[Ach] CIPHERSTRINGB macro in config files

Bertuch, Oliver o.bertuch at fz-juelich.de
Fri Oct 10 10:16:23 CEST 2014

Dear list,

let me open this thread to continue the discussion rising in GitHub PR
74 [1].

Tobias wrote:
> [...]
> The TeX files take what is there, it is about the linked
> (example-)config files.
> Yes, it is theoretically possible to use macros and the like for
> included stuff (We had that), but it is
> painful and produces sub-standard output.
> IMHO a working way would be:
>  1. Have all config files (from |src/configuration/|) moved to a
>     template (eg, |configuration.template/|)
>  2. Replace hard-coded cipherstring with @@CIPHERSTRINGB@@
Agreed. What about the special cipherstrings for the Webserver configs?
These are quite different from CIPHERSTRINGA and CIPHERSTRINGB. To be
consistent within the guide, these "exceptions" should be replaced. But
then what about OpenSSH configs? Those are in no way going to fit to a
normal cipher string.

Maybe we should define some well described exeptions (why, what,
differences to A/B, ...), which have their own macro?
> And then to produce something usable:
>  1. Run a |sed| cmd on every file file in |configuration.template| and
>     put them into |configuration| (or |src/configuration| for that matter
>  2. “Deliver” only files from the build configurations (/not/ the
>     templates)
>       * via the repository (i.e., update the |configuration| folder on
>         every change to the cipherstring)
>       * via the bettercrypto site
>       * in the generated TeX output
>       * (in hypothetical ebooks and whatnot…)
Sed is a good option, available on most Linux systems.

Maybe do something like this:
- create new branch "delivery"
- in branch master, provide the templates
- in branch delivery, provide the "compiled" stuff
- changes in master get merged into delivery, preferably via CI (Travis?)
- delivery is the base for every further action like PDF rendering,
HTML, ebooks, ... (maybe generated via CI?)

One pitfall I see arising anyway: if one changes this to use templates,
what about the \configfile macro in the TeX sources? There are plenty of
this using something like \configfile{<line1>-<line2>}{<path>}, but in
the templates the line numbers will be different from the ones in the
"compiled" sources.
> [...]
> (I wont have time to do that before November, tho…)
If you are interested, I am willing to contribute to this. My employer
is somewhat interested in this... ;)


[1] https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/74

Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141010/6a1cca27/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4999 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141010/6a1cca27/attachment.bin>

More information about the Ach mailing list