/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/rules

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 08:41:14 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 372.
  • Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5
Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

Show diffs side-by-side

added added

removed removed

Lines of Context:
9
9
    MAKEFLAGS += -j$(NUMJOBS)
10
10
endif
11
11
 
12
 
PKG_CONFIG?=pkg-config
13
 
 
14
12
%:
15
13
        dh $@
16
14
 
17
 
override_dh_installdirs-indep:
18
 
        dh_installdirs
19
 
        dh_installdirs $(patsubst /%,%,$(shell $(PKG_CONFIG) \
20
 
                systemd --variable=systemdsystemunitdir)) \
21
 
                $(patsubst /%,%,$(shell $(PKG_CONFIG) \
22
 
                systemd --variable=tmpfilesdir)) \
23
 
                $(patsubst /%,%,$(shell $(PKG_CONFIG) \
24
 
                systemd --variable=sysusersdir))
25
 
 
26
 
override_dh_installdirs-arch:
27
 
        dh_installdirs
28
 
        dh_installdirs $(patsubst /%,%,$(shell $(PKG_CONFIG) \
29
 
                systemd --variable=sysusersdir))
30
 
 
31
15
override_dh_auto_build-arch:
32
16
        LC_ALL=en_US.utf8 dh_auto_build -- all doc
33
17
 
51
35
                --exclude etc/mandos/plugin-helpers \
52
36
                --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugins.d \
53
37
                --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugin-helpers \
54
 
                --exclude usr/share/doc/mandos-client/examples/network-hooks.d/
 
38
                --exclude usr/share/doc/mandos-client/examples/network-hooks.d
55
39
        chmod --recursive g-w -- \
56
40
        "$(CURDIR)/debian/mandos-client/usr/share/doc/mandos-client/examples/network-hooks.d"
57
41
 
59
43
        dh_fixperms --exclude etc/mandos/clients.conf
60
44
 
61
45
override_dh_auto_test-arch: ;
62
 
 
63
 
#bpo## dpkg-shlibdeps sees the "libgnutls28-dev (>= 3.6.6) |
64
 
#bpo## libgnutls28-dev (<< 3.6.0)," in the build-dependencies not as two
65
 
#bpo## alternatives, but as an absolute dependency on libgnutls30 >= 3.6.6.
66
 
#bpo## So we have to do this ugly hack to hide this build dependency if we
67
 
#bpo## compiled with libgnutls30 << 3.6.0.
68
 
#bpo#override_dh_shlibdeps-arch:
69
 
#bpo#   -gnutls_version=$$(dpkg-query --showformat='$${Version}' \
70
 
#bpo#           --show libgnutls30); \
71
 
#bpo#   dpkg --compare-versions $$gnutls_version lt 3.6.0 \
72
 
#bpo#           && { cp --archive debian/control debian/control.orig; sed --in-place --expression='s/libgnutls28-dev (>= 3\.6\.6) |//' debian/control; }
73
 
#bpo#   dh_shlibdeps
74
 
#bpo#   -gnutls_version=$$(dpkg-query --showformat='$${Version}' \
75
 
#bpo#           --show libgnutls30); \
76
 
#bpo#   dpkg --compare-versions $$gnutls_version lt 3.6.0 \
77
 
#bpo#           && mv debian/control.orig debian/control