/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2008-07-20 06:33:48 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8
* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
6
 
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
 
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
35
 
 
36
 
# If BROKEN_PIE is set, do not build with -pie
37
 
ifndef BROKEN_PIE
38
 
FORTIFY += -fPIE
39
 
LINK_FORTIFY += -pie
40
 
endif
41
 
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
 
htmldir:=man
46
 
version:=1.8.6
47
 
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
 
 
50
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
 
        || getent passwd nobody || echo 65534)))
52
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
 
        || getent group nogroup || echo 65534)))
54
 
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
56
 
 
57
 
## Use these settings for a traditional /usr/local install
58
 
# PREFIX:=$(DESTDIR)/usr/local
59
 
# CONFDIR:=$(DESTDIR)/etc/mandos
60
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
 
# MANDIR:=$(PREFIX)/man
62
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
 
# LIBDIR:=$(PREFIX)/lib
66
 
##
67
 
 
68
 
## These settings are for a package-type install
69
 
PREFIX:=$(DESTDIR)/usr
70
 
CONFDIR:=$(DESTDIR)/etc/mandos
71
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
 
MANDIR:=$(PREFIX)/share/man
73
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
 
LIBDIR:=$(shell \
77
 
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
 
                        echo "$(DESTDIR)$$d"; \
83
 
                        break; \
84
 
                fi; \
85
 
        done)
86
 
##
87
 
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
 
93
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
94
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
95
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
96
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
97
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
98
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
99
 
        getconf LFS_LDFLAGS)
100
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
101
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
102
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
103
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
104
 
 
105
 
# Do not change these two
106
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
107
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
108
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
109
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
110
 
 
111
 
# Commands to format a DocBook <refentry> document into a manual page
112
 
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
113
 
        --param man.charmap.use.subset          0 \
114
 
        --param make.year.ranges                1 \
115
 
        --param make.single.year.ranges         1 \
116
 
        --param man.output.quietly              1 \
117
 
        --param man.authors.section.enabled     0 \
118
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
119
 
        $(notdir $<); \
120
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
121
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
122
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
123
 
        $(notdir $@); fi >/dev/null)
124
 
 
125
 
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
126
 
        --param make.year.ranges                1 \
127
 
        --param make.single.year.ranges         1 \
128
 
        --param man.output.quietly              1 \
129
 
        --param man.authors.section.enabled     0 \
130
 
        --param citerefentry.link               1 \
131
 
        --output $@ \
132
 
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
133
 
        $<; $(HTMLPOST) $@)
134
 
# Fix citerefentry links
135
 
HTMLPOST:=$(SED) --in-place \
136
 
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
137
 
 
138
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
139
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
140
 
        plugins.d/plymouth
141
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
142
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
143
 
        $(PLUGIN_HELPERS)
144
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
145
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
146
 
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
147
 
        dracut-module/password-agent.8mandos \
148
 
        plugins.d/mandos-client.8mandos \
149
 
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
150
 
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
151
 
        plugins.d/plymouth.8mandos intro.8mandos
152
 
 
153
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
154
 
 
155
 
objects:=$(addsuffix .o,$(CPROGS))
156
 
 
157
 
all: $(PROGS) mandos.lsm
158
 
 
159
 
doc: $(DOCS)
160
 
 
161
 
html: $(htmldocs)
162
 
 
163
 
%.5: %.xml common.ent legalnotice.xml
164
 
        $(DOCBOOKTOMAN)
165
 
%.5.xhtml: %.xml common.ent legalnotice.xml
166
 
        $(DOCBOOKTOHTML)
167
 
 
168
 
%.8: %.xml common.ent legalnotice.xml
169
 
        $(DOCBOOKTOMAN)
170
 
%.8.xhtml: %.xml common.ent legalnotice.xml
171
 
        $(DOCBOOKTOHTML)
172
 
 
173
 
%.8mandos: %.xml common.ent legalnotice.xml
174
 
        $(DOCBOOKTOMAN)
175
 
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
176
 
        $(DOCBOOKTOHTML)
177
 
 
178
 
intro.8mandos: intro.xml common.ent legalnotice.xml
179
 
        $(DOCBOOKTOMAN)
180
 
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
181
 
        $(DOCBOOKTOHTML)
182
 
 
183
 
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
184
 
                legalnotice.xml
185
 
        $(DOCBOOKTOMAN)
186
 
mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \
187
 
                overview.xml legalnotice.xml
188
 
        $(DOCBOOKTOHTML)
189
 
 
190
 
mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \
191
 
                legalnotice.xml
192
 
        $(DOCBOOKTOMAN)
193
 
mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \
194
 
                 legalnotice.xml
195
 
        $(DOCBOOKTOHTML)
196
 
 
197
 
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
198
 
                legalnotice.xml
199
 
        $(DOCBOOKTOMAN)
200
 
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
201
 
                 legalnotice.xml
202
 
        $(DOCBOOKTOHTML)
203
 
 
204
 
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
205
 
                legalnotice.xml
206
 
        $(DOCBOOKTOMAN)
207
 
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
208
 
                 legalnotice.xml
209
 
        $(DOCBOOKTOHTML)
210
 
 
211
 
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
212
 
                legalnotice.xml
213
 
        $(DOCBOOKTOMAN)
214
 
mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \
215
 
                legalnotice.xml
216
 
        $(DOCBOOKTOHTML)
217
 
 
218
 
plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \
219
 
                legalnotice.xml
220
 
        $(DOCBOOKTOMAN)
221
 
plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \
222
 
                overview.xml legalnotice.xml
223
 
        $(DOCBOOKTOHTML)
224
 
 
225
 
dracut-module/password-agent.8mandos: \
226
 
                dracut-module/password-agent.xml common.ent \
227
 
                overview.xml legalnotice.xml
228
 
        $(DOCBOOKTOMAN)
229
 
dracut-module/password-agent.8mandos.xhtml: \
230
 
                dracut-module/password-agent.xml common.ent \
231
 
                overview.xml legalnotice.xml
232
 
        $(DOCBOOKTOHTML)
233
 
 
234
 
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
235
 
                                        common.ent \
236
 
                                        mandos-options.xml \
237
 
                                        overview.xml legalnotice.xml
238
 
        $(DOCBOOKTOMAN)
239
 
plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \
240
 
                                        common.ent \
241
 
                                        mandos-options.xml \
242
 
                                        overview.xml legalnotice.xml
243
 
        $(DOCBOOKTOHTML)
244
 
 
245
 
# Update all these files with version number $(version)
246
 
common.ent: Makefile
247
 
        $(strip $(SED) --in-place \
248
 
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
249
 
                $@)
250
 
 
251
 
mandos: Makefile
252
 
        $(strip $(SED) --in-place \
253
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
254
 
                $@)
255
 
 
256
 
mandos-keygen: Makefile
257
 
        $(strip $(SED) --in-place \
258
 
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
259
 
                $@)
260
 
 
261
 
mandos-ctl: Makefile
262
 
        $(strip $(SED) --in-place \
263
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
264
 
                $@)
265
 
 
266
 
mandos-monitor: Makefile
267
 
        $(strip $(SED) --in-place \
268
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
269
 
                $@)
270
 
 
271
 
mandos.lsm: Makefile
272
 
        $(strip $(SED) --in-place \
273
 
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
274
 
                $@)
275
 
        $(strip $(SED) --in-place \
276
 
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
277
 
                $@)
278
 
        $(strip $(SED) --in-place \
279
 
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
280
 
                $@)
281
 
 
282
 
# Need to add the GnuTLS, Avahi and GPGME libraries
283
 
plugins.d/mandos-client: plugins.d/mandos-client.c
284
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
285
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
286
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
287
 
                ) $(LDLIBS) -o $@
288
 
 
289
 
# Need to add the libnl-route library
290
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
291
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
292
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
293
 
 
294
 
# Need to add the GLib and pthread libraries
295
 
dracut-module/password-agent: dracut-module/password-agent.c
296
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
297
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
298
 
 
299
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
300
 
        check run-client run-server install install-html \
301
 
        install-server install-client-nokey install-client uninstall \
302
 
        uninstall-server uninstall-client purge purge-server \
303
 
        purge-client
 
1
CFLAGS=-Wall -g -std=gnu99
 
2
LDFLAGS=-lgnutls
 
3
 
 
4
all: plugbasedclient
304
5
 
305
6
clean:
306
 
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
307
 
 
308
 
distclean: clean
309
 
mostlyclean: clean
310
 
maintainer-clean: clean
311
 
        -rm --force --recursive keydir confdir statedir
312
 
 
313
 
check: all
314
 
        ./mandos --check
315
 
        ./mandos-ctl --check
316
 
        ./mandos-keygen --version
317
 
        ./plugin-runner --version
318
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
319
 
        ./dracut-module/password-agent --test
320
 
 
321
 
# Run the client with a local config and key
322
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
323
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
324
 
        @echo '######################################################'
325
 
        @echo '# The following error messages are harmless and can  #'
326
 
        @echo '#  be safely ignored:                                #'
327
 
        @echo '## From plugin-runner:                               #'
328
 
        @echo '# setgid: Operation not permitted                    #'
329
 
        @echo '# setuid: Operation not permitted                    #'
330
 
        @echo '## From askpass-fifo:                                #'
331
 
        @echo '# mkfifo: Permission denied                          #'
332
 
        @echo '## From mandos-client:                               #'
333
 
        @echo '# Failed to raise privileges: Operation not permi... #'
334
 
        @echo '# Warning: network hook "*" exited with status *     #'
335
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
336
 
        @echo '# Failed to bring up interface "*": Operation not... #'
337
 
        @echo '#                                                    #'
338
 
        @echo '# (The messages are caused by not running as root,   #'
339
 
        @echo '# but you should NOT run "make run-client" as root   #'
340
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
341
 
        @echo '# root, which is also NOT recommended.)              #'
342
 
        @echo '######################################################'
343
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
344
 
        ./plugin-runner --plugin-dir=plugins.d \
345
 
                --plugin-helper-dir=plugin-helpers \
346
 
                --config-file=plugin-runner.conf \
347
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
348
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
349
 
                $(CLIENTARGS)
350
 
 
351
 
# Used by run-client
352
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
353
 
        install --directory keydir
354
 
        ./mandos-keygen --dir keydir --force
355
 
 
356
 
# Run the server with a local config
357
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
358
 
        ./mandos --debug --no-dbus --configdir=confdir \
359
 
                --statedir=statedir $(SERVERARGS)
360
 
 
361
 
# Used by run-server
362
 
confdir/mandos.conf: mandos.conf
363
 
        install --directory confdir
364
 
        install --mode=u=rw,go=r $^ $@
365
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
366
 
        install --directory confdir
367
 
        install --mode=u=rw $< $@
368
 
# Add a client password
369
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
370
 
statedir:
371
 
        install --directory statedir
372
 
 
373
 
install: install-server install-client-nokey
374
 
 
375
 
install-html: html
376
 
        install --directory $(htmldir)
377
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
378
 
                $(htmldocs)
379
 
 
380
 
install-server: doc
381
 
        install --directory $(CONFDIR)
382
 
        if install --directory --mode=u=rwx --owner=$(USER) \
383
 
                --group=$(GROUP) $(STATEDIR); then \
384
 
                :; \
385
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
386
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
387
 
        fi
388
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
389
 
                        -a -d "$(TMPFILES)" ]; then \
390
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
391
 
                        $(TMPFILES)/mandos.conf; \
392
 
        fi
393
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
394
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
395
 
                mandos-ctl
396
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
397
 
                mandos-monitor
398
 
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
399
 
                mandos.conf
400
 
        install --mode=u=rw --target-directory=$(CONFDIR) \
401
 
                clients.conf
402
 
        install --mode=u=rw,go=r dbus-mandos.conf \
403
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
404
 
        install --mode=u=rwx,go=rx init.d-mandos \
405
 
                $(DESTDIR)/etc/init.d/mandos
406
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
407
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
408
 
        fi
409
 
        install --mode=u=rw,go=r default-mandos \
410
 
                $(DESTDIR)/etc/default/mandos
411
 
        if [ -z $(DESTDIR) ]; then \
412
 
                update-rc.d mandos defaults 25 15;\
413
 
        fi
414
 
        gzip --best --to-stdout mandos.8 \
415
 
                > $(MANDIR)/man8/mandos.8.gz
416
 
        gzip --best --to-stdout mandos-monitor.8 \
417
 
                > $(MANDIR)/man8/mandos-monitor.8.gz
418
 
        gzip --best --to-stdout mandos-ctl.8 \
419
 
                > $(MANDIR)/man8/mandos-ctl.8.gz
420
 
        gzip --best --to-stdout mandos.conf.5 \
421
 
                > $(MANDIR)/man5/mandos.conf.5.gz
422
 
        gzip --best --to-stdout mandos-clients.conf.5 \
423
 
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
424
 
        gzip --best --to-stdout intro.8mandos \
425
 
                > $(MANDIR)/man8/intro.8mandos.gz
426
 
 
427
 
install-client-nokey: all doc
428
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
429
 
        install --directory --mode=u=rwx $(KEYDIR) \
430
 
                $(LIBDIR)/mandos/plugins.d \
431
 
                $(LIBDIR)/mandos/plugin-helpers
432
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
433
 
                install --mode=u=rwx \
434
 
                        --directory "$(CONFDIR)/plugins.d" \
435
 
                        "$(CONFDIR)/plugin-helpers"; \
436
 
        fi
437
 
        install --mode=u=rwx,go=rx --directory \
438
 
                "$(CONFDIR)/network-hooks.d"
439
 
        install --mode=u=rwx,go=rx \
440
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
441
 
        install --mode=u=rwx,go=rx \
442
 
                --target-directory=$(LIBDIR)/mandos \
443
 
                mandos-to-cryptroot-unlock
444
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
445
 
                mandos-keygen
446
 
        install --mode=u=rwx,go=rx \
447
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
448
 
                plugins.d/password-prompt
449
 
        install --mode=u=rwxs,go=rx \
450
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
451
 
                plugins.d/mandos-client
452
 
        install --mode=u=rwxs,go=rx \
453
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
454
 
                plugins.d/usplash
455
 
        install --mode=u=rwxs,go=rx \
456
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
457
 
                plugins.d/splashy
458
 
        install --mode=u=rwxs,go=rx \
459
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
460
 
                plugins.d/askpass-fifo
461
 
        install --mode=u=rwxs,go=rx \
462
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
463
 
                plugins.d/plymouth
464
 
        install --mode=u=rwx,go=rx \
465
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
466
 
                plugin-helpers/mandos-client-iprouteadddel
467
 
        install initramfs-tools-hook \
468
 
                $(INITRAMFSTOOLS)/hooks/mandos
469
 
        install --mode=u=rw,go=r initramfs-tools-conf \
470
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
471
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
472
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
473
 
        install initramfs-tools-script \
474
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
475
 
        install initramfs-tools-script-stop \
476
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
477
 
        install --directory $(DRACUTMODULE)
478
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
479
 
                dracut-module/ask-password-mandos.path \
480
 
                dracut-module/ask-password-mandos.service
481
 
        install --mode=u=rwxs,go=rx \
482
 
                --target-directory=$(DRACUTMODULE) \
483
 
                dracut-module/module-setup.sh \
484
 
                dracut-module/cmdline-mandos.sh \
485
 
                dracut-module/password-agent
486
 
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
487
 
        gzip --best --to-stdout mandos-keygen.8 \
488
 
                > $(MANDIR)/man8/mandos-keygen.8.gz
489
 
        gzip --best --to-stdout plugin-runner.8mandos \
490
 
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
491
 
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
492
 
                > $(MANDIR)/man8/mandos-client.8mandos.gz
493
 
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
494
 
                > $(MANDIR)/man8/password-prompt.8mandos.gz
495
 
        gzip --best --to-stdout plugins.d/usplash.8mandos \
496
 
                > $(MANDIR)/man8/usplash.8mandos.gz
497
 
        gzip --best --to-stdout plugins.d/splashy.8mandos \
498
 
                > $(MANDIR)/man8/splashy.8mandos.gz
499
 
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
500
 
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
501
 
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
502
 
                > $(MANDIR)/man8/plymouth.8mandos.gz
503
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
504
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
505
 
 
506
 
install-client: install-client-nokey
507
 
# Post-installation stuff
508
 
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
509
 
        if command -v update-initramfs >/dev/null; then \
510
 
            update-initramfs -k all -u; \
511
 
        elif command -v dracut >/dev/null; then \
512
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
513
 
                if [ -w "$$initrd" ]; then \
514
 
                    chmod go-r "$$initrd"; \
515
 
                    dracut --force "$$initrd"; \
516
 
                fi; \
517
 
            done; \
518
 
        fi
519
 
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
520
 
 
521
 
uninstall: uninstall-server uninstall-client
522
 
 
523
 
uninstall-server:
524
 
        -rm --force $(PREFIX)/sbin/mandos \
525
 
                $(PREFIX)/sbin/mandos-ctl \
526
 
                $(PREFIX)/sbin/mandos-monitor \
527
 
                $(MANDIR)/man8/mandos.8.gz \
528
 
                $(MANDIR)/man8/mandos-monitor.8.gz \
529
 
                $(MANDIR)/man8/mandos-ctl.8.gz \
530
 
                $(MANDIR)/man5/mandos.conf.5.gz \
531
 
                $(MANDIR)/man5/mandos-clients.conf.5.gz
532
 
        update-rc.d -f mandos remove
533
 
        -rmdir $(CONFDIR)
534
 
 
535
 
uninstall-client:
536
 
# Refuse to uninstall client if /etc/crypttab is explicitly configured
537
 
# to use it.
538
 
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
539
 
                $(DESTDIR)/etc/crypttab
540
 
        -rm --force $(PREFIX)/sbin/mandos-keygen \
541
 
                $(LIBDIR)/mandos/plugin-runner \
542
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
543
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
544
 
                $(LIBDIR)/mandos/plugins.d/usplash \
545
 
                $(LIBDIR)/mandos/plugins.d/splashy \
546
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
547
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
548
 
                $(INITRAMFSTOOLS)/hooks/mandos \
549
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
550
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
551
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
552
 
                $(DRACUTMODULE)/ask-password-mandos.path \
553
 
                $(DRACUTMODULE)/ask-password-mandos.service \
554
 
                $(DRACUTMODULE)/module-setup.sh \
555
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
556
 
                $(DRACUTMODULE)/password-agent \
557
 
                $(MANDIR)/man8/mandos-keygen.8.gz \
558
 
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
559
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
560
 
                $(MANDIR)/man8/password-prompt.8mandos.gz \
561
 
                $(MANDIR)/man8/usplash.8mandos.gz \
562
 
                $(MANDIR)/man8/splashy.8mandos.gz \
563
 
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
564
 
                $(MANDIR)/man8/plymouth.8mandos.gz \
565
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
566
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
567
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
568
 
        if command -v update-initramfs >/dev/null; then \
569
 
            update-initramfs -k all -u; \
570
 
        elif command -v dracut >/dev/null; then \
571
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
572
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
573
 
            done; \
574
 
        fi
575
 
 
576
 
purge: purge-server purge-client
577
 
 
578
 
purge-server: uninstall-server
579
 
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
580
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
581
 
                $(DESTDIR)/etc/default/mandos \
582
 
                $(DESTDIR)/etc/init.d/mandos \
583
 
                $(SYSTEMD)/mandos.service \
584
 
                $(DESTDIR)/run/mandos.pid \
585
 
                $(DESTDIR)/var/run/mandos.pid
586
 
        -rmdir $(CONFDIR)
587
 
 
588
 
purge-client: uninstall-client
589
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
590
 
        -rm --force $(CONFDIR)/plugin-runner.conf \
591
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
592
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
593
 
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
 
7
        rm -f plugbasedclient