.2-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sun, 08 Jan 2012 11:17:20 +0100 mandos (1.5.1-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sun, 01 Jan 2012 21:53:31 +0100 mandos (1.5.0-1) unstable; urgency=low * New upstream release. * debian/control (mandos-client/Depends): Added "initramfs-tools". * debian/mandos-client.README.Debian: Corrected mail address and adjust wording. * debian/rules (binary-common): Exclude new nework-hooks.d directory from dh_fixperms. * debian/mandos-client.README.Debian: Document network hook facility. * debian/mandos-client.docs (network-hooks.d): Added. * debian/mandos.dirs (var/lib/mandos): Added. * debian/mandos.postinst: Fix ownership of /var/lib/mandos. * debian/control (mandos/Depends): Added "python-gnupginterface". -- Teddy Hogeborn Sun, 01 Jan 2012 05:58:11 +0100 mandos (1.4.1-1) unstable; urgency=low * New upstream release. * debian/control (Build-Depends): Added "man". * debian/control (Conflicts): Changed to "Breaks:". * debian/copyright: Updated format. * debian/mandos-client.postinst: Use "set -e" instead of "#!/bin/sh -e". * debian/mandos-client.postrm: - '' - * debian/mandos.postinst: - '' - * debian/mandos.prerm: Consistent magic. -- Björn Påhlsson Sat, 15 Oct 2011 18:18:52 +0200 mandos (1.4.0-1) unstable; urgency=low * New upstream release. * Fix "FTBFS with binutils-gold": Added "-Xlinker --as-needed" to LDFLAGS in Makefile. (Closes: #632145) * Fix "/run transition: uses obsolete /dev/.initramfs": Try both old and new PID file locations. (Closes: #643554) * debian/source/local-options: New; contains "--single-debian-patch". * debian/control (Standards-Version): Upgraded to "3.9.2". (DM-Upload-Allowed): New; set to "yes". * debian/control: Changed domain from "fukt.bsnet.se" to "recompile.se". * debian/copyright: - '' - * debian/mandos-client.README.Debian: - '' - * debian/mandos.README.Debian: - '' - * debian/watch: - '' - * debian/control (mandos/Description): Fix language to placate lintian. -- Teddy Hogeborn Sun, 09 Oct 2011 19:15:08 +0200 mandos (1.3.1-1) unstable; urgency=low * New upstream release. * Conflict with correct version of dropbear. * New version uses argparse; depend on python (<=2.7) | python-argparse. -- Teddy Hogeborn Wed, 27 Jul 2011 19:47:17 +0200 mandos (1.3.0-1) unstable; urgency=low * New upstream release. * debian/control (mandos): Depend on Python 2.6, remove dependency on python-multiprocessing. (mandos-client): Conflict with dropbear (<< 0.52-5). * debian/mandos-client.postrm (purge): Bug fix: update initramfs also on purge. * debian/mandos-client.lintian-overrides: Added plugins.d/plymouth. -- Teddy Hogeborn Tue, 08 Mar 2011 20:22:57 +0100 mandos (1.2.3-1) experimental; urgency=low * New upstream release. -- Teddy Hogeborn Mon, 11 Oct 2010 19:37:31 +0200 mandos (1.2.2-1) experimental; urgency=low * New upstream release. * plugins.d/splashy.c: Only use ELIBBAD if defined. (Closes: #599256) -- Teddy Hogeborn Thu, 07 Oct 2010 20:27:54 +0200 mandos (1.2.1-3) experimental; urgency=low * debian/changelog: Include entry for NMU of version 1.0.14-1.1. -- Teddy Hogeborn Tue, 05 Oct 2010 20:58:38 +0200 mandos (1.2.1-2) unstable; urgency=low * debian/source/format: New; contains "3.0 (quilt)". Really. -- Björn Påhlsson Sat, 02 Oct 2010 19:46:59 +0200 mandos (1.2.1-1) unstable; urgency=low * New upstream release. * debian/source/format: New; contains "3.0 (quilt)". -- Björn Påhlsson Sat, 02 Oct 2010 19:03:58 +0200 mandos (1.2-1) unstable; urgency=low * New upstream release. * Makefile (LINK_FORTIFY_LD): Remove "-fPIE". (Closes: #557076) * debian/control: Add gnupg dependency to "mandos-client" and removed it from "mandos". Added dependency on "python-urwid" "mandos" since the new "mandos-monitor" utility needs it, and on "python (>=2.6) | python-multiprocessing" since the Mandos server now uses it. * debian/rules: Set BROKEN_PIE on mips and mipsel if a known buggy version of binutils is used. * debian/mandos.docs: Also install "/usr/share/doc/mandos/DBUS-API". * debian/mandos.dirs: Added "etc/dbus-1/system.d". * debian/mandos-client.README.Debian: Update info about DEVICE setting of initramfs.conf. * debian/mandos-client.README.Debian: Remove warning about --connect not looping, since it now does. -- Teddy Hogeborn Tue, 28 Sep 2010 20:46:11 +0200 mandos (1.0.14-1.1) unstable; urgency=low * Non-maintainer upload. * Rebuild against libavahi-core-dev (>= 0.6.26-1). -- Michael Biebl Mon, 12 Jul 2010 16:34:34 +0200 mandos (1.0.14-1) unstable; urgency=low (HIGH on mips and mipsel) * New upstream release. * debian/rules: Build with BROKEN_PIE set on mips and mipsel architectures - fixes FTBFS there. -- Teddy Hogeborn Sun, 25 Oct 2009 20:10:09 +0100 mandos (1.0.13-1) unstable; urgency=high * New upstream release. * Do not copy unnecessary files to initrd (Closes: #551907) -- Teddy Hogeborn Thu, 22 Oct 2009 00:53:21 +0200 mandos (1.0.12-1) unstable; urgency=low * New upstream release. * init.d-mandos: Correct dependencies (Closes: #546928) * debian/control (Standards-Version): Changed to "3.8.3". * debian/mandos-client.README.Debian: Improved wording and formatting. Updated location of nfsroot.txt. * debian/mandos.README.Debian: Improved wording and formatting. * debian/mandos-client.postinst (configure): Don't look for user and group with the old name if upgrading from a new enough version. * debian/mandos.postinst (configure): - '' - * debian/mandos-client.README.Debian: Added text about non-usability of pseudo-network interfaces. -- Teddy Hogeborn Thu, 17 Sep 2009 15:03:59 +0200 mandos (1.0.11-1) unstable; urgency=low * debian/control (Standards-Version): Changed to "3.8.1". * Makefile (GNUTLS_CFLAGS, GNUTLS_CFLAGS): Use "pkg-config" instead of the old "libgnutls-config" script. (Closes: #529836) -- Teddy Hogeborn Sat, 23 May 2009 07:12:20 +0200 mandos (1.0.10-1) unstable; urgency=low * New upstream release. * debian/mandos-client.postinst (update_initramfs): Fix permissions of old initrd.img-*.bak files. -- Teddy Hogeborn Sun, 17 May 2009 04:56:35 +0200 mandos (1.0.9-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sun, 17 May 2009 02:59:45 +0200 mandos (1.0.8-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Wed, 25 Feb 2009 02:26:57 +0100 mandos (1.0.7-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Tue, 24 Feb 2009 12:58:06 +0100 mandos (1.0.6-1) unstable; urgency=low * New upstream release. * debian/mandos-client.postinst: Converted to Bourne shell. Also minor message change. * debian/mandos-client.postrm: Minor message change. * debian/mandos.postinst: Converted to Bourne shell. Also minor message change. * debian/mandos.prerm: Minor message change. * debian/rules (install-indep): Removed "--no-start" from dh_installinit. * debian/mandos-client.lintian-overrides: Remove obsolete override for unbreakable line in plugin-runner manual page. * debian/control (mandos/Depends): Added "python-gobject". * debian/mandos-client.dirs: Change "usr/share/initramfs-tools/scripts/local-top" to "usr/share/initramfs-tools/scripts/init-premount". * debian/mandos-client.README.Debian: Add reference to initramfs.conf and nfsroot.txt. New section about the new non-local connection feature. -- Teddy Hogeborn Fri, 13 Feb 2009 09:27:25 +0100 mandos (1.0.5-1) unstable; urgency=low * New upstream release. -- Teddy Hogeborn Sat, 17 Jan 2009 02:26:00 +0100 mandos (1.0.4-1) unstable; urgency=low * New upstream release. * debian/watch: New file. * debian/mandos-client.README.Debian: Document new "mandos=off" kernel parameter. -- Teddy Hogeborn Thu, 15 Jan 2009 05:49:22 +0100 mandos (1.0.3-2) unstable; urgency=low * Removed some now-unused debconf files. * Changed postinst scripts to not source debconf/confmodule. * Removed po-debconf from build-depends. -- Teddy Hogeborn Tue, 06 Jan 2009 21:28:20 +0100 mandos (1.0.3-1) unstable; urgency=low * New upstream release. * Add -Xlinker to linker flags to fix FTBFS for some architectures. Thanks to Thiemo Seufer for the report and fix. (Closes: #509398) * Remove debconf use altogether, thereby stopping debconf abuse. Thanks to Christian Perrier . (Closes: #509653) * Add NEWS file to /usr/share/doc directories. * Use and create "_mandos" user+group. Rename old user+group created by older versions of this package. * Fix manual pages by adding build-depend on "docbook-xml". -- Teddy Hogeborn Tue, 06 Jan 2009 01:21:20 +0100 mandos (1.0.2-1) unstable; urgency=low * New upstream release. * debian/copyright: Rewritten to conform to . -- Teddy Hogeborn Fri, 17 Oct 2008 20:42:12 +0200 mandos (1.0.1-1) unstable; urgency=low * New upstream release. * Separate /usr/share/doc/mandos-client/README.Debian into sections with headlines. Add instructions on how to test the server and verify the password. -- Teddy Hogeborn Tue, 07 Oct 2008 23:07:23 +0200 mandos (1.0-2) unstable; urgency=low * Added comments in debian/*.lintian-overrides files. Added Debian revison number to version number. -- Teddy Hogeborn Wed, 01 Oct 2008 17:23:35 +0200 mandos (1.0-1) unstable; urgency=low * Initial Release. (Closes: #500727). -- Teddy Hogeborn Tue, 30 Sep 2008 21:58:43 +0200 debian/mandos.postinst0000644000000000000000000000245311767455003012270 0ustar #!/bin/sh # This script can be called in the following ways: # # After the package was installed: # configure # # # If prerm fails during upgrade or fails on failed upgrade: # abort-upgrade # # If prerm fails during deconfiguration of a package: # abort-deconfigure in-favour # removing # # If prerm fails during replacement due to conflict: # abort-remove in-favour set -e case "$1" in configure) # Rename old "mandos" user and group if dpkg --compare-versions "$2" lt "1.0.3-1"; then case "`getent passwd mandos`" in *:Mandos\ password\ system,,,:/nonexistent:/bin/false) usermod --login _mandos mandos groupmod --new-name _mandos mandos ;; esac fi # Create new user and group if ! getent passwd _mandos >/dev/null; then adduser --system --force-badname --quiet \ --home /nonexistent --no-create-home --group \ --disabled-password --gecos "Mandos password system" \ _mandos fi chown _mandos:_mandos /var/lib/mandos ;; abort-upgrade|abort-deconfigure|abort-remove) ;; *) echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/mandos-client.postinst0000644000000000000000000000401011767455003013533 0ustar #!/bin/sh # This script can be called in the following ways: # # After the package was installed: # configure # # # If prerm fails during upgrade or fails on failed upgrade: # abort-upgrade # # If prerm fails during deconfiguration of a package: # abort-deconfigure in-favour # removing # # If prerm fails during replacement due to conflict: # abort-remove in-favour set -e # Update the initial RAM file system image update_initramfs() { if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u -k all fi if dpkg --compare-versions "$2" lt-nl "1.0.10-1"; then # Make old initrd.img files unreadable too, in case they were # created with mandos-client 1.0.8 or older. find /boot -maxdepth 1 -type f -name "initrd.img-*.bak" \ -print0 | xargs --null --no-run-if-empty chmod o-r fi } # Add user and group add_mandos_user(){ # Rename old "mandos" user and group if dpkg --compare-versions "$2" lt "1.0.3-1"; then case "`getent passwd mandos`" in *:Mandos\ password\ system,,,:/nonexistent:/bin/false) usermod --login _mandos mandos groupmod --new-name _mandos mandos return ;; esac fi # Create new user and group if ! getent passwd _mandos >/dev/null; then adduser --system --force-badname --quiet --home /nonexistent \ --no-create-home --group --disabled-password \ --gecos "Mandos password system" _mandos fi } # Create client key pair create_key(){ if [ -r /etc/keys/mandos/pubkey.txt \ -a -r /etc/keys/mandos/seckey.txt ]; then return 0 fi if [ -x /usr/sbin/mandos-keygen ]; then mandos-keygen fi } case "$1" in configure) add_mandos_user "$@" create_key "$@" update_initramfs "$@" ;; abort-upgrade|abort-deconfigure|abort-remove) ;; *) echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/mandos.lintian-overrides0000644000000000000000000000031311767455003014034 0ustar # This config file will normally have encrypted secret client keys in # it, so it must be kept unreadable for non-root users. # mandos binary: non-standard-file-perm etc/mandos/clients.conf 0600 != 0644 debian/mandos-client.README.Debian0000644000000000000000000000773411767455003014006 0ustar * Adding a Client Password to the Server The server must be given a password to give back to the client on boot time. This password must be a one which can be used to unlock the root file system device. On the *client*, run this command: mandos-keygen --password It will prompt for a password and output a config file section. This output should be copied to the Mandos server and added to the file "/etc/mandos/clients.conf" there. * Testing that it Works (Without Rebooting) After the server has been started with this client's key added, it is possible to verify that the correct password will be received by this client by running the command, on the client: /usr/lib/mandos/plugins.d/mandos-client \ --pubkey=/etc/keys/mandos/pubkey.txt \ --seckey=/etc/keys/mandos/seckey.txt; echo This command should retrieve the password from the server, decrypt it, and output it to standard output. There it can be verified to be the correct password, before rebooting. * Emergency Escape If it ever should be necessary, the Mandos client can be temporarily prevented from running at startup by passing the parameter "mandos=off" to the kernel. * Specifying a Client Network Interface At boot time the network interfaces to use will by default be automatically detected. If this should result in incorrect interfaces, edit the DEVICE setting in the "/etc/initramfs-tools/initramfs.conf" file. (The default setting is empty, meaning it will autodetect the interface.) *If* the DEVICE setting is changed, it will be necessary to update the initrd image by running the command update-initramfs -k all -u The device can also be overridden at boot time on the Linux kernel command line using the sixth colon-separated field of the "ip=" option; for exact syntax, read the documentation in the file "/usr/share/doc/linux-doc-*/Documentation/filesystems/nfsroot.txt", available in the "linux-doc-*" package. Note that since the network interfaces are used in the initial RAM disk environment, the network interfaces *must* exist at that stage. Thus, an interface can *not* be a pseudo-interface such as "br0" or "tun0"; instead, only real interfaces (such as "eth0") can be used. This can be overcome by writing a "network hook" program to create an interface (see mandos-client(8mandos)) and placing it in "/etc/mandos/network-hooks.d", from where it will be copied into the initial RAM disk. Example network hook scripts can be found in "/usr/share/doc/mandos-client/examples/network-hooks.d". * User-Supplied Plugins Any plugins found in "/etc/mandos/plugins.d" will override and add to the normal Mandos plugins. When adding or changing plugins, do not forget to update the initital RAM disk image: update-initramfs -k all -u * Do *NOT* Edit "/etc/crypttab" It is NOT necessary to edit "/etc/crypttab" to specify "/usr/lib/mandos/plugin-runner" as a keyscript for the root file system; if no keyscript is given for the root file system, the Mandos client will be the new default way for getting a password for the root file system when booting. * Non-local Connection (Not Using ZeroConf) If the "ip=" kernel command line option is used to specify a complete IP address and device name, as noted above, it then becomes possible to specify a specific IP address and port to connect to, instead of using ZeroConf. The syntax for doing this is "mandos=connect::" on the kernel command line. For very advanced users, it it possible to specify simply "mandos=connect" on the kernel command line to make the system only set up the network (using the data in the "ip=" option) and not pass any extra "--connect" options to mandos-client at boot. For this to work, "--options-for=mandos-client:--connect=
:" needs to be manually added to the file "/etc/mandos/plugin-runner.conf". -- Teddy Hogeborn , Sat, 16 Jun 2012 13:09:58 +0200 debian/mandos-client.docs0000644000000000000000000000002111767455003012576 0ustar NEWS README TODO debian/rules0000755000000000000000000000556311767455003010267 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # # Modified to make a template file for a multi-binary package with separated # build-arch and build-indep targets by Bill Allombert 2001 # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # This has to be exported to make some magic below work. export DH_OPTIONS # -pie was broken briefly on the mips and mipsel architectures, see # BINUTILS_V := $(shell dpkg-query --showformat='$${Version}' \ --show binutils) ifeq (yes,$(shell dpkg --compare-versions $(BINUTILS_V) lt 2.20-3 \ && dpkg --compare-versions $(BINUTILS_V) ge 2.19.1-1 \ && echo yes)) ifneq (,$(strip $(findstring :$(DEB_HOST_ARCH):,:mips:mipsel:) \ $(findstring :$(DEB_BUILD_ARCH):,:mips:mipsel:))) BROKEN_PIE := yes export BROKEN_PIE endif endif configure: configure-stamp configure-stamp: dh_testdir touch configure-stamp build: build-arch build-indep build-arch: build-arch-stamp build-arch-stamp: configure-stamp LC_ALL=en_US.utf8 dh_auto_build -- all doc touch $@ build-indep: build-indep-stamp build-indep-stamp: configure-stamp LC_ALL=en_US.UTF-8 dh_auto_build -- doc touch $@ clean: dh_testdir dh_testroot rm -f build-arch-stamp build-indep-stamp configure-stamp dh_auto_clean dh_clean install: install-indep install-arch install-indep: dh_testdir dh_testroot dh_prep dh_installdirs --indep $(MAKE) DESTDIR=$(CURDIR)/debian/mandos install-server dh_lintian dh_installinit --onlyscripts \ --update-rcd-params="defaults 25 15" dh_install --indep install-arch: dh_testdir dh_testroot dh_prep dh_installdirs --same-arch $(MAKE) DESTDIR=$(CURDIR)/debian/mandos-client install-client-nokey dh_lintian dh_install --same-arch binary-common: dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_link dh_strip dh_compress dh_fixperms --exclude etc/keys/mandos \ --exclude etc/mandos/clients.conf \ --exclude etc/mandos/plugins.d \ --exclude usr/lib/mandos/plugins.d \ --exclude usr/share/doc/mandos-client/examples/network-hooks.d dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb # Build architecture independant packages using the common target. binary-indep: build-indep install-indep $(MAKE) -f debian/rules DH_OPTIONS=--indep binary-common # Build architecture dependant packages using the common target. binary-arch: build-arch install-arch $(MAKE) -f debian/rules DH_OPTIONS=--same-arch binary-common binary: binary-arch binary-indep .PHONY: build clean binary-indep binary-arch binary install \ install-indep install-arch configure debian/mandos.README.Debian0000644000000000000000000000067511767455003012527 0ustar The Mandos server is useless without at least one configured client in /etc/mandos/clients.conf. To create one, install the "mandos-client" package on a client computer, and, on the client, run the command # mandos-keygen --password to get a config file stanza. Append the output of that command to the file "/etc/mandos/clients.conf" on the Mandos server computer. -- Teddy Hogeborn , Wed, 5 Oct 2011 17:51:22 +0200 debian/mandos-client.examples0000644000000000000000000000002011767455003013463 0ustar network-hooks.d debian/mandos-client.lintian-overrides0000644000000000000000000000271411767455003015317 0ustar # This directory contains secret client key files. # mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755 # The directory /usr/lib/mandos/plugins.d contains setuid binaries # which are not meant to be run outside an initial RAM disk # environment (except for test purposes). It would be insecure to # allow anyone to run them. # mandos-client binary: non-standard-dir-perm usr/lib/mandos/plugins.d/ 0700 != 0755 # These binaries must be setuid root, since they need root powers, but # are started by plugin-runner(8mandos), which runs all plugins as # user/group "_mandos". These binaries are not run in a running # system, but in an initial RAM disk environment. Here they are # protected from non-root access by the directory permissions, above. # mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/mandos-client 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/askpass-fifo 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/splashy 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/usplash 4755 root/root mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/plymouth 4755 root/root # The directory /etc/mandos/plugins.d can be used by local system # administrators to place plugins in, overriding and complementing # /usr/lib/mandos/plugins.d, and must be likewise protected. # mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755 debian/source/0000755000000000000000000000000011767455003010476 5ustar debian/source/format0000644000000000000000000000001411767455003011704 0ustar 3.0 (quilt) debian/po/0000755000000000000000000000000011767455003007614 5ustar debian/mandos.prerm0000644000000000000000000000155311767455003011532 0ustar #!/bin/sh # prerm script for mandos # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * 'remove' # * 'upgrade' # * 'failed-upgrade' # * 'remove' 'in-favour' # * 'deconfigure' 'in-favour' # 'removing' # # for details, see /usr/share/doc/packaging-manual/ case "$1" in remove|deconfigure) if [ -x /etc/init.d/mandos ]; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d mandos stop else /etc/init.d/mandos stop fi fi ;; upgrade|failed-upgrade) ;; *) echo "prerm called with unknown argument '$1'" >&2 exit 0 ;; esac #DEBHELPER# exit 0 debian/mandos-client.links0000644000000000000000000000013511767455003012774 0ustar usr/share/man/man8/plugin-runner.8mandos.gz usr/share/man/man5/plugin-runner.conf.5mandos.gz debian/compat0000644000000000000000000000000211767455003010374 0ustar 7 debian/watch0000644000000000000000000000014211767455003010224 0ustar version=3 ftp://ftp.recompile.se/pub/mandos/mandos[-_]([^\s]+?)(?:\.orig)?\.tar\.(?:gz|bz2|7z|xz) debian/mandos.dirs0000644000000000000000000000015111767455003011337 0ustar usr/share/man/man5 usr/share/man/man8 etc/init.d etc/default etc/dbus-1/system.d usr/sbin var/lib/mandos debian/mandos-client.postrm0000644000000000000000000000242011767455003013177 0ustar #!/bin/sh # This script can be called in the following ways: # # After the package was removed: # remove # # After the package was purged: # purge # # After the package was upgraded: # upgrade # if that fails: # failed-upgrade # # # After all of the packages files have been replaced: # disappear # # # If preinst fails during install: # abort-install # # If preinst fails during upgrade of removed package: # abort-install # # If preinst fails during upgrade: # abort-upgrade set -e # Update the initial RAM file system image update_initramfs() { if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u -k all fi } case "$1" in remove) update_initramfs ;; purge) shred --remove /etc/keys/mandos/seckey.txt 2>/dev/null || : rm --force /etc/mandos/plugin-runner.conf \ /etc/keys/mandos/pubkey.txt \ /etc/keys/mandos/seckey.txt 2>/dev/null update_initramfs ;; upgrade|failed-upgrade|disappear|abort-install|abort-upgrade) ;; *) echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/mandos-client.dirs0000644000000000000000000000022311767455003012613 0ustar usr/share/man/man8 usr/sbin usr/share/initramfs-tools/hooks usr/share/initramfs-tools/conf-hooks.d usr/share/initramfs-tools/scripts/init-premount debian/control0000644000000000000000000000475711767455003010616 0ustar Source: mandos Section: admin Priority: extra Maintainer: Mandos Maintainers Uploaders: Teddy Hogeborn , Björn Påhlsson Build-Depends: debhelper (>= 7), docbook-xml, docbook-xsl, libavahi-core-dev, libgpgme11-dev, libgnutls-dev, xsltproc, pkg-config Standards-Version: 3.9.3 Vcs-Bzr: http://ftp.recompile.se/pub/mandos/trunk Vcs-Browser: http://bzr.recompile.se/loggerhead/mandos/trunk/files Homepage: http://www.recompile.se/mandos DM-Upload-Allowed: yes Package: mandos Architecture: all Depends: ${misc:Depends}, python (>=2.6), python-gnutls, python-dbus, python-avahi, python-gobject, avahi-daemon, adduser, python-urwid, python (>=2.7) | python-argparse, python-gnupginterface Recommends: fping Description: server giving encrypted passwords to Mandos clients This is the server part of the Mandos system, which allows computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. . The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally. Package: mandos-client Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, cryptsetup, gnupg (<< 2), initramfs-tools Breaks: dropbear (<= 0.53.1-1) Enhances: cryptsetup Description: do unattended reboots with an encrypted root file system This is the client part of the Mandos system, which allows computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. . The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally. debian/mandos.docs0000644000000000000000000000003211767455003011324 0ustar NEWS README TODO DBUS-API debian/copyright0000644000000000000000000000212011767455003011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Mandos Upstream-Contact: Mandos Source: Files: * Copyright: Copyright © 2008-2012 Teddy Hogeborn Copyright © 2008-2012 Björn Påhlsson License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License can be found in "/usr/share/common-licenses/GPL".