/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 01:36:41 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k
Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
32
FORTIFY:=-fstack-protector-all -fPIC
 
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
 
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
 
version:=1.8.9
 
47
version:=1.8.16
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
 
63
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
66
# LIBDIR:=$(PREFIX)/lib
 
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
68
##
67
69
 
68
70
## These settings are for a package-type install
83
85
                        break; \
84
86
                fi; \
85
87
        done)
 
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
89
##
87
90
 
88
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
 
103
        || gpgme-config --cflags; getconf LFS_CFLAGS)
 
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
 
105
        || gpgme-config --libs; getconf LFS_LIBS; \
101
106
        getconf LFS_LDFLAGS)
102
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
111
 
107
112
# Do not change these two
108
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
114
        $(LANGUAGE) -DVERSION='"$(version)"'
110
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
116
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
117
 
296
301
 
297
302
# Need to add the GLib and pthread libraries
298
303
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
304
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
299
305
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
306
 
301
307
.PHONY: clean
354
360
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
361
        install --directory keydir
356
362
        ./mandos-keygen --dir keydir --force
 
363
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
364
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
365
        fi
 
366
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
367
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
368
        fi
357
369
 
358
370
# Run the server with a local config
359
371
.PHONY: run-server
363
375
 
364
376
# Used by run-server
365
377
confdir/mandos.conf: mandos.conf
366
 
        install --directory confdir
367
 
        install --mode=u=rw,go=r $^ $@
 
378
        install -D --mode=u=rw,go=r $^ $@
368
379
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
369
 
        install --directory confdir
370
 
        install --mode=u=rw $< $@
 
380
        install -D --mode=u=rw $< $@
371
381
# Add a client password
372
382
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
373
383
statedir:
378
388
 
379
389
.PHONY: install-html
380
390
install-html: html
381
 
        install --directory $(htmldir)
382
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
391
        install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
383
392
                $(htmldocs)
384
393
 
385
394
.PHONY: install-server
386
395
install-server: doc
387
 
        install --directory $(CONFDIR)
388
396
        if install --directory --mode=u=rwx --owner=$(USER) \
389
397
                --group=$(GROUP) $(STATEDIR); then \
390
398
                :; \
391
399
        elif install --directory --mode=u=rwx $(STATEDIR); then \
392
400
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
393
401
        fi
394
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
395
 
                        -a -d "$(TMPFILES)" ]; then \
396
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
402
        if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
 
403
                install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
397
404
                        $(TMPFILES)/mandos.conf; \
398
405
        fi
399
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
400
 
                        -a -d "$(SYSUSERS)" ]; then \
401
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
406
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
407
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
402
408
                        $(SYSUSERS)/mandos.conf; \
403
409
        fi
404
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
410
        install --directory $(PREFIX)/sbin
 
411
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
412
                mandos
405
413
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
406
414
                mandos-ctl
407
415
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
408
416
                mandos-monitor
 
417
        install --directory $(CONFDIR)
409
418
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
410
419
                mandos.conf
411
420
        install --mode=u=rw --target-directory=$(CONFDIR) \
412
421
                clients.conf
413
 
        install --mode=u=rw,go=r dbus-mandos.conf \
414
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
415
 
        install --mode=u=rwx,go=rx init.d-mandos \
 
422
        install -D --mode=u=rw,go=r dbus-mandos.conf \
 
423
                $(DBUSPOLICYDIR)/mandos.conf
 
424
        install -D --mode=u=rwx,go=rx init.d-mandos \
416
425
                $(DESTDIR)/etc/init.d/mandos
417
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
418
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
426
        if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
 
427
                install -D --mode=u=rw,go=r mandos.service \
 
428
                        $(SYSTEMD); \
419
429
        fi
420
 
        install --mode=u=rw,go=r default-mandos \
 
430
        install -D --mode=u=rw,go=r default-mandos \
421
431
                $(DESTDIR)/etc/default/mandos
422
432
        if [ -z $(DESTDIR) ]; then \
423
433
                update-rc.d mandos defaults 25 15;\
424
434
        fi
 
435
        install --directory $(MANDIR)/man8 $(MANDIR)/man5
425
436
        gzip --best --to-stdout mandos.8 \
426
437
                > $(MANDIR)/man8/mandos.8.gz
427
438
        gzip --best --to-stdout mandos-monitor.8 \
437
448
 
438
449
.PHONY: install-client-nokey
439
450
install-client-nokey: all doc
440
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
441
451
        install --directory --mode=u=rwx $(KEYDIR) \
442
452
                $(LIBDIR)/mandos/plugins.d \
443
453
                $(LIBDIR)/mandos/plugin-helpers
444
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
445
 
                        -a -d "$(SYSUSERS)" ]; then \
446
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
454
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
455
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
447
456
                        $(SYSUSERS)/mandos-client.conf; \
448
457
        fi
449
458
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
450
 
                install --mode=u=rwx \
451
 
                        --directory "$(CONFDIR)/plugins.d" \
 
459
                install --directory \
 
460
                        --mode=u=rwx "$(CONFDIR)/plugins.d" \
452
461
                        "$(CONFDIR)/plugin-helpers"; \
453
462
        fi
454
 
        install --mode=u=rwx,go=rx --directory \
 
463
        install --directory --mode=u=rwx,go=rx \
455
464
                "$(CONFDIR)/network-hooks.d"
456
465
        install --mode=u=rwx,go=rx \
457
466
                --target-directory=$(LIBDIR)/mandos plugin-runner
458
467
        install --mode=u=rwx,go=rx \
459
468
                --target-directory=$(LIBDIR)/mandos \
460
469
                mandos-to-cryptroot-unlock
 
470
        install --directory $(PREFIX)/sbin
461
471
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
462
472
                mandos-keygen
463
473
        install --mode=u=rwx,go=rx \
481
491
        install --mode=u=rwx,go=rx \
482
492
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
483
493
                plugin-helpers/mandos-client-iprouteadddel
484
 
        install initramfs-tools-hook \
 
494
        install -D initramfs-tools-hook \
485
495
                $(INITRAMFSTOOLS)/hooks/mandos
486
 
        install --mode=u=rw,go=r initramfs-tools-conf \
 
496
        install -D --mode=u=rw,go=r initramfs-tools-conf \
487
497
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
488
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
498
        install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
489
499
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
490
 
        install initramfs-tools-script \
 
500
        install -D initramfs-tools-script \
491
501
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
492
 
        install initramfs-tools-script-stop \
 
502
        install -D initramfs-tools-script-stop \
493
503
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
494
 
        install --directory $(DRACUTMODULE)
495
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
504
        install -D --mode=u=rw,go=r \
 
505
                --target-directory=$(DRACUTMODULE) \
496
506
                dracut-module/ask-password-mandos.path \
497
507
                dracut-module/ask-password-mandos.service
498
508
        install --mode=u=rwxs,go=rx \
501
511
                dracut-module/cmdline-mandos.sh \
502
512
                dracut-module/password-agent
503
513
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
514
        install --directory $(MANDIR)/man8
504
515
        gzip --best --to-stdout mandos-keygen.8 \
505
516
                > $(MANDIR)/man8/mandos-keygen.8.gz
506
517
        gzip --best --to-stdout plugin-runner.8mandos \
603
614
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
604
615
                $(DESTDIR)/etc/default/mandos \
605
616
                $(DESTDIR)/etc/init.d/mandos \
606
 
                $(SYSTEMD)/mandos.service \
607
617
                $(DESTDIR)/run/mandos.pid \
608
618
                $(DESTDIR)/var/run/mandos.pid
 
619
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
620
                -rm --force -- $(SYSTEMD)/mandos.service; \
 
621
        fi
609
622
        -rmdir $(CONFDIR)
610
623
 
611
624
.PHONY: purge-client