/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
33
LINK_FORTIFY_LD:=-z relro -z now
34
34
LINK_FORTIFY:=
35
35
 
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
44
htmldir:=man
46
 
version:=1.8.16
 
45
version:=1.8.4
47
46
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
47
 
50
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
49
        || getent passwd nobody || echo 65534)))
52
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
51
        || getent group nogroup || echo 65534)))
54
52
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
56
 
 
57
53
## Use these settings for a traditional /usr/local install
58
54
# PREFIX:=$(DESTDIR)/usr/local
59
55
# CONFDIR:=$(DESTDIR)/etc/mandos
75
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
72
LIBDIR:=$(shell \
77
73
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
77
                        echo "$(DESTDIR)$$d"; \
85
80
        done)
86
81
##
87
82
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
94
85
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
100
 
        || gpgme-config --cflags; getconf LFS_CFLAGS)
101
 
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
102
 
        || gpgme-config --libs; getconf LFS_LIBS; \
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
103
92
        getconf LFS_LDFLAGS)
104
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
105
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
107
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
108
97
 
109
98
# Do not change these two
110
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
111
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
112
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
113
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
114
103
 
158
147
 
159
148
objects:=$(addsuffix .o,$(CPROGS))
160
149
 
161
 
.PHONY: all
162
150
all: $(PROGS) mandos.lsm
163
151
 
164
 
.PHONY: doc
165
152
doc: $(DOCS)
166
153
 
167
 
.PHONY: html
168
154
html: $(htmldocs)
169
155
 
170
156
%.5: %.xml common.ent legalnotice.xml
287
273
                $@)
288
274
 
289
275
# Need to add the GnuTLS, Avahi and GPGME libraries
290
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
291
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
292
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
293
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
294
281
 
295
282
# Need to add the libnl-route library
296
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
297
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
298
286
 
299
287
# Need to add the GLib and pthread libraries
300
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
301
 
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
302
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
303
 
 
304
 
.PHONY: clean
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
 
297
 
305
298
clean:
306
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
307
300
 
308
 
.PHONY: distclean
309
301
distclean: clean
310
 
.PHONY: mostlyclean
311
302
mostlyclean: clean
312
 
.PHONY: maintainer-clean
313
303
maintainer-clean: clean
314
304
        -rm --force --recursive keydir confdir statedir
315
305
 
316
 
.PHONY: check
317
306
check: all
318
307
        ./mandos --check
319
308
        ./mandos-ctl --check
323
312
        ./dracut-module/password-agent --test
324
313
 
325
314
# Run the client with a local config and key
326
 
.PHONY: run-client
327
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
328
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
329
 
        @echo '######################################################'
330
 
        @echo '# The following error messages are harmless and can  #'
331
 
        @echo '#  be safely ignored:                                #'
332
 
        @echo '## From plugin-runner:                               #'
333
 
        @echo '# setgid: Operation not permitted                    #'
334
 
        @echo '# setuid: Operation not permitted                    #'
335
 
        @echo '## From askpass-fifo:                                #'
336
 
        @echo '# mkfifo: Permission denied                          #'
337
 
        @echo '## From mandos-client:                               #'
338
 
        @echo '# Failed to raise privileges: Operation not permi... #'
339
 
        @echo '# Warning: network hook "*" exited with status *     #'
340
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
341
 
        @echo '# Failed to bring up interface "*": Operation not... #'
342
 
        @echo '#                                                    #'
343
 
        @echo '# (The messages are caused by not running as root,   #'
344
 
        @echo '# but you should NOT run "make run-client" as root   #'
345
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
346
 
        @echo '# root, which is also NOT recommended.)              #'
347
 
        @echo '######################################################'
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
348
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
349
331
        ./plugin-runner --plugin-dir=plugins.d \
350
332
                --plugin-helper-dir=plugin-helpers \
357
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
358
340
        install --directory keydir
359
341
        ./mandos-keygen --dir keydir --force
360
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
361
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
362
 
        fi
363
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
364
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
365
 
        fi
366
342
 
367
343
# Run the server with a local config
368
 
.PHONY: run-server
369
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
370
345
        ./mandos --debug --no-dbus --configdir=confdir \
371
346
                --statedir=statedir $(SERVERARGS)
382
357
statedir:
383
358
        install --directory statedir
384
359
 
385
 
.PHONY: install
386
360
install: install-server install-client-nokey
387
361
 
388
 
.PHONY: install-html
389
362
install-html: html
390
363
        install --directory $(htmldir)
391
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
392
365
                $(htmldocs)
393
366
 
394
 
.PHONY: install-server
395
367
install-server: doc
396
368
        install --directory $(CONFDIR)
397
369
        if install --directory --mode=u=rwx --owner=$(USER) \
400
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
401
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
402
374
        fi
403
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
404
 
                        -a -d "$(TMPFILES)" ]; then \
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
405
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
406
377
                        $(TMPFILES)/mandos.conf; \
407
378
        fi
408
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
409
 
                        -a -d "$(SYSUSERS)" ]; then \
410
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
411
 
                        $(SYSUSERS)/mandos.conf; \
412
 
        fi
413
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
414
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
415
381
                mandos-ctl
444
410
        gzip --best --to-stdout intro.8mandos \
445
411
                > $(MANDIR)/man8/intro.8mandos.gz
446
412
 
447
 
.PHONY: install-client-nokey
448
413
install-client-nokey: all doc
449
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
450
415
        install --directory --mode=u=rwx $(KEYDIR) \
451
416
                $(LIBDIR)/mandos/plugins.d \
452
417
                $(LIBDIR)/mandos/plugin-helpers
453
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
454
 
                        -a -d "$(SYSUSERS)" ]; then \
455
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
456
 
                        $(SYSUSERS)/mandos-client.conf; \
457
 
        fi
458
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
459
419
                install --mode=u=rwx \
460
420
                        --directory "$(CONFDIR)/plugins.d" \
465
425
        install --mode=u=rwx,go=rx \
466
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
467
427
        install --mode=u=rwx,go=rx \
468
 
                --target-directory=$(LIBDIR)/mandos \
469
 
                mandos-to-cryptroot-unlock
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
470
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
471
430
                mandos-keygen
472
431
        install --mode=u=rwx,go=rx \
529
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
530
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
531
490
 
532
 
.PHONY: install-client
533
491
install-client: install-client-nokey
534
492
# Post-installation stuff
535
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
536
494
        if command -v update-initramfs >/dev/null; then \
537
495
            update-initramfs -k all -u; \
538
496
        elif command -v dracut >/dev/null; then \
539
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
540
498
                if [ -w "$$initrd" ]; then \
541
499
                    chmod go-r "$$initrd"; \
542
500
                    dracut --force "$$initrd"; \
545
503
        fi
546
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
547
505
 
548
 
.PHONY: uninstall
549
506
uninstall: uninstall-server uninstall-client
550
507
 
551
 
.PHONY: uninstall-server
552
508
uninstall-server:
553
509
        -rm --force $(PREFIX)/sbin/mandos \
554
510
                $(PREFIX)/sbin/mandos-ctl \
561
517
        update-rc.d -f mandos remove
562
518
        -rmdir $(CONFDIR)
563
519
 
564
 
.PHONY: uninstall-client
565
520
uninstall-client:
566
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
567
522
# to use it.
598
553
        if command -v update-initramfs >/dev/null; then \
599
554
            update-initramfs -k all -u; \
600
555
        elif command -v dracut >/dev/null; then \
601
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
602
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
603
558
            done; \
604
559
        fi
605
560
 
606
 
.PHONY: purge
607
561
purge: purge-server purge-client
608
562
 
609
 
.PHONY: purge-server
610
563
purge-server: uninstall-server
611
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
612
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
617
570
                $(DESTDIR)/var/run/mandos.pid
618
571
        -rmdir $(CONFDIR)
619
572
 
620
 
.PHONY: purge-client
621
573
purge-client: uninstall-client
622
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
623
575
        -rm --force $(CONFDIR)/plugin-runner.conf \