Re: [RFE]: extend dracut to support Mandos

[Erik Logtenberg <erik-nLcryBYLV+bMkAkIaI5Geg@public.gmane.org>]

Hi,

In the mean time I have added systemd support for Mandos server. The
stock initscripts were not compatible with Fedora, so they needed work
anyway.
For anyone who would want to help add Mandos support to initramfs on
Fedora, it is now possible to start the server with systemctl without
any tinkering required.

http://logtenberg.eu/rpms/mandos-1.6.0-2.fc18.src.rpm
http://logtenberg.eu/rpms/mandos-server-1.6.0-2.fc18.x86_64.rpm
http://logtenberg.eu/rpms/mandos-client-1.6.0-2.fc18.x86_64.rpm

Please note that these packages are for Fedora 18 and not for Fedora 19,
as I accidently said in my previous email. I am still working on an
issue with the 3.1.11 version of GnuTLS which is shipped with Fedora 19,
that Mandos isn't happy with.

Kind regards,

Erik Logtenberg.



On 07/29/2013 04:31 PM, Erik Logtenberg wrote:
> Hi,
> 
> I would kindly request Dracut to be extended to support Mandos.
> 
> From the Mandos [1] website:
>> Mandos allows computers to have encrypted root file systems and
>> at the same time be capable of remote and/or unattended reboots.
>>
>> The computers run a small client program in the initial RAM disk
>> environment which will communicate with a server over a network.
>> All network communication is encrypted using TLS. The clients are
>> identified by the server using an OpenPGP key; each client has one
>> unique to it. The server sends the clients an encrypted password.
>> The encrypted password is decrypted by the clients using the same
>> OpenPGP key, and the password is then used to unlock the root file
>> system, whereupon the computers can continue booting normally.
> 
> [1] http://www.recompile.se/mandos
> 
> I would like to use Mandos for Fedora. At this moment there is no Mandos
> package for Fedora, nor Dracut support for Mandos. The former I'd like
> to contribute, the latter I would kindly ask one of you to help out with.
> 
> I contacted Harald Hoyer, because he wrote most of the modules.d/90crypt
> stuff, which is where the Mandos support would likely have to be
> implemented. He suggested to ask this list.
> 
> To get things started I wrote a preliminary Mandos package, which should
> make it more easy to install it on a Fedora system. This works on Fedora 19.
> 
> http://logtenberg.eu/rpms/mandos-1.6.0-1.src.rpm
> http://logtenberg.eu/rpms/mandos-server-1.6.0-1.x86_64.rpm
> http://logtenberg.eu/rpms/mandos-client-1.6.0-1.x86_64.rpm
> 
> This still needs some work: the mandos-server was mainly written with
> Debian in mind, so it doesn't come with systemd support. I will try and
> contribute that as well. The mandos-client supports the initramfs for
> Debian / Ubuntu but not yet Dracut. That is my feature request for this
> list.
> 
> Kind regards,
> 
> Erik Logtenberg.
> --
> To unsubscribe from this list: send the line "unsubscribe initramfs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>