/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
 
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
3
 
        -Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
 
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
 
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
 
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
 
5
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
        -Wunsafe-loop-optimizations -Wpointer-arith \
5
7
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
 
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
7
 
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
 
#       -Wunreachable-code 
9
 
#DEBUG=-ggdb3
10
 
# For info about _FORTIFY_SOURCE, see
11
 
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
 
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
 
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
 
LINK_FORTIFY_LD=-z relro -z now
15
 
LINK_FORTIFY=
 
8
        -Wconversion -Wlogical-op -Waggregate-return \
 
9
        -Wstrict-prototypes -Wold-style-definition \
 
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
 
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
 
12
        -Wvolatile-register-var -Woverlength-strings
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
 
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
 
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
 
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
 
22
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
 
23
        -fsanitize=return -fsanitize=signed-integer-overflow \
 
24
        -fsanitize=bounds -fsanitize=alignment \
 
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
 
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
 
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
33
LINK_FORTIFY_LD:=-z relro -z now
 
34
LINK_FORTIFY:=
 
35
 
 
36
# If BROKEN_PIE is set, do not build with -pie
16
37
ifndef BROKEN_PIE
17
38
FORTIFY += -fPIE
18
 
LINK_FORTIFY_LD += -fPIE
19
39
LINK_FORTIFY += -pie
20
40
endif
21
41
#COVERAGE=--coverage
22
 
OPTIMIZE=-Os
23
 
LANGUAGE=-std=gnu99
24
 
htmldir=man
25
 
version=1.0.14
26
 
SED=sed
 
42
OPTIMIZE:=-Os -fno-strict-aliasing
 
43
LANGUAGE:=-std=gnu11
 
44
htmldir:=man
 
45
version:=1.8.4
 
46
SED:=sed
 
47
 
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
49
        || getent passwd nobody || echo 65534)))
 
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
51
        || getent group nogroup || echo 65534)))
27
52
 
28
53
## Use these settings for a traditional /usr/local install
29
 
# PREFIX=$(DESTDIR)/usr/local
30
 
# CONFDIR=$(DESTDIR)/etc/mandos
31
 
# KEYDIR=$(DESTDIR)/etc/mandos/keys
32
 
# MANDIR=$(PREFIX)/man
33
 
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
 
54
# PREFIX:=$(DESTDIR)/usr/local
 
55
# CONFDIR:=$(DESTDIR)/etc/mandos
 
56
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
 
57
# MANDIR:=$(PREFIX)/man
 
58
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
 
61
# LIBDIR:=$(PREFIX)/lib
34
62
##
35
63
 
36
64
## These settings are for a package-type install
37
 
PREFIX=$(DESTDIR)/usr
38
 
CONFDIR=$(DESTDIR)/etc/mandos
39
 
KEYDIR=$(DESTDIR)/etc/keys/mandos
40
 
MANDIR=$(PREFIX)/share/man
41
 
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
 
65
PREFIX:=$(DESTDIR)/usr
 
66
CONFDIR:=$(DESTDIR)/etc/mandos
 
67
KEYDIR:=$(DESTDIR)/etc/keys/mandos
 
68
MANDIR:=$(PREFIX)/share/man
 
69
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
70
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
 
72
LIBDIR:=$(shell \
 
73
        for d in \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
 
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
 
77
                        echo "$(DESTDIR)$$d"; \
 
78
                        break; \
 
79
                fi; \
 
80
        done)
42
81
##
43
82
 
44
 
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
45
 
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
46
 
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
47
 
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
48
 
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
49
 
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
85
 
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
50
92
        getconf LFS_LDFLAGS)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
51
97
 
52
98
# Do not change these two
53
 
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
54
 
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
55
 
        -DVERSION='"$(version)"'
56
 
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
57
103
 
58
104
# Commands to format a DocBook <refentry> document into a manual page
59
 
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
 
105
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
60
106
        --param man.charmap.use.subset          0 \
61
107
        --param make.year.ranges                1 \
62
108
        --param make.single.year.ranges         1 \
63
109
        --param man.output.quietly              1 \
64
110
        --param man.authors.section.enabled     0 \
65
 
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
111
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
66
112
        $(notdir $<); \
67
 
        $(MANPOST) $(notdir $@)
68
 
# DocBook-to-man post-processing to fix a '\n' escape bug
69
 
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
 
113
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
 
114
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
115
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
116
        $(notdir $@); fi >/dev/null)
70
117
 
71
 
DOCBOOKTOHTML=xsltproc --nonet --xinclude \
 
118
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
72
119
        --param make.year.ranges                1 \
73
120
        --param make.single.year.ranges         1 \
74
121
        --param man.output.quietly              1 \
76
123
        --param citerefentry.link               1 \
77
124
        --output $@ \
78
125
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
79
 
        $<; $(HTMLPOST) $@
 
126
        $<; $(HTMLPOST) $@)
80
127
# Fix citerefentry links
81
 
HTMLPOST=$(SED) --in-place \
 
128
HTMLPOST:=$(SED) --in-place \
82
129
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
83
130
 
84
 
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
85
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
86
 
CPROGS=plugin-runner $(PLUGINS)
87
 
PROGS=mandos mandos-keygen mandos-ctl $(CPROGS)
88
 
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
 
131
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
 
132
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
 
133
        plugins.d/plymouth
 
134
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
 
135
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
136
        $(PLUGIN_HELPERS)
 
137
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
138
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
139
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
140
        dracut-module/password-agent.8mandos \
89
141
        plugins.d/mandos-client.8mandos \
90
 
        plugins.d/password-prompt.8mandos mandos.conf.5 \
91
 
        plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
92
 
        plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
93
 
 
94
 
htmldocs=$(addsuffix .xhtml,$(DOCS))
95
 
 
96
 
objects=$(addsuffix .o,$(CPROGS))
 
142
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
 
143
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
 
144
        plugins.d/plymouth.8mandos intro.8mandos
 
145
 
 
146
htmldocs:=$(addsuffix .xhtml,$(DOCS))
 
147
 
 
148
objects:=$(addsuffix .o,$(CPROGS))
97
149
 
98
150
all: $(PROGS) mandos.lsm
99
151
 
116
168
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
117
169
        $(DOCBOOKTOHTML)
118
170
 
 
171
intro.8mandos: intro.xml common.ent legalnotice.xml
 
172
        $(DOCBOOKTOMAN)
 
173
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
 
174
        $(DOCBOOKTOHTML)
 
175
 
119
176
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
120
177
                legalnotice.xml
121
178
        $(DOCBOOKTOMAN)
130
187
                 legalnotice.xml
131
188
        $(DOCBOOKTOHTML)
132
189
 
 
190
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
 
191
                legalnotice.xml
 
192
        $(DOCBOOKTOMAN)
 
193
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
 
194
                 legalnotice.xml
 
195
        $(DOCBOOKTOHTML)
 
196
 
 
197
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
 
198
                legalnotice.xml
 
199
        $(DOCBOOKTOMAN)
 
200
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
 
201
                 legalnotice.xml
 
202
        $(DOCBOOKTOHTML)
 
203
 
133
204
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
134
205
                legalnotice.xml
135
206
        $(DOCBOOKTOMAN)
144
215
                overview.xml legalnotice.xml
145
216
        $(DOCBOOKTOHTML)
146
217
 
 
218
dracut-module/password-agent.8mandos: \
 
219
                dracut-module/password-agent.xml common.ent \
 
220
                overview.xml legalnotice.xml
 
221
        $(DOCBOOKTOMAN)
 
222
dracut-module/password-agent.8mandos.xhtml: \
 
223
                dracut-module/password-agent.xml common.ent \
 
224
                overview.xml legalnotice.xml
 
225
        $(DOCBOOKTOHTML)
 
226
 
147
227
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
148
228
                                        common.ent \
149
229
                                        mandos-options.xml \
157
237
 
158
238
# Update all these files with version number $(version)
159
239
common.ent: Makefile
160
 
        $(SED) --in-place \
 
240
        $(strip $(SED) --in-place \
161
241
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
162
 
                $@
 
242
                $@)
163
243
 
164
244
mandos: Makefile
165
 
        $(SED) --in-place \
 
245
        $(strip $(SED) --in-place \
166
246
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
167
 
                $@
 
247
                $@)
168
248
 
169
249
mandos-keygen: Makefile
170
 
        $(SED) --in-place \
 
250
        $(strip $(SED) --in-place \
171
251
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
172
 
                $@
 
252
                $@)
173
253
 
174
254
mandos-ctl: Makefile
175
 
        $(SED) --in-place \
176
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
177
 
                $@
 
255
        $(strip $(SED) --in-place \
 
256
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
257
                $@)
 
258
 
 
259
mandos-monitor: Makefile
 
260
        $(strip $(SED) --in-place \
 
261
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
262
                $@)
178
263
 
179
264
mandos.lsm: Makefile
180
 
        $(SED) --in-place \
 
265
        $(strip $(SED) --in-place \
181
266
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
182
 
                $@
183
 
        $(SED) --in-place \
 
267
                $@)
 
268
        $(strip $(SED) --in-place \
184
269
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
185
 
                $@
186
 
        $(SED) --in-place \
 
270
                $@)
 
271
        $(strip $(SED) --in-place \
187
272
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
188
 
                $@
189
 
 
190
 
plugins.d/mandos-client: plugins.d/mandos-client.o
191
 
        $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
192
 
                $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
193
 
 
194
 
.PHONY : all doc html clean distclean run-client run-server install \
195
 
        install-server install-client uninstall uninstall-server \
196
 
        uninstall-client purge purge-server purge-client
 
273
                $@)
 
274
 
 
275
# Need to add the GnuTLS, Avahi and GPGME libraries
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
 
281
 
 
282
# Need to add the libnl-route library
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
286
 
 
287
# Need to add the GLib and pthread libraries
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
197
297
 
198
298
clean:
199
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
201
301
distclean: clean
202
302
mostlyclean: clean
203
303
maintainer-clean: clean
204
 
        -rm --force --recursive keydir confdir
 
304
        -rm --force --recursive keydir confdir statedir
205
305
 
206
 
check:  all
 
306
check: all
207
307
        ./mandos --check
 
308
        ./mandos-ctl --check
 
309
        ./mandos-keygen --version
 
310
        ./plugin-runner --version
 
311
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
312
        ./dracut-module/password-agent --test
208
313
 
209
314
# Run the client with a local config and key
210
 
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
 
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
211
331
        ./plugin-runner --plugin-dir=plugins.d \
 
332
                --plugin-helper-dir=plugin-helpers \
212
333
                --config-file=plugin-runner.conf \
213
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
 
334
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
 
335
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
214
336
                $(CLIENTARGS)
215
337
 
216
338
# Used by run-client
217
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
218
340
        install --directory keydir
219
341
        ./mandos-keygen --dir keydir --force
220
342
 
221
343
# Run the server with a local config
222
 
run-server: confdir/mandos.conf confdir/clients.conf
223
 
        ./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
 
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
 
345
        ./mandos --debug --no-dbus --configdir=confdir \
 
346
                --statedir=statedir $(SERVERARGS)
224
347
 
225
348
# Used by run-server
226
349
confdir/mandos.conf: mandos.conf
227
350
        install --directory confdir
228
351
        install --mode=u=rw,go=r $^ $@
229
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
352
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
230
353
        install --directory confdir
231
354
        install --mode=u=rw $< $@
232
355
# Add a client password
233
 
        ./mandos-keygen --dir keydir --password >> $@
 
356
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
357
statedir:
 
358
        install --directory statedir
234
359
 
235
360
install: install-server install-client-nokey
236
361
 
241
366
 
242
367
install-server: doc
243
368
        install --directory $(CONFDIR)
 
369
        if install --directory --mode=u=rwx --owner=$(USER) \
 
370
                --group=$(GROUP) $(STATEDIR); then \
 
371
                :; \
 
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
 
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
 
374
        fi
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
377
                        $(TMPFILES)/mandos.conf; \
 
378
        fi
244
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
381
                mandos-ctl
 
382
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
383
                mandos-monitor
245
384
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
246
385
                mandos.conf
247
386
        install --mode=u=rw --target-directory=$(CONFDIR) \
248
387
                clients.conf
 
388
        install --mode=u=rw,go=r dbus-mandos.conf \
 
389
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
249
390
        install --mode=u=rwx,go=rx init.d-mandos \
250
391
                $(DESTDIR)/etc/init.d/mandos
 
392
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
393
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
394
        fi
251
395
        install --mode=u=rw,go=r default-mandos \
252
396
                $(DESTDIR)/etc/default/mandos
253
397
        if [ -z $(DESTDIR) ]; then \
255
399
        fi
256
400
        gzip --best --to-stdout mandos.8 \
257
401
                > $(MANDIR)/man8/mandos.8.gz
 
402
        gzip --best --to-stdout mandos-monitor.8 \
 
403
                > $(MANDIR)/man8/mandos-monitor.8.gz
 
404
        gzip --best --to-stdout mandos-ctl.8 \
 
405
                > $(MANDIR)/man8/mandos-ctl.8.gz
258
406
        gzip --best --to-stdout mandos.conf.5 \
259
407
                > $(MANDIR)/man5/mandos.conf.5.gz
260
408
        gzip --best --to-stdout mandos-clients.conf.5 \
261
409
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
 
410
        gzip --best --to-stdout intro.8mandos \
 
411
                > $(MANDIR)/man8/intro.8mandos.gz
262
412
 
263
413
install-client-nokey: all doc
264
 
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
 
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
265
415
        install --directory --mode=u=rwx $(KEYDIR) \
266
 
                $(PREFIX)/lib/mandos/plugins.d
267
 
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
 
416
                $(LIBDIR)/mandos/plugins.d \
 
417
                $(LIBDIR)/mandos/plugin-helpers
 
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
268
419
                install --mode=u=rwx \
269
 
                        --directory "$(CONFDIR)/plugins.d"; \
 
420
                        --directory "$(CONFDIR)/plugins.d" \
 
421
                        "$(CONFDIR)/plugin-helpers"; \
270
422
        fi
271
 
        install --mode=u=rwx,go=rx \
272
 
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
 
423
        install --mode=u=rwx,go=rx --directory \
 
424
                "$(CONFDIR)/network-hooks.d"
 
425
        install --mode=u=rwx,go=rx \
 
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
427
        install --mode=u=rwx,go=rx \
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
273
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
274
430
                mandos-keygen
275
431
        install --mode=u=rwx,go=rx \
276
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
432
                --target-directory=$(LIBDIR)/mandos/plugins.d \
277
433
                plugins.d/password-prompt
278
434
        install --mode=u=rwxs,go=rx \
279
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
435
                --target-directory=$(LIBDIR)/mandos/plugins.d \
280
436
                plugins.d/mandos-client
281
437
        install --mode=u=rwxs,go=rx \
282
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
438
                --target-directory=$(LIBDIR)/mandos/plugins.d \
283
439
                plugins.d/usplash
284
440
        install --mode=u=rwxs,go=rx \
285
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
441
                --target-directory=$(LIBDIR)/mandos/plugins.d \
286
442
                plugins.d/splashy
287
443
        install --mode=u=rwxs,go=rx \
288
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
444
                --target-directory=$(LIBDIR)/mandos/plugins.d \
289
445
                plugins.d/askpass-fifo
 
446
        install --mode=u=rwxs,go=rx \
 
447
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
448
                plugins.d/plymouth
 
449
        install --mode=u=rwx,go=rx \
 
450
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
 
451
                plugin-helpers/mandos-client-iprouteadddel
290
452
        install initramfs-tools-hook \
291
453
                $(INITRAMFSTOOLS)/hooks/mandos
292
 
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
293
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
 
454
        install --mode=u=rw,go=r initramfs-tools-conf \
 
455
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
456
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
457
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
294
458
        install initramfs-tools-script \
295
459
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
460
        install initramfs-tools-script-stop \
 
461
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
462
        install --directory $(DRACUTMODULE)
 
463
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
464
                dracut-module/ask-password-mandos.path \
 
465
                dracut-module/ask-password-mandos.service
 
466
        install --mode=u=rwxs,go=rx \
 
467
                --target-directory=$(DRACUTMODULE) \
 
468
                dracut-module/module-setup.sh \
 
469
                dracut-module/cmdline-mandos.sh \
 
470
                dracut-module/password-agent
296
471
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
297
472
        gzip --best --to-stdout mandos-keygen.8 \
298
473
                > $(MANDIR)/man8/mandos-keygen.8.gz
299
474
        gzip --best --to-stdout plugin-runner.8mandos \
300
475
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
 
476
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
 
477
                > $(MANDIR)/man8/mandos-client.8mandos.gz
301
478
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
302
479
                > $(MANDIR)/man8/password-prompt.8mandos.gz
303
 
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
304
 
                > $(MANDIR)/man8/mandos-client.8mandos.gz
305
480
        gzip --best --to-stdout plugins.d/usplash.8mandos \
306
481
                > $(MANDIR)/man8/usplash.8mandos.gz
307
482
        gzip --best --to-stdout plugins.d/splashy.8mandos \
308
483
                > $(MANDIR)/man8/splashy.8mandos.gz
309
484
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
310
485
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
 
486
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
 
487
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
311
490
 
312
491
install-client: install-client-nokey
313
492
# Post-installation stuff
314
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
315
 
        update-initramfs -k all -u
 
494
        if command -v update-initramfs >/dev/null; then \
 
495
            update-initramfs -k all -u; \
 
496
        elif command -v dracut >/dev/null; then \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
498
                if [ -w "$$initrd" ]; then \
 
499
                    chmod go-r "$$initrd"; \
 
500
                    dracut --force "$$initrd"; \
 
501
                fi; \
 
502
            done; \
 
503
        fi
316
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
317
505
 
318
506
uninstall: uninstall-server uninstall-client
319
507
 
320
508
uninstall-server:
321
509
        -rm --force $(PREFIX)/sbin/mandos \
 
510
                $(PREFIX)/sbin/mandos-ctl \
 
511
                $(PREFIX)/sbin/mandos-monitor \
322
512
                $(MANDIR)/man8/mandos.8.gz \
 
513
                $(MANDIR)/man8/mandos-monitor.8.gz \
 
514
                $(MANDIR)/man8/mandos-ctl.8.gz \
323
515
                $(MANDIR)/man5/mandos.conf.5.gz \
324
516
                $(MANDIR)/man5/mandos-clients.conf.5.gz
325
517
        update-rc.d -f mandos remove
331
523
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
332
524
                $(DESTDIR)/etc/crypttab
333
525
        -rm --force $(PREFIX)/sbin/mandos-keygen \
334
 
                $(PREFIX)/lib/mandos/plugin-runner \
335
 
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
336
 
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
337
 
                $(PREFIX)/lib/mandos/plugins.d/usplash \
338
 
                $(PREFIX)/lib/mandos/plugins.d/splashy \
339
 
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
 
526
                $(LIBDIR)/mandos/plugin-runner \
 
527
                $(LIBDIR)/mandos/plugins.d/password-prompt \
 
528
                $(LIBDIR)/mandos/plugins.d/mandos-client \
 
529
                $(LIBDIR)/mandos/plugins.d/usplash \
 
530
                $(LIBDIR)/mandos/plugins.d/splashy \
 
531
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
 
532
                $(LIBDIR)/mandos/plugins.d/plymouth \
340
533
                $(INITRAMFSTOOLS)/hooks/mandos \
341
534
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
342
535
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
536
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
537
                $(DRACUTMODULE)/ask-password-mandos.path \
 
538
                $(DRACUTMODULE)/ask-password-mandos.service \
 
539
                $(DRACUTMODULE)/module-setup.sh \
 
540
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
541
                $(DRACUTMODULE)/password-agent \
 
542
                $(MANDIR)/man8/mandos-keygen.8.gz \
343
543
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
344
 
                $(MANDIR)/man8/mandos-keygen.8.gz \
 
544
                $(MANDIR)/man8/mandos-client.8mandos.gz
345
545
                $(MANDIR)/man8/password-prompt.8mandos.gz \
346
546
                $(MANDIR)/man8/usplash.8mandos.gz \
347
547
                $(MANDIR)/man8/splashy.8mandos.gz \
348
548
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
349
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
350
 
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
351
 
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
352
 
        update-initramfs -k all -u
 
549
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
550
                $(MANDIR)/man8/password-agent.8mandos.gz \
 
551
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
 
552
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
553
        if command -v update-initramfs >/dev/null; then \
 
554
            update-initramfs -k all -u; \
 
555
        elif command -v dracut >/dev/null; then \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
558
            done; \
 
559
        fi
353
560
 
354
561
purge: purge-server purge-client
355
562
 
356
563
purge-server: uninstall-server
357
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
 
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
358
566
                $(DESTDIR)/etc/default/mandos \
359
567
                $(DESTDIR)/etc/init.d/mandos \
 
568
                $(SYSTEMD)/mandos.service \
 
569
                $(DESTDIR)/run/mandos.pid \
360
570
                $(DESTDIR)/var/run/mandos.pid
361
571
        -rmdir $(CONFDIR)
362
572
 
363
573
purge-client: uninstall-client
364
 
        -shred --remove $(KEYDIR)/seckey.txt
 
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
365
575
        -rm --force $(CONFDIR)/plugin-runner.conf \
366
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
 
576
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
577
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
367
578
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)