=== modified file 'debian/mandos-client.README.Debian' --- debian/mandos-client.README.Debian 2011-11-27 02:32:20 +0000 +++ debian/mandos-client.README.Debian 2011-11-27 14:44:28 +0000 @@ -51,10 +51,10 @@ disk environment, the network interface *must* exist at that stage. Thus, the interface can *not* be a pseudo-interface such as "br0" or "tun0"; instead, only real interface (such as "eth0") can be used. - This can be overcome by writing a "network hook" program (see - mandos-client(8mandos)) and placing it in + This can be overcome by writing a "network hook" program to create + the interface (see mandos-client(8mandos)) and placing it in "/etc/mandos/network-hooks.d", from where it will be copied into the - initial RAM disk. Some example network hook scripts can be found in + initial RAM disk. Example network hook scripts can be found in "/usr/share/doc/mandos-client/network-hooks.d". * User-Supplied Plugins @@ -89,4 +89,4 @@ work, "--options-for=mandos-client:--connect=

:" needs to be manually added to the file "/etc/mandos/plugin-runner.conf". - -- Teddy Hogeborn , Sun, 27 Nov 2011 03:30:40 +0100 + -- Teddy Hogeborn , Sun, 27 Nov 2011 15:06:34 +0100 === modified file 'debian/rules' --- debian/rules 2010-09-09 18:16:14 +0000 +++ debian/rules 2011-11-27 14:44:28 +0000 @@ -85,7 +85,8 @@ dh_fixperms --exclude etc/keys/mandos \ --exclude etc/mandos/clients.conf \ --exclude etc/mandos/plugins.d \ - --exclude usr/lib/mandos/plugins.d + --exclude usr/lib/mandos/plugins.d \ + --exclude /usr/share/doc/mandos-client/network-hooks.d dh_installdeb dh_shlibdeps dh_gencontrol === modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2011-11-27 02:32:20 +0000 +++ initramfs-tools-hook 2011-11-27 14:44:28 +0000 @@ -72,7 +72,7 @@ # Make directories install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \ - "${DESTDIR}${MANDOSDIR}" + "${DESTDIR}${MANDOSDIR}" "${DESTDIR}${HOOKDIR}" install --owner=${mandos_user} --group=${mandos_group} --directory \ --mode=u=rwx "${DESTDIR}${PLUGINDIR}" @@ -111,18 +111,27 @@ for hook in /etc/mandos/network-hooks.d/*; do case "`basename \"$hook\"`" in "*") continue ;; - *[!A-Za-z0-9_-]*) continue ;; + *[!A-Za-z0-9_.-]*) continue ;; *) test -d "$hook" || copy_exec "$hook" "${HOOKDIR}" ;; esac - # Copy any files needed by the network hook - MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \ - VERBOSITY=0 "$hook" files | while read file target; do - if [ -z "${target}" ]; then - copy_exec "$file" - else - copy_exec "$file" "$target" - fi - done + if [ -x "$hook" ]; then + # Copy any files needed by the network hook + MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \ + VERBOSITY=0 "$hook" files | while read file target; do + if [ -z "${target}" ]; then + copy_exec "$file" + else + copy_exec "$file" "$target" + fi + done + # Copy and load any modules needed by the network hook + MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \ + VERBOSITY=0 "$hook" modules | while read module; do + if [ -z "${target}" ]; then + force_load "$module" + fi + done + fi done # GPGME needs /usr/bin/gpg === modified file 'network-hooks.d/bridge' --- network-hooks.d/bridge 2011-11-24 20:15:24 +0000 +++ network-hooks.d/bridge 2011-11-27 14:44:28 +0000 @@ -56,6 +56,9 @@ ;; files) echo /bin/ip - echo /usr/bin/brctl + echo /usr/sbin/brctl + ;; + modules) + echo bridge ;; esac === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2011-11-27 02:32:20 +0000 +++ plugins.d/mandos-client.xml 2011-11-27 14:44:28 +0000 @@ -468,7 +468,7 @@ A network hook must be an executable file, and its name must consist entirely of upper and lower case letters, digits, - underscores, and hyphens. + underscores, periods, and hyphens. A network hook will receive one argument, which can be one of @@ -497,11 +497,11 @@ files - This should make the network hook print, on - separate lines, all the files needed for it - to run. (These files will be copied into the initial - RAM filesystem.) Intended use is for a network hook - which is a shell script to print its needed binaries. + This should make the network hook print, one + file per line, all the files needed for it to + run. (These files will be copied into the initial RAM + filesystem.) Typical use is for a network hook which is + a shell script to print its needed binaries. It is not necessary to print any non-executable files @@ -511,6 +511,19 @@ + + modules + + + This should make the network hook print, on + separate lines, all the kernel modules needed + for it to run. (These modules will be copied into the + initial RAM filesystem.) For instance, a tunnel + interface needs the + tun module. + + + The network hook will be provided with a number of environment @@ -525,8 +538,8 @@ &COMMANDNAME; by the option. Note: this should always be used by the - network hook to refer to itself or any files it may - require. + network hook to refer to itself or any files in the hook + directory it may require. @@ -548,8 +561,9 @@ This will be the same as the first argument; i.e. start, - stop, or - files. + stop, + files, or + modules.