/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Björn Påhlsson
  • Date: 2008-07-20 02:52:20 UTC
  • Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6
Added following support:
Pluginbased client handler
rewritten Mandos client
       Avahi instead of udp server discovery
       openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
6
 
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
 
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
35
 
 
36
 
# If BROKEN_PIE is set, do not build with -pie
37
 
ifndef BROKEN_PIE
38
 
FORTIFY += -fPIE
39
 
LINK_FORTIFY += -pie
40
 
endif
41
 
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
htmldir:=man
45
 
version:=1.8.5
46
 
SED:=sed
47
 
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
52
 
 
53
 
## Use these settings for a traditional /usr/local install
54
 
# PREFIX:=$(DESTDIR)/usr/local
55
 
# CONFDIR:=$(DESTDIR)/etc/mandos
56
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
 
# MANDIR:=$(PREFIX)/man
58
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
59
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
60
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
61
 
# LIBDIR:=$(PREFIX)/lib
62
 
##
63
 
 
64
 
## These settings are for a package-type install
65
 
PREFIX:=$(DESTDIR)/usr
66
 
CONFDIR:=$(DESTDIR)/etc/mandos
67
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
68
 
MANDIR:=$(PREFIX)/share/man
69
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
70
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
71
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
72
 
LIBDIR:=$(shell \
73
 
        for d in \
74
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
75
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
76
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
77
 
                        echo "$(DESTDIR)$$d"; \
78
 
                        break; \
79
 
                fi; \
80
 
        done)
81
 
##
82
 
 
83
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
84
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
85
 
 
86
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
87
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
88
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
89
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
90
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
91
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
92
 
        getconf LFS_LDFLAGS)
93
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
94
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
95
 
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
96
 
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
97
 
 
98
 
# Do not change these two
99
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
100
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
101
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
102
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
103
 
 
104
 
# Commands to format a DocBook <refentry> document into a manual page
105
 
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
106
 
        --param man.charmap.use.subset          0 \
107
 
        --param make.year.ranges                1 \
108
 
        --param make.single.year.ranges         1 \
109
 
        --param man.output.quietly              1 \
110
 
        --param man.authors.section.enabled     0 \
111
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
112
 
        $(notdir $<); \
113
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
114
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
115
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
116
 
        $(notdir $@); fi >/dev/null)
117
 
 
118
 
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
119
 
        --param make.year.ranges                1 \
120
 
        --param make.single.year.ranges         1 \
121
 
        --param man.output.quietly              1 \
122
 
        --param man.authors.section.enabled     0 \
123
 
        --param citerefentry.link               1 \
124
 
        --output $@ \
125
 
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
126
 
        $<; $(HTMLPOST) $@)
127
 
# Fix citerefentry links
128
 
HTMLPOST:=$(SED) --in-place \
129
 
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
130
 
 
131
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
132
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
133
 
        plugins.d/plymouth
134
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
135
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
136
 
        $(PLUGIN_HELPERS)
137
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
138
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
139
 
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
140
 
        dracut-module/password-agent.8mandos \
141
 
        plugins.d/mandos-client.8mandos \
142
 
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
143
 
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
144
 
        plugins.d/plymouth.8mandos intro.8mandos
145
 
 
146
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
147
 
 
148
 
objects:=$(addsuffix .o,$(CPROGS))
149
 
 
150
 
all: $(PROGS) mandos.lsm
151
 
 
152
 
doc: $(DOCS)
153
 
 
154
 
html: $(htmldocs)
155
 
 
156
 
%.5: %.xml common.ent legalnotice.xml
157
 
        $(DOCBOOKTOMAN)
158
 
%.5.xhtml: %.xml common.ent legalnotice.xml
159
 
        $(DOCBOOKTOHTML)
160
 
 
161
 
%.8: %.xml common.ent legalnotice.xml
162
 
        $(DOCBOOKTOMAN)
163
 
%.8.xhtml: %.xml common.ent legalnotice.xml
164
 
        $(DOCBOOKTOHTML)
165
 
 
166
 
%.8mandos: %.xml common.ent legalnotice.xml
167
 
        $(DOCBOOKTOMAN)
168
 
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
169
 
        $(DOCBOOKTOHTML)
170
 
 
171
 
intro.8mandos: intro.xml common.ent legalnotice.xml
172
 
        $(DOCBOOKTOMAN)
173
 
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
174
 
        $(DOCBOOKTOHTML)
175
 
 
176
 
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
177
 
                legalnotice.xml
178
 
        $(DOCBOOKTOMAN)
179
 
mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \
180
 
                overview.xml legalnotice.xml
181
 
        $(DOCBOOKTOHTML)
182
 
 
183
 
mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \
184
 
                legalnotice.xml
185
 
        $(DOCBOOKTOMAN)
186
 
mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \
187
 
                 legalnotice.xml
188
 
        $(DOCBOOKTOHTML)
189
 
 
190
 
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
191
 
                legalnotice.xml
192
 
        $(DOCBOOKTOMAN)
193
 
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
194
 
                 legalnotice.xml
195
 
        $(DOCBOOKTOHTML)
196
 
 
197
 
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
198
 
                legalnotice.xml
199
 
        $(DOCBOOKTOMAN)
200
 
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
201
 
                 legalnotice.xml
202
 
        $(DOCBOOKTOHTML)
203
 
 
204
 
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
205
 
                legalnotice.xml
206
 
        $(DOCBOOKTOMAN)
207
 
mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \
208
 
                legalnotice.xml
209
 
        $(DOCBOOKTOHTML)
210
 
 
211
 
plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \
212
 
                legalnotice.xml
213
 
        $(DOCBOOKTOMAN)
214
 
plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \
215
 
                overview.xml legalnotice.xml
216
 
        $(DOCBOOKTOHTML)
217
 
 
218
 
dracut-module/password-agent.8mandos: \
219
 
                dracut-module/password-agent.xml common.ent \
220
 
                overview.xml legalnotice.xml
221
 
        $(DOCBOOKTOMAN)
222
 
dracut-module/password-agent.8mandos.xhtml: \
223
 
                dracut-module/password-agent.xml common.ent \
224
 
                overview.xml legalnotice.xml
225
 
        $(DOCBOOKTOHTML)
226
 
 
227
 
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
228
 
                                        common.ent \
229
 
                                        mandos-options.xml \
230
 
                                        overview.xml legalnotice.xml
231
 
        $(DOCBOOKTOMAN)
232
 
plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \
233
 
                                        common.ent \
234
 
                                        mandos-options.xml \
235
 
                                        overview.xml legalnotice.xml
236
 
        $(DOCBOOKTOHTML)
237
 
 
238
 
# Update all these files with version number $(version)
239
 
common.ent: Makefile
240
 
        $(strip $(SED) --in-place \
241
 
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
242
 
                $@)
243
 
 
244
 
mandos: Makefile
245
 
        $(strip $(SED) --in-place \
246
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
247
 
                $@)
248
 
 
249
 
mandos-keygen: Makefile
250
 
        $(strip $(SED) --in-place \
251
 
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
252
 
                $@)
253
 
 
254
 
mandos-ctl: Makefile
255
 
        $(strip $(SED) --in-place \
256
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
257
 
                $@)
258
 
 
259
 
mandos-monitor: Makefile
260
 
        $(strip $(SED) --in-place \
261
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
262
 
                $@)
263
 
 
264
 
mandos.lsm: Makefile
265
 
        $(strip $(SED) --in-place \
266
 
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
267
 
                $@)
268
 
        $(strip $(SED) --in-place \
269
 
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
270
 
                $@)
271
 
        $(strip $(SED) --in-place \
272
 
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
273
 
                $@)
274
 
 
275
 
# Need to add the GnuTLS, Avahi and GPGME libraries
276
 
plugins.d/mandos-client: plugins.d/mandos-client.c
277
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
278
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
279
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
280
 
                ) $(LDLIBS) -o $@
281
 
 
282
 
# Need to add the libnl-route library
283
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
284
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
285
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
286
 
 
287
 
# Need to add the GLib and pthread libraries
288
 
dracut-module/password-agent: dracut-module/password-agent.c
289
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
290
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
291
 
 
292
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
293
 
        check run-client run-server install install-html \
294
 
        install-server install-client-nokey install-client uninstall \
295
 
        uninstall-server uninstall-client purge purge-server \
296
 
        purge-client
 
1
CFLAGS="-Wall -std=gnu99"
 
2
LDFLAGS=-lgnutls
 
3
 
 
4
all: plugbasedclient
297
5
 
298
6
clean:
299
 
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
300
 
 
301
 
distclean: clean
302
 
mostlyclean: clean
303
 
maintainer-clean: clean
304
 
        -rm --force --recursive keydir confdir statedir
305
 
 
306
 
check: all
307
 
        ./mandos --check
308
 
        ./mandos-ctl --check
309
 
        ./mandos-keygen --version
310
 
        ./plugin-runner --version
311
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
312
 
        ./dracut-module/password-agent --test
313
 
 
314
 
# Run the client with a local config and key
315
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
316
 
        @echo "###################################################################"
317
 
        @echo "# The following error messages are harmless and can be safely     #"
318
 
        @echo "# ignored:                                                        #"
319
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
320
 
        @echo "#                     setuid: Operation not permitted             #"
321
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
322
 
        @echo "# From mandos-client:                                             #"
323
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
324
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
325
 
        @echo "#                                                                 #"
326
 
        @echo "# (The messages are caused by not running as root, but you should #"
327
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
328
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
329
 
        @echo "###################################################################"
330
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
331
 
        ./plugin-runner --plugin-dir=plugins.d \
332
 
                --plugin-helper-dir=plugin-helpers \
333
 
                --config-file=plugin-runner.conf \
334
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
335
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
336
 
                $(CLIENTARGS)
337
 
 
338
 
# Used by run-client
339
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
340
 
        install --directory keydir
341
 
        ./mandos-keygen --dir keydir --force
342
 
 
343
 
# Run the server with a local config
344
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
345
 
        ./mandos --debug --no-dbus --configdir=confdir \
346
 
                --statedir=statedir $(SERVERARGS)
347
 
 
348
 
# Used by run-server
349
 
confdir/mandos.conf: mandos.conf
350
 
        install --directory confdir
351
 
        install --mode=u=rw,go=r $^ $@
352
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
353
 
        install --directory confdir
354
 
        install --mode=u=rw $< $@
355
 
# Add a client password
356
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
357
 
statedir:
358
 
        install --directory statedir
359
 
 
360
 
install: install-server install-client-nokey
361
 
 
362
 
install-html: html
363
 
        install --directory $(htmldir)
364
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
365
 
                $(htmldocs)
366
 
 
367
 
install-server: doc
368
 
        install --directory $(CONFDIR)
369
 
        if install --directory --mode=u=rwx --owner=$(USER) \
370
 
                --group=$(GROUP) $(STATEDIR); then \
371
 
                :; \
372
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
373
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
374
 
        fi
375
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
376
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
377
 
                        $(TMPFILES)/mandos.conf; \
378
 
        fi
379
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
380
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
381
 
                mandos-ctl
382
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
383
 
                mandos-monitor
384
 
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
385
 
                mandos.conf
386
 
        install --mode=u=rw --target-directory=$(CONFDIR) \
387
 
                clients.conf
388
 
        install --mode=u=rw,go=r dbus-mandos.conf \
389
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
390
 
        install --mode=u=rwx,go=rx init.d-mandos \
391
 
                $(DESTDIR)/etc/init.d/mandos
392
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
393
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
394
 
        fi
395
 
        install --mode=u=rw,go=r default-mandos \
396
 
                $(DESTDIR)/etc/default/mandos
397
 
        if [ -z $(DESTDIR) ]; then \
398
 
                update-rc.d mandos defaults 25 15;\
399
 
        fi
400
 
        gzip --best --to-stdout mandos.8 \
401
 
                > $(MANDIR)/man8/mandos.8.gz
402
 
        gzip --best --to-stdout mandos-monitor.8 \
403
 
                > $(MANDIR)/man8/mandos-monitor.8.gz
404
 
        gzip --best --to-stdout mandos-ctl.8 \
405
 
                > $(MANDIR)/man8/mandos-ctl.8.gz
406
 
        gzip --best --to-stdout mandos.conf.5 \
407
 
                > $(MANDIR)/man5/mandos.conf.5.gz
408
 
        gzip --best --to-stdout mandos-clients.conf.5 \
409
 
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
410
 
        gzip --best --to-stdout intro.8mandos \
411
 
                > $(MANDIR)/man8/intro.8mandos.gz
412
 
 
413
 
install-client-nokey: all doc
414
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
415
 
        install --directory --mode=u=rwx $(KEYDIR) \
416
 
                $(LIBDIR)/mandos/plugins.d \
417
 
                $(LIBDIR)/mandos/plugin-helpers
418
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
419
 
                install --mode=u=rwx \
420
 
                        --directory "$(CONFDIR)/plugins.d" \
421
 
                        "$(CONFDIR)/plugin-helpers"; \
422
 
        fi
423
 
        install --mode=u=rwx,go=rx --directory \
424
 
                "$(CONFDIR)/network-hooks.d"
425
 
        install --mode=u=rwx,go=rx \
426
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
427
 
        install --mode=u=rwx,go=rx \
428
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
429
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
430
 
                mandos-keygen
431
 
        install --mode=u=rwx,go=rx \
432
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
433
 
                plugins.d/password-prompt
434
 
        install --mode=u=rwxs,go=rx \
435
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
436
 
                plugins.d/mandos-client
437
 
        install --mode=u=rwxs,go=rx \
438
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
439
 
                plugins.d/usplash
440
 
        install --mode=u=rwxs,go=rx \
441
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
442
 
                plugins.d/splashy
443
 
        install --mode=u=rwxs,go=rx \
444
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
445
 
                plugins.d/askpass-fifo
446
 
        install --mode=u=rwxs,go=rx \
447
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
448
 
                plugins.d/plymouth
449
 
        install --mode=u=rwx,go=rx \
450
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
451
 
                plugin-helpers/mandos-client-iprouteadddel
452
 
        install initramfs-tools-hook \
453
 
                $(INITRAMFSTOOLS)/hooks/mandos
454
 
        install --mode=u=rw,go=r initramfs-tools-conf \
455
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
456
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
457
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
458
 
        install initramfs-tools-script \
459
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
460
 
        install initramfs-tools-script-stop \
461
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
462
 
        install --directory $(DRACUTMODULE)
463
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
464
 
                dracut-module/ask-password-mandos.path \
465
 
                dracut-module/ask-password-mandos.service
466
 
        install --mode=u=rwxs,go=rx \
467
 
                --target-directory=$(DRACUTMODULE) \
468
 
                dracut-module/module-setup.sh \
469
 
                dracut-module/cmdline-mandos.sh \
470
 
                dracut-module/password-agent
471
 
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
472
 
        gzip --best --to-stdout mandos-keygen.8 \
473
 
                > $(MANDIR)/man8/mandos-keygen.8.gz
474
 
        gzip --best --to-stdout plugin-runner.8mandos \
475
 
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
476
 
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
477
 
                > $(MANDIR)/man8/mandos-client.8mandos.gz
478
 
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
479
 
                > $(MANDIR)/man8/password-prompt.8mandos.gz
480
 
        gzip --best --to-stdout plugins.d/usplash.8mandos \
481
 
                > $(MANDIR)/man8/usplash.8mandos.gz
482
 
        gzip --best --to-stdout plugins.d/splashy.8mandos \
483
 
                > $(MANDIR)/man8/splashy.8mandos.gz
484
 
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
485
 
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
486
 
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
487
 
                > $(MANDIR)/man8/plymouth.8mandos.gz
488
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
489
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
490
 
 
491
 
install-client: install-client-nokey
492
 
# Post-installation stuff
493
 
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
494
 
        if command -v update-initramfs >/dev/null; then \
495
 
            update-initramfs -k all -u; \
496
 
        elif command -v dracut >/dev/null; then \
497
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
498
 
                if [ -w "$$initrd" ]; then \
499
 
                    chmod go-r "$$initrd"; \
500
 
                    dracut --force "$$initrd"; \
501
 
                fi; \
502
 
            done; \
503
 
        fi
504
 
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
505
 
 
506
 
uninstall: uninstall-server uninstall-client
507
 
 
508
 
uninstall-server:
509
 
        -rm --force $(PREFIX)/sbin/mandos \
510
 
                $(PREFIX)/sbin/mandos-ctl \
511
 
                $(PREFIX)/sbin/mandos-monitor \
512
 
                $(MANDIR)/man8/mandos.8.gz \
513
 
                $(MANDIR)/man8/mandos-monitor.8.gz \
514
 
                $(MANDIR)/man8/mandos-ctl.8.gz \
515
 
                $(MANDIR)/man5/mandos.conf.5.gz \
516
 
                $(MANDIR)/man5/mandos-clients.conf.5.gz
517
 
        update-rc.d -f mandos remove
518
 
        -rmdir $(CONFDIR)
519
 
 
520
 
uninstall-client:
521
 
# Refuse to uninstall client if /etc/crypttab is explicitly configured
522
 
# to use it.
523
 
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
524
 
                $(DESTDIR)/etc/crypttab
525
 
        -rm --force $(PREFIX)/sbin/mandos-keygen \
526
 
                $(LIBDIR)/mandos/plugin-runner \
527
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
528
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
529
 
                $(LIBDIR)/mandos/plugins.d/usplash \
530
 
                $(LIBDIR)/mandos/plugins.d/splashy \
531
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
532
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
533
 
                $(INITRAMFSTOOLS)/hooks/mandos \
534
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
535
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
536
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
537
 
                $(DRACUTMODULE)/ask-password-mandos.path \
538
 
                $(DRACUTMODULE)/ask-password-mandos.service \
539
 
                $(DRACUTMODULE)/module-setup.sh \
540
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
541
 
                $(DRACUTMODULE)/password-agent \
542
 
                $(MANDIR)/man8/mandos-keygen.8.gz \
543
 
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
544
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
545
 
                $(MANDIR)/man8/password-prompt.8mandos.gz \
546
 
                $(MANDIR)/man8/usplash.8mandos.gz \
547
 
                $(MANDIR)/man8/splashy.8mandos.gz \
548
 
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
549
 
                $(MANDIR)/man8/plymouth.8mandos.gz \
550
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
551
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
552
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
553
 
        if command -v update-initramfs >/dev/null; then \
554
 
            update-initramfs -k all -u; \
555
 
        elif command -v dracut >/dev/null; then \
556
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
557
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
558
 
            done; \
559
 
        fi
560
 
 
561
 
purge: purge-server purge-client
562
 
 
563
 
purge-server: uninstall-server
564
 
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
565
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
566
 
                $(DESTDIR)/etc/default/mandos \
567
 
                $(DESTDIR)/etc/init.d/mandos \
568
 
                $(SYSTEMD)/mandos.service \
569
 
                $(DESTDIR)/run/mandos.pid \
570
 
                $(DESTDIR)/var/run/mandos.pid
571
 
        -rmdir $(CONFDIR)
572
 
 
573
 
purge-client: uninstall-client
574
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
575
 
        -rm --force $(CONFDIR)/plugin-runner.conf \
576
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
577
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
578
 
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
 
7
        rm -f plugbasedclient
 
8
 
 
9
client_debug: client
 
10
        mv -f client client.tmp
 
11
        $(MAKE) client CXXFLAGS="$(CXXFLAGS) -DDEBUG -DCERT_ROOT=\\\"./\\\""
 
12
        mv client client_debug
 
13
        mv client.tmp client