$Id$ This code should work but is not fully tested Introduction ------------ There are 2 main jobs that the enforcerd has to perform: 1) keygeneration - i.e. make sure that there are enough keys for all of the zones and 2) communication - i.e. take the policy and key information from the KASP database and turn it into an xml file that the signer can use. Pre-requisites -------------- 1) libksm needs to have been at least built, if not installed. (Note that whether we will use MySQL or sqlite is decided at the time that libksm is built.) 2) libhsm Building the Software --------------------- If from svn then you need to run ./autogen.sh To build just run ./configure; make; make install Note that setting CFLAGS to "-g" before the configure stage ensures that the final binary is built with the optimizer turned off. (overrides the default -g -O2) The following options can be passed to configure; --prefix= Installation directory. All files will be installed relative to this path. --with-libksm= Where you installed libksm --with-libhsm= Where you installed libhsm Running enforcerd ------------------------ Once built the enforcerd binary takes the following options: -1 run once and then exit -d debug mode (do not daemonise) -P overwrite the default pidfile location -h -? show help and exit -v show version and exit Your LD_LIBRARY_PATH environment variable will need to include the libksm libs. Note that currently the output is hardcoded to go to the current working directory; this will be fixed when it reads the config file properly Debuging -------- Warning: DO NOT TRY THIS EXCEPT FOR DEBUGGING PURPOSES If the enforcer is build with the '--enable-timeshift' option, one can override the system clock using the ENFORCER_TIMESHIFT environment variable. ENFORCER_TIMESHIFT should be set to the timestamp (in YYYYMMDDHHMMSS format). When running with timeshift, the program will run once only and exit.