/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 01:36:41 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k
Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
32
FORTIFY:=-fstack-protector-all -fPIC
 
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
 
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
 
version:=1.8.8
 
47
version:=1.8.16
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
 
63
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
66
# LIBDIR:=$(PREFIX)/lib
 
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
68
##
67
69
 
68
70
## These settings are for a package-type install
83
85
                        break; \
84
86
                fi; \
85
87
        done)
 
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
89
##
87
90
 
88
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
 
103
        || gpgme-config --cflags; getconf LFS_CFLAGS)
 
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
 
105
        || gpgme-config --libs; getconf LFS_LIBS; \
101
106
        getconf LFS_LDFLAGS)
102
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
111
 
107
112
# Do not change these two
108
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
114
        $(LANGUAGE) -DVERSION='"$(version)"'
110
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
116
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
117
 
156
161
 
157
162
objects:=$(addsuffix .o,$(CPROGS))
158
163
 
 
164
.PHONY: all
159
165
all: $(PROGS) mandos.lsm
160
166
 
 
167
.PHONY: doc
161
168
doc: $(DOCS)
162
169
 
 
170
.PHONY: html
163
171
html: $(htmldocs)
164
172
 
165
173
%.5: %.xml common.ent legalnotice.xml
282
290
                $@)
283
291
 
284
292
# Need to add the GnuTLS, Avahi and GPGME libraries
285
 
plugins.d/mandos-client: plugins.d/mandos-client.c
286
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
287
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
288
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
289
 
                ) $(LDLIBS) -o $@
 
293
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
 
294
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
295
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
 
296
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
290
297
 
291
298
# Need to add the libnl-route library
292
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
293
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
294
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
299
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
 
300
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
295
301
 
296
302
# Need to add the GLib and pthread libraries
297
 
dracut-module/password-agent: dracut-module/password-agent.c
298
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
299
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
300
 
 
301
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
302
 
        check run-client run-server install install-html \
303
 
        install-server install-client-nokey install-client uninstall \
304
 
        uninstall-server uninstall-client purge purge-server \
305
 
        purge-client
306
 
 
 
303
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
304
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
 
305
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
 
306
 
 
307
.PHONY: clean
307
308
clean:
308
309
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
309
310
 
 
311
.PHONY: distclean
310
312
distclean: clean
 
313
.PHONY: mostlyclean
311
314
mostlyclean: clean
 
315
.PHONY: maintainer-clean
312
316
maintainer-clean: clean
313
317
        -rm --force --recursive keydir confdir statedir
314
318
 
 
319
.PHONY: check
315
320
check: all
316
321
        ./mandos --check
317
322
        ./mandos-ctl --check
321
326
        ./dracut-module/password-agent --test
322
327
 
323
328
# Run the client with a local config and key
 
329
.PHONY: run-client
324
330
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
331
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
332
        @echo '######################################################'
354
360
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
361
        install --directory keydir
356
362
        ./mandos-keygen --dir keydir --force
 
363
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
364
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
365
        fi
 
366
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
367
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
368
        fi
357
369
 
358
370
# Run the server with a local config
 
371
.PHONY: run-server
359
372
run-server: confdir/mandos.conf confdir/clients.conf statedir
360
373
        ./mandos --debug --no-dbus --configdir=confdir \
361
374
                --statedir=statedir $(SERVERARGS)
362
375
 
363
376
# Used by run-server
364
377
confdir/mandos.conf: mandos.conf
365
 
        install --directory confdir
366
 
        install --mode=u=rw,go=r $^ $@
 
378
        install -D --mode=u=rw,go=r $^ $@
367
379
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
368
 
        install --directory confdir
369
 
        install --mode=u=rw $< $@
 
380
        install -D --mode=u=rw $< $@
370
381
# Add a client password
371
382
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
372
383
statedir:
373
384
        install --directory statedir
374
385
 
 
386
.PHONY: install
375
387
install: install-server install-client-nokey
376
388
 
 
389
.PHONY: install-html
377
390
install-html: html
378
 
        install --directory $(htmldir)
379
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
391
        install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
380
392
                $(htmldocs)
381
393
 
 
394
.PHONY: install-server
382
395
install-server: doc
383
 
        install --directory $(CONFDIR)
384
396
        if install --directory --mode=u=rwx --owner=$(USER) \
385
397
                --group=$(GROUP) $(STATEDIR); then \
386
398
                :; \
387
399
        elif install --directory --mode=u=rwx $(STATEDIR); then \
388
400
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
389
401
        fi
390
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
391
 
                        -a -d "$(TMPFILES)" ]; then \
392
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
402
        if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
 
403
                install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
393
404
                        $(TMPFILES)/mandos.conf; \
394
405
        fi
395
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
396
 
                        -a -d "$(SYSUSERS)" ]; then \
397
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
406
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
407
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
398
408
                        $(SYSUSERS)/mandos.conf; \
399
409
        fi
400
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
410
        install --directory $(PREFIX)/sbin
 
411
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
412
                mandos
401
413
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
402
414
                mandos-ctl
403
415
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
404
416
                mandos-monitor
 
417
        install --directory $(CONFDIR)
405
418
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
406
419
                mandos.conf
407
420
        install --mode=u=rw --target-directory=$(CONFDIR) \
408
421
                clients.conf
409
 
        install --mode=u=rw,go=r dbus-mandos.conf \
410
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
411
 
        install --mode=u=rwx,go=rx init.d-mandos \
 
422
        install -D --mode=u=rw,go=r dbus-mandos.conf \
 
423
                $(DBUSPOLICYDIR)/mandos.conf
 
424
        install -D --mode=u=rwx,go=rx init.d-mandos \
412
425
                $(DESTDIR)/etc/init.d/mandos
413
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
414
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
426
        if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
 
427
                install -D --mode=u=rw,go=r mandos.service \
 
428
                        $(SYSTEMD); \
415
429
        fi
416
 
        install --mode=u=rw,go=r default-mandos \
 
430
        install -D --mode=u=rw,go=r default-mandos \
417
431
                $(DESTDIR)/etc/default/mandos
418
432
        if [ -z $(DESTDIR) ]; then \
419
433
                update-rc.d mandos defaults 25 15;\
420
434
        fi
 
435
        install --directory $(MANDIR)/man8 $(MANDIR)/man5
421
436
        gzip --best --to-stdout mandos.8 \
422
437
                > $(MANDIR)/man8/mandos.8.gz
423
438
        gzip --best --to-stdout mandos-monitor.8 \
431
446
        gzip --best --to-stdout intro.8mandos \
432
447
                > $(MANDIR)/man8/intro.8mandos.gz
433
448
 
 
449
.PHONY: install-client-nokey
434
450
install-client-nokey: all doc
435
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
436
451
        install --directory --mode=u=rwx $(KEYDIR) \
437
452
                $(LIBDIR)/mandos/plugins.d \
438
453
                $(LIBDIR)/mandos/plugin-helpers
439
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
440
 
                        -a -d "$(SYSUSERS)" ]; then \
441
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
454
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
455
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
442
456
                        $(SYSUSERS)/mandos-client.conf; \
443
457
        fi
444
458
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
445
 
                install --mode=u=rwx \
446
 
                        --directory "$(CONFDIR)/plugins.d" \
 
459
                install --directory \
 
460
                        --mode=u=rwx "$(CONFDIR)/plugins.d" \
447
461
                        "$(CONFDIR)/plugin-helpers"; \
448
462
        fi
449
 
        install --mode=u=rwx,go=rx --directory \
 
463
        install --directory --mode=u=rwx,go=rx \
450
464
                "$(CONFDIR)/network-hooks.d"
451
465
        install --mode=u=rwx,go=rx \
452
466
                --target-directory=$(LIBDIR)/mandos plugin-runner
453
467
        install --mode=u=rwx,go=rx \
454
468
                --target-directory=$(LIBDIR)/mandos \
455
469
                mandos-to-cryptroot-unlock
 
470
        install --directory $(PREFIX)/sbin
456
471
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
457
472
                mandos-keygen
458
473
        install --mode=u=rwx,go=rx \
476
491
        install --mode=u=rwx,go=rx \
477
492
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
478
493
                plugin-helpers/mandos-client-iprouteadddel
479
 
        install initramfs-tools-hook \
 
494
        install -D initramfs-tools-hook \
480
495
                $(INITRAMFSTOOLS)/hooks/mandos
481
 
        install --mode=u=rw,go=r initramfs-tools-conf \
 
496
        install -D --mode=u=rw,go=r initramfs-tools-conf \
482
497
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
483
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
498
        install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
484
499
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
485
 
        install initramfs-tools-script \
 
500
        install -D initramfs-tools-script \
486
501
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
487
 
        install initramfs-tools-script-stop \
 
502
        install -D initramfs-tools-script-stop \
488
503
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
489
 
        install --directory $(DRACUTMODULE)
490
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
504
        install -D --mode=u=rw,go=r \
 
505
                --target-directory=$(DRACUTMODULE) \
491
506
                dracut-module/ask-password-mandos.path \
492
507
                dracut-module/ask-password-mandos.service
493
508
        install --mode=u=rwxs,go=rx \
496
511
                dracut-module/cmdline-mandos.sh \
497
512
                dracut-module/password-agent
498
513
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
514
        install --directory $(MANDIR)/man8
499
515
        gzip --best --to-stdout mandos-keygen.8 \
500
516
                > $(MANDIR)/man8/mandos-keygen.8.gz
501
517
        gzip --best --to-stdout plugin-runner.8mandos \
515
531
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
516
532
                > $(MANDIR)/man8/password-agent.8mandos.gz
517
533
 
 
534
.PHONY: install-client
518
535
install-client: install-client-nokey
519
536
# Post-installation stuff
520
537
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
530
547
        fi
531
548
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
532
549
 
 
550
.PHONY: uninstall
533
551
uninstall: uninstall-server uninstall-client
534
552
 
 
553
.PHONY: uninstall-server
535
554
uninstall-server:
536
555
        -rm --force $(PREFIX)/sbin/mandos \
537
556
                $(PREFIX)/sbin/mandos-ctl \
544
563
        update-rc.d -f mandos remove
545
564
        -rmdir $(CONFDIR)
546
565
 
 
566
.PHONY: uninstall-client
547
567
uninstall-client:
548
568
# Refuse to uninstall client if /etc/crypttab is explicitly configured
549
569
# to use it.
585
605
            done; \
586
606
        fi
587
607
 
 
608
.PHONY: purge
588
609
purge: purge-server purge-client
589
610
 
 
611
.PHONY: purge-server
590
612
purge-server: uninstall-server
591
613
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
592
614
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
593
615
                $(DESTDIR)/etc/default/mandos \
594
616
                $(DESTDIR)/etc/init.d/mandos \
595
 
                $(SYSTEMD)/mandos.service \
596
617
                $(DESTDIR)/run/mandos.pid \
597
618
                $(DESTDIR)/var/run/mandos.pid
 
619
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
620
                -rm --force -- $(SYSTEMD)/mandos.service; \
 
621
        fi
598
622
        -rmdir $(CONFDIR)
599
623
 
 
624
.PHONY: purge-client
600
625
purge-client: uninstall-client
601
626
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
602
627
        -rm --force $(CONFDIR)/plugin-runner.conf \