/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-fstack-protector-all -fPIC
33
 
CPPFLAGS+=-D_FORTIFY_SOURCE=3
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
34
33
LINK_FORTIFY_LD:=-z relro -z now
35
34
LINK_FORTIFY:=
36
35
 
42
41
#COVERAGE=--coverage
43
42
OPTIMIZE:=-Os -fno-strict-aliasing
44
43
LANGUAGE:=-std=gnu11
45
 
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
46
44
htmldir:=man
47
 
version:=1.8.16
 
45
version:=1.8.4
48
46
SED:=sed
49
 
PKG_CONFIG?=pkg-config
50
47
 
51
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
52
49
        || getent passwd nobody || echo 65534)))
53
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
54
51
        || getent group nogroup || echo 65534)))
55
52
 
56
 
LINUXVERSION:=$(shell uname --kernel-release)
57
 
 
58
53
## Use these settings for a traditional /usr/local install
59
54
# PREFIX:=$(DESTDIR)/usr/local
60
55
# CONFDIR:=$(DESTDIR)/etc/mandos
64
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
65
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
66
61
# LIBDIR:=$(PREFIX)/lib
67
 
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
68
62
##
69
63
 
70
64
## These settings are for a package-type install
77
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
78
72
LIBDIR:=$(shell \
79
73
        for d in \
80
 
        "/usr/lib/`dpkg-architecture \
81
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
82
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
83
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
84
77
                        echo "$(DESTDIR)$$d"; \
85
78
                        break; \
86
79
                fi; \
87
80
        done)
88
 
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
89
81
##
90
82
 
91
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
92
 
                        --variable=systemdsystemunitdir)
93
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
94
 
                        --variable=tmpfilesdir)
95
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
 
                        --variable=sysusersdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
97
85
 
98
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
99
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
100
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
101
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
102
 
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
103
 
        || gpgme-config --cflags; getconf LFS_CFLAGS)
104
 
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
105
 
        || gpgme-config --libs; getconf LFS_LIBS; \
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
106
92
        getconf LFS_LDFLAGS)
107
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
108
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
109
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
110
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
111
97
 
112
98
# Do not change these two
113
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
114
 
        $(LANGUAGE) -DVERSION='"$(version)"'
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
115
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
116
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
117
103
 
161
147
 
162
148
objects:=$(addsuffix .o,$(CPROGS))
163
149
 
164
 
.PHONY: all
165
150
all: $(PROGS) mandos.lsm
166
151
 
167
 
.PHONY: doc
168
152
doc: $(DOCS)
169
153
 
170
 
.PHONY: html
171
154
html: $(htmldocs)
172
155
 
173
156
%.5: %.xml common.ent legalnotice.xml
290
273
                $@)
291
274
 
292
275
# Need to add the GnuTLS, Avahi and GPGME libraries
293
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
294
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
295
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
296
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
297
281
 
298
282
# Need to add the libnl-route library
299
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
300
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
301
286
 
302
287
# Need to add the GLib and pthread libraries
303
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
304
 
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
305
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
306
 
 
307
 
.PHONY: clean
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
 
297
 
308
298
clean:
309
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
310
300
 
311
 
.PHONY: distclean
312
301
distclean: clean
313
 
.PHONY: mostlyclean
314
302
mostlyclean: clean
315
 
.PHONY: maintainer-clean
316
303
maintainer-clean: clean
317
304
        -rm --force --recursive keydir confdir statedir
318
305
 
319
 
.PHONY: check
320
306
check: all
321
307
        ./mandos --check
322
308
        ./mandos-ctl --check
326
312
        ./dracut-module/password-agent --test
327
313
 
328
314
# Run the client with a local config and key
329
 
.PHONY: run-client
330
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
331
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
332
 
        @echo '######################################################'
333
 
        @echo '# The following error messages are harmless and can  #'
334
 
        @echo '#  be safely ignored:                                #'
335
 
        @echo '## From plugin-runner:                               #'
336
 
        @echo '# setgid: Operation not permitted                    #'
337
 
        @echo '# setuid: Operation not permitted                    #'
338
 
        @echo '## From askpass-fifo:                                #'
339
 
        @echo '# mkfifo: Permission denied                          #'
340
 
        @echo '## From mandos-client:                               #'
341
 
        @echo '# Failed to raise privileges: Operation not permi... #'
342
 
        @echo '# Warning: network hook "*" exited with status *     #'
343
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
344
 
        @echo '# Failed to bring up interface "*": Operation not... #'
345
 
        @echo '#                                                    #'
346
 
        @echo '# (The messages are caused by not running as root,   #'
347
 
        @echo '# but you should NOT run "make run-client" as root   #'
348
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
349
 
        @echo '# root, which is also NOT recommended.)              #'
350
 
        @echo '######################################################'
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
351
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
352
331
        ./plugin-runner --plugin-dir=plugins.d \
353
332
                --plugin-helper-dir=plugin-helpers \
360
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
361
340
        install --directory keydir
362
341
        ./mandos-keygen --dir keydir --force
363
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
364
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
365
 
        fi
366
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
367
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
368
 
        fi
369
342
 
370
343
# Run the server with a local config
371
 
.PHONY: run-server
372
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
373
345
        ./mandos --debug --no-dbus --configdir=confdir \
374
346
                --statedir=statedir $(SERVERARGS)
385
357
statedir:
386
358
        install --directory statedir
387
359
 
388
 
.PHONY: install
389
360
install: install-server install-client-nokey
390
361
 
391
 
.PHONY: install-html
392
362
install-html: html
393
363
        install --directory $(htmldir)
394
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
395
365
                $(htmldocs)
396
366
 
397
 
.PHONY: install-server
398
367
install-server: doc
399
368
        install --directory $(CONFDIR)
400
369
        if install --directory --mode=u=rwx --owner=$(USER) \
403
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
404
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
405
374
        fi
406
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
407
 
                        -a -d "$(TMPFILES)" ]; then \
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
408
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
409
377
                        $(TMPFILES)/mandos.conf; \
410
378
        fi
411
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
412
 
                        -a -d "$(SYSUSERS)" ]; then \
413
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
414
 
                        $(SYSUSERS)/mandos.conf; \
415
 
        fi
416
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
417
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
418
381
                mandos-ctl
423
386
        install --mode=u=rw --target-directory=$(CONFDIR) \
424
387
                clients.conf
425
388
        install --mode=u=rw,go=r dbus-mandos.conf \
426
 
                $(DBUSPOLICYDIR)/mandos.conf
 
389
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
427
390
        install --mode=u=rwx,go=rx init.d-mandos \
428
391
                $(DESTDIR)/etc/init.d/mandos
429
392
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
447
410
        gzip --best --to-stdout intro.8mandos \
448
411
                > $(MANDIR)/man8/intro.8mandos.gz
449
412
 
450
 
.PHONY: install-client-nokey
451
413
install-client-nokey: all doc
452
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
453
415
        install --directory --mode=u=rwx $(KEYDIR) \
454
416
                $(LIBDIR)/mandos/plugins.d \
455
417
                $(LIBDIR)/mandos/plugin-helpers
456
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
457
 
                        -a -d "$(SYSUSERS)" ]; then \
458
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
459
 
                        $(SYSUSERS)/mandos-client.conf; \
460
 
        fi
461
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
462
419
                install --mode=u=rwx \
463
420
                        --directory "$(CONFDIR)/plugins.d" \
468
425
        install --mode=u=rwx,go=rx \
469
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
470
427
        install --mode=u=rwx,go=rx \
471
 
                --target-directory=$(LIBDIR)/mandos \
472
 
                mandos-to-cryptroot-unlock
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
473
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
474
430
                mandos-keygen
475
431
        install --mode=u=rwx,go=rx \
532
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
533
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
534
490
 
535
 
.PHONY: install-client
536
491
install-client: install-client-nokey
537
492
# Post-installation stuff
538
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
539
494
        if command -v update-initramfs >/dev/null; then \
540
495
            update-initramfs -k all -u; \
541
496
        elif command -v dracut >/dev/null; then \
542
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
543
498
                if [ -w "$$initrd" ]; then \
544
499
                    chmod go-r "$$initrd"; \
545
500
                    dracut --force "$$initrd"; \
548
503
        fi
549
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
550
505
 
551
 
.PHONY: uninstall
552
506
uninstall: uninstall-server uninstall-client
553
507
 
554
 
.PHONY: uninstall-server
555
508
uninstall-server:
556
509
        -rm --force $(PREFIX)/sbin/mandos \
557
510
                $(PREFIX)/sbin/mandos-ctl \
564
517
        update-rc.d -f mandos remove
565
518
        -rmdir $(CONFDIR)
566
519
 
567
 
.PHONY: uninstall-client
568
520
uninstall-client:
569
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
570
522
# to use it.
601
553
        if command -v update-initramfs >/dev/null; then \
602
554
            update-initramfs -k all -u; \
603
555
        elif command -v dracut >/dev/null; then \
604
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
605
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
606
558
            done; \
607
559
        fi
608
560
 
609
 
.PHONY: purge
610
561
purge: purge-server purge-client
611
562
 
612
 
.PHONY: purge-server
613
563
purge-server: uninstall-server
614
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
615
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
616
566
                $(DESTDIR)/etc/default/mandos \
617
567
                $(DESTDIR)/etc/init.d/mandos \
 
568
                $(SYSTEMD)/mandos.service \
618
569
                $(DESTDIR)/run/mandos.pid \
619
570
                $(DESTDIR)/var/run/mandos.pid
620
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
621
 
                -rm --force -- $(SYSTEMD)/mandos.service; \
622
 
        fi
623
571
        -rmdir $(CONFDIR)
624
572
 
625
 
.PHONY: purge-client
626
573
purge-client: uninstall-client
627
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
628
575
        -rm --force $(CONFDIR)/plugin-runner.conf \