/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
 
2
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
 
3
        -Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
5
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
35
 
 
36
 
# If BROKEN_PIE is set, do not build with -pie
37
 
ifndef BROKEN_PIE
38
 
FORTIFY += -fPIE
39
 
LINK_FORTIFY += -pie
40
 
endif
 
6
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
 
7
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
 
8
#       -Wunreachable-code 
 
9
#DEBUG=-ggdb3
 
10
# For info about _FORTIFY_SOURCE, see
 
11
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
 
12
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -pie
 
13
LINK_FORTIFY=-z relro -pie
41
14
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
 
htmldir:=man
46
 
version:=1.8.15
47
 
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
 
 
50
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
 
        || getent passwd nobody || echo 65534)))
52
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
 
        || getent group nogroup || echo 65534)))
54
 
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
 
15
OPTIMIZE=-Os
 
16
LANGUAGE=-std=gnu99
 
17
htmldir=man
 
18
version=1.0.2
 
19
SED=sed
56
20
 
57
21
## Use these settings for a traditional /usr/local install
58
 
# PREFIX:=$(DESTDIR)/usr/local
59
 
# CONFDIR:=$(DESTDIR)/etc/mandos
60
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
 
# MANDIR:=$(PREFIX)/man
62
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
 
# LIBDIR:=$(PREFIX)/lib
 
22
# PREFIX=$(DESTDIR)/usr/local
 
23
# CONFDIR=$(DESTDIR)/etc/mandos
 
24
# KEYDIR=$(DESTDIR)/etc/mandos/keys
 
25
# MANDIR=$(PREFIX)/man
 
26
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
66
27
##
67
28
 
68
29
## These settings are for a package-type install
69
 
PREFIX:=$(DESTDIR)/usr
70
 
CONFDIR:=$(DESTDIR)/etc/mandos
71
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
 
MANDIR:=$(PREFIX)/share/man
73
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
 
LIBDIR:=$(shell \
77
 
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
 
                        echo "$(DESTDIR)$$d"; \
83
 
                        break; \
84
 
                fi; \
85
 
        done)
 
30
PREFIX=$(DESTDIR)/usr
 
31
CONFDIR=$(DESTDIR)/etc/mandos
 
32
KEYDIR=$(DESTDIR)/etc/keys/mandos
 
33
MANDIR=$(PREFIX)/share/man
 
34
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
86
35
##
87
36
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
94
 
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
100
 
        || gpgme-config --cflags; getconf LFS_CFLAGS)
101
 
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
102
 
        || gpgme-config --libs; getconf LFS_LIBS; \
103
 
        getconf LFS_LDFLAGS)
104
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
105
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
107
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
37
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
 
38
GNUTLS_LIBS=$(shell libgnutls-config --libs)
 
39
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
40
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
41
GPGME_CFLAGS=$(shell gpgme-config --cflags)
 
42
GPGME_LIBS=$(shell gpgme-config --libs)
108
43
 
109
44
# Do not change these two
110
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
111
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
112
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
113
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
45
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
46
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 
47
        -DVERSION='"$(version)"'
 
48
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY)
114
49
 
115
50
# Commands to format a DocBook <refentry> document into a manual page
116
 
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
 
51
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
117
52
        --param man.charmap.use.subset          0 \
118
53
        --param make.year.ranges                1 \
119
54
        --param make.single.year.ranges         1 \
120
55
        --param man.output.quietly              1 \
121
56
        --param man.authors.section.enabled     0 \
122
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
57
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
123
58
        $(notdir $<); \
124
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
125
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
126
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
127
 
        $(notdir $@); fi >/dev/null)
 
59
        $(MANPOST) $(notdir $@)
 
60
# DocBook-to-man post-processing to fix a '\n' escape bug
 
61
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
128
62
 
129
 
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
 
63
DOCBOOKTOHTML=xsltproc --nonet --xinclude \
130
64
        --param make.year.ranges                1 \
131
65
        --param make.single.year.ranges         1 \
132
66
        --param man.output.quietly              1 \
134
68
        --param citerefentry.link               1 \
135
69
        --output $@ \
136
70
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
137
 
        $<; $(HTMLPOST) $@)
 
71
        $<; $(HTMLPOST) $@
138
72
# Fix citerefentry links
139
 
HTMLPOST:=$(SED) --in-place \
 
73
HTMLPOST=$(SED) --in-place \
140
74
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
141
75
 
142
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
143
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
144
 
        plugins.d/plymouth
145
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
146
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
147
 
        $(PLUGIN_HELPERS)
148
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
149
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
150
 
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
151
 
        dracut-module/password-agent.8mandos \
 
76
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
 
77
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
 
78
CPROGS=plugin-runner $(PLUGINS)
 
79
PROGS=mandos mandos-keygen $(CPROGS)
 
80
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
152
81
        plugins.d/mandos-client.8mandos \
153
 
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
154
 
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
155
 
        plugins.d/plymouth.8mandos intro.8mandos
156
 
 
157
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
158
 
 
159
 
objects:=$(addsuffix .o,$(CPROGS))
160
 
 
161
 
.PHONY: all
 
82
        plugins.d/password-prompt.8mandos mandos.conf.5 \
 
83
        plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
 
84
        plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
 
85
 
 
86
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
87
 
 
88
objects=$(addsuffix .o,$(CPROGS))
 
89
 
162
90
all: $(PROGS) mandos.lsm
163
91
 
164
 
.PHONY: doc
165
92
doc: $(DOCS)
166
93
 
167
 
.PHONY: html
168
94
html: $(htmldocs)
169
95
 
170
96
%.5: %.xml common.ent legalnotice.xml
182
108
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
183
109
        $(DOCBOOKTOHTML)
184
110
 
185
 
intro.8mandos: intro.xml common.ent legalnotice.xml
186
 
        $(DOCBOOKTOMAN)
187
 
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
188
 
        $(DOCBOOKTOHTML)
189
 
 
190
111
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
191
112
                legalnotice.xml
192
113
        $(DOCBOOKTOMAN)
201
122
                 legalnotice.xml
202
123
        $(DOCBOOKTOHTML)
203
124
 
204
 
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
205
 
                legalnotice.xml
206
 
        $(DOCBOOKTOMAN)
207
 
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
208
 
                 legalnotice.xml
209
 
        $(DOCBOOKTOHTML)
210
 
 
211
 
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
212
 
                legalnotice.xml
213
 
        $(DOCBOOKTOMAN)
214
 
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
215
 
                 legalnotice.xml
216
 
        $(DOCBOOKTOHTML)
217
 
 
218
125
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
219
126
                legalnotice.xml
220
127
        $(DOCBOOKTOMAN)
229
136
                overview.xml legalnotice.xml
230
137
        $(DOCBOOKTOHTML)
231
138
 
232
 
dracut-module/password-agent.8mandos: \
233
 
                dracut-module/password-agent.xml common.ent \
234
 
                overview.xml legalnotice.xml
235
 
        $(DOCBOOKTOMAN)
236
 
dracut-module/password-agent.8mandos.xhtml: \
237
 
                dracut-module/password-agent.xml common.ent \
238
 
                overview.xml legalnotice.xml
239
 
        $(DOCBOOKTOHTML)
240
 
 
241
139
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
242
140
                                        common.ent \
243
141
                                        mandos-options.xml \
251
149
 
252
150
# Update all these files with version number $(version)
253
151
common.ent: Makefile
254
 
        $(strip $(SED) --in-place \
255
 
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
256
 
                $@)
 
152
        $(SED) --in-place \
 
153
                --expression='s/^\(<ENTITY VERSION "\)[^"]*">$$/\1$(version)"/' \
 
154
                $@
257
155
 
258
156
mandos: Makefile
259
 
        $(strip $(SED) --in-place \
 
157
        $(SED) --in-place \
260
158
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
261
 
                $@)
 
159
                $@
262
160
 
263
161
mandos-keygen: Makefile
264
 
        $(strip $(SED) --in-place \
 
162
        $(SED) --in-place \
265
163
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
266
 
                $@)
267
 
 
268
 
mandos-ctl: Makefile
269
 
        $(strip $(SED) --in-place \
270
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
271
 
                $@)
272
 
 
273
 
mandos-monitor: Makefile
274
 
        $(strip $(SED) --in-place \
275
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
276
 
                $@)
 
164
                $@
277
165
 
278
166
mandos.lsm: Makefile
279
 
        $(strip $(SED) --in-place \
 
167
        $(SED) --in-place \
280
168
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
281
 
                $@)
282
 
        $(strip $(SED) --in-place \
 
169
                $@
 
170
        $(SED) --in-place \
283
171
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
284
 
                $@)
285
 
        $(strip $(SED) --in-place \
286
 
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
287
 
                $@)
288
 
 
289
 
# Need to add the GnuTLS, Avahi and GPGME libraries
290
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
291
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
292
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
293
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
294
 
 
295
 
# Need to add the libnl-route library
296
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
297
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
298
 
 
299
 
# Need to add the GLib and pthread libraries
300
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
301
 
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
302
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
303
 
 
304
 
.PHONY: clean
 
172
                $@
 
173
 
 
174
plugins.d/mandos-client: plugins.d/mandos-client.o
 
175
        $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
 
176
                $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
 
177
 
 
178
.PHONY : all doc html clean distclean run-client run-server install \
 
179
        install-server install-client uninstall uninstall-server \
 
180
        uninstall-client purge purge-server purge-client
 
181
 
305
182
clean:
306
183
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
307
184
 
308
 
.PHONY: distclean
309
185
distclean: clean
310
 
.PHONY: mostlyclean
311
186
mostlyclean: clean
312
 
.PHONY: maintainer-clean
313
187
maintainer-clean: clean
314
 
        -rm --force --recursive keydir confdir statedir
 
188
        -rm --force --recursive keydir confdir
315
189
 
316
 
.PHONY: check
317
 
check: all
 
190
check:  all
318
191
        ./mandos --check
319
 
        ./mandos-ctl --check
320
 
        ./mandos-keygen --version
321
 
        ./plugin-runner --version
322
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
323
 
        ./dracut-module/password-agent --test
324
192
 
325
193
# Run the client with a local config and key
326
 
.PHONY: run-client
327
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
328
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
329
 
        @echo '######################################################'
330
 
        @echo '# The following error messages are harmless and can  #'
331
 
        @echo '#  be safely ignored:                                #'
332
 
        @echo '## From plugin-runner:                               #'
333
 
        @echo '# setgid: Operation not permitted                    #'
334
 
        @echo '# setuid: Operation not permitted                    #'
335
 
        @echo '## From askpass-fifo:                                #'
336
 
        @echo '# mkfifo: Permission denied                          #'
337
 
        @echo '## From mandos-client:                               #'
338
 
        @echo '# Failed to raise privileges: Operation not permi... #'
339
 
        @echo '# Warning: network hook "*" exited with status *     #'
340
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
341
 
        @echo '# Failed to bring up interface "*": Operation not... #'
342
 
        @echo '#                                                    #'
343
 
        @echo '# (The messages are caused by not running as root,   #'
344
 
        @echo '# but you should NOT run "make run-client" as root   #'
345
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
346
 
        @echo '# root, which is also NOT recommended.)              #'
347
 
        @echo '######################################################'
348
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 
194
run-client: all keydir/seckey.txt keydir/pubkey.txt
349
195
        ./plugin-runner --plugin-dir=plugins.d \
350
 
                --plugin-helper-dir=plugin-helpers \
351
196
                --config-file=plugin-runner.conf \
352
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
353
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
354
 
                $(CLIENTARGS)
 
197
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt
355
198
 
356
199
# Used by run-client
357
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
200
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
358
201
        install --directory keydir
359
202
        ./mandos-keygen --dir keydir --force
360
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
361
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
362
 
        fi
363
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
364
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
365
 
        fi
366
203
 
367
204
# Run the server with a local config
368
 
.PHONY: run-server
369
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
370
 
        ./mandos --debug --no-dbus --configdir=confdir \
371
 
                --statedir=statedir $(SERVERARGS)
 
205
run-server: confdir/mandos.conf confdir/clients.conf
 
206
        ./mandos --debug --configdir=confdir
372
207
 
373
208
# Used by run-server
374
209
confdir/mandos.conf: mandos.conf
375
210
        install --directory confdir
376
211
        install --mode=u=rw,go=r $^ $@
377
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
212
confdir/clients.conf: clients.conf keydir/seckey.txt
378
213
        install --directory confdir
379
214
        install --mode=u=rw $< $@
380
215
# Add a client password
381
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
382
 
statedir:
383
 
        install --directory statedir
 
216
        ./mandos-keygen --dir keydir --password >> $@
384
217
 
385
 
.PHONY: install
386
218
install: install-server install-client-nokey
387
219
 
388
 
.PHONY: install-html
389
220
install-html: html
390
221
        install --directory $(htmldir)
391
222
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
392
223
                $(htmldocs)
393
224
 
394
 
.PHONY: install-server
395
225
install-server: doc
396
226
        install --directory $(CONFDIR)
397
 
        if install --directory --mode=u=rwx --owner=$(USER) \
398
 
                --group=$(GROUP) $(STATEDIR); then \
399
 
                :; \
400
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
401
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
402
 
        fi
403
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
404
 
                        -a -d "$(TMPFILES)" ]; then \
405
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
406
 
                        $(TMPFILES)/mandos.conf; \
407
 
        fi
408
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
409
 
                        -a -d "$(SYSUSERS)" ]; then \
410
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
411
 
                        $(SYSUSERS)/mandos.conf; \
412
 
        fi
413
227
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
414
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
415
 
                mandos-ctl
416
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
417
 
                mandos-monitor
418
228
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
419
229
                mandos.conf
420
230
        install --mode=u=rw --target-directory=$(CONFDIR) \
421
231
                clients.conf
422
 
        install --mode=u=rw,go=r dbus-mandos.conf \
423
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
424
232
        install --mode=u=rwx,go=rx init.d-mandos \
425
233
                $(DESTDIR)/etc/init.d/mandos
426
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
427
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
428
 
        fi
429
234
        install --mode=u=rw,go=r default-mandos \
430
235
                $(DESTDIR)/etc/default/mandos
431
236
        if [ -z $(DESTDIR) ]; then \
433
238
        fi
434
239
        gzip --best --to-stdout mandos.8 \
435
240
                > $(MANDIR)/man8/mandos.8.gz
436
 
        gzip --best --to-stdout mandos-monitor.8 \
437
 
                > $(MANDIR)/man8/mandos-monitor.8.gz
438
 
        gzip --best --to-stdout mandos-ctl.8 \
439
 
                > $(MANDIR)/man8/mandos-ctl.8.gz
440
241
        gzip --best --to-stdout mandos.conf.5 \
441
242
                > $(MANDIR)/man5/mandos.conf.5.gz
442
243
        gzip --best --to-stdout mandos-clients.conf.5 \
443
244
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
444
 
        gzip --best --to-stdout intro.8mandos \
445
 
                > $(MANDIR)/man8/intro.8mandos.gz
446
245
 
447
 
.PHONY: install-client-nokey
448
246
install-client-nokey: all doc
449
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
 
247
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
450
248
        install --directory --mode=u=rwx $(KEYDIR) \
451
 
                $(LIBDIR)/mandos/plugins.d \
452
 
                $(LIBDIR)/mandos/plugin-helpers
453
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
454
 
                        -a -d "$(SYSUSERS)" ]; then \
455
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
456
 
                        $(SYSUSERS)/mandos-client.conf; \
457
 
        fi
458
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
 
249
                $(PREFIX)/lib/mandos/plugins.d
 
250
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
459
251
                install --mode=u=rwx \
460
 
                        --directory "$(CONFDIR)/plugins.d" \
461
 
                        "$(CONFDIR)/plugin-helpers"; \
 
252
                        --directory "$(CONFDIR)/plugins.d"; \
462
253
        fi
463
 
        install --mode=u=rwx,go=rx --directory \
464
 
                "$(CONFDIR)/network-hooks.d"
465
 
        install --mode=u=rwx,go=rx \
466
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
467
 
        install --mode=u=rwx,go=rx \
468
 
                --target-directory=$(LIBDIR)/mandos \
469
 
                mandos-to-cryptroot-unlock
 
254
        install --mode=u=rwx,go=rx \
 
255
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
470
256
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
471
257
                mandos-keygen
472
258
        install --mode=u=rwx,go=rx \
473
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
259
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
474
260
                plugins.d/password-prompt
475
261
        install --mode=u=rwxs,go=rx \
476
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
262
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
477
263
                plugins.d/mandos-client
478
264
        install --mode=u=rwxs,go=rx \
479
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
265
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
480
266
                plugins.d/usplash
481
267
        install --mode=u=rwxs,go=rx \
482
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
268
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
483
269
                plugins.d/splashy
484
270
        install --mode=u=rwxs,go=rx \
485
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
271
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
486
272
                plugins.d/askpass-fifo
487
 
        install --mode=u=rwxs,go=rx \
488
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
489
 
                plugins.d/plymouth
490
 
        install --mode=u=rwx,go=rx \
491
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
492
 
                plugin-helpers/mandos-client-iprouteadddel
493
273
        install initramfs-tools-hook \
494
274
                $(INITRAMFSTOOLS)/hooks/mandos
495
 
        install --mode=u=rw,go=r initramfs-tools-conf \
496
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
497
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
498
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
275
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
276
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
499
277
        install initramfs-tools-script \
500
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
501
 
        install initramfs-tools-script-stop \
502
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
503
 
        install --directory $(DRACUTMODULE)
504
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
505
 
                dracut-module/ask-password-mandos.path \
506
 
                dracut-module/ask-password-mandos.service
507
 
        install --mode=u=rwxs,go=rx \
508
 
                --target-directory=$(DRACUTMODULE) \
509
 
                dracut-module/module-setup.sh \
510
 
                dracut-module/cmdline-mandos.sh \
511
 
                dracut-module/password-agent
 
278
                $(INITRAMFSTOOLS)/scripts/local-top/mandos
512
279
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
513
280
        gzip --best --to-stdout mandos-keygen.8 \
514
281
                > $(MANDIR)/man8/mandos-keygen.8.gz
515
282
        gzip --best --to-stdout plugin-runner.8mandos \
516
283
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
 
284
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
 
285
                > $(MANDIR)/man8/password-prompt.8mandos.gz
517
286
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
518
287
                > $(MANDIR)/man8/mandos-client.8mandos.gz
519
 
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
520
 
                > $(MANDIR)/man8/password-prompt.8mandos.gz
521
288
        gzip --best --to-stdout plugins.d/usplash.8mandos \
522
289
                > $(MANDIR)/man8/usplash.8mandos.gz
523
290
        gzip --best --to-stdout plugins.d/splashy.8mandos \
524
291
                > $(MANDIR)/man8/splashy.8mandos.gz
525
292
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
526
293
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
527
 
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
528
 
                > $(MANDIR)/man8/plymouth.8mandos.gz
529
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
530
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
531
294
 
532
 
.PHONY: install-client
533
295
install-client: install-client-nokey
534
296
# Post-installation stuff
535
297
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
536
 
        if command -v update-initramfs >/dev/null; then \
537
 
            update-initramfs -k all -u; \
538
 
        elif command -v dracut >/dev/null; then \
539
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
540
 
                if [ -w "$$initrd" ]; then \
541
 
                    chmod go-r "$$initrd"; \
542
 
                    dracut --force "$$initrd"; \
543
 
                fi; \
544
 
            done; \
545
 
        fi
 
298
        update-initramfs -k all -u
546
299
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
547
300
 
548
 
.PHONY: uninstall
549
301
uninstall: uninstall-server uninstall-client
550
302
 
551
 
.PHONY: uninstall-server
552
303
uninstall-server:
553
304
        -rm --force $(PREFIX)/sbin/mandos \
554
 
                $(PREFIX)/sbin/mandos-ctl \
555
 
                $(PREFIX)/sbin/mandos-monitor \
556
305
                $(MANDIR)/man8/mandos.8.gz \
557
 
                $(MANDIR)/man8/mandos-monitor.8.gz \
558
 
                $(MANDIR)/man8/mandos-ctl.8.gz \
559
306
                $(MANDIR)/man5/mandos.conf.5.gz \
560
307
                $(MANDIR)/man5/mandos-clients.conf.5.gz
561
308
        update-rc.d -f mandos remove
562
309
        -rmdir $(CONFDIR)
563
310
 
564
 
.PHONY: uninstall-client
565
311
uninstall-client:
566
312
# Refuse to uninstall client if /etc/crypttab is explicitly configured
567
313
# to use it.
568
314
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
569
315
                $(DESTDIR)/etc/crypttab
570
316
        -rm --force $(PREFIX)/sbin/mandos-keygen \
571
 
                $(LIBDIR)/mandos/plugin-runner \
572
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
573
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
574
 
                $(LIBDIR)/mandos/plugins.d/usplash \
575
 
                $(LIBDIR)/mandos/plugins.d/splashy \
576
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
577
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
 
317
                $(PREFIX)/lib/mandos/plugin-runner \
 
318
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
 
319
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
 
320
                $(PREFIX)/lib/mandos/plugins.d/usplash \
 
321
                $(PREFIX)/lib/mandos/plugins.d/splashy \
 
322
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
578
323
                $(INITRAMFSTOOLS)/hooks/mandos \
579
324
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
580
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
581
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
582
 
                $(DRACUTMODULE)/ask-password-mandos.path \
583
 
                $(DRACUTMODULE)/ask-password-mandos.service \
584
 
                $(DRACUTMODULE)/module-setup.sh \
585
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
586
 
                $(DRACUTMODULE)/password-agent \
 
325
                $(INITRAMFSTOOLS)/scripts/local-top/mandos \
 
326
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
587
327
                $(MANDIR)/man8/mandos-keygen.8.gz \
588
 
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
589
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
590
328
                $(MANDIR)/man8/password-prompt.8mandos.gz \
591
329
                $(MANDIR)/man8/usplash.8mandos.gz \
592
330
                $(MANDIR)/man8/splashy.8mandos.gz \
593
331
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
594
 
                $(MANDIR)/man8/plymouth.8mandos.gz \
595
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
596
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
597
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
598
 
        if command -v update-initramfs >/dev/null; then \
599
 
            update-initramfs -k all -u; \
600
 
        elif command -v dracut >/dev/null; then \
601
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
602
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
603
 
            done; \
604
 
        fi
 
332
                $(MANDIR)/man8/mandos-client.8mandos.gz
 
333
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
 
334
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 
335
        update-initramfs -k all -u
605
336
 
606
 
.PHONY: purge
607
337
purge: purge-server purge-client
608
338
 
609
 
.PHONY: purge-server
610
339
purge-server: uninstall-server
611
340
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
612
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
613
341
                $(DESTDIR)/etc/default/mandos \
614
342
                $(DESTDIR)/etc/init.d/mandos \
615
 
                $(SYSTEMD)/mandos.service \
616
 
                $(DESTDIR)/run/mandos.pid \
617
343
                $(DESTDIR)/var/run/mandos.pid
618
344
        -rmdir $(CONFDIR)
619
345
 
620
 
.PHONY: purge-client
621
346
purge-client: uninstall-client
622
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
347
        -shred --remove $(KEYDIR)/seckey.txt
623
348
        -rm --force $(CONFDIR)/plugin-runner.conf \
624
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
625
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
349
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
626
350
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)