Version 1.8.10 of Mandos is released

Teddy Hogeborn teddy at recompile.se
Sat Mar 21 19:34:11 CET 2020 

Mandos 1.8.10 is released.  It is a minor release.

This release skips a test which was flaky on arm64 and might have been
flaky on all non-amd64 platforms.  Therefore, this test is now skipped
on all non-amd64 platforms.  Thanks to Michael Biebl <biebl at debian.org>
for reporting this!

This release also fixes a bug in the server when using D-Bus to set the
"Secret" property of a client.

This release also changes the start time of checkers in the server, by
randomizing the start time in order to spread out the running of
checkers.  Thanks to Florian Coulmier <Florian.Coulmier at vadesecure.com>
for reporting this problem!

Additionally, when using systemd, it is now easier to modify command
line arguments for the server, and also for client when using dracut:
For the server, when using systemd, command line options can now be
added to the DAEMON_ARGS variable in /etc/default/mandos, which will be
used by the systemd mandos.service.

For the client, when using systemd and dracut, plugin-runner(8mandos) is
not used, so /etc/mandos/plugin-runner.conf is not used either.
Instead, password-agent(8mandos) is started from an initrd-only systemd
service "ask-password-mandos.service", which used to be hard to modify
to add extra command line options to mandos-client(8mandos).

However, now it is easy:  Create a systemd override file in the
/etc/systemd/system/ask-password-mandos.service.d directory (possibly
using the command "systemctl edit --force ask-password-mandos.service"),
and add the following:

[Service]
Environment="MANDOS_CLIENT_OPTIONS=--debug"

Change --debug to any other option or list of options (like, for
example, --connect and/or --interface) you would like to provide to
mandos-client(8mandos).  (Similarly, it is also possible to set the
PASSWORD_AGENT_OPTIONS environment variable in order to add options to
password-agent(8mandos), but this should not normally be needed.)

Thanks to Swâmi Petaramesh <swami at petaramesh.org> for pointing out this
problem!

Note: If using dracut and systemd, you can, after the system has booted,
see the log messages from the ask-password-mandos systemd service (and,
by extension, any messages from mandos-client(8mandos)) by running the
command "journalctl --boot --unit=ask-password-mandos.service".

Version 1.8.10 (2020-03-21)
* Server
** Fix bug when setting a client's D-Bus "Secret" property
** Start client checkers after a random delay
** When using systemd, allow easier modification of server options
** Better log messages in mandos-monitor
* Client
** When using dracut & systemd, allow easier modification of options

Debian package changes:

* Fix "[INTL:pt] Updated Portuguese translation - debconf messages"
  by including the contributed translation (Closes: #942595)
* Fix "[INTL:nl] Dutch translation of debconf messages" by including the
  contributed translation (Closes: #946006)
* Fix "flaky autopkgtest on arm64" by skipping the flaky test on
  non-amd64 (Closes: #953799)
* debian/control (Standards-Version): Update to "4.5.0".

/Teddy Hogeborn & Björn Påhlsson

-- 
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20200321/beb6b3b1/attachment.sig>

More information about the Mandos-Dev mailing list