$Id$
This code should work but is not fully tested
Introduction
------------
There are 2 main jobs that the enforcerd has to perform:
1) keygeneration - i.e. make sure that there are enough keys for all of the zones
and
2) communication - i.e. take the policy and key information from the KASP database
and turn it into an xml file that the signer can use.
Pre-requisites
--------------
1) libksm needs to have been at least built, if not installed.
(Note that whether we will use MySQL or sqlite is decided at the time that
libksm is built.)
2) libhsm
Building the Software
---------------------
If from svn then you need to run ./autogen.sh
To build just run ./configure; make; make install
Note that setting CFLAGS to "-g" before the configure stage ensures that the final binary is built with the optimizer turned off. (overrides the default -g -O2)
The following options can be passed to configure;
--prefix=
Installation directory. All files will be
installed relative to this path.
--with-libksm= Where you installed libksm
--with-libhsm= Where you installed libhsm
Running enforcerd
------------------------
Once built the enforcerd binary takes the following options:
-1 run once and then exit
-d debug mode (do not daemonise)
-P overwrite the default pidfile location
-h -? show help and exit
-v show version and exit
Your LD_LIBRARY_PATH environment variable will need to include the libksm libs.
Note that currently the output is hardcoded to go to the current working directory; this will be fixed when it reads the config file properly
Debuging
--------
Warning: DO NOT TRY THIS EXCEPT FOR DEBUGGING PURPOSES
If the enforcer is build with the '--enable-timeshift' option, one can
override the system clock using the ENFORCER_TIMESHIFT environment variable.
ENFORCER_TIMESHIFT should be set to the timestamp (in YYYYMMDDHHMMSS format).
When running with timeshift, the program will run once only and exit.