/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: teddy at recompile
  • Date: 2020-04-05 21:30:59 UTC
  • mto: This revision was merged to the branch mainline in revision 398.
  • Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client

When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.)  The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.

This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route.  If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.

Fix this by eliminating the file descriptor leak in the client.

* plugins.d/mandos-client.c (add_delete_local_route): Do
  close(devnull) also in parent process, also if fork() fails, and on
  any failure in child process.

Show diffs side-by-side

added added

removed removed

Lines of Context:
25
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
 
44
FEATURES:=-D_FILE_OFFSET_BITS=64
44
45
htmldir:=man
45
 
version:=1.8.4
 
46
version:=1.8.10
46
47
SED:=sed
 
48
PKG_CONFIG?=pkg-config
47
49
 
48
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
51
        || getent passwd nobody || echo 65534)))
50
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
53
        || getent group nogroup || echo 65534)))
52
54
 
 
55
LINUXVERSION:=$(shell uname --kernel-release)
 
56
 
53
57
## Use these settings for a traditional /usr/local install
54
58
# PREFIX:=$(DESTDIR)/usr/local
55
59
# CONFDIR:=$(DESTDIR)/etc/mandos
56
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
61
# MANDIR:=$(PREFIX)/man
58
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
59
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
65
# LIBDIR:=$(PREFIX)/lib
61
66
##
66
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
72
MANDIR:=$(PREFIX)/share/man
68
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
69
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
70
76
LIBDIR:=$(shell \
71
77
        for d in \
72
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
78
        "/usr/lib/`dpkg-architecture \
 
79
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
73
80
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
81
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
75
82
                        echo "$(DESTDIR)$$d"; \
78
85
        done)
79
86
##
80
87
 
81
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
82
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
89
                        --variable=systemdsystemunitdir)
 
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
91
                        --variable=tmpfilesdir)
 
92
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
93
                        --variable=sysusersdir)
83
94
 
84
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
85
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
86
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
87
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
95
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
 
96
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
 
97
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
 
98
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
88
99
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
89
100
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
90
101
        getconf LFS_LDFLAGS)
91
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
102
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
 
103
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
 
104
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
 
105
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
93
106
 
94
107
# Do not change these two
95
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
108
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
109
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
97
110
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
111
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
99
112
 
107
120
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
121
        $(notdir $<); \
109
122
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
112
 
        fi >/dev/null)
 
123
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
124
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
125
        $(notdir $@); fi >/dev/null)
113
126
 
114
127
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
128
        --param make.year.ranges                1 \
128
141
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
142
        plugins.d/plymouth
130
143
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
 
144
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
145
        $(PLUGIN_HELPERS)
132
146
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
147
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
148
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
149
        dracut-module/password-agent.8mandos \
135
150
        plugins.d/mandos-client.8mandos \
136
151
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
152
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
141
156
 
142
157
objects:=$(addsuffix .o,$(CPROGS))
143
158
 
 
159
.PHONY: all
144
160
all: $(PROGS) mandos.lsm
145
161
 
 
162
.PHONY: doc
146
163
doc: $(DOCS)
147
164
 
 
165
.PHONY: html
148
166
html: $(htmldocs)
149
167
 
150
168
%.5: %.xml common.ent legalnotice.xml
209
227
                overview.xml legalnotice.xml
210
228
        $(DOCBOOKTOHTML)
211
229
 
 
230
dracut-module/password-agent.8mandos: \
 
231
                dracut-module/password-agent.xml common.ent \
 
232
                overview.xml legalnotice.xml
 
233
        $(DOCBOOKTOMAN)
 
234
dracut-module/password-agent.8mandos.xhtml: \
 
235
                dracut-module/password-agent.xml common.ent \
 
236
                overview.xml legalnotice.xml
 
237
        $(DOCBOOKTOHTML)
 
238
 
212
239
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
213
240
                                        common.ent \
214
241
                                        mandos-options.xml \
258
285
                $@)
259
286
 
260
287
# Need to add the GnuTLS, Avahi and GPGME libraries
261
 
plugins.d/mandos-client: plugins.d/mandos-client.c
262
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
264
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
 
                ) $(LDLIBS) -o $@
266
 
 
267
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
270
 
 
271
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
 
        check run-client run-server install install-html \
273
 
        install-server install-client-nokey install-client uninstall \
274
 
        uninstall-server uninstall-client purge purge-server \
275
 
        purge-client
276
 
 
 
288
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
 
289
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
290
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
 
291
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
292
 
 
293
# Need to add the libnl-route library
 
294
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
 
295
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
296
 
 
297
# Need to add the GLib and pthread libraries
 
298
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
299
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
 
300
 
 
301
.PHONY: clean
277
302
clean:
278
303
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
279
304
 
 
305
.PHONY: distclean
280
306
distclean: clean
 
307
.PHONY: mostlyclean
281
308
mostlyclean: clean
 
309
.PHONY: maintainer-clean
282
310
maintainer-clean: clean
283
311
        -rm --force --recursive keydir confdir statedir
284
312
 
285
 
check:  all
 
313
.PHONY: check
 
314
check: all
286
315
        ./mandos --check
287
316
        ./mandos-ctl --check
 
317
        ./mandos-keygen --version
 
318
        ./plugin-runner --version
 
319
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
320
        ./dracut-module/password-agent --test
288
321
 
289
322
# Run the client with a local config and key
290
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
291
 
        @echo "###################################################################"
292
 
        @echo "# The following error messages are harmless and can be safely     #"
293
 
        @echo "# ignored:                                                        #"
294
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
295
 
        @echo "#                     setuid: Operation not permitted             #"
296
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
297
 
        @echo "# From mandos-client:                                             #"
298
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
299
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
300
 
        @echo "#                                                                 #"
301
 
        @echo "# (The messages are caused by not running as root, but you should #"
302
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
303
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
304
 
        @echo "###################################################################"
 
323
.PHONY: run-client
 
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
325
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
326
        @echo '######################################################'
 
327
        @echo '# The following error messages are harmless and can  #'
 
328
        @echo '#  be safely ignored:                                #'
 
329
        @echo '## From plugin-runner:                               #'
 
330
        @echo '# setgid: Operation not permitted                    #'
 
331
        @echo '# setuid: Operation not permitted                    #'
 
332
        @echo '## From askpass-fifo:                                #'
 
333
        @echo '# mkfifo: Permission denied                          #'
 
334
        @echo '## From mandos-client:                               #'
 
335
        @echo '# Failed to raise privileges: Operation not permi... #'
 
336
        @echo '# Warning: network hook "*" exited with status *     #'
 
337
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
 
338
        @echo '# Failed to bring up interface "*": Operation not... #'
 
339
        @echo '#                                                    #'
 
340
        @echo '# (The messages are caused by not running as root,   #'
 
341
        @echo '# but you should NOT run "make run-client" as root   #'
 
342
        @echo '# unless you also unpacked and compiled Mandos as    #'
 
343
        @echo '# root, which is also NOT recommended.)              #'
 
344
        @echo '######################################################'
305
345
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
306
346
        ./plugin-runner --plugin-dir=plugins.d \
307
347
                --plugin-helper-dir=plugin-helpers \
314
354
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
315
355
        install --directory keydir
316
356
        ./mandos-keygen --dir keydir --force
 
357
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
358
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
359
        fi
 
360
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
361
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
362
        fi
317
363
 
318
364
# Run the server with a local config
 
365
.PHONY: run-server
319
366
run-server: confdir/mandos.conf confdir/clients.conf statedir
320
367
        ./mandos --debug --no-dbus --configdir=confdir \
321
368
                --statedir=statedir $(SERVERARGS)
332
379
statedir:
333
380
        install --directory statedir
334
381
 
 
382
.PHONY: install
335
383
install: install-server install-client-nokey
336
384
 
 
385
.PHONY: install-html
337
386
install-html: html
338
387
        install --directory $(htmldir)
339
388
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
340
389
                $(htmldocs)
341
390
 
 
391
.PHONY: install-server
342
392
install-server: doc
343
393
        install --directory $(CONFDIR)
344
394
        if install --directory --mode=u=rwx --owner=$(USER) \
347
397
        elif install --directory --mode=u=rwx $(STATEDIR); then \
348
398
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
349
399
        fi
350
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
400
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
 
401
                        -a -d "$(TMPFILES)" ]; then \
351
402
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
352
403
                        $(TMPFILES)/mandos.conf; \
353
404
        fi
 
405
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
406
                        -a -d "$(SYSUSERS)" ]; then \
 
407
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
408
                        $(SYSUSERS)/mandos.conf; \
 
409
        fi
354
410
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
355
411
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
356
412
                mandos-ctl
385
441
        gzip --best --to-stdout intro.8mandos \
386
442
                > $(MANDIR)/man8/intro.8mandos.gz
387
443
 
 
444
.PHONY: install-client-nokey
388
445
install-client-nokey: all doc
389
446
        install --directory $(LIBDIR)/mandos $(CONFDIR)
390
447
        install --directory --mode=u=rwx $(KEYDIR) \
391
448
                $(LIBDIR)/mandos/plugins.d \
392
449
                $(LIBDIR)/mandos/plugin-helpers
 
450
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
451
                        -a -d "$(SYSUSERS)" ]; then \
 
452
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
453
                        $(SYSUSERS)/mandos-client.conf; \
 
454
        fi
393
455
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
394
456
                install --mode=u=rwx \
395
457
                        --directory "$(CONFDIR)/plugins.d" \
400
462
        install --mode=u=rwx,go=rx \
401
463
                --target-directory=$(LIBDIR)/mandos plugin-runner
402
464
        install --mode=u=rwx,go=rx \
403
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
 
465
                --target-directory=$(LIBDIR)/mandos \
 
466
                mandos-to-cryptroot-unlock
404
467
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
405
468
                mandos-keygen
406
469
        install --mode=u=rwx,go=rx \
434
497
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
498
        install initramfs-tools-script-stop \
436
499
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
500
        install --directory $(DRACUTMODULE)
 
501
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
502
                dracut-module/ask-password-mandos.path \
 
503
                dracut-module/ask-password-mandos.service
 
504
        install --mode=u=rwxs,go=rx \
 
505
                --target-directory=$(DRACUTMODULE) \
 
506
                dracut-module/module-setup.sh \
 
507
                dracut-module/cmdline-mandos.sh \
 
508
                dracut-module/password-agent
437
509
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
438
510
        gzip --best --to-stdout mandos-keygen.8 \
439
511
                > $(MANDIR)/man8/mandos-keygen.8.gz
451
523
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
452
524
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
453
525
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
526
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
527
                > $(MANDIR)/man8/password-agent.8mandos.gz
454
528
 
 
529
.PHONY: install-client
455
530
install-client: install-client-nokey
456
531
# Post-installation stuff
457
532
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
458
 
        update-initramfs -k all -u
 
533
        if command -v update-initramfs >/dev/null; then \
 
534
            update-initramfs -k all -u; \
 
535
        elif command -v dracut >/dev/null; then \
 
536
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
537
                if [ -w "$$initrd" ]; then \
 
538
                    chmod go-r "$$initrd"; \
 
539
                    dracut --force "$$initrd"; \
 
540
                fi; \
 
541
            done; \
 
542
        fi
459
543
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
460
544
 
 
545
.PHONY: uninstall
461
546
uninstall: uninstall-server uninstall-client
462
547
 
 
548
.PHONY: uninstall-server
463
549
uninstall-server:
464
550
        -rm --force $(PREFIX)/sbin/mandos \
465
551
                $(PREFIX)/sbin/mandos-ctl \
472
558
        update-rc.d -f mandos remove
473
559
        -rmdir $(CONFDIR)
474
560
 
 
561
.PHONY: uninstall-client
475
562
uninstall-client:
476
563
# Refuse to uninstall client if /etc/crypttab is explicitly configured
477
564
# to use it.
488
575
                $(INITRAMFSTOOLS)/hooks/mandos \
489
576
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
490
577
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
578
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
579
                $(DRACUTMODULE)/ask-password-mandos.path \
 
580
                $(DRACUTMODULE)/ask-password-mandos.service \
 
581
                $(DRACUTMODULE)/module-setup.sh \
 
582
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
583
                $(DRACUTMODULE)/password-agent \
491
584
                $(MANDIR)/man8/mandos-keygen.8.gz \
492
585
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
493
586
                $(MANDIR)/man8/mandos-client.8mandos.gz
496
589
                $(MANDIR)/man8/splashy.8mandos.gz \
497
590
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
498
591
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
592
                $(MANDIR)/man8/password-agent.8mandos.gz \
499
593
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
500
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
501
 
        update-initramfs -k all -u
 
594
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
595
        if command -v update-initramfs >/dev/null; then \
 
596
            update-initramfs -k all -u; \
 
597
        elif command -v dracut >/dev/null; then \
 
598
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
599
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
600
            done; \
 
601
        fi
502
602
 
 
603
.PHONY: purge
503
604
purge: purge-server purge-client
504
605
 
 
606
.PHONY: purge-server
505
607
purge-server: uninstall-server
506
608
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
507
609
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
512
614
                $(DESTDIR)/var/run/mandos.pid
513
615
        -rmdir $(CONFDIR)
514
616
 
 
617
.PHONY: purge-client
515
618
purge-client: uninstall-client
516
619
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
517
620
        -rm --force $(CONFDIR)/plugin-runner.conf \