To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.290
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.290
- Committer: Teddy Hogeborn
- Date: 2015-03-10 18:03:38 UTC
- mto: (237.7.304 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9
Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- plugin-helpers
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
13
#DEBUG=-ggdb3
30
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
LINK_FORTIFY_LD=-z relro -z now
18
LINK_FORTIFY=
35
19
36
20
# If BROKEN_PIE is set, do not build with -pie
37
21
ifndef BROKEN_PIE
39
23
LINK_FORTIFY += -pie
40
24
endif
41
25
#COVERAGE=--coverage
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
htmldir:=man
45
version:=1.8.5
46
SED:=sed
47
PKG_CONFIG?=pkg-config
48
49
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
50
|| getent passwd nobody || echo 65534)))
51
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
52
|| getent group nogroup || echo 65534)))
53
54
LINUXVERSION:=$(shell uname --kernel-release)
26
OPTIMIZE=-Os -fno-strict-aliasing
27
LANGUAGE=-std=gnu99
28
htmldir=man
29
version=1.6.9
30
SED=sed
31
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
33
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
55
34
56
35
## Use these settings for a traditional /usr/local install
57
# PREFIX:=$(DESTDIR)/usr/local
58
# CONFDIR:=$(DESTDIR)/etc/mandos
59
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
60
# MANDIR:=$(PREFIX)/man
61
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
62
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
63
# STATEDIR:=$(DESTDIR)/var/lib/mandos
64
# LIBDIR:=$(PREFIX)/lib
36
# PREFIX=$(DESTDIR)/usr/local
37
# CONFDIR=$(DESTDIR)/etc/mandos
38
# KEYDIR=$(DESTDIR)/etc/mandos/keys
39
# MANDIR=$(PREFIX)/man
40
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
41
# STATEDIR=$(DESTDIR)/var/lib/mandos
42
# LIBDIR=$(PREFIX)/lib
65
43
##
66
44
67
45
## These settings are for a package-type install
68
PREFIX:=$(DESTDIR)/usr
69
CONFDIR:=$(DESTDIR)/etc/mandos
70
KEYDIR:=$(DESTDIR)/etc/keys/mandos
71
MANDIR:=$(PREFIX)/share/man
72
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
73
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
74
STATEDIR:=$(DESTDIR)/var/lib/mandos
75
LIBDIR:=$(shell \
46
PREFIX=$(DESTDIR)/usr
47
CONFDIR=$(DESTDIR)/etc/mandos
48
KEYDIR=$(DESTDIR)/etc/keys/mandos
49
MANDIR=$(PREFIX)/share/man
50
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
51
STATEDIR=$(DESTDIR)/var/lib/mandos
52
LIBDIR=$(shell \
76
53
for d in \
77
"/usr/lib/`dpkg-architecture \
78
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
54
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
79
55
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
80
56
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
81
57
echo "$(DESTDIR)$$d"; \
84
60
done)
85
61
##
86
62
87
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
88
--variable=systemdsystemunitdir)
89
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
90
--variable=tmpfilesdir)
63
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
91
64
92
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
93
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
94
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
95
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
96
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
97
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
65
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
66
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
67
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
68
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
69
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
70
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
98
71
getconf LFS_LDFLAGS)
99
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
100
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
101
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
102
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
103
72
104
73
# Do not change these two
105
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
106
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
107
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
108
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
74
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
75
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
76
-DVERSION='"$(version)"'
77
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
109
78
110
79
# Commands to format a DocBook <refentry> document into a manual page
111
80
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
117
86
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
118
87
$(notdir $<); \
119
88
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
120
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
121
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
122
$(notdir $@); fi >/dev/null)
89
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
90
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
91
fi >/dev/null)
123
92
124
93
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
125
94
--param make.year.ranges 1 \
131
100
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
132
101
$<; $(HTMLPOST) $@)
133
102
# Fix citerefentry links
134
HTMLPOST:=$(SED) --in-place \
103
HTMLPOST=$(SED) --in-place \
135
104
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
136
105
137
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
106
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
138
107
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
139
108
plugins.d/plymouth
140
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
141
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
142
$(PLUGIN_HELPERS)
143
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
144
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
109
CPROGS=plugin-runner $(PLUGINS)
110
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
111
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
145
112
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
146
dracut-module/password-agent.8mandos \
147
113
plugins.d/mandos-client.8mandos \
148
114
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
149
115
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
150
116
plugins.d/plymouth.8mandos intro.8mandos
151
117
152
htmldocs:=$(addsuffix .xhtml,$(DOCS))
118
htmldocs=$(addsuffix .xhtml,$(DOCS))
153
119
154
objects:=$(addsuffix .o,$(CPROGS))
120
objects=$(addsuffix .o,$(CPROGS))
155
121
156
122
all: $(PROGS) mandos.lsm
157
123
221
187
overview.xml legalnotice.xml
222
188
$(DOCBOOKTOHTML)
223
189
224
dracut-module/password-agent.8mandos: \
225
dracut-module/password-agent.xml common.ent \
226
overview.xml legalnotice.xml
227
$(DOCBOOKTOMAN)
228
dracut-module/password-agent.8mandos.xhtml: \
229
dracut-module/password-agent.xml common.ent \
230
overview.xml legalnotice.xml
231
$(DOCBOOKTOHTML)
232
233
190
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
234
191
common.ent \
235
192
mandos-options.xml \
278
235
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
279
236
$@)
280
237
281
# Need to add the GnuTLS, Avahi and GPGME libraries
282
238
plugins.d/mandos-client: plugins.d/mandos-client.c
283
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
284
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
285
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
286
) $(LDLIBS) -o $@
287
288
# Need to add the libnl-route library
289
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
290
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
291
) $(LOADLIBES) $(LDLIBS) -o $@
292
293
# Need to add the GLib and pthread libraries
294
dracut-module/password-agent: dracut-module/password-agent.c
295
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
296
) $(LOADLIBES) $(LDLIBS) -o $@
239
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
240
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
297
241
298
242
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
299
243
check run-client run-server install install-html \
309
253
maintainer-clean: clean
310
254
-rm --force --recursive keydir confdir statedir
311
255
312
check: all
256
check: all
313
257
./mandos --check
314
258
./mandos-ctl --check
315
./mandos-keygen --version
316
./plugin-runner --version
317
./plugin-helpers/mandos-client-iprouteadddel --version
318
./dracut-module/password-agent --test
319
259
320
260
# Run the client with a local config and key
321
run-client: all keydir/seckey.txt keydir/pubkey.txt \
322
keydir/tls-privkey.pem keydir/tls-pubkey.pem
323
@echo '######################################################'
324
@echo '# The following error messages are harmless and can #'
325
@echo '# be safely ignored: #'
326
@echo '## From plugin-runner: #'
327
@echo '# setgid: Operation not permitted #'
328
@echo '# setuid: Operation not permitted #'
329
@echo '## From askpass-fifo: #'
330
@echo '# mkfifo: Permission denied #'
331
@echo '## From mandos-client: #'
332
@echo '# Failed to raise privileges: Operation not permi... #'
333
@echo '# Warning: network hook "*" exited with status * #'
334
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
335
@echo '# Failed to bring up interface "*": Operation not... #'
336
@echo '# #'
337
@echo '# (The messages are caused by not running as root, #'
338
@echo '# but you should NOT run "make run-client" as root #'
339
@echo '# unless you also unpacked and compiled Mandos as #'
340
@echo '# root, which is also NOT recommended.) #'
341
@echo '######################################################'
261
run-client: all keydir/seckey.txt keydir/pubkey.txt
262
@echo "###################################################################"
263
@echo "# The following error messages are harmless and can be safely #"
264
@echo "# ignored. The messages are caused by not running as root, but #"
265
@echo "# you should NOT run \"make run-client\" as root unless you also #"
266
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
267
@echo "# From plugin-runner: setgid: Operation not permitted #"
268
@echo "# setuid: Operation not permitted #"
269
@echo "# From askpass-fifo: mkfifo: Permission denied #"
270
@echo "# From mandos-client: #"
271
@echo "# Failed to raise privileges: Operation not permitted #"
272
@echo "# Warning: network hook \"*\" exited with status * #"
273
@echo "###################################################################"
342
274
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
343
275
./plugin-runner --plugin-dir=plugins.d \
344
--plugin-helper-dir=plugin-helpers \
345
276
--config-file=plugin-runner.conf \
346
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
277
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
347
278
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
348
279
$(CLIENTARGS)
349
280
350
281
# Used by run-client
351
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
282
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
352
283
install --directory keydir
353
284
./mandos-keygen --dir keydir --force
354
285
361
292
confdir/mandos.conf: mandos.conf
362
293
install --directory confdir
363
294
install --mode=u=rw,go=r $^ $@
364
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
295
confdir/clients.conf: clients.conf keydir/seckey.txt
365
296
install --directory confdir
366
297
install --mode=u=rw $< $@
367
298
# Add a client password
384
315
elif install --directory --mode=u=rwx $(STATEDIR); then \
385
316
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
386
317
fi
387
if [ "$(TMPFILES)" != "$(DESTDIR)" \
388
-a -d "$(TMPFILES)" ]; then \
389
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
390
$(TMPFILES)/mandos.conf; \
391
fi
392
318
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
393
319
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
394
320
mandos-ctl
426
352
install-client-nokey: all doc
427
353
install --directory $(LIBDIR)/mandos $(CONFDIR)
428
354
install --directory --mode=u=rwx $(KEYDIR) \
429
$(LIBDIR)/mandos/plugins.d \
430
$(LIBDIR)/mandos/plugin-helpers
355
$(LIBDIR)/mandos/plugins.d
431
356
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
432
357
install --mode=u=rwx \
433
--directory "$(CONFDIR)/plugins.d" \
434
"$(CONFDIR)/plugin-helpers"; \
358
--directory "$(CONFDIR)/plugins.d"; \
435
359
fi
436
360
install --mode=u=rwx,go=rx --directory \
437
361
"$(CONFDIR)/network-hooks.d"
438
362
install --mode=u=rwx,go=rx \
439
363
--target-directory=$(LIBDIR)/mandos plugin-runner
440
install --mode=u=rwx,go=rx \
441
--target-directory=$(LIBDIR)/mandos \
442
mandos-to-cryptroot-unlock
443
364
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
444
365
mandos-keygen
445
366
install --mode=u=rwx,go=rx \
460
381
install --mode=u=rwxs,go=rx \
461
382
--target-directory=$(LIBDIR)/mandos/plugins.d \
462
383
plugins.d/plymouth
463
install --mode=u=rwx,go=rx \
464
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
465
plugin-helpers/mandos-client-iprouteadddel
466
384
install initramfs-tools-hook \
467
385
$(INITRAMFSTOOLS)/hooks/mandos
468
install --mode=u=rw,go=r initramfs-tools-conf \
469
$(INITRAMFSTOOLS)/conf.d/mandos-conf
470
install --mode=u=rw,go=r initramfs-tools-conf-hook \
471
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
386
install --mode=u=rw,go=r initramfs-tools-hook-conf \
387
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
472
388
install initramfs-tools-script \
473
389
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
474
install initramfs-tools-script-stop \
475
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
476
install --directory $(DRACUTMODULE)
477
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
478
dracut-module/ask-password-mandos.path \
479
dracut-module/ask-password-mandos.service
480
install --mode=u=rwxs,go=rx \
481
--target-directory=$(DRACUTMODULE) \
482
dracut-module/module-setup.sh \
483
dracut-module/cmdline-mandos.sh \
484
dracut-module/password-agent
485
390
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
486
391
gzip --best --to-stdout mandos-keygen.8 \
487
392
> $(MANDIR)/man8/mandos-keygen.8.gz
499
404
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
500
405
gzip --best --to-stdout plugins.d/plymouth.8mandos \
501
406
> $(MANDIR)/man8/plymouth.8mandos.gz
502
gzip --best --to-stdout dracut-module/password-agent.8mandos \
503
> $(MANDIR)/man8/password-agent.8mandos.gz
504
407
505
408
install-client: install-client-nokey
506
409
# Post-installation stuff
507
410
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
508
if command -v update-initramfs >/dev/null; then \
509
update-initramfs -k all -u; \
510
elif command -v dracut >/dev/null; then \
511
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
512
if [ -w "$$initrd" ]; then \
513
chmod go-r "$$initrd"; \
514
dracut --force "$$initrd"; \
515
fi; \
516
done; \
517
fi
411
update-initramfs -k all -u
518
412
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
519
413
520
414
uninstall: uninstall-server uninstall-client
547
441
$(INITRAMFSTOOLS)/hooks/mandos \
548
442
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
549
443
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
550
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
551
$(DRACUTMODULE)/ask-password-mandos.path \
552
$(DRACUTMODULE)/ask-password-mandos.service \
553
$(DRACUTMODULE)/module-setup.sh \
554
$(DRACUTMODULE)/cmdline-mandos.sh \
555
$(DRACUTMODULE)/password-agent \
556
444
$(MANDIR)/man8/mandos-keygen.8.gz \
557
445
$(MANDIR)/man8/plugin-runner.8mandos.gz \
558
446
$(MANDIR)/man8/mandos-client.8mandos.gz
561
449
$(MANDIR)/man8/splashy.8mandos.gz \
562
450
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
563
451
$(MANDIR)/man8/plymouth.8mandos.gz \
564
$(MANDIR)/man8/password-agent.8mandos.gz \
565
452
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
566
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
567
if command -v update-initramfs >/dev/null; then \
568
update-initramfs -k all -u; \
569
elif command -v dracut >/dev/null; then \
570
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
571
test -w "$$initrd" && dracut --force "$$initrd"; \
572
done; \
573
fi
453
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
454
update-initramfs -k all -u
574
455
575
456
purge: purge-server purge-client
576
457
585
466
-rmdir $(CONFDIR)
586
467
587
468
purge-client: uninstall-client
588
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
469
-shred --remove $(KEYDIR)/seckey.txt
589
470
-rm --force $(CONFDIR)/plugin-runner.conf \
590
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
591
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
471
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
592
472
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0