/mandos/release : revision 237.7.325

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 325.
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum -fsanitize-address-use-after-scope

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

htmldir=man

version=1.6.9

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

PREFIX=$(DESTDIR)/usr

CONFDIR=$(DESTDIR)/etc/mandos

KEYDIR=$(DESTDIR)/etc/keys/mandos

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

109

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

110

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

111

112

# Do not change these two

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

117

118

# Commands to format a DocBook <refentry> document into a manual page

119

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

125

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

126

$(notdir $<); \

127

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

128

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

129

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

130

$(notdir $@); fi >/dev/null)

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

fi >/dev/null)

131

132

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

133

--param make.year.ranges 1 \

139

102

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

140

103

$<; $(HTMLPOST) $@)

141

104

# Fix citerefentry links

142

HTMLPOST:=$(SED) --in-place \

105

HTMLPOST=$(SED) --in-place \

143

106

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

144

107

145

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

108

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

146

109

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

147

110

plugins.d/plymouth

148

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

149

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

150

$(PLUGIN_HELPERS)

151

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

152

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

111

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

112

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

113

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

114

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

153

115

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

154

dracut-module/password-agent.8mandos \

155

116

plugins.d/mandos-client.8mandos \

156

117

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

157

118

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

158

119

plugins.d/plymouth.8mandos intro.8mandos

159

120

160

htmldocs:=$(addsuffix .xhtml,$(DOCS))

161

162

objects:=$(addsuffix .o,$(CPROGS))

163

164

.PHONY: all

121

htmldocs=$(addsuffix .xhtml,$(DOCS))

122

123

objects=$(addsuffix .o,$(CPROGS))

124

165

125

all: $(PROGS) mandos.lsm

166

126

167

.PHONY: doc

168

127

doc: $(DOCS)

169

128

170

.PHONY: html

171

129

html: $(htmldocs)

172

130

173

131

%.5: %.xml common.ent legalnotice.xml

232

190

overview.xml legalnotice.xml

233

191

$(DOCBOOKTOHTML)

234

192

235

dracut-module/password-agent.8mandos: \

236

dracut-module/password-agent.xml common.ent \

237

overview.xml legalnotice.xml

238

$(DOCBOOKTOMAN)

239

dracut-module/password-agent.8mandos.xhtml: \

240

dracut-module/password-agent.xml common.ent \

241

overview.xml legalnotice.xml

242

$(DOCBOOKTOHTML)

243

244

193

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

245

194

common.ent \

246

195

mandos-options.xml \

289

238

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

290

239

$@)

291

240

292

# Need to add the GnuTLS, Avahi and GPGME libraries

293

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

294

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

295

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

296

) $(AVAHI_LIBS) $(GPGME_LIBS)

297

298

# Need to add the libnl-route library

299

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

300

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

301

302

# Need to add the GLib and pthread libraries

303

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

304

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

305

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

306

307

.PHONY: clean

241

plugins.d/mandos-client: plugins.d/mandos-client.c

242

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

243

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

244

245

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

246

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

247

) $(LOADLIBES) $(LDLIBS) -o $@

248

249

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

250

check run-client run-server install install-html \

251

install-server install-client-nokey install-client uninstall \

252

uninstall-server uninstall-client purge purge-server \

253

purge-client

254

308

255

clean:

309

256

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

310

257

311

.PHONY: distclean

312

258

distclean: clean

313

.PHONY: mostlyclean

314

259

mostlyclean: clean

315

.PHONY: maintainer-clean

316

260

maintainer-clean: clean

317

261

-rm --force --recursive keydir confdir statedir

318

262

319

.PHONY: check

320

check: all

263

check: all

321

264

./mandos --check

322

265

./mandos-ctl --check

323

./mandos-keygen --version

324

./plugin-runner --version

325

./plugin-helpers/mandos-client-iprouteadddel --version

326

./dracut-module/password-agent --test

327

266

328

267

# Run the client with a local config and key

329

.PHONY: run-client

330

run-client: all keydir/seckey.txt keydir/pubkey.txt \

331

keydir/tls-privkey.pem keydir/tls-pubkey.pem

332

@echo '######################################################'

333

@echo '# The following error messages are harmless and can #'

334

@echo '# be safely ignored: #'

335

@echo '## From plugin-runner: #'

336

@echo '# setgid: Operation not permitted #'

337

@echo '# setuid: Operation not permitted #'

338

@echo '## From askpass-fifo: #'

339

@echo '# mkfifo: Permission denied #'

340

@echo '## From mandos-client: #'

341

@echo '# Failed to raise privileges: Operation not permi... #'

342

@echo '# Warning: network hook "*" exited with status * #'

343

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

344

@echo '# Failed to bring up interface "*": Operation not... #'

345

@echo '# #'

346

@echo '# (The messages are caused by not running as root, #'

347

@echo '# but you should NOT run "make run-client" as root #'

348

@echo '# unless you also unpacked and compiled Mandos as #'

349

@echo '# root, which is also NOT recommended.) #'

350

@echo '######################################################'

268

run-client: all keydir/seckey.txt keydir/pubkey.txt

269

@echo "###################################################################"

270

@echo "# The following error messages are harmless and can be safely #"

271

@echo "# ignored. The messages are caused by not running as root, but #"

272

@echo "# you should NOT run \"make run-client\" as root unless you also #"

273

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

274

@echo "# From plugin-runner: setgid: Operation not permitted #"

275

@echo "# setuid: Operation not permitted #"

276

@echo "# From askpass-fifo: mkfifo: Permission denied #"

277

@echo "# From mandos-client: #"

278

@echo "# Failed to raise privileges: Operation not permitted #"

279

@echo "# Warning: network hook \"*\" exited with status * #"

280

@echo "###################################################################"

351

281

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

352

282

./plugin-runner --plugin-dir=plugins.d \

353

283

--plugin-helper-dir=plugin-helpers \

354

284

--config-file=plugin-runner.conf \

355

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

285

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

356

286

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

357

287

$(CLIENTARGS)

358

288

359

289

# Used by run-client

360

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

290

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

361

291

install --directory keydir

362

292

./mandos-keygen --dir keydir --force

363

if ! [ -e keydir/tls-privkey.pem ]; then \

364

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

365

366

if ! [ -e keydir/tls-pubkey.pem ]; then \

367

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

368

369

293

370

294

# Run the server with a local config

371

.PHONY: run-server

372

295

run-server: confdir/mandos.conf confdir/clients.conf statedir

373

296

./mandos --debug --no-dbus --configdir=confdir \

374

297

--statedir=statedir $(SERVERARGS)

375

298

376

299

# Used by run-server

377

300

confdir/mandos.conf: mandos.conf

378

install -D --mode=u=rw,go=r $^ $@

379

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

380

install -D --mode=u=rw $< $@

301

install --directory confdir

302

install --mode=u=rw,go=r $^ $@

303

confdir/clients.conf: clients.conf keydir/seckey.txt

304

install --directory confdir

305

install --mode=u=rw $< $@

381

306

# Add a client password

382

307

./mandos-keygen --dir keydir --password --no-ssh >> $@

383

308

statedir:

384

309

install --directory statedir

385

310

386

.PHONY: install

387

311

install: install-server install-client-nokey

388

312

389

.PHONY: install-html

390

313

install-html: html

391

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

314

install --directory $(htmldir)

315

install --mode=u=rw,go=r --target-directory=$(htmldir) \

392

316

$(htmldocs)

393

317

394

.PHONY: install-server

395

318

install-server: doc

319

install --directory $(CONFDIR)

396

320

if install --directory --mode=u=rwx --owner=$(USER) \

397

321

--group=$(GROUP) $(STATEDIR); then \

398

322

:; \

399

323

elif install --directory --mode=u=rwx $(STATEDIR); then \

400

324

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

401

325

402

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

403

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

404

$(TMPFILES)/mandos.conf; \

405

406

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

407

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

408

$(SYSUSERS)/mandos.conf; \

409

410

install --directory $(PREFIX)/sbin

411

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

412

mandos

326

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

413

327

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

414

328

mandos-ctl

415

329

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

416

330

mandos-monitor

417

install --directory $(CONFDIR)

418

331

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

419

332

mandos.conf

420

333

install --mode=u=rw --target-directory=$(CONFDIR) \

421

334

clients.conf

422

install -D --mode=u=rw,go=r dbus-mandos.conf \

423

$(DBUSPOLICYDIR)/mandos.conf

424

install -D --mode=u=rwx,go=rx init.d-mandos \

335

install --mode=u=rw,go=r dbus-mandos.conf \

336

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

337

install --mode=u=rwx,go=rx init.d-mandos \

425

338

$(DESTDIR)/etc/init.d/mandos

426

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

427

install -D --mode=u=rw,go=r mandos.service \

428

$(SYSTEMD); \

339

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

340

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

429

341

430

install -D --mode=u=rw,go=r default-mandos \

342

install --mode=u=rw,go=r default-mandos \

431

343

$(DESTDIR)/etc/default/mandos

432

344

if [ -z $(DESTDIR) ]; then \

433

345

update-rc.d mandos defaults 25 15;\

434

346

435

install --directory $(MANDIR)/man8 $(MANDIR)/man5

436

347

gzip --best --to-stdout mandos.8 \

437

348

> $(MANDIR)/man8/mandos.8.gz

438

349

gzip --best --to-stdout mandos-monitor.8 \

446

357

gzip --best --to-stdout intro.8mandos \

447

358

> $(MANDIR)/man8/intro.8mandos.gz

448

359

449

.PHONY: install-client-nokey

450

360

install-client-nokey: all doc

361

install --directory $(LIBDIR)/mandos $(CONFDIR)

451

362

install --directory --mode=u=rwx $(KEYDIR) \

452

363

$(LIBDIR)/mandos/plugins.d \

453

364

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

455

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

456

$(SYSUSERS)/mandos-client.conf; \

457

458

365

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

459

install --directory \

460

--mode=u=rwx "$(CONFDIR)/plugins.d" \

461

"$(CONFDIR)/plugin-helpers"; \

366

install --mode=u=rwx \

367

--directory "$(CONFDIR)/plugins.d"; \

368

install --directory "$(CONFDIR)/plugin-helpers"; \

462

369

463

install --directory --mode=u=rwx,go=rx \

370

install --mode=u=rwx,go=rx --directory \

464

371

"$(CONFDIR)/network-hooks.d"

465

372

install --mode=u=rwx,go=rx \

466

373

--target-directory=$(LIBDIR)/mandos plugin-runner

467

install --mode=u=rwx,go=rx \

468

--target-directory=$(LIBDIR)/mandos \

469

mandos-to-cryptroot-unlock

470

install --directory $(PREFIX)/sbin

471

374

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

472

375

mandos-keygen

473

376

install --mode=u=rwx,go=rx \

488

391

install --mode=u=rwxs,go=rx \

489

392

--target-directory=$(LIBDIR)/mandos/plugins.d \

490

393

plugins.d/plymouth

491

install --mode=u=rwx,go=rx \

394

install --mode=u=rwxs,go=rx \

492

395

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

493

396

plugin-helpers/mandos-client-iprouteadddel

494

install -D initramfs-tools-hook \

397

install initramfs-tools-hook \

495

398

$(INITRAMFSTOOLS)/hooks/mandos

496

install -D --mode=u=rw,go=r initramfs-tools-conf \

497

$(INITRAMFSTOOLS)/conf.d/mandos-conf

498

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

499

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

500

install -D initramfs-tools-script \

399

install --mode=u=rw,go=r initramfs-tools-hook-conf \

400

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

401

install initramfs-tools-script \

501

402

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

502

install -D initramfs-tools-script-stop \

503

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

504

install -D --mode=u=rw,go=r \

505

--target-directory=$(DRACUTMODULE) \

506

dracut-module/ask-password-mandos.path \

507

dracut-module/ask-password-mandos.service

508

install --mode=u=rwxs,go=rx \

509

--target-directory=$(DRACUTMODULE) \

510

dracut-module/module-setup.sh \

511

dracut-module/cmdline-mandos.sh \

512

dracut-module/password-agent

513

403

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

514

install --directory $(MANDIR)/man8

515

404

gzip --best --to-stdout mandos-keygen.8 \

516

405

> $(MANDIR)/man8/mandos-keygen.8.gz

517

406

gzip --best --to-stdout plugin-runner.8mandos \

528

417

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

529

418

gzip --best --to-stdout plugins.d/plymouth.8mandos \

530

419

> $(MANDIR)/man8/plymouth.8mandos.gz

531

gzip --best --to-stdout dracut-module/password-agent.8mandos \

532

> $(MANDIR)/man8/password-agent.8mandos.gz

533

420

534

.PHONY: install-client

535

421

install-client: install-client-nokey

536

422

# Post-installation stuff

537

423

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

538

if command -v update-initramfs >/dev/null; then \

539

update-initramfs -k all -u; \

540

elif command -v dracut >/dev/null; then \

541

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

542

if [ -w "$$initrd" ]; then \

543

chmod go-r "$$initrd"; \

544

dracut --force "$$initrd"; \

545

fi; \

546

done; \

547

424

update-initramfs -k all -u

548

425

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

549

426

550

.PHONY: uninstall

551

427

uninstall: uninstall-server uninstall-client

552

428

553

.PHONY: uninstall-server

554

429

uninstall-server:

555

430

-rm --force $(PREFIX)/sbin/mandos \

556

431

$(PREFIX)/sbin/mandos-ctl \

563

438

update-rc.d -f mandos remove

564

439

-rmdir $(CONFDIR)

565

440

566

.PHONY: uninstall-client

567

441

uninstall-client:

568

442

# Refuse to uninstall client if /etc/crypttab is explicitly configured

569

443

# to use it.

580

454

$(INITRAMFSTOOLS)/hooks/mandos \

581

455

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

582

456

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

583

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

584

$(DRACUTMODULE)/ask-password-mandos.path \

585

$(DRACUTMODULE)/ask-password-mandos.service \

586

$(DRACUTMODULE)/module-setup.sh \

587

$(DRACUTMODULE)/cmdline-mandos.sh \

588

$(DRACUTMODULE)/password-agent \

589

457

$(MANDIR)/man8/mandos-keygen.8.gz \

590

458

$(MANDIR)/man8/plugin-runner.8mandos.gz \

591

459

$(MANDIR)/man8/mandos-client.8mandos.gz

594

462

$(MANDIR)/man8/splashy.8mandos.gz \

595

463

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

596

464

$(MANDIR)/man8/plymouth.8mandos.gz \

597

$(MANDIR)/man8/password-agent.8mandos.gz \

598

465

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

599

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

600

if command -v update-initramfs >/dev/null; then \

601

update-initramfs -k all -u; \

602

elif command -v dracut >/dev/null; then \

603

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

604

test -w "$$initrd" && dracut --force "$$initrd"; \

605

done; \

606

466

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

467

update-initramfs -k all -u

607

468

608

.PHONY: purge

609

469

purge: purge-server purge-client

610

470

611

.PHONY: purge-server

612

471

purge-server: uninstall-server

613

472

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

614

473

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

615

474

$(DESTDIR)/etc/default/mandos \

616

475

$(DESTDIR)/etc/init.d/mandos \

476

$(SYSTEMD)/mandos.service \

617

477

$(DESTDIR)/run/mandos.pid \

618

478

$(DESTDIR)/var/run/mandos.pid

619

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

620

-rm --force -- $(SYSTEMD)/mandos.service; \

621

622

479

-rmdir $(CONFDIR)

623

480

624

.PHONY: purge-client

625

481

purge-client: uninstall-client

626

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

482

-shred --remove $(KEYDIR)/seckey.txt

627

483

-rm --force $(CONFDIR)/plugin-runner.conf \

628

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

629

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

484

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

630

485

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »