/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
44
htmldir:=man
46
 
version:=1.8.11
 
45
version:=1.8.4
47
46
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
47
 
50
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
49
        || getent passwd nobody || echo 65534)))
52
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
51
        || getent group nogroup || echo 65534)))
54
52
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
56
 
 
57
53
## Use these settings for a traditional /usr/local install
58
54
# PREFIX:=$(DESTDIR)/usr/local
59
55
# CONFDIR:=$(DESTDIR)/etc/mandos
75
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
72
LIBDIR:=$(shell \
77
73
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
77
                        echo "$(DESTDIR)$$d"; \
85
80
        done)
86
81
##
87
82
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
94
85
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
99
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
92
        getconf LFS_LDFLAGS)
102
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
106
97
 
107
98
# Do not change these two
108
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
110
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
103
 
156
147
 
157
148
objects:=$(addsuffix .o,$(CPROGS))
158
149
 
159
 
.PHONY: all
160
150
all: $(PROGS) mandos.lsm
161
151
 
162
 
.PHONY: doc
163
152
doc: $(DOCS)
164
153
 
165
 
.PHONY: html
166
154
html: $(htmldocs)
167
155
 
168
156
%.5: %.xml common.ent legalnotice.xml
285
273
                $@)
286
274
 
287
275
# Need to add the GnuTLS, Avahi and GPGME libraries
288
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
290
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
291
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
292
281
 
293
282
# Need to add the libnl-route library
294
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
295
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
296
286
 
297
287
# Need to add the GLib and pthread libraries
298
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
299
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
 
 
301
 
.PHONY: clean
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
 
297
 
302
298
clean:
303
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
304
300
 
305
 
.PHONY: distclean
306
301
distclean: clean
307
 
.PHONY: mostlyclean
308
302
mostlyclean: clean
309
 
.PHONY: maintainer-clean
310
303
maintainer-clean: clean
311
304
        -rm --force --recursive keydir confdir statedir
312
305
 
313
 
.PHONY: check
314
306
check: all
315
307
        ./mandos --check
316
308
        ./mandos-ctl --check
320
312
        ./dracut-module/password-agent --test
321
313
 
322
314
# Run the client with a local config and key
323
 
.PHONY: run-client
324
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
 
        @echo '######################################################'
327
 
        @echo '# The following error messages are harmless and can  #'
328
 
        @echo '#  be safely ignored:                                #'
329
 
        @echo '## From plugin-runner:                               #'
330
 
        @echo '# setgid: Operation not permitted                    #'
331
 
        @echo '# setuid: Operation not permitted                    #'
332
 
        @echo '## From askpass-fifo:                                #'
333
 
        @echo '# mkfifo: Permission denied                          #'
334
 
        @echo '## From mandos-client:                               #'
335
 
        @echo '# Failed to raise privileges: Operation not permi... #'
336
 
        @echo '# Warning: network hook "*" exited with status *     #'
337
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
 
        @echo '# Failed to bring up interface "*": Operation not... #'
339
 
        @echo '#                                                    #'
340
 
        @echo '# (The messages are caused by not running as root,   #'
341
 
        @echo '# but you should NOT run "make run-client" as root   #'
342
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
343
 
        @echo '# root, which is also NOT recommended.)              #'
344
 
        @echo '######################################################'
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
345
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
346
331
        ./plugin-runner --plugin-dir=plugins.d \
347
332
                --plugin-helper-dir=plugin-helpers \
354
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
340
        install --directory keydir
356
341
        ./mandos-keygen --dir keydir --force
357
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
358
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
359
 
        fi
360
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
361
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
362
 
        fi
363
342
 
364
343
# Run the server with a local config
365
 
.PHONY: run-server
366
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
367
345
        ./mandos --debug --no-dbus --configdir=confdir \
368
346
                --statedir=statedir $(SERVERARGS)
379
357
statedir:
380
358
        install --directory statedir
381
359
 
382
 
.PHONY: install
383
360
install: install-server install-client-nokey
384
361
 
385
 
.PHONY: install-html
386
362
install-html: html
387
363
        install --directory $(htmldir)
388
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
389
365
                $(htmldocs)
390
366
 
391
 
.PHONY: install-server
392
367
install-server: doc
393
368
        install --directory $(CONFDIR)
394
369
        if install --directory --mode=u=rwx --owner=$(USER) \
397
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
398
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
399
374
        fi
400
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
401
 
                        -a -d "$(TMPFILES)" ]; then \
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
402
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
403
377
                        $(TMPFILES)/mandos.conf; \
404
378
        fi
405
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
406
 
                        -a -d "$(SYSUSERS)" ]; then \
407
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
408
 
                        $(SYSUSERS)/mandos.conf; \
409
 
        fi
410
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
411
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
412
381
                mandos-ctl
441
410
        gzip --best --to-stdout intro.8mandos \
442
411
                > $(MANDIR)/man8/intro.8mandos.gz
443
412
 
444
 
.PHONY: install-client-nokey
445
413
install-client-nokey: all doc
446
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
447
415
        install --directory --mode=u=rwx $(KEYDIR) \
448
416
                $(LIBDIR)/mandos/plugins.d \
449
417
                $(LIBDIR)/mandos/plugin-helpers
450
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
451
 
                        -a -d "$(SYSUSERS)" ]; then \
452
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
453
 
                        $(SYSUSERS)/mandos-client.conf; \
454
 
        fi
455
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
456
419
                install --mode=u=rwx \
457
420
                        --directory "$(CONFDIR)/plugins.d" \
462
425
        install --mode=u=rwx,go=rx \
463
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
464
427
        install --mode=u=rwx,go=rx \
465
 
                --target-directory=$(LIBDIR)/mandos \
466
 
                mandos-to-cryptroot-unlock
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
467
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
468
430
                mandos-keygen
469
431
        install --mode=u=rwx,go=rx \
526
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
527
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
528
490
 
529
 
.PHONY: install-client
530
491
install-client: install-client-nokey
531
492
# Post-installation stuff
532
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
533
494
        if command -v update-initramfs >/dev/null; then \
534
495
            update-initramfs -k all -u; \
535
496
        elif command -v dracut >/dev/null; then \
536
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
537
498
                if [ -w "$$initrd" ]; then \
538
499
                    chmod go-r "$$initrd"; \
539
500
                    dracut --force "$$initrd"; \
542
503
        fi
543
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
544
505
 
545
 
.PHONY: uninstall
546
506
uninstall: uninstall-server uninstall-client
547
507
 
548
 
.PHONY: uninstall-server
549
508
uninstall-server:
550
509
        -rm --force $(PREFIX)/sbin/mandos \
551
510
                $(PREFIX)/sbin/mandos-ctl \
558
517
        update-rc.d -f mandos remove
559
518
        -rmdir $(CONFDIR)
560
519
 
561
 
.PHONY: uninstall-client
562
520
uninstall-client:
563
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
564
522
# to use it.
595
553
        if command -v update-initramfs >/dev/null; then \
596
554
            update-initramfs -k all -u; \
597
555
        elif command -v dracut >/dev/null; then \
598
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
599
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
600
558
            done; \
601
559
        fi
602
560
 
603
 
.PHONY: purge
604
561
purge: purge-server purge-client
605
562
 
606
 
.PHONY: purge-server
607
563
purge-server: uninstall-server
608
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
609
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
614
570
                $(DESTDIR)/var/run/mandos.pid
615
571
        -rmdir $(CONFDIR)
616
572
 
617
 
.PHONY: purge-client
618
573
purge-client: uninstall-client
619
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
620
575
        -rm --force $(CONFDIR)/plugin-runner.conf \