To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.659
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.659
- Committer: Teddy Hogeborn
- Date: 2019-07-14 22:39:15 UTC
- mto: This revision was merged to the branch mainline in revision 384.
- Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
- files removed:
- debian/po/POTFILES.in
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
Makefile
25
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
28
-fsanitize=enum
29
29
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
44
htmldir:=man
45
version:=1.8.5
45
version:=1.8.4
46
46
SED:=sed
47
47
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
|| getent passwd nobody || echo 65534)))
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
|| getent group nogroup || echo 65534)))
52
53
LINUXVERSION:=$(shell uname --kernel-release)
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
49
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
54
50
55
51
## Use these settings for a traditional /usr/local install
56
52
# PREFIX:=$(DESTDIR)/usr/local
58
54
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
59
55
# MANDIR:=$(PREFIX)/man
60
56
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
61
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
62
57
# STATEDIR:=$(DESTDIR)/var/lib/mandos
63
58
# LIBDIR:=$(PREFIX)/lib
64
59
##
69
64
KEYDIR:=$(DESTDIR)/etc/keys/mandos
70
65
MANDIR:=$(PREFIX)/share/man
71
66
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
72
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
73
67
STATEDIR:=$(DESTDIR)/var/lib/mandos
74
68
LIBDIR:=$(shell \
75
69
for d in \
76
"/usr/lib/`dpkg-architecture \
77
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
70
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
78
71
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
79
72
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
80
73
echo "$(DESTDIR)$$d"; \
83
76
done)
84
77
##
85
78
86
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd \
87
--variable=systemdsystemunitdir)
79
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
88
80
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
89
81
90
82
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
96
88
getconf LFS_LDFLAGS)
97
89
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
98
90
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
99
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
100
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
101
91
102
92
# Do not change these two
103
93
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
104
94
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
105
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
106
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
95
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
107
96
108
97
# Commands to format a DocBook <refentry> document into a manual page
109
98
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
115
104
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
116
105
$(notdir $<); \
117
106
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
118
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
119
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
120
$(notdir $@); fi >/dev/null)
107
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
108
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
109
fi >/dev/null)
121
110
122
111
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
123
112
--param make.year.ranges 1 \
136
125
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
137
126
plugins.d/plymouth
138
127
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
139
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
140
$(PLUGIN_HELPERS)
128
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
141
129
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
142
130
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
143
131
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
144
dracut-module/password-agent.8mandos \
145
132
plugins.d/mandos-client.8mandos \
146
133
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
147
134
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
219
206
overview.xml legalnotice.xml
220
207
$(DOCBOOKTOHTML)
221
208
222
dracut-module/password-agent.8mandos: \
223
dracut-module/password-agent.xml common.ent \
224
overview.xml legalnotice.xml
225
$(DOCBOOKTOMAN)
226
dracut-module/password-agent.8mandos.xhtml: \
227
dracut-module/password-agent.xml common.ent \
228
overview.xml legalnotice.xml
229
$(DOCBOOKTOHTML)
230
231
209
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
232
210
common.ent \
233
211
mandos-options.xml \
279
257
# Need to add the GnuTLS, Avahi and GPGME libraries
280
258
plugins.d/mandos-client: plugins.d/mandos-client.c
281
259
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
282
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
260
) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
283
261
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
284
262
) $(LDLIBS) -o $@
285
263
286
# Need to add the libnl-route library
287
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
288
265
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
289
266
) $(LOADLIBES) $(LDLIBS) -o $@
290
267
291
# Need to add the GLib and pthread libraries
292
dracut-module/password-agent: dracut-module/password-agent.c
293
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
294
) $(LOADLIBES) $(LDLIBS) -o $@
295
296
268
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
297
269
check run-client run-server install install-html \
298
270
install-server install-client-nokey install-client uninstall \
307
279
maintainer-clean: clean
308
280
-rm --force --recursive keydir confdir statedir
309
281
310
check: all
282
check: all
311
283
./mandos --check
312
284
./mandos-ctl --check
313
./mandos-keygen --version
314
./plugin-runner --version
315
./plugin-helpers/mandos-client-iprouteadddel --version
316
./dracut-module/password-agent --test
317
285
318
286
# Run the client with a local config and key
319
run-client: all keydir/seckey.txt keydir/pubkey.txt \
320
keydir/tls-privkey.pem keydir/tls-pubkey.pem
321
@echo '######################################################'
322
@echo '# The following error messages are harmless and can #'
323
@echo '# be safely ignored: #'
324
@echo '## From plugin-runner: #'
325
@echo '# setgid: Operation not permitted #'
326
@echo '# setuid: Operation not permitted #'
327
@echo '## From askpass-fifo: #'
328
@echo '# mkfifo: Permission denied #'
329
@echo '## From mandos-client: #'
330
@echo '# Failed to raise privileges: Operation not permi... #'
331
@echo '# Warning: network hook "*" exited with status * #'
332
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
333
@echo '# Failed to bring up interface "*": Operation not... #'
334
@echo '# #'
335
@echo '# (The messages are caused by not running as root, #'
336
@echo '# but you should NOT run "make run-client" as root #'
337
@echo '# unless you also unpacked and compiled Mandos as #'
338
@echo '# root, which is also NOT recommended.) #'
339
@echo '######################################################'
287
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
288
@echo "###################################################################"
289
@echo "# The following error messages are harmless and can be safely #"
290
@echo "# ignored: #"
291
@echo "# From plugin-runner: setgid: Operation not permitted #"
292
@echo "# setuid: Operation not permitted #"
293
@echo "# From askpass-fifo: mkfifo: Permission denied #"
294
@echo "# From mandos-client: #"
295
@echo "# Failed to raise privileges: Operation not permitted #"
296
@echo "# Warning: network hook \"*\" exited with status * #"
297
@echo "# #"
298
@echo "# (The messages are caused by not running as root, but you should #"
299
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
300
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
301
@echo "###################################################################"
340
302
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
341
303
./plugin-runner --plugin-dir=plugins.d \
342
304
--plugin-helper-dir=plugin-helpers \
382
344
elif install --directory --mode=u=rwx $(STATEDIR); then \
383
345
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
384
346
fi
385
if [ "$(TMPFILES)" != "$(DESTDIR)" \
386
-a -d "$(TMPFILES)" ]; then \
347
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
387
348
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
388
349
$(TMPFILES)/mandos.conf; \
389
350
fi
436
397
install --mode=u=rwx,go=rx \
437
398
--target-directory=$(LIBDIR)/mandos plugin-runner
438
399
install --mode=u=rwx,go=rx \
439
--target-directory=$(LIBDIR)/mandos \
440
mandos-to-cryptroot-unlock
400
--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
441
401
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
442
402
mandos-keygen
443
403
install --mode=u=rwx,go=rx \
471
431
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
472
432
install initramfs-tools-script-stop \
473
433
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
474
install --directory $(DRACUTMODULE)
475
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
476
dracut-module/ask-password-mandos.path \
477
dracut-module/ask-password-mandos.service
478
install --mode=u=rwxs,go=rx \
479
--target-directory=$(DRACUTMODULE) \
480
dracut-module/module-setup.sh \
481
dracut-module/cmdline-mandos.sh \
482
dracut-module/password-agent
483
434
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
484
435
gzip --best --to-stdout mandos-keygen.8 \
485
436
> $(MANDIR)/man8/mandos-keygen.8.gz
497
448
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
498
449
gzip --best --to-stdout plugins.d/plymouth.8mandos \
499
450
> $(MANDIR)/man8/plymouth.8mandos.gz
500
gzip --best --to-stdout dracut-module/password-agent.8mandos \
501
> $(MANDIR)/man8/password-agent.8mandos.gz
502
451
503
452
install-client: install-client-nokey
504
453
# Post-installation stuff
505
454
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
506
if command -v update-initramfs >/dev/null; then \
507
update-initramfs -k all -u; \
508
elif command -v dracut >/dev/null; then \
509
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
510
if [ -w "$$initrd" ]; then \
511
chmod go-r "$$initrd"; \
512
dracut --force "$$initrd"; \
513
fi; \
514
done; \
515
fi
455
update-initramfs -k all -u
516
456
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
517
457
518
458
uninstall: uninstall-server uninstall-client
545
485
$(INITRAMFSTOOLS)/hooks/mandos \
546
486
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
547
487
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
548
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
549
$(DRACUTMODULE)/ask-password-mandos.path \
550
$(DRACUTMODULE)/ask-password-mandos.service \
551
$(DRACUTMODULE)/module-setup.sh \
552
$(DRACUTMODULE)/cmdline-mandos.sh \
553
$(DRACUTMODULE)/password-agent \
554
488
$(MANDIR)/man8/mandos-keygen.8.gz \
555
489
$(MANDIR)/man8/plugin-runner.8mandos.gz \
556
490
$(MANDIR)/man8/mandos-client.8mandos.gz
559
493
$(MANDIR)/man8/splashy.8mandos.gz \
560
494
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
561
495
$(MANDIR)/man8/plymouth.8mandos.gz \
562
$(MANDIR)/man8/password-agent.8mandos.gz \
563
496
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
564
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
565
if command -v update-initramfs >/dev/null; then \
566
update-initramfs -k all -u; \
567
elif command -v dracut >/dev/null; then \
568
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
569
test -w "$$initrd" && dracut --force "$$initrd"; \
570
done; \
571
fi
497
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
498
update-initramfs -k all -u
572
499
573
500
purge: purge-server purge-client
574
501
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0