/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 368.
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
http://bugs.debian.org/894495
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
 
13
#DEBUG:=-ggdb3 -fsanitize=address 
 
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
15
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
16
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
19
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
18
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
19
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
26
24
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
25
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
26
        -fsanitize=enum
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
27
# Check which sanitizing options can be used
 
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
29
        echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
 
30
        -o /dev/null >/dev/null 2>&1 && echo $(option)))
33
31
LINK_FORTIFY_LD:=-z relro -z now
34
32
LINK_FORTIFY:=
35
33
 
42
40
OPTIMIZE:=-Os -fno-strict-aliasing
43
41
LANGUAGE:=-std=gnu11
44
42
htmldir:=man
45
 
version:=1.8.4
 
43
version:=1.7.19
46
44
SED:=sed
47
45
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
 
46
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
47
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
52
48
 
53
49
## Use these settings for a traditional /usr/local install
54
50
# PREFIX:=$(DESTDIR)/usr/local
92
88
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
93
89
 
94
90
# Do not change these two
95
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
91
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
96
92
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
97
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
93
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
99
94
 
100
95
# Commands to format a DocBook <refentry> document into a manual page
101
96
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
257
252
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
258
253
                $@)
259
254
 
260
 
# Need to add the GnuTLS, Avahi and GPGME libraries
 
255
# Need to add the GnuTLS, Avahi and GPGME libraries, and can't use
 
256
# -fsanitize=leak because GnuTLS and GPGME both leak memory.
261
257
plugins.d/mandos-client: plugins.d/mandos-client.c
262
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
264
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
 
                ) $(LDLIBS) -o $@
 
258
        $(CC) $(filter-out -fsanitize=leak,$(CFLAGS)) $(strip\
 
259
        ) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) $(strip\
 
260
                ) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH) $^ $(strip\
 
261
                ) -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
 
262
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
266
263
 
267
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
265
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
287
284
        ./mandos-ctl --check
288
285
 
289
286
# Run the client with a local config and key
290
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
287
run-client: all keydir/seckey.txt keydir/pubkey.txt
291
288
        @echo "###################################################################"
292
289
        @echo "# The following error messages are harmless and can be safely     #"
293
290
        @echo "# ignored:                                                        #"
306
303
        ./plugin-runner --plugin-dir=plugins.d \
307
304
                --plugin-helper-dir=plugin-helpers \
308
305
                --config-file=plugin-runner.conf \
309
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
 
306
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
310
307
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
311
308
                $(CLIENTARGS)
312
309
 
313
310
# Used by run-client
314
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
311
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
315
312
        install --directory keydir
316
313
        ./mandos-keygen --dir keydir --force
317
314
 
324
321
confdir/mandos.conf: mandos.conf
325
322
        install --directory confdir
326
323
        install --mode=u=rw,go=r $^ $@
327
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
324
confdir/clients.conf: clients.conf keydir/seckey.txt
328
325
        install --directory confdir
329
326
        install --mode=u=rw $< $@
330
327
# Add a client password
399
396
                "$(CONFDIR)/network-hooks.d"
400
397
        install --mode=u=rwx,go=rx \
401
398
                --target-directory=$(LIBDIR)/mandos plugin-runner
402
 
        install --mode=u=rwx,go=rx \
403
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
404
399
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
405
400
                mandos-keygen
406
401
        install --mode=u=rwx,go=rx \
426
421
                plugin-helpers/mandos-client-iprouteadddel
427
422
        install initramfs-tools-hook \
428
423
                $(INITRAMFSTOOLS)/hooks/mandos
429
 
        install --mode=u=rw,go=r initramfs-tools-conf \
430
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
431
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
432
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
424
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
425
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
433
426
        install initramfs-tools-script \
434
427
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
 
        install initramfs-tools-script-stop \
436
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
437
428
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
438
429
        gzip --best --to-stdout mandos-keygen.8 \
439
430
                > $(MANDIR)/man8/mandos-keygen.8.gz
513
504
        -rmdir $(CONFDIR)
514
505
 
515
506
purge-client: uninstall-client
516
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
507
        -shred --remove $(KEYDIR)/seckey.txt
517
508
        -rm --force $(CONFDIR)/plugin-runner.conf \
518
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
519
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
509
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
520
510
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)