To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.686
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.686
- Committer: Teddy Hogeborn
- Date: 2019-08-02 22:16:53 UTC
- mto: This revision was merged to the branch mainline in revision 386.
- Revision ID: teddy@recompile.se-20190802221653-ic1iko9hbefzwsk7
Fix bug in server Debian package: Fails to start on first install
There has been a very long-standing bug where installation of the
server (the "mandos" Debian package) would fail to start the server
properly right after installation. It would work on manual (re)start
after installation, or after reboot, and even after package purge and
reinstall, it would then work the first time. The problem, it turns
out, is when the new "_mandos" user (and corresponding group) is
created, the D-Bus server is not reloaded, and is therefore not aware
of that user, and does not recognize the user and group name in the
/etc/dbus-1/system.d/mandos.conf file. The Mandos server, when it
tries to start and access the D-Bus, is then not permitted to connect
to its D-Bus bus name, and disables D-Bus use as a fallback measure;
i.e. the server works, but it is not controllable via D-Bus commands
(via mandos-ctl or mandos-monitor). The next time the D-Bus daemon is
reloaded for any reason, the new user & group would become visible to
the D-Bus daemon and after that, any restart of the Mandos server
would succeed and it would bind to its D-Bus name properly, and
thereby be visible and controllable by mandos-ctl & mandos-monitor.
This was mostly invisible when using sysvinit, but systemd makes the
problem visible since the systemd service file for the Mandos server
is configured to not consider the Mandos server "started" until the
D-Bus name has been bound; this makes the starting of the service wait
for 90 seconds and then fail with a timeout error.
Fixing this should also make the Debian CI autopkgtest tests work.
* debian/mandos.postinst (configure): After creating (or renaming)
user & group, reload D-Bus
daemon (if present).
There has been a very long-standing bug where installation of the
server (the "mandos" Debian package) would fail to start the server
properly right after installation. It would work on manual (re)start
after installation, or after reboot, and even after package purge and
reinstall, it would then work the first time. The problem, it turns
out, is when the new "_mandos" user (and corresponding group) is
created, the D-Bus server is not reloaded, and is therefore not aware
of that user, and does not recognize the user and group name in the
/etc/dbus-1/system.d/mandos.conf file. The Mandos server, when it
tries to start and access the D-Bus, is then not permitted to connect
to its D-Bus bus name, and disables D-Bus use as a fallback measure;
i.e. the server works, but it is not controllable via D-Bus commands
(via mandos-ctl or mandos-monitor). The next time the D-Bus daemon is
reloaded for any reason, the new user & group would become visible to
the D-Bus daemon and after that, any restart of the Mandos server
would succeed and it would bind to its D-Bus name properly, and
thereby be visible and controllable by mandos-ctl & mandos-monitor.
This was mostly invisible when using sysvinit, but systemd makes the
problem visible since the systemd service file for the Mandos server
is configured to not consider the Mandos server "started" until the
D-Bus name has been bound; this makes the starting of the service wait
for 90 seconds and then fail with a timeout error.
Fixing this should also make the Debian CI autopkgtest tests work.
* debian/mandos.postinst (configure): After creating (or renaming)
user & group, reload D-Bus
daemon (if present).
- files added:
- DBUS-API
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- debian/mandos-client.config
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
-Wunsafe-loop-optimizations -Wpointer-arith \
5
7
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
12
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -pie
13
LINK_FORTIFY=-z relro -pie
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
35
36
# If BROKEN_PIE is set, do not build with -pie
37
ifndef BROKEN_PIE
38
FORTIFY += -fPIE
39
LINK_FORTIFY += -pie
40
endif
14
41
#COVERAGE=--coverage
15
OPTIMIZE=-Os
16
LANGUAGE=-std=gnu99
17
htmldir=man
18
version=1.0.2
19
SED=sed
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
htmldir:=man
45
version:=1.8.5
46
SED:=sed
47
PKG_CONFIG?=pkg-config
48
49
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
50
|| getent passwd nobody || echo 65534)))
51
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
52
|| getent group nogroup || echo 65534)))
53
54
LINUXVERSION:=$(shell uname --kernel-release)
20
55
21
56
## Use these settings for a traditional /usr/local install
22
# PREFIX=$(DESTDIR)/usr/local
23
# CONFDIR=$(DESTDIR)/etc/mandos
24
# KEYDIR=$(DESTDIR)/etc/mandos/keys
25
# MANDIR=$(PREFIX)/man
26
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
57
# PREFIX:=$(DESTDIR)/usr/local
58
# CONFDIR:=$(DESTDIR)/etc/mandos
59
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
60
# MANDIR:=$(PREFIX)/man
61
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
62
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
63
# STATEDIR:=$(DESTDIR)/var/lib/mandos
64
# LIBDIR:=$(PREFIX)/lib
27
65
##
28
66
29
67
## These settings are for a package-type install
30
PREFIX=$(DESTDIR)/usr
31
CONFDIR=$(DESTDIR)/etc/mandos
32
KEYDIR=$(DESTDIR)/etc/keys/mandos
33
MANDIR=$(PREFIX)/share/man
34
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
68
PREFIX:=$(DESTDIR)/usr
69
CONFDIR:=$(DESTDIR)/etc/mandos
70
KEYDIR:=$(DESTDIR)/etc/keys/mandos
71
MANDIR:=$(PREFIX)/share/man
72
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
73
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
74
STATEDIR:=$(DESTDIR)/var/lib/mandos
75
LIBDIR:=$(shell \
76
for d in \
77
"/usr/lib/`dpkg-architecture \
78
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
79
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
80
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
81
echo "$(DESTDIR)$$d"; \
82
break; \
83
fi; \
84
done)
35
85
##
36
86
37
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
38
GNUTLS_LIBS=$(shell libgnutls-config --libs)
39
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
40
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
41
GPGME_CFLAGS=$(shell gpgme-config --cflags)
42
GPGME_LIBS=$(shell gpgme-config --libs)
87
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
88
--variable=systemdsystemunitdir)
89
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
90
--variable=tmpfilesdir)
91
92
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
93
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
94
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
95
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
96
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
97
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
98
getconf LFS_LDFLAGS)
99
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
100
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
101
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
102
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
43
103
44
104
# Do not change these two
45
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
46
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
47
-DVERSION='"$(version)"'
48
LDFLAGS=$(COVERAGE) $(foreach flag,$(LINK_FORTIFY),-Xlinker $(flag))
105
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
106
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
107
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
108
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
49
109
50
110
# Commands to format a DocBook <refentry> document into a manual page
51
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
111
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
52
112
--param man.charmap.use.subset 0 \
53
113
--param make.year.ranges 1 \
54
114
--param make.single.year.ranges 1 \
55
115
--param man.output.quietly 1 \
56
116
--param man.authors.section.enabled 0 \
57
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
117
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
58
118
$(notdir $<); \
59
$(MANPOST) $(notdir $@)
60
# DocBook-to-man post-processing to fix a '\n' escape bug
61
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
119
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
120
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
121
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
122
$(notdir $@); fi >/dev/null)
62
123
63
DOCBOOKTOHTML=xsltproc --nonet --xinclude \
124
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
64
125
--param make.year.ranges 1 \
65
126
--param make.single.year.ranges 1 \
66
127
--param man.output.quietly 1 \
68
129
--param citerefentry.link 1 \
69
130
--output $@ \
70
131
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
71
$<; $(HTMLPOST) $@
132
$<; $(HTMLPOST) $@)
72
133
# Fix citerefentry links
73
HTMLPOST=$(SED) --in-place \
134
HTMLPOST:=$(SED) --in-place \
74
135
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
75
136
76
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
77
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
78
CPROGS=plugin-runner $(PLUGINS)
79
PROGS=mandos mandos-keygen mandos-list $(CPROGS)
80
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
137
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
138
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
139
plugins.d/plymouth
140
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
141
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
142
$(PLUGIN_HELPERS)
143
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
144
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
145
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
146
dracut-module/password-agent.8mandos \
81
147
plugins.d/mandos-client.8mandos \
82
plugins.d/password-prompt.8mandos mandos.conf.5 \
83
plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
84
plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
85
86
htmldocs=$(addsuffix .xhtml,$(DOCS))
87
88
objects=$(addsuffix .o,$(CPROGS))
148
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
149
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
150
plugins.d/plymouth.8mandos intro.8mandos
151
152
htmldocs:=$(addsuffix .xhtml,$(DOCS))
153
154
objects:=$(addsuffix .o,$(CPROGS))
89
155
90
156
all: $(PROGS) mandos.lsm
91
157
108
174
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
109
175
$(DOCBOOKTOHTML)
110
176
177
intro.8mandos: intro.xml common.ent legalnotice.xml
178
$(DOCBOOKTOMAN)
179
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
180
$(DOCBOOKTOHTML)
181
111
182
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
112
183
legalnotice.xml
113
184
$(DOCBOOKTOMAN)
122
193
legalnotice.xml
123
194
$(DOCBOOKTOHTML)
124
195
196
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
197
legalnotice.xml
198
$(DOCBOOKTOMAN)
199
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
200
legalnotice.xml
201
$(DOCBOOKTOHTML)
202
203
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
204
legalnotice.xml
205
$(DOCBOOKTOMAN)
206
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
207
legalnotice.xml
208
$(DOCBOOKTOHTML)
209
125
210
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
126
211
legalnotice.xml
127
212
$(DOCBOOKTOMAN)
136
221
overview.xml legalnotice.xml
137
222
$(DOCBOOKTOHTML)
138
223
224
dracut-module/password-agent.8mandos: \
225
dracut-module/password-agent.xml common.ent \
226
overview.xml legalnotice.xml
227
$(DOCBOOKTOMAN)
228
dracut-module/password-agent.8mandos.xhtml: \
229
dracut-module/password-agent.xml common.ent \
230
overview.xml legalnotice.xml
231
$(DOCBOOKTOHTML)
232
139
233
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
140
234
common.ent \
141
235
mandos-options.xml \
149
243
150
244
# Update all these files with version number $(version)
151
245
common.ent: Makefile
152
$(SED) --in-place \
153
--expression='s/^\(<ENTITY VERSION "\)[^"]*">$$/\1$(version)"/' \
154
$@
246
$(strip $(SED) --in-place \
247
--expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
248
$@)
155
249
156
250
mandos: Makefile
157
$(SED) --in-place \
251
$(strip $(SED) --in-place \
158
252
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
159
$@
253
$@)
160
254
161
255
mandos-keygen: Makefile
162
$(SED) --in-place \
256
$(strip $(SED) --in-place \
163
257
--expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
164
$@
165
166
mandos-list: Makefile
167
$(SED) --in-place \
168
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
169
$@
258
$@)
259
260
mandos-ctl: Makefile
261
$(strip $(SED) --in-place \
262
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
263
$@)
264
265
mandos-monitor: Makefile
266
$(strip $(SED) --in-place \
267
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
268
$@)
170
269
171
270
mandos.lsm: Makefile
172
$(SED) --in-place \
271
$(strip $(SED) --in-place \
173
272
--expression='s/^\(Version:\).*/\1\t$(version)/' \
174
$@
175
$(SED) --in-place \
273
$@)
274
$(strip $(SED) --in-place \
176
275
--expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
177
$@
178
179
plugins.d/mandos-client: plugins.d/mandos-client.o
180
$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
181
$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
182
183
.PHONY : all doc html clean distclean run-client run-server install \
184
install-server install-client uninstall uninstall-server \
185
uninstall-client purge purge-server purge-client
276
$@)
277
$(strip $(SED) --in-place \
278
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
279
$@)
280
281
# Need to add the GnuTLS, Avahi and GPGME libraries
282
plugins.d/mandos-client: plugins.d/mandos-client.c
283
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
284
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
285
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
286
) $(LDLIBS) -o $@
287
288
# Need to add the libnl-route library
289
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
290
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
291
) $(LOADLIBES) $(LDLIBS) -o $@
292
293
# Need to add the GLib and pthread libraries
294
dracut-module/password-agent: dracut-module/password-agent.c
295
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
296
) $(LOADLIBES) $(LDLIBS) -o $@
297
298
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
299
check run-client run-server install install-html \
300
install-server install-client-nokey install-client uninstall \
301
uninstall-server uninstall-client purge purge-server \
302
purge-client
186
303
187
304
clean:
188
305
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
190
307
distclean: clean
191
308
mostlyclean: clean
192
309
maintainer-clean: clean
193
-rm --force --recursive keydir confdir
310
-rm --force --recursive keydir confdir statedir
194
311
195
check: all
312
check: all
196
313
./mandos --check
314
./mandos-ctl --check
315
./mandos-keygen --version
316
./plugin-runner --version
317
./plugin-helpers/mandos-client-iprouteadddel --version
318
./dracut-module/password-agent --test
197
319
198
320
# Run the client with a local config and key
199
run-client: all keydir/seckey.txt keydir/pubkey.txt
321
run-client: all keydir/seckey.txt keydir/pubkey.txt \
322
keydir/tls-privkey.pem keydir/tls-pubkey.pem
323
@echo '######################################################'
324
@echo '# The following error messages are harmless and can #'
325
@echo '# be safely ignored: #'
326
@echo '## From plugin-runner: #'
327
@echo '# setgid: Operation not permitted #'
328
@echo '# setuid: Operation not permitted #'
329
@echo '## From askpass-fifo: #'
330
@echo '# mkfifo: Permission denied #'
331
@echo '## From mandos-client: #'
332
@echo '# Failed to raise privileges: Operation not permi... #'
333
@echo '# Warning: network hook "*" exited with status * #'
334
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
335
@echo '# Failed to bring up interface "*": Operation not... #'
336
@echo '# #'
337
@echo '# (The messages are caused by not running as root, #'
338
@echo '# but you should NOT run "make run-client" as root #'
339
@echo '# unless you also unpacked and compiled Mandos as #'
340
@echo '# root, which is also NOT recommended.) #'
341
@echo '######################################################'
342
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
200
343
./plugin-runner --plugin-dir=plugins.d \
344
--plugin-helper-dir=plugin-helpers \
201
345
--config-file=plugin-runner.conf \
202
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt
346
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
347
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
348
$(CLIENTARGS)
203
349
204
350
# Used by run-client
205
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
351
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
206
352
install --directory keydir
207
353
./mandos-keygen --dir keydir --force
208
354
209
355
# Run the server with a local config
210
run-server: confdir/mandos.conf confdir/clients.conf
211
./mandos --debug --configdir=confdir
356
run-server: confdir/mandos.conf confdir/clients.conf statedir
357
./mandos --debug --no-dbus --configdir=confdir \
358
--statedir=statedir $(SERVERARGS)
212
359
213
360
# Used by run-server
214
361
confdir/mandos.conf: mandos.conf
215
362
install --directory confdir
216
363
install --mode=u=rw,go=r $^ $@
217
confdir/clients.conf: clients.conf keydir/seckey.txt
364
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
218
365
install --directory confdir
219
366
install --mode=u=rw $< $@
220
367
# Add a client password
221
./mandos-keygen --dir keydir --password >> $@
368
./mandos-keygen --dir keydir --password --no-ssh >> $@
369
statedir:
370
install --directory statedir
222
371
223
372
install: install-server install-client-nokey
224
373
229
378
230
379
install-server: doc
231
380
install --directory $(CONFDIR)
381
if install --directory --mode=u=rwx --owner=$(USER) \
382
--group=$(GROUP) $(STATEDIR); then \
383
:; \
384
elif install --directory --mode=u=rwx $(STATEDIR); then \
385
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
386
fi
387
if [ "$(TMPFILES)" != "$(DESTDIR)" \
388
-a -d "$(TMPFILES)" ]; then \
389
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
390
$(TMPFILES)/mandos.conf; \
391
fi
232
392
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
393
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
394
mandos-ctl
395
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
396
mandos-monitor
233
397
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
234
398
mandos.conf
235
399
install --mode=u=rw --target-directory=$(CONFDIR) \
236
400
clients.conf
401
install --mode=u=rw,go=r dbus-mandos.conf \
402
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
237
403
install --mode=u=rwx,go=rx init.d-mandos \
238
404
$(DESTDIR)/etc/init.d/mandos
405
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
406
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
407
fi
239
408
install --mode=u=rw,go=r default-mandos \
240
409
$(DESTDIR)/etc/default/mandos
241
410
if [ -z $(DESTDIR) ]; then \
243
412
fi
244
413
gzip --best --to-stdout mandos.8 \
245
414
> $(MANDIR)/man8/mandos.8.gz
415
gzip --best --to-stdout mandos-monitor.8 \
416
> $(MANDIR)/man8/mandos-monitor.8.gz
417
gzip --best --to-stdout mandos-ctl.8 \
418
> $(MANDIR)/man8/mandos-ctl.8.gz
246
419
gzip --best --to-stdout mandos.conf.5 \
247
420
> $(MANDIR)/man5/mandos.conf.5.gz
248
421
gzip --best --to-stdout mandos-clients.conf.5 \
249
422
> $(MANDIR)/man5/mandos-clients.conf.5.gz
423
gzip --best --to-stdout intro.8mandos \
424
> $(MANDIR)/man8/intro.8mandos.gz
250
425
251
426
install-client-nokey: all doc
252
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
427
install --directory $(LIBDIR)/mandos $(CONFDIR)
253
428
install --directory --mode=u=rwx $(KEYDIR) \
254
$(PREFIX)/lib/mandos/plugins.d
255
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
429
$(LIBDIR)/mandos/plugins.d \
430
$(LIBDIR)/mandos/plugin-helpers
431
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
256
432
install --mode=u=rwx \
257
--directory "$(CONFDIR)/plugins.d"; \
433
--directory "$(CONFDIR)/plugins.d" \
434
"$(CONFDIR)/plugin-helpers"; \
258
435
fi
259
install --mode=u=rwx,go=rx \
260
--target-directory=$(PREFIX)/lib/mandos plugin-runner
436
install --mode=u=rwx,go=rx --directory \
437
"$(CONFDIR)/network-hooks.d"
438
install --mode=u=rwx,go=rx \
439
--target-directory=$(LIBDIR)/mandos plugin-runner
440
install --mode=u=rwx,go=rx \
441
--target-directory=$(LIBDIR)/mandos \
442
mandos-to-cryptroot-unlock
261
443
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
262
444
mandos-keygen
263
445
install --mode=u=rwx,go=rx \
264
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
446
--target-directory=$(LIBDIR)/mandos/plugins.d \
265
447
plugins.d/password-prompt
266
448
install --mode=u=rwxs,go=rx \
267
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
449
--target-directory=$(LIBDIR)/mandos/plugins.d \
268
450
plugins.d/mandos-client
269
451
install --mode=u=rwxs,go=rx \
270
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
452
--target-directory=$(LIBDIR)/mandos/plugins.d \
271
453
plugins.d/usplash
272
454
install --mode=u=rwxs,go=rx \
273
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
455
--target-directory=$(LIBDIR)/mandos/plugins.d \
274
456
plugins.d/splashy
275
457
install --mode=u=rwxs,go=rx \
276
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
458
--target-directory=$(LIBDIR)/mandos/plugins.d \
277
459
plugins.d/askpass-fifo
460
install --mode=u=rwxs,go=rx \
461
--target-directory=$(LIBDIR)/mandos/plugins.d \
462
plugins.d/plymouth
463
install --mode=u=rwx,go=rx \
464
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
465
plugin-helpers/mandos-client-iprouteadddel
278
466
install initramfs-tools-hook \
279
467
$(INITRAMFSTOOLS)/hooks/mandos
280
install --mode=u=rw,go=r initramfs-tools-hook-conf \
281
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
468
install --mode=u=rw,go=r initramfs-tools-conf \
469
$(INITRAMFSTOOLS)/conf.d/mandos-conf
470
install --mode=u=rw,go=r initramfs-tools-conf-hook \
471
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
282
472
install initramfs-tools-script \
283
$(INITRAMFSTOOLS)/scripts/local-top/mandos
473
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
474
install initramfs-tools-script-stop \
475
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
476
install --directory $(DRACUTMODULE)
477
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
478
dracut-module/ask-password-mandos.path \
479
dracut-module/ask-password-mandos.service
480
install --mode=u=rwxs,go=rx \
481
--target-directory=$(DRACUTMODULE) \
482
dracut-module/module-setup.sh \
483
dracut-module/cmdline-mandos.sh \
484
dracut-module/password-agent
284
485
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
285
486
gzip --best --to-stdout mandos-keygen.8 \
286
487
> $(MANDIR)/man8/mandos-keygen.8.gz
287
488
gzip --best --to-stdout plugin-runner.8mandos \
288
489
> $(MANDIR)/man8/plugin-runner.8mandos.gz
490
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
491
> $(MANDIR)/man8/mandos-client.8mandos.gz
289
492
gzip --best --to-stdout plugins.d/password-prompt.8mandos \
290
493
> $(MANDIR)/man8/password-prompt.8mandos.gz
291
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
292
> $(MANDIR)/man8/mandos-client.8mandos.gz
293
494
gzip --best --to-stdout plugins.d/usplash.8mandos \
294
495
> $(MANDIR)/man8/usplash.8mandos.gz
295
496
gzip --best --to-stdout plugins.d/splashy.8mandos \
296
497
> $(MANDIR)/man8/splashy.8mandos.gz
297
498
gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
298
499
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
500
gzip --best --to-stdout plugins.d/plymouth.8mandos \
501
> $(MANDIR)/man8/plymouth.8mandos.gz
502
gzip --best --to-stdout dracut-module/password-agent.8mandos \
503
> $(MANDIR)/man8/password-agent.8mandos.gz
299
504
300
505
install-client: install-client-nokey
301
506
# Post-installation stuff
302
507
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
303
update-initramfs -k all -u
508
if command -v update-initramfs >/dev/null; then \
509
update-initramfs -k all -u; \
510
elif command -v dracut >/dev/null; then \
511
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
512
if [ -w "$$initrd" ]; then \
513
chmod go-r "$$initrd"; \
514
dracut --force "$$initrd"; \
515
fi; \
516
done; \
517
fi
304
518
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
305
519
306
520
uninstall: uninstall-server uninstall-client
307
521
308
522
uninstall-server:
309
523
-rm --force $(PREFIX)/sbin/mandos \
524
$(PREFIX)/sbin/mandos-ctl \
525
$(PREFIX)/sbin/mandos-monitor \
310
526
$(MANDIR)/man8/mandos.8.gz \
527
$(MANDIR)/man8/mandos-monitor.8.gz \
528
$(MANDIR)/man8/mandos-ctl.8.gz \
311
529
$(MANDIR)/man5/mandos.conf.5.gz \
312
530
$(MANDIR)/man5/mandos-clients.conf.5.gz
313
531
update-rc.d -f mandos remove
319
537
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
320
538
$(DESTDIR)/etc/crypttab
321
539
-rm --force $(PREFIX)/sbin/mandos-keygen \
322
$(PREFIX)/lib/mandos/plugin-runner \
323
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
324
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
325
$(PREFIX)/lib/mandos/plugins.d/usplash \
326
$(PREFIX)/lib/mandos/plugins.d/splashy \
327
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
540
$(LIBDIR)/mandos/plugin-runner \
541
$(LIBDIR)/mandos/plugins.d/password-prompt \
542
$(LIBDIR)/mandos/plugins.d/mandos-client \
543
$(LIBDIR)/mandos/plugins.d/usplash \
544
$(LIBDIR)/mandos/plugins.d/splashy \
545
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
546
$(LIBDIR)/mandos/plugins.d/plymouth \
328
547
$(INITRAMFSTOOLS)/hooks/mandos \
329
548
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
330
$(INITRAMFSTOOLS)/scripts/local-top/mandos \
549
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
550
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
551
$(DRACUTMODULE)/ask-password-mandos.path \
552
$(DRACUTMODULE)/ask-password-mandos.service \
553
$(DRACUTMODULE)/module-setup.sh \
554
$(DRACUTMODULE)/cmdline-mandos.sh \
555
$(DRACUTMODULE)/password-agent \
556
$(MANDIR)/man8/mandos-keygen.8.gz \
331
557
$(MANDIR)/man8/plugin-runner.8mandos.gz \
332
$(MANDIR)/man8/mandos-keygen.8.gz \
558
$(MANDIR)/man8/mandos-client.8mandos.gz
333
559
$(MANDIR)/man8/password-prompt.8mandos.gz \
334
560
$(MANDIR)/man8/usplash.8mandos.gz \
335
561
$(MANDIR)/man8/splashy.8mandos.gz \
336
562
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
337
$(MANDIR)/man8/mandos-client.8mandos.gz
338
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
339
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
340
update-initramfs -k all -u
563
$(MANDIR)/man8/plymouth.8mandos.gz \
564
$(MANDIR)/man8/password-agent.8mandos.gz \
565
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
566
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
567
if command -v update-initramfs >/dev/null; then \
568
update-initramfs -k all -u; \
569
elif command -v dracut >/dev/null; then \
570
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
571
test -w "$$initrd" && dracut --force "$$initrd"; \
572
done; \
573
fi
341
574
342
575
purge: purge-server purge-client
343
576
344
577
purge-server: uninstall-server
345
578
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
579
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
346
580
$(DESTDIR)/etc/default/mandos \
347
581
$(DESTDIR)/etc/init.d/mandos \
582
$(SYSTEMD)/mandos.service \
583
$(DESTDIR)/run/mandos.pid \
348
584
$(DESTDIR)/var/run/mandos.pid
349
585
-rmdir $(CONFDIR)
350
586
351
587
purge-client: uninstall-client
352
-shred --remove $(KEYDIR)/seckey.txt
588
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
353
589
-rm --force $(CONFDIR)/plugin-runner.conf \
354
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
590
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
591
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
355
592
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0