Some starting documents

Teddy Hogeborn teddy at recompile.se
Sun Dec 2 17:12:35 CET 2012 

Dick Middleton <dick at fouter.net> writes:

> On 11/30/12 09:19, Zenny wrote:
>
>> I happen to see your nice application just today and feel like
>> deploying. Unfortunately I am getting errors while installing
>> mados-client in embedded debian squeeze (voyage linux actually).
>> 
>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>> this digest size
>
> I've had a lot of trouble with keys.  There is a strong suspicion it's
> gnutls causing this.  Try shorter keys and try RSA also if possible
> get the same gnutls library version on server and client.

That particular warning comes from GPG when generating new keys, not
from GnuTLS.  Shorter keys or RSA keys instead of DSA should work fine
too, so that is indeed something to try if one experiences trouble later
on.  But this warning is not a reason to worry.

(The warning concerns interoperability with other OpenPGP
implementations when using DSA keys with the very long key length used
by default by mandos-keygen.  This is not a problem for Mandos since
both the server and client uses GnuPG.)

>> 2) cryptsetup: WARNING: could not determine root device from /etc/fstab
>> 
>> which looks like:
>> root at voyage:~# cat /etc/fstab
>> #/dev/hda1       /       ext2    defaults,noatime,rw     0       0
>
> You've commented it out!  Whether it is a real partition or a LUKS
> partition it needs to be here.

Yes.  Probably something like /dev/mapper/voyage-root instead of
/dev/hda1, but all this should have been automatically set up by the
Debian installation.  (Converting from a non-encrypted file system to an
encrypted one is somewhat involved and the few times I've done it I did
it by hand using various custom strategies each time.)

> The documentation on the website and supplied is probably the best.
> It is concise though so read very carefully.  If you need something
> more cuddly you'll need to google.

:-)

We apologize for the terseness of the documentation, but when having
limited resources when writing documentation it's a choice of being
complete or verbose; we chose completeness.

/Teddy

More information about the Mandos-Dev mailing list