1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
-Wvolatile-register-var -Woverlength-strings
13
#DEBUG:=-ggdb3 -fsanitize=address
14
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
LINK_FORTIFY_LD=-z relro -z now
15
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
19
-fsanitize=shift -fsanitize=integer-divide-by-zero \
20
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
21
-fsanitize=return -fsanitize=signed-integer-overflow \
22
-fsanitize=bounds -fsanitize=alignment \
23
-fsanitize=object-size -fsanitize=float-divide-by-zero \
24
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
25
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
27
# Check which sanitizing options can be used
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
-o /dev/null >/dev/null 2>&1 && echo $(option)))
31
LINK_FORTIFY_LD:=-z relro -z now
20
34
# If BROKEN_PIE is set, do not build with -pie
23
37
LINK_FORTIFY += -pie
25
39
#COVERAGE=--coverage
26
OPTIMIZE=-Os -fno-strict-aliasing
40
OPTIMIZE:=-Os -fno-strict-aliasing
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
33
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
46
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
35
49
## Use these settings for a traditional /usr/local install
36
# PREFIX=$(DESTDIR)/usr/local
37
# CONFDIR=$(DESTDIR)/etc/mandos
38
# KEYDIR=$(DESTDIR)/etc/mandos/keys
39
# MANDIR=$(PREFIX)/man
40
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
41
# STATEDIR=$(DESTDIR)/var/lib/mandos
42
# LIBDIR=$(PREFIX)/lib
50
# PREFIX:=$(DESTDIR)/usr/local
51
# CONFDIR:=$(DESTDIR)/etc/mandos
52
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
53
# MANDIR:=$(PREFIX)/man
54
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
55
# STATEDIR:=$(DESTDIR)/var/lib/mandos
56
# LIBDIR:=$(PREFIX)/lib
45
59
## These settings are for a package-type install
47
CONFDIR=$(DESTDIR)/etc/mandos
48
KEYDIR=$(DESTDIR)/etc/keys/mandos
49
MANDIR=$(PREFIX)/share/man
50
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
51
STATEDIR=$(DESTDIR)/var/lib/mandos
60
PREFIX:=$(DESTDIR)/usr
61
CONFDIR:=$(DESTDIR)/etc/mandos
62
KEYDIR:=$(DESTDIR)/etc/keys/mandos
63
MANDIR:=$(PREFIX)/share/man
64
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
65
STATEDIR:=$(DESTDIR)/var/lib/mandos
54
68
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
55
69
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
63
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
77
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
65
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
66
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
67
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
68
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
69
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
70
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
80
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
81
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
82
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
83
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
84
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
85
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
71
86
getconf LFS_LDFLAGS)
72
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
73
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
87
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
88
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
75
90
# Do not change these two
76
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
77
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
78
-DVERSION='"$(version)"'
91
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
92
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
79
93
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
81
95
# Commands to format a DocBook <refentry> document into a manual page
102
116
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
103
117
$<; $(HTMLPOST) $@)
104
118
# Fix citerefentry links
105
HTMLPOST=$(SED) --in-place \
119
HTMLPOST:=$(SED) --in-place \
106
120
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
108
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
122
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
109
123
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
110
124
plugins.d/plymouth
111
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
112
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
113
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
114
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
125
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
126
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
127
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
128
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
115
129
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
116
130
plugins.d/mandos-client.8mandos \
117
131
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
118
132
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
119
133
plugins.d/plymouth.8mandos intro.8mandos
121
htmldocs=$(addsuffix .xhtml,$(DOCS))
135
htmldocs:=$(addsuffix .xhtml,$(DOCS))
123
objects=$(addsuffix .o,$(CPROGS))
137
objects:=$(addsuffix .o,$(CPROGS))
125
139
all: $(PROGS) mandos.lsm
238
252
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
255
# Need to add the GnuTLS, Avahi and GPGME libraries, and can't use
256
# -fsanitize=leak because GnuTLS and GPGME both leak memory.
241
257
plugins.d/mandos-client: plugins.d/mandos-client.c
242
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
258
$(CC) $(filter-out -fsanitize=leak,$(CFLAGS)) $(strip\
259
) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) $(strip\
260
) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH) $^ $(strip\
261
) -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
243
262
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
245
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
287
run-client: all keydir/seckey.txt keydir/pubkey.txt
269
288
@echo "###################################################################"
270
289
@echo "# The following error messages are harmless and can be safely #"
271
@echo "# ignored. The messages are caused by not running as root, but #"
272
@echo "# you should NOT run \"make run-client\" as root unless you also #"
273
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
274
291
@echo "# From plugin-runner: setgid: Operation not permitted #"
275
292
@echo "# setuid: Operation not permitted #"
276
293
@echo "# From askpass-fifo: mkfifo: Permission denied #"
277
294
@echo "# From mandos-client: #"
278
295
@echo "# Failed to raise privileges: Operation not permitted #"
279
296
@echo "# Warning: network hook \"*\" exited with status * #"
298
@echo "# (The messages are caused by not running as root, but you should #"
299
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
300
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
280
301
@echo "###################################################################"
281
302
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
282
303
./plugin-runner --plugin-dir=plugins.d \
323
344
elif install --directory --mode=u=rwx $(STATEDIR); then \
324
345
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
347
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
348
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
349
$(TMPFILES)/mandos.conf; \
326
351
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
327
352
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
364
389
$(LIBDIR)/mandos/plugin-helpers
365
390
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
366
391
install --mode=u=rwx \
367
--directory "$(CONFDIR)/plugins.d"; \
368
install --directory "$(CONFDIR)/plugin-helpers"; \
392
--directory "$(CONFDIR)/plugins.d" \
393
"$(CONFDIR)/plugin-helpers"; \
370
395
install --mode=u=rwx,go=rx --directory \
371
396
"$(CONFDIR)/network-hooks.d"
391
416
install --mode=u=rwxs,go=rx \
392
417
--target-directory=$(LIBDIR)/mandos/plugins.d \
393
418
plugins.d/plymouth
394
install --mode=u=rwxs,go=rx \
419
install --mode=u=rwx,go=rx \
395
420
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
396
421
plugin-helpers/mandos-client-iprouteadddel
397
422
install initramfs-tools-hook \
added
removed
Makefile
