To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.381
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.381
- Committer: Teddy Hogeborn
- Date: 2016-03-17 20:40:55 UTC
- mto: (237.7.594 trunk)
- mto: This revision was merged to the branch mainline in revision 341.
- Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.
Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.
* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.
Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.
* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.
- files added:
- initramfs-tools-hook-conf
- files removed:
- debian/mandos-client.templates
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
13
#DEBUG=-ggdb3
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
19
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
18
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
21
19
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
20
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
21
-fsanitize=return -fsanitize=signed-integer-overflow \
25
23
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
24
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
25
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
26
-fsanitize=enum
27
# Check which sanitizing options can be used
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
-o /dev/null >/dev/null 2>&1 && echo $(option)))
31
LINK_FORTIFY_LD=-z relro -z now
32
LINK_FORTIFY=
35
33
36
34
# If BROKEN_PIE is set, do not build with -pie
37
35
ifndef BROKEN_PIE
39
37
LINK_FORTIFY += -pie
40
38
endif
41
39
#COVERAGE=--coverage
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
htmldir:=man
45
version:=1.8.5
46
SED:=sed
47
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
|| getent passwd nobody || echo 65534)))
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
|| getent group nogroup || echo 65534)))
52
53
LINUXVERSION:=$(shell uname --kernel-release)
40
OPTIMIZE=-Os -fno-strict-aliasing
41
LANGUAGE=-std=gnu11
42
htmldir=man
43
version=1.7.6
44
SED=sed
45
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
54
48
55
49
## Use these settings for a traditional /usr/local install
56
# PREFIX:=$(DESTDIR)/usr/local
57
# CONFDIR:=$(DESTDIR)/etc/mandos
58
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
59
# MANDIR:=$(PREFIX)/man
60
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
61
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
62
# STATEDIR:=$(DESTDIR)/var/lib/mandos
63
# LIBDIR:=$(PREFIX)/lib
50
# PREFIX=$(DESTDIR)/usr/local
51
# CONFDIR=$(DESTDIR)/etc/mandos
52
# KEYDIR=$(DESTDIR)/etc/mandos/keys
53
# MANDIR=$(PREFIX)/man
54
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
55
# STATEDIR=$(DESTDIR)/var/lib/mandos
56
# LIBDIR=$(PREFIX)/lib
64
57
##
65
58
66
59
## These settings are for a package-type install
67
PREFIX:=$(DESTDIR)/usr
68
CONFDIR:=$(DESTDIR)/etc/mandos
69
KEYDIR:=$(DESTDIR)/etc/keys/mandos
70
MANDIR:=$(PREFIX)/share/man
71
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
72
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
73
STATEDIR:=$(DESTDIR)/var/lib/mandos
74
LIBDIR:=$(shell \
60
PREFIX=$(DESTDIR)/usr
61
CONFDIR=$(DESTDIR)/etc/mandos
62
KEYDIR=$(DESTDIR)/etc/keys/mandos
63
MANDIR=$(PREFIX)/share/man
64
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
65
STATEDIR=$(DESTDIR)/var/lib/mandos
66
LIBDIR=$(shell \
75
67
for d in \
76
"/usr/lib/`dpkg-architecture \
77
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
68
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
78
69
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
79
70
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
80
71
echo "$(DESTDIR)$$d"; \
83
74
done)
84
75
##
85
76
86
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd \
87
--variable=systemdsystemunitdir)
88
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
89
78
90
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
91
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
92
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
93
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
94
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
95
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
79
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
80
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
81
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
82
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
83
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
84
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
96
85
getconf LFS_LDFLAGS)
97
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
98
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
99
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
100
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
86
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
87
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
101
88
102
89
# Do not change these two
103
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
104
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
105
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
106
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
90
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
91
$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
92
$(GPGME_CFLAGS) -DVERSION='"$(version)"'
93
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
107
94
108
95
# Commands to format a DocBook <refentry> document into a manual page
109
96
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
115
102
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
116
103
$(notdir $<); \
117
104
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
118
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
119
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
120
$(notdir $@); fi >/dev/null)
105
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
106
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
107
fi >/dev/null)
121
108
122
109
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
123
110
--param make.year.ranges 1 \
129
116
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
130
117
$<; $(HTMLPOST) $@)
131
118
# Fix citerefentry links
132
HTMLPOST:=$(SED) --in-place \
119
HTMLPOST=$(SED) --in-place \
133
120
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
134
121
135
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
122
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
136
123
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
137
124
plugins.d/plymouth
138
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
139
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
140
$(PLUGIN_HELPERS)
141
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
142
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
125
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
126
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
127
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
128
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
143
129
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
144
dracut-module/password-agent.8mandos \
145
130
plugins.d/mandos-client.8mandos \
146
131
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
147
132
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
148
133
plugins.d/plymouth.8mandos intro.8mandos
149
134
150
htmldocs:=$(addsuffix .xhtml,$(DOCS))
135
htmldocs=$(addsuffix .xhtml,$(DOCS))
151
136
152
objects:=$(addsuffix .o,$(CPROGS))
137
objects=$(addsuffix .o,$(CPROGS))
153
138
154
139
all: $(PROGS) mandos.lsm
155
140
219
204
overview.xml legalnotice.xml
220
205
$(DOCBOOKTOHTML)
221
206
222
dracut-module/password-agent.8mandos: \
223
dracut-module/password-agent.xml common.ent \
224
overview.xml legalnotice.xml
225
$(DOCBOOKTOMAN)
226
dracut-module/password-agent.8mandos.xhtml: \
227
dracut-module/password-agent.xml common.ent \
228
overview.xml legalnotice.xml
229
$(DOCBOOKTOHTML)
230
231
207
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
232
208
common.ent \
233
209
mandos-options.xml \
276
252
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
277
253
$@)
278
254
279
# Need to add the GnuTLS, Avahi and GPGME libraries
280
255
plugins.d/mandos-client: plugins.d/mandos-client.c
281
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
282
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
283
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
284
) $(LDLIBS) -o $@
256
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
257
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
285
258
286
# Need to add the libnl-route library
287
259
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
288
260
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
289
261
) $(LOADLIBES) $(LDLIBS) -o $@
290
262
291
# Need to add the GLib and pthread libraries
292
dracut-module/password-agent: dracut-module/password-agent.c
293
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
294
) $(LOADLIBES) $(LDLIBS) -o $@
295
296
263
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
297
264
check run-client run-server install install-html \
298
265
install-server install-client-nokey install-client uninstall \
307
274
maintainer-clean: clean
308
275
-rm --force --recursive keydir confdir statedir
309
276
310
check: all
277
check: all
311
278
./mandos --check
312
279
./mandos-ctl --check
313
./mandos-keygen --version
314
./plugin-runner --version
315
./plugin-helpers/mandos-client-iprouteadddel --version
316
./dracut-module/password-agent --test
317
280
318
281
# Run the client with a local config and key
319
run-client: all keydir/seckey.txt keydir/pubkey.txt \
320
keydir/tls-privkey.pem keydir/tls-pubkey.pem
321
@echo '######################################################'
322
@echo '# The following error messages are harmless and can #'
323
@echo '# be safely ignored: #'
324
@echo '## From plugin-runner: #'
325
@echo '# setgid: Operation not permitted #'
326
@echo '# setuid: Operation not permitted #'
327
@echo '## From askpass-fifo: #'
328
@echo '# mkfifo: Permission denied #'
329
@echo '## From mandos-client: #'
330
@echo '# Failed to raise privileges: Operation not permi... #'
331
@echo '# Warning: network hook "*" exited with status * #'
332
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
333
@echo '# Failed to bring up interface "*": Operation not... #'
334
@echo '# #'
335
@echo '# (The messages are caused by not running as root, #'
336
@echo '# but you should NOT run "make run-client" as root #'
337
@echo '# unless you also unpacked and compiled Mandos as #'
338
@echo '# root, which is also NOT recommended.) #'
339
@echo '######################################################'
282
run-client: all keydir/seckey.txt keydir/pubkey.txt
283
@echo "###################################################################"
284
@echo "# The following error messages are harmless and can be safely #"
285
@echo "# ignored. The messages are caused by not running as root, but #"
286
@echo "# you should NOT run \"make run-client\" as root unless you also #"
287
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
288
@echo "# From plugin-runner: setgid: Operation not permitted #"
289
@echo "# setuid: Operation not permitted #"
290
@echo "# From askpass-fifo: mkfifo: Permission denied #"
291
@echo "# From mandos-client: #"
292
@echo "# Failed to raise privileges: Operation not permitted #"
293
@echo "# Warning: network hook \"*\" exited with status * #"
294
@echo "###################################################################"
340
295
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
341
296
./plugin-runner --plugin-dir=plugins.d \
342
297
--plugin-helper-dir=plugin-helpers \
343
298
--config-file=plugin-runner.conf \
344
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
299
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
345
300
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
346
301
$(CLIENTARGS)
347
302
348
303
# Used by run-client
349
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
304
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
350
305
install --directory keydir
351
306
./mandos-keygen --dir keydir --force
352
307
359
314
confdir/mandos.conf: mandos.conf
360
315
install --directory confdir
361
316
install --mode=u=rw,go=r $^ $@
362
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
317
confdir/clients.conf: clients.conf keydir/seckey.txt
363
318
install --directory confdir
364
319
install --mode=u=rw $< $@
365
320
# Add a client password
382
337
elif install --directory --mode=u=rwx $(STATEDIR); then \
383
338
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
384
339
fi
385
if [ "$(TMPFILES)" != "$(DESTDIR)" \
386
-a -d "$(TMPFILES)" ]; then \
387
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
388
$(TMPFILES)/mandos.conf; \
389
fi
390
340
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
391
341
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
392
342
mandos-ctl
428
378
$(LIBDIR)/mandos/plugin-helpers
429
379
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
430
380
install --mode=u=rwx \
431
--directory "$(CONFDIR)/plugins.d" \
432
"$(CONFDIR)/plugin-helpers"; \
381
--directory "$(CONFDIR)/plugins.d"; \
382
install --directory "$(CONFDIR)/plugin-helpers"; \
433
383
fi
434
384
install --mode=u=rwx,go=rx --directory \
435
385
"$(CONFDIR)/network-hooks.d"
436
386
install --mode=u=rwx,go=rx \
437
387
--target-directory=$(LIBDIR)/mandos plugin-runner
438
install --mode=u=rwx,go=rx \
439
--target-directory=$(LIBDIR)/mandos \
440
mandos-to-cryptroot-unlock
441
388
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
442
389
mandos-keygen
443
390
install --mode=u=rwx,go=rx \
458
405
install --mode=u=rwxs,go=rx \
459
406
--target-directory=$(LIBDIR)/mandos/plugins.d \
460
407
plugins.d/plymouth
461
install --mode=u=rwx,go=rx \
408
install --mode=u=rwxs,go=rx \
462
409
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
463
410
plugin-helpers/mandos-client-iprouteadddel
464
411
install initramfs-tools-hook \
465
412
$(INITRAMFSTOOLS)/hooks/mandos
466
install --mode=u=rw,go=r initramfs-tools-conf \
467
$(INITRAMFSTOOLS)/conf.d/mandos-conf
468
install --mode=u=rw,go=r initramfs-tools-conf-hook \
469
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
413
install --mode=u=rw,go=r initramfs-tools-hook-conf \
414
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
470
415
install initramfs-tools-script \
471
416
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
472
install initramfs-tools-script-stop \
473
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
474
install --directory $(DRACUTMODULE)
475
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
476
dracut-module/ask-password-mandos.path \
477
dracut-module/ask-password-mandos.service
478
install --mode=u=rwxs,go=rx \
479
--target-directory=$(DRACUTMODULE) \
480
dracut-module/module-setup.sh \
481
dracut-module/cmdline-mandos.sh \
482
dracut-module/password-agent
483
417
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
484
418
gzip --best --to-stdout mandos-keygen.8 \
485
419
> $(MANDIR)/man8/mandos-keygen.8.gz
497
431
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
498
432
gzip --best --to-stdout plugins.d/plymouth.8mandos \
499
433
> $(MANDIR)/man8/plymouth.8mandos.gz
500
gzip --best --to-stdout dracut-module/password-agent.8mandos \
501
> $(MANDIR)/man8/password-agent.8mandos.gz
502
434
503
435
install-client: install-client-nokey
504
436
# Post-installation stuff
505
437
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
506
if command -v update-initramfs >/dev/null; then \
507
update-initramfs -k all -u; \
508
elif command -v dracut >/dev/null; then \
509
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
510
if [ -w "$$initrd" ]; then \
511
chmod go-r "$$initrd"; \
512
dracut --force "$$initrd"; \
513
fi; \
514
done; \
515
fi
438
update-initramfs -k all -u
516
439
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
517
440
518
441
uninstall: uninstall-server uninstall-client
545
468
$(INITRAMFSTOOLS)/hooks/mandos \
546
469
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
547
470
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
548
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
549
$(DRACUTMODULE)/ask-password-mandos.path \
550
$(DRACUTMODULE)/ask-password-mandos.service \
551
$(DRACUTMODULE)/module-setup.sh \
552
$(DRACUTMODULE)/cmdline-mandos.sh \
553
$(DRACUTMODULE)/password-agent \
554
471
$(MANDIR)/man8/mandos-keygen.8.gz \
555
472
$(MANDIR)/man8/plugin-runner.8mandos.gz \
556
473
$(MANDIR)/man8/mandos-client.8mandos.gz
559
476
$(MANDIR)/man8/splashy.8mandos.gz \
560
477
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
561
478
$(MANDIR)/man8/plymouth.8mandos.gz \
562
$(MANDIR)/man8/password-agent.8mandos.gz \
563
479
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
564
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
565
if command -v update-initramfs >/dev/null; then \
566
update-initramfs -k all -u; \
567
elif command -v dracut >/dev/null; then \
568
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
569
test -w "$$initrd" && dracut --force "$$initrd"; \
570
done; \
571
fi
480
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
481
update-initramfs -k all -u
572
482
573
483
purge: purge-server purge-client
574
484
583
493
-rmdir $(CONFDIR)
584
494
585
495
purge-client: uninstall-client
586
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
496
-shred --remove $(KEYDIR)/seckey.txt
587
497
-rm --force $(CONFDIR)/plugin-runner.conf \
588
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
589
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
498
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
590
499
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0