/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2016-03-07 23:39:36 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 337.
  • Revision ID: teddy@recompile.se-20160307233936-mhgpxhggamde443n
Server bug fix: Include CAP_SETGID so it does not run as root

* debian/mandos.postinst (configure): If old version was 1.7.4-1 or
  1.7.4-1~bpo8+1, fix situation where clients.pickle file is owned by
  root.
* mandos (main): Print debug info about setuid() and setgid()
* mandos.service ([Service]/CapabilityBoundingSet): Add "CAP_KILL
  CAP_SETGID"; the latter is needed for setgid() to be allowed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
40
40
OPTIMIZE=-Os -fno-strict-aliasing
41
41
LANGUAGE=-std=gnu11
42
42
htmldir=man
43
 
version=1.7.7
 
43
version=1.7.4
44
44
SED=sed
45
45
 
46
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
75
75
##
76
76
 
77
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
 
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
79
78
 
80
79
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
81
80
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
338
337
        elif install --directory --mode=u=rwx $(STATEDIR); then \
339
338
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
340
339
        fi
341
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
342
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
343
 
                        $(TMPFILES)/mandos.conf; \
344
 
        fi
345
340
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
346
341
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
347
342
                mandos-ctl
383
378
                $(LIBDIR)/mandos/plugin-helpers
384
379
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
385
380
                install --mode=u=rwx \
386
 
                        --directory "$(CONFDIR)/plugins.d" \
387
 
                        "$(CONFDIR)/plugin-helpers"; \
 
381
                        --directory "$(CONFDIR)/plugins.d"; \
 
382
                install --directory "$(CONFDIR)/plugin-helpers"; \
388
383
        fi
389
384
        install --mode=u=rwx,go=rx --directory \
390
385
                "$(CONFDIR)/network-hooks.d"
410
405
        install --mode=u=rwxs,go=rx \
411
406
                --target-directory=$(LIBDIR)/mandos/plugins.d \
412
407
                plugins.d/plymouth
413
 
        install --mode=u=rwx,go=rx \
 
408
        install --mode=u=rwxs,go=rx \
414
409
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
415
410
                plugin-helpers/mandos-client-iprouteadddel
416
411
        install initramfs-tools-hook \