Red Hat based systems
mail at rhizomatic-nomad.net
mail at rhizomatic-nomad.net
Thu Apr 20 17:25:45 CEST 2023
On 18.04.2023 18:22:44, Teddy Hogeborn wrote:
> mail at rhizomatic-nomad.net writes:
>
> > I couldn't find any documentation regarding my question, maybe you can
> > help me out. Is there a way to get mandos, at least the client,
> > running on Red Hat based distributions? I.e. Alma or Rocky Linux.
>
> There was a thread by Nathanael D. Noblet <nathanael at gnat.ca> in October
> and November of 2013:, starting with message-id
> <52669C06.8090702 at gnat.ca>
>
> Archive URLs:
>
> https://mail.recompile.se/pipermail/mandos-dev/2013-October/thread.html
> https://mail.recompile.se/pipermail/mandos-dev/2013-November/thread.html
>
> Some work was done then, but support for dracut-based initramfs images
> (which Red Hat uses instead of initramfs-tools from Debian) remained to
> be done.
>
> Then, in April 2019, Erik Logtenberg <erik at logtenberg.eu> asked a
> question in message-id: <75058487.4.1554127381403 at ox.logtenberg.eu>
> with my answer in July in message-id: <87a7czsrsd.fsf at recompile.se>
>
> Archive URLs:
>
> https://mail.recompile.se/pipermail/mandos-dev/2019-April/000406.html
> https://mail.recompile.se/pipermail/mandos-dev/2019-July/000418.html
>
> In the answer, I announced the upcoming support for dracut-based
> initramfs images. This was released with Mandos 1.8.5 on July 30, 2019.
>
> Therefore, in principle, it should, since then, be possible to support
> Red Hat/Fedora systems, but we have not heard of anyone working on it,
> and we do not run Red Hat-based systems ourselves.
>
> /Teddy Hogeborn
>
> --
> The Mandos Project
> https://www.recompile.se/mandos
Thanks a lot for that lookup. As I understood these threads at least
Nathanael was able to get Mandos running with Fedora.
I've tried in Rocky Linux by converting the latest mandos deb
mandos-client_1.8.16-1~bpo9+1_amd64.deb via alien into a rpm package.
Obviously that package has a dependency of avahi and avahi-libs, after
installing these I could install mandos-client as well and got working check
results by the mandos server.
But if I restart the client it doesn't decrypt the root fs and also
doesn't send any package/request to the server. To recreate the
initramfs via dracut --force doesn't change this. Maybe it doesn't
install any mandos plugin or something like that to the initramfs, as I
can't grep anything mandos like in lsinitrd.
I don't know if any of these information is helpful or if anyone has
another idea how to get it working. Else I maybe have to change the OS or
figure out clevis and tang, any ideas about this?
All the best,
Sinni
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev
More information about the Mandos-Dev
mailing list