/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-14 22:39:15 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging

The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious.  It has
become clear that sanitizing is only really meant for use while
debugging.

As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.

* Makefile (DEBUG): Add "$(SANITIZE)".
  (SANITIZE): Comment out.
  (CFLAGS): Remove "$(SANITIZE)".
  (plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
                             we no longer need to remove the leak
                             sanitizer by overriding CFLAGS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
25
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
 
28
        -fsanitize=enum
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
45
45
version:=1.8.4
46
46
SED:=sed
47
47
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
49
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
52
50
 
53
51
## Use these settings for a traditional /usr/local install
54
52
# PREFIX:=$(DESTDIR)/usr/local
94
92
# Do not change these two
95
93
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
94
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
97
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
95
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
99
96
 
100
97
# Commands to format a DocBook <refentry> document into a manual page
101
98
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
107
104
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
105
        $(notdir $<); \
109
106
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
111
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
112
 
        $(notdir $@); fi >/dev/null)
 
107
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
 
108
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
 
109
        fi >/dev/null)
113
110
 
114
111
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
112
        --param make.year.ranges                1 \
260
257
# Need to add the GnuTLS, Avahi and GPGME libraries
261
258
plugins.d/mandos-client: plugins.d/mandos-client.c
262
259
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
260
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
264
261
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
262
                ) $(LDLIBS) -o $@
266
263
 
267
 
# Need to add the libnl-route library
268
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
269
265
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
270
266
                ) $(LOADLIBES) $(LDLIBS) -o $@
283
279
maintainer-clean: clean
284
280
        -rm --force --recursive keydir confdir statedir
285
281
 
286
 
check: all
 
282
check:  all
287
283
        ./mandos --check
288
284
        ./mandos-ctl --check
289
 
        ./mandos-keygen --version
290
 
        ./plugin-runner --version
291
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
292
285
 
293
286
# Run the client with a local config and key
294
287
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem