/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
33
LINK_FORTIFY_LD:=-z relro -z now
34
34
LINK_FORTIFY:=
35
35
 
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
44
htmldir:=man
46
 
version:=1.8.14
 
45
version:=1.8.4
47
46
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
47
 
50
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
49
        || getent passwd nobody || echo 65534)))
52
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
51
        || getent group nogroup || echo 65534)))
54
52
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
56
 
 
57
53
## Use these settings for a traditional /usr/local install
58
54
# PREFIX:=$(DESTDIR)/usr/local
59
55
# CONFDIR:=$(DESTDIR)/etc/mandos
75
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
72
LIBDIR:=$(shell \
77
73
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
77
                        echo "$(DESTDIR)$$d"; \
85
80
        done)
86
81
##
87
82
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
94
85
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
99
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
92
        getconf LFS_LDFLAGS)
102
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
106
97
 
107
98
# Do not change these two
108
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
110
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
103
 
156
147
 
157
148
objects:=$(addsuffix .o,$(CPROGS))
158
149
 
159
 
.PHONY: all
160
150
all: $(PROGS) mandos.lsm
161
151
 
162
 
.PHONY: doc
163
152
doc: $(DOCS)
164
153
 
165
 
.PHONY: html
166
154
html: $(htmldocs)
167
155
 
168
156
%.5: %.xml common.ent legalnotice.xml
285
273
                $@)
286
274
 
287
275
# Need to add the GnuTLS, Avahi and GPGME libraries
288
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
290
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
291
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
292
281
 
293
282
# Need to add the libnl-route library
294
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
295
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
296
286
 
297
287
# Need to add the GLib and pthread libraries
298
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
299
 
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
300
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
301
 
 
302
 
.PHONY: clean
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
 
297
 
303
298
clean:
304
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
305
300
 
306
 
.PHONY: distclean
307
301
distclean: clean
308
 
.PHONY: mostlyclean
309
302
mostlyclean: clean
310
 
.PHONY: maintainer-clean
311
303
maintainer-clean: clean
312
304
        -rm --force --recursive keydir confdir statedir
313
305
 
314
 
.PHONY: check
315
306
check: all
316
307
        ./mandos --check
317
308
        ./mandos-ctl --check
321
312
        ./dracut-module/password-agent --test
322
313
 
323
314
# Run the client with a local config and key
324
 
.PHONY: run-client
325
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
326
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
327
 
        @echo '######################################################'
328
 
        @echo '# The following error messages are harmless and can  #'
329
 
        @echo '#  be safely ignored:                                #'
330
 
        @echo '## From plugin-runner:                               #'
331
 
        @echo '# setgid: Operation not permitted                    #'
332
 
        @echo '# setuid: Operation not permitted                    #'
333
 
        @echo '## From askpass-fifo:                                #'
334
 
        @echo '# mkfifo: Permission denied                          #'
335
 
        @echo '## From mandos-client:                               #'
336
 
        @echo '# Failed to raise privileges: Operation not permi... #'
337
 
        @echo '# Warning: network hook "*" exited with status *     #'
338
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
339
 
        @echo '# Failed to bring up interface "*": Operation not... #'
340
 
        @echo '#                                                    #'
341
 
        @echo '# (The messages are caused by not running as root,   #'
342
 
        @echo '# but you should NOT run "make run-client" as root   #'
343
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
344
 
        @echo '# root, which is also NOT recommended.)              #'
345
 
        @echo '######################################################'
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
346
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
347
331
        ./plugin-runner --plugin-dir=plugins.d \
348
332
                --plugin-helper-dir=plugin-helpers \
355
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
356
340
        install --directory keydir
357
341
        ./mandos-keygen --dir keydir --force
358
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
359
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
360
 
        fi
361
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
362
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
363
 
        fi
364
342
 
365
343
# Run the server with a local config
366
 
.PHONY: run-server
367
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
368
345
        ./mandos --debug --no-dbus --configdir=confdir \
369
346
                --statedir=statedir $(SERVERARGS)
380
357
statedir:
381
358
        install --directory statedir
382
359
 
383
 
.PHONY: install
384
360
install: install-server install-client-nokey
385
361
 
386
 
.PHONY: install-html
387
362
install-html: html
388
363
        install --directory $(htmldir)
389
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
390
365
                $(htmldocs)
391
366
 
392
 
.PHONY: install-server
393
367
install-server: doc
394
368
        install --directory $(CONFDIR)
395
369
        if install --directory --mode=u=rwx --owner=$(USER) \
398
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
399
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
400
374
        fi
401
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
402
 
                        -a -d "$(TMPFILES)" ]; then \
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
403
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
404
377
                        $(TMPFILES)/mandos.conf; \
405
378
        fi
406
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
407
 
                        -a -d "$(SYSUSERS)" ]; then \
408
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
409
 
                        $(SYSUSERS)/mandos.conf; \
410
 
        fi
411
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
412
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
413
381
                mandos-ctl
442
410
        gzip --best --to-stdout intro.8mandos \
443
411
                > $(MANDIR)/man8/intro.8mandos.gz
444
412
 
445
 
.PHONY: install-client-nokey
446
413
install-client-nokey: all doc
447
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
448
415
        install --directory --mode=u=rwx $(KEYDIR) \
449
416
                $(LIBDIR)/mandos/plugins.d \
450
417
                $(LIBDIR)/mandos/plugin-helpers
451
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
452
 
                        -a -d "$(SYSUSERS)" ]; then \
453
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
454
 
                        $(SYSUSERS)/mandos-client.conf; \
455
 
        fi
456
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
457
419
                install --mode=u=rwx \
458
420
                        --directory "$(CONFDIR)/plugins.d" \
463
425
        install --mode=u=rwx,go=rx \
464
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
465
427
        install --mode=u=rwx,go=rx \
466
 
                --target-directory=$(LIBDIR)/mandos \
467
 
                mandos-to-cryptroot-unlock
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
468
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
469
430
                mandos-keygen
470
431
        install --mode=u=rwx,go=rx \
527
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
528
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
529
490
 
530
 
.PHONY: install-client
531
491
install-client: install-client-nokey
532
492
# Post-installation stuff
533
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
534
494
        if command -v update-initramfs >/dev/null; then \
535
495
            update-initramfs -k all -u; \
536
496
        elif command -v dracut >/dev/null; then \
537
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
538
498
                if [ -w "$$initrd" ]; then \
539
499
                    chmod go-r "$$initrd"; \
540
500
                    dracut --force "$$initrd"; \
543
503
        fi
544
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
545
505
 
546
 
.PHONY: uninstall
547
506
uninstall: uninstall-server uninstall-client
548
507
 
549
 
.PHONY: uninstall-server
550
508
uninstall-server:
551
509
        -rm --force $(PREFIX)/sbin/mandos \
552
510
                $(PREFIX)/sbin/mandos-ctl \
559
517
        update-rc.d -f mandos remove
560
518
        -rmdir $(CONFDIR)
561
519
 
562
 
.PHONY: uninstall-client
563
520
uninstall-client:
564
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
565
522
# to use it.
596
553
        if command -v update-initramfs >/dev/null; then \
597
554
            update-initramfs -k all -u; \
598
555
        elif command -v dracut >/dev/null; then \
599
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
600
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
601
558
            done; \
602
559
        fi
603
560
 
604
 
.PHONY: purge
605
561
purge: purge-server purge-client
606
562
 
607
 
.PHONY: purge-server
608
563
purge-server: uninstall-server
609
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
610
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
615
570
                $(DESTDIR)/var/run/mandos.pid
616
571
        -rmdir $(CONFDIR)
617
572
 
618
 
.PHONY: purge-client
619
573
purge-client: uninstall-client
620
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
621
575
        -rm --force $(CONFDIR)/plugin-runner.conf \