/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
44
htmldir:=man
46
 
version:=1.8.9
 
45
version:=1.8.4
47
46
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
47
 
50
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
49
        || getent passwd nobody || echo 65534)))
52
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
51
        || getent group nogroup || echo 65534)))
54
52
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
56
 
 
57
53
## Use these settings for a traditional /usr/local install
58
54
# PREFIX:=$(DESTDIR)/usr/local
59
55
# CONFDIR:=$(DESTDIR)/etc/mandos
75
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
72
LIBDIR:=$(shell \
77
73
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
77
                        echo "$(DESTDIR)$$d"; \
85
80
        done)
86
81
##
87
82
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
94
85
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
99
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
92
        getconf LFS_LDFLAGS)
102
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
106
97
 
107
98
# Do not change these two
108
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
110
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
103
 
156
147
 
157
148
objects:=$(addsuffix .o,$(CPROGS))
158
149
 
159
 
.PHONY: all
160
150
all: $(PROGS) mandos.lsm
161
151
 
162
 
.PHONY: doc
163
152
doc: $(DOCS)
164
153
 
165
 
.PHONY: html
166
154
html: $(htmldocs)
167
155
 
168
156
%.5: %.xml common.ent legalnotice.xml
285
273
                $@)
286
274
 
287
275
# Need to add the GnuTLS, Avahi and GPGME libraries
288
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
290
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
291
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
292
281
 
293
282
# Need to add the libnl-route library
294
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
295
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
296
286
 
297
287
# Need to add the GLib and pthread libraries
298
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
299
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
 
 
301
 
.PHONY: clean
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
 
297
 
302
298
clean:
303
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
304
300
 
305
 
.PHONY: distclean
306
301
distclean: clean
307
 
.PHONY: mostlyclean
308
302
mostlyclean: clean
309
 
.PHONY: maintainer-clean
310
303
maintainer-clean: clean
311
304
        -rm --force --recursive keydir confdir statedir
312
305
 
313
 
.PHONY: check
314
306
check: all
315
307
        ./mandos --check
316
308
        ./mandos-ctl --check
320
312
        ./dracut-module/password-agent --test
321
313
 
322
314
# Run the client with a local config and key
323
 
.PHONY: run-client
324
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
 
        @echo '######################################################'
327
 
        @echo '# The following error messages are harmless and can  #'
328
 
        @echo '#  be safely ignored:                                #'
329
 
        @echo '## From plugin-runner:                               #'
330
 
        @echo '# setgid: Operation not permitted                    #'
331
 
        @echo '# setuid: Operation not permitted                    #'
332
 
        @echo '## From askpass-fifo:                                #'
333
 
        @echo '# mkfifo: Permission denied                          #'
334
 
        @echo '## From mandos-client:                               #'
335
 
        @echo '# Failed to raise privileges: Operation not permi... #'
336
 
        @echo '# Warning: network hook "*" exited with status *     #'
337
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
 
        @echo '# Failed to bring up interface "*": Operation not... #'
339
 
        @echo '#                                                    #'
340
 
        @echo '# (The messages are caused by not running as root,   #'
341
 
        @echo '# but you should NOT run "make run-client" as root   #'
342
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
343
 
        @echo '# root, which is also NOT recommended.)              #'
344
 
        @echo '######################################################'
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
345
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
346
331
        ./plugin-runner --plugin-dir=plugins.d \
347
332
                --plugin-helper-dir=plugin-helpers \
356
341
        ./mandos-keygen --dir keydir --force
357
342
 
358
343
# Run the server with a local config
359
 
.PHONY: run-server
360
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
361
345
        ./mandos --debug --no-dbus --configdir=confdir \
362
346
                --statedir=statedir $(SERVERARGS)
373
357
statedir:
374
358
        install --directory statedir
375
359
 
376
 
.PHONY: install
377
360
install: install-server install-client-nokey
378
361
 
379
 
.PHONY: install-html
380
362
install-html: html
381
363
        install --directory $(htmldir)
382
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
383
365
                $(htmldocs)
384
366
 
385
 
.PHONY: install-server
386
367
install-server: doc
387
368
        install --directory $(CONFDIR)
388
369
        if install --directory --mode=u=rwx --owner=$(USER) \
391
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
392
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
393
374
        fi
394
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
395
 
                        -a -d "$(TMPFILES)" ]; then \
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
396
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
397
377
                        $(TMPFILES)/mandos.conf; \
398
378
        fi
399
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
400
 
                        -a -d "$(SYSUSERS)" ]; then \
401
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
402
 
                        $(SYSUSERS)/mandos.conf; \
403
 
        fi
404
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
405
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
406
381
                mandos-ctl
435
410
        gzip --best --to-stdout intro.8mandos \
436
411
                > $(MANDIR)/man8/intro.8mandos.gz
437
412
 
438
 
.PHONY: install-client-nokey
439
413
install-client-nokey: all doc
440
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
441
415
        install --directory --mode=u=rwx $(KEYDIR) \
442
416
                $(LIBDIR)/mandos/plugins.d \
443
417
                $(LIBDIR)/mandos/plugin-helpers
444
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
445
 
                        -a -d "$(SYSUSERS)" ]; then \
446
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
447
 
                        $(SYSUSERS)/mandos-client.conf; \
448
 
        fi
449
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
450
419
                install --mode=u=rwx \
451
420
                        --directory "$(CONFDIR)/plugins.d" \
456
425
        install --mode=u=rwx,go=rx \
457
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
458
427
        install --mode=u=rwx,go=rx \
459
 
                --target-directory=$(LIBDIR)/mandos \
460
 
                mandos-to-cryptroot-unlock
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
461
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
462
430
                mandos-keygen
463
431
        install --mode=u=rwx,go=rx \
520
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
521
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
522
490
 
523
 
.PHONY: install-client
524
491
install-client: install-client-nokey
525
492
# Post-installation stuff
526
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
527
494
        if command -v update-initramfs >/dev/null; then \
528
495
            update-initramfs -k all -u; \
529
496
        elif command -v dracut >/dev/null; then \
530
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
531
498
                if [ -w "$$initrd" ]; then \
532
499
                    chmod go-r "$$initrd"; \
533
500
                    dracut --force "$$initrd"; \
536
503
        fi
537
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
538
505
 
539
 
.PHONY: uninstall
540
506
uninstall: uninstall-server uninstall-client
541
507
 
542
 
.PHONY: uninstall-server
543
508
uninstall-server:
544
509
        -rm --force $(PREFIX)/sbin/mandos \
545
510
                $(PREFIX)/sbin/mandos-ctl \
552
517
        update-rc.d -f mandos remove
553
518
        -rmdir $(CONFDIR)
554
519
 
555
 
.PHONY: uninstall-client
556
520
uninstall-client:
557
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
558
522
# to use it.
589
553
        if command -v update-initramfs >/dev/null; then \
590
554
            update-initramfs -k all -u; \
591
555
        elif command -v dracut >/dev/null; then \
592
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
593
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
594
558
            done; \
595
559
        fi
596
560
 
597
 
.PHONY: purge
598
561
purge: purge-server purge-client
599
562
 
600
 
.PHONY: purge-server
601
563
purge-server: uninstall-server
602
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
603
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
608
570
                $(DESTDIR)/var/run/mandos.pid
609
571
        -rmdir $(CONFDIR)
610
572
 
611
 
.PHONY: purge-client
612
573
purge-client: uninstall-client
613
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
614
575
        -rm --force $(CONFDIR)/plugin-runner.conf \