To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.846
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.846
- Committer: Teddy Hogeborn
- Date: 2024-09-09 04:24:39 UTC
- mto: This revision was merged to the branch mainline in revision 410.
- Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings
Many programs use nested functions, which now result in a linker
warning about executable stack. Hide this warning. Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).
* Makefile (plugin-runner, dracut-module/password-agent,
plugins.d/password-prompt, plugins.d/mandos-client,
plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
--no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
are looking through the process list, go though it from the start
instead of from the end, i.e. in normal alphabetical order and not
in reverse order.
Many programs use nested functions, which now result in a linker
warning about executable stack. Hide this warning. Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).
* Makefile (plugin-runner, dracut-module/password-agent,
plugins.d/password-prompt, plugins.d/mandos-client,
plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
--no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
are looking through the process list, go though it from the start
instead of from the end, i.e. in normal alphabetical order and not
in reverse order.
- files added:
- bugs.xml
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
-Wunsafe-loop-optimizations -Wpointer-arith \
5
7
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
LINK_FORTIFY_LD=-z relro -z now
15
LINK_FORTIFY=
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
34
LINK_FORTIFY_LD:=-z relro -z now
35
LINK_FORTIFY:=
16
36
17
37
# If BROKEN_PIE is set, do not build with -pie
18
38
ifndef BROKEN_PIE
20
40
LINK_FORTIFY += -pie
21
41
endif
22
42
#COVERAGE=--coverage
23
OPTIMIZE=-Os
24
LANGUAGE=-std=gnu99
25
htmldir=man
26
version=1.3.1
27
SED=sed
43
OPTIMIZE:=-Os -fno-strict-aliasing
44
LANGUAGE:=-std=gnu11
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
46
htmldir:=man
47
version:=1.8.16
48
SED:=sed
49
PKG_CONFIG?=pkg-config
50
51
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
52
|| getent passwd nobody || echo 65534)))
53
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
54
|| getent group nogroup || echo 65534)))
55
56
LINUXVERSION:=$(shell uname --kernel-release)
28
57
29
58
## Use these settings for a traditional /usr/local install
30
# PREFIX=$(DESTDIR)/usr/local
31
# CONFDIR=$(DESTDIR)/etc/mandos
32
# KEYDIR=$(DESTDIR)/etc/mandos/keys
33
# MANDIR=$(PREFIX)/man
34
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
59
# PREFIX:=$(DESTDIR)/usr/local
60
# CONFDIR:=$(DESTDIR)/etc/mandos
61
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
62
# MANDIR:=$(PREFIX)/man
63
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
66
# LIBDIR:=$(PREFIX)/lib
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
35
68
##
36
69
37
70
## These settings are for a package-type install
38
PREFIX=$(DESTDIR)/usr
39
CONFDIR=$(DESTDIR)/etc/mandos
40
KEYDIR=$(DESTDIR)/etc/keys/mandos
41
MANDIR=$(PREFIX)/share/man
42
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
71
PREFIX:=$(DESTDIR)/usr
72
CONFDIR:=$(DESTDIR)/etc/mandos
73
KEYDIR:=$(DESTDIR)/etc/keys/mandos
74
MANDIR:=$(PREFIX)/share/man
75
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
76
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
77
STATEDIR:=$(DESTDIR)/var/lib/mandos
78
LIBDIR:=$(shell \
79
for d in \
80
"/usr/lib/`dpkg-architecture \
81
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
82
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
83
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
84
echo "$(DESTDIR)$$d"; \
85
break; \
86
fi; \
87
done)
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
43
89
##
44
90
45
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
46
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
47
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
48
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
49
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
50
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
92
--variable=systemdsystemunitdir)
93
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
94
--variable=tmpfilesdir)
95
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
--variable=sysusersdir)
97
98
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
103
|| gpgme-config --cflags; getconf LFS_CFLAGS)
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
105
|| gpgme-config --libs; getconf LFS_LIBS; \
51
106
getconf LFS_LDFLAGS)
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
109
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
110
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
52
111
53
112
# Do not change these two
54
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
55
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
56
-DVERSION='"$(version)"'
57
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
114
$(LANGUAGE) -DVERSION='"$(version)"'
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
116
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
58
117
59
118
# Commands to format a DocBook <refentry> document into a manual page
60
119
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
63
122
--param make.single.year.ranges 1 \
64
123
--param man.output.quietly 1 \
65
124
--param man.authors.section.enabled 0 \
66
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
125
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
67
126
$(notdir $<); \
68
$(MANPOST) $(notdir $@))
69
# DocBook-to-man post-processing to fix a '\n' escape bug
70
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
127
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
128
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
129
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
130
$(notdir $@); fi >/dev/null)
71
131
72
132
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
73
133
--param make.year.ranges 1 \
79
139
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
80
140
$<; $(HTMLPOST) $@)
81
141
# Fix citerefentry links
82
HTMLPOST=$(SED) --in-place \
142
HTMLPOST:=$(SED) --in-place \
83
143
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
84
144
85
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
145
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
86
146
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
87
147
plugins.d/plymouth
88
CPROGS=plugin-runner $(PLUGINS)
89
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
90
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
148
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
149
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
150
$(PLUGIN_HELPERS)
151
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
152
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
91
153
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
154
dracut-module/password-agent.8mandos \
92
155
plugins.d/mandos-client.8mandos \
93
156
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
94
157
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
95
158
plugins.d/plymouth.8mandos intro.8mandos
96
159
97
htmldocs=$(addsuffix .xhtml,$(DOCS))
98
99
objects=$(addsuffix .o,$(CPROGS))
100
160
htmldocs:=$(addsuffix .xhtml,$(DOCS))
161
162
objects:=$(addsuffix .o,$(CPROGS))
163
164
.PHONY: all
101
165
all: $(PROGS) mandos.lsm
102
166
167
.PHONY: doc
103
168
doc: $(DOCS)
104
169
170
.PHONY: html
105
171
html: $(htmldocs)
106
172
107
173
%.5: %.xml common.ent legalnotice.xml
166
232
overview.xml legalnotice.xml
167
233
$(DOCBOOKTOHTML)
168
234
235
dracut-module/password-agent.8mandos: \
236
dracut-module/password-agent.xml common.ent \
237
overview.xml legalnotice.xml
238
$(DOCBOOKTOMAN)
239
dracut-module/password-agent.8mandos.xhtml: \
240
dracut-module/password-agent.xml common.ent \
241
overview.xml legalnotice.xml
242
$(DOCBOOKTOHTML)
243
169
244
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
170
245
common.ent \
171
246
mandos-options.xml \
214
289
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
215
290
$@)
216
291
217
plugins.d/mandos-client: plugins.d/mandos-client.c
218
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
219
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
220
221
.PHONY : all doc html clean distclean run-client run-server install \
222
install-server install-client uninstall uninstall-server \
223
uninstall-client purge purge-server purge-client
224
292
# Uses nested functions
293
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
294
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
295
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
296
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
297
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
298
299
# Need to add the GnuTLS, Avahi and GPGME libraries
300
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
301
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
302
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
303
) $(AVAHI_LIBS) $(GPGME_LIBS)
304
305
# Need to add the libnl-route library
306
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
307
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
308
309
# Need to add the GLib and pthread libraries
310
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
311
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
312
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
313
314
.PHONY: clean
225
315
clean:
226
316
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
227
317
318
.PHONY: distclean
228
319
distclean: clean
320
.PHONY: mostlyclean
229
321
mostlyclean: clean
322
.PHONY: maintainer-clean
230
323
maintainer-clean: clean
231
-rm --force --recursive keydir confdir
324
-rm --force --recursive keydir confdir statedir
232
325
233
check: all
326
.PHONY: check
327
check: all
234
328
./mandos --check
329
./mandos-ctl --check
330
./mandos-keygen --version
331
./plugin-runner --version
332
./plugin-helpers/mandos-client-iprouteadddel --version
333
./dracut-module/password-agent --test
235
334
236
335
# Run the client with a local config and key
237
run-client: all keydir/seckey.txt keydir/pubkey.txt
238
@echo "###################################################################"
239
@echo "# The following error messages are harmless and can be safely #"
240
@echo "# ignored. The messages are caused by not running as root, but #"
241
@echo "# you should NOT run \"make run-client\" as root unless you also #"
242
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
243
@echo "# From plugin-runner: setuid: Operation not permitted #"
244
@echo "# From askpass-fifo: mkfifo: Permission denied #"
245
@echo "# From mandos-client: setuid: Operation not permitted #"
246
@echo "# seteuid: Operation not permitted #"
247
@echo "# klogctl: Operation not permitted #"
248
@echo "###################################################################"
336
.PHONY: run-client
337
run-client: all keydir/seckey.txt keydir/pubkey.txt \
338
keydir/tls-privkey.pem keydir/tls-pubkey.pem
339
@echo '######################################################'
340
@echo '# The following error messages are harmless and can #'
341
@echo '# be safely ignored: #'
342
@echo '## From plugin-runner: #'
343
@echo '# setgid: Operation not permitted #'
344
@echo '# setuid: Operation not permitted #'
345
@echo '## From askpass-fifo: #'
346
@echo '# mkfifo: Permission denied #'
347
@echo '## From mandos-client: #'
348
@echo '# Failed to raise privileges: Operation not permi... #'
349
@echo '# Warning: network hook "*" exited with status * #'
350
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
351
@echo '# Failed to bring up interface "*": Operation not... #'
352
@echo '# #'
353
@echo '# (The messages are caused by not running as root, #'
354
@echo '# but you should NOT run "make run-client" as root #'
355
@echo '# unless you also unpacked and compiled Mandos as #'
356
@echo '# root, which is also NOT recommended.) #'
357
@echo '######################################################'
358
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
249
359
./plugin-runner --plugin-dir=plugins.d \
360
--plugin-helper-dir=plugin-helpers \
250
361
--config-file=plugin-runner.conf \
251
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
362
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
363
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
252
364
$(CLIENTARGS)
253
365
254
366
# Used by run-client
255
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
367
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
256
368
install --directory keydir
257
369
./mandos-keygen --dir keydir --force
370
if ! [ -e keydir/tls-privkey.pem ]; then \
371
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
372
fi
373
if ! [ -e keydir/tls-pubkey.pem ]; then \
374
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
375
fi
258
376
259
377
# Run the server with a local config
260
run-server: confdir/mandos.conf confdir/clients.conf
261
@echo "#################################################################"
262
@echo "# NOTE: Please IGNORE the error about \"Could not open file #"
263
@echo "# u'/var/run/mandos.pid'\" - it is harmless and is caused by #"
264
@echo "# the server not running as root. Do NOT run \"make run-server\" #"
265
@echo "# server as root if you didn't also unpack and compile it thus. #"
266
@echo "#################################################################"
267
./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
378
.PHONY: run-server
379
run-server: confdir/mandos.conf confdir/clients.conf statedir
380
./mandos --debug --no-dbus --configdir=confdir \
381
--statedir=statedir $(SERVERARGS)
268
382
269
383
# Used by run-server
270
384
confdir/mandos.conf: mandos.conf
271
install --directory confdir
272
install --mode=u=rw,go=r $^ $@
273
confdir/clients.conf: clients.conf keydir/seckey.txt
274
install --directory confdir
275
install --mode=u=rw $< $@
385
install -D --mode=u=rw,go=r $^ $@
386
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
387
install -D --mode=u=rw $< $@
276
388
# Add a client password
277
./mandos-keygen --dir keydir --password >> $@
389
./mandos-keygen --dir keydir --password --no-ssh >> $@
390
statedir:
391
install --directory statedir
278
392
393
.PHONY: install
279
394
install: install-server install-client-nokey
280
395
396
.PHONY: install-html
281
397
install-html: html
282
install --directory $(htmldir)
283
install --mode=u=rw,go=r --target-directory=$(htmldir) \
398
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
284
399
$(htmldocs)
285
400
401
.PHONY: install-server
286
402
install-server: doc
287
install --directory $(CONFDIR)
288
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
403
if install --directory --mode=u=rwx --owner=$(USER) \
404
--group=$(GROUP) $(STATEDIR); then \
405
:; \
406
elif install --directory --mode=u=rwx $(STATEDIR); then \
407
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
408
fi
409
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
410
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
411
$(TMPFILES)/mandos.conf; \
412
fi
413
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
414
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
415
$(SYSUSERS)/mandos.conf; \
416
fi
417
install --directory $(PREFIX)/sbin
418
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
419
mandos
289
420
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
290
421
mandos-ctl
291
422
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
292
423
mandos-monitor
424
install --directory $(CONFDIR)
293
425
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
294
426
mandos.conf
295
427
install --mode=u=rw --target-directory=$(CONFDIR) \
296
428
clients.conf
297
install --mode=u=rw,go=r dbus-mandos.conf \
298
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
299
install --mode=u=rwx,go=rx init.d-mandos \
429
install -D --mode=u=rw,go=r dbus-mandos.conf \
430
$(DBUSPOLICYDIR)/mandos.conf
431
install -D --mode=u=rwx,go=rx init.d-mandos \
300
432
$(DESTDIR)/etc/init.d/mandos
301
install --mode=u=rw,go=r default-mandos \
433
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
434
install -D --mode=u=rw,go=r mandos.service \
435
$(SYSTEMD); \
436
fi
437
install -D --mode=u=rw,go=r default-mandos \
302
438
$(DESTDIR)/etc/default/mandos
303
439
if [ -z $(DESTDIR) ]; then \
304
440
update-rc.d mandos defaults 25 15;\
305
441
fi
442
install --directory $(MANDIR)/man8 $(MANDIR)/man5
306
443
gzip --best --to-stdout mandos.8 \
307
444
> $(MANDIR)/man8/mandos.8.gz
308
445
gzip --best --to-stdout mandos-monitor.8 \
313
450
> $(MANDIR)/man5/mandos.conf.5.gz
314
451
gzip --best --to-stdout mandos-clients.conf.5 \
315
452
> $(MANDIR)/man5/mandos-clients.conf.5.gz
453
gzip --best --to-stdout intro.8mandos \
454
> $(MANDIR)/man8/intro.8mandos.gz
316
455
456
.PHONY: install-client-nokey
317
457
install-client-nokey: all doc
318
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
319
458
install --directory --mode=u=rwx $(KEYDIR) \
320
$(PREFIX)/lib/mandos/plugins.d
321
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
322
install --mode=u=rwx \
323
--directory "$(CONFDIR)/plugins.d"; \
324
fi
325
install --mode=u=rwx,go=rx \
326
--target-directory=$(PREFIX)/lib/mandos plugin-runner
459
$(LIBDIR)/mandos/plugins.d \
460
$(LIBDIR)/mandos/plugin-helpers
461
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
462
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
463
$(SYSUSERS)/mandos-client.conf; \
464
fi
465
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
466
install --directory \
467
--mode=u=rwx "$(CONFDIR)/plugins.d" \
468
"$(CONFDIR)/plugin-helpers"; \
469
fi
470
install --directory --mode=u=rwx,go=rx \
471
"$(CONFDIR)/network-hooks.d"
472
install --mode=u=rwx,go=rx \
473
--target-directory=$(LIBDIR)/mandos plugin-runner
474
install --mode=u=rwx,go=rx \
475
--target-directory=$(LIBDIR)/mandos \
476
mandos-to-cryptroot-unlock
477
install --directory $(PREFIX)/sbin
327
478
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
328
479
mandos-keygen
329
480
install --mode=u=rwx,go=rx \
330
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
481
--target-directory=$(LIBDIR)/mandos/plugins.d \
331
482
plugins.d/password-prompt
332
483
install --mode=u=rwxs,go=rx \
333
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
484
--target-directory=$(LIBDIR)/mandos/plugins.d \
334
485
plugins.d/mandos-client
335
486
install --mode=u=rwxs,go=rx \
336
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
487
--target-directory=$(LIBDIR)/mandos/plugins.d \
337
488
plugins.d/usplash
338
489
install --mode=u=rwxs,go=rx \
339
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
490
--target-directory=$(LIBDIR)/mandos/plugins.d \
340
491
plugins.d/splashy
341
492
install --mode=u=rwxs,go=rx \
342
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
493
--target-directory=$(LIBDIR)/mandos/plugins.d \
343
494
plugins.d/askpass-fifo
344
495
install --mode=u=rwxs,go=rx \
345
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
496
--target-directory=$(LIBDIR)/mandos/plugins.d \
346
497
plugins.d/plymouth
347
install initramfs-tools-hook \
498
install --mode=u=rwx,go=rx \
499
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
500
plugin-helpers/mandos-client-iprouteadddel
501
install -D initramfs-tools-hook \
348
502
$(INITRAMFSTOOLS)/hooks/mandos
349
install --mode=u=rw,go=r initramfs-tools-hook-conf \
350
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
351
install initramfs-tools-script \
503
install -D --mode=u=rw,go=r initramfs-tools-conf \
504
$(INITRAMFSTOOLS)/conf.d/mandos-conf
505
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
506
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
507
install -D initramfs-tools-script \
352
508
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
509
install -D initramfs-tools-script-stop \
510
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
511
install -D --mode=u=rw,go=r \
512
--target-directory=$(DRACUTMODULE) \
513
dracut-module/ask-password-mandos.path \
514
dracut-module/ask-password-mandos.service
515
install --mode=u=rwxs,go=rx \
516
--target-directory=$(DRACUTMODULE) \
517
dracut-module/module-setup.sh \
518
dracut-module/cmdline-mandos.sh \
519
dracut-module/password-agent
353
520
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
521
install --directory $(MANDIR)/man8
354
522
gzip --best --to-stdout mandos-keygen.8 \
355
523
> $(MANDIR)/man8/mandos-keygen.8.gz
356
524
gzip --best --to-stdout plugin-runner.8mandos \
367
535
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
368
536
gzip --best --to-stdout plugins.d/plymouth.8mandos \
369
537
> $(MANDIR)/man8/plymouth.8mandos.gz
538
gzip --best --to-stdout dracut-module/password-agent.8mandos \
539
> $(MANDIR)/man8/password-agent.8mandos.gz
370
540
541
.PHONY: install-client
371
542
install-client: install-client-nokey
372
543
# Post-installation stuff
373
544
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
374
update-initramfs -k all -u
545
if command -v update-initramfs >/dev/null; then \
546
update-initramfs -k all -u; \
547
elif command -v dracut >/dev/null; then \
548
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
549
if [ -w "$$initrd" ]; then \
550
chmod go-r "$$initrd"; \
551
dracut --force "$$initrd"; \
552
fi; \
553
done; \
554
fi
375
555
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
376
556
557
.PHONY: uninstall
377
558
uninstall: uninstall-server uninstall-client
378
559
560
.PHONY: uninstall-server
379
561
uninstall-server:
380
562
-rm --force $(PREFIX)/sbin/mandos \
381
563
$(PREFIX)/sbin/mandos-ctl \
388
570
update-rc.d -f mandos remove
389
571
-rmdir $(CONFDIR)
390
572
573
.PHONY: uninstall-client
391
574
uninstall-client:
392
575
# Refuse to uninstall client if /etc/crypttab is explicitly configured
393
576
# to use it.
394
577
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
395
578
$(DESTDIR)/etc/crypttab
396
579
-rm --force $(PREFIX)/sbin/mandos-keygen \
397
$(PREFIX)/lib/mandos/plugin-runner \
398
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
399
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
400
$(PREFIX)/lib/mandos/plugins.d/usplash \
401
$(PREFIX)/lib/mandos/plugins.d/splashy \
402
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
403
$(PREFIX)/lib/mandos/plugins.d/plymouth \
580
$(LIBDIR)/mandos/plugin-runner \
581
$(LIBDIR)/mandos/plugins.d/password-prompt \
582
$(LIBDIR)/mandos/plugins.d/mandos-client \
583
$(LIBDIR)/mandos/plugins.d/usplash \
584
$(LIBDIR)/mandos/plugins.d/splashy \
585
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
586
$(LIBDIR)/mandos/plugins.d/plymouth \
404
587
$(INITRAMFSTOOLS)/hooks/mandos \
405
588
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
406
589
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
590
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
591
$(DRACUTMODULE)/ask-password-mandos.path \
592
$(DRACUTMODULE)/ask-password-mandos.service \
593
$(DRACUTMODULE)/module-setup.sh \
594
$(DRACUTMODULE)/cmdline-mandos.sh \
595
$(DRACUTMODULE)/password-agent \
407
596
$(MANDIR)/man8/mandos-keygen.8.gz \
408
597
$(MANDIR)/man8/plugin-runner.8mandos.gz \
409
598
$(MANDIR)/man8/mandos-client.8mandos.gz
412
601
$(MANDIR)/man8/splashy.8mandos.gz \
413
602
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
414
603
$(MANDIR)/man8/plymouth.8mandos.gz \
415
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
416
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
417
update-initramfs -k all -u
604
$(MANDIR)/man8/password-agent.8mandos.gz \
605
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
606
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
607
if command -v update-initramfs >/dev/null; then \
608
update-initramfs -k all -u; \
609
elif command -v dracut >/dev/null; then \
610
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
611
test -w "$$initrd" && dracut --force "$$initrd"; \
612
done; \
613
fi
418
614
615
.PHONY: purge
419
616
purge: purge-server purge-client
420
617
618
.PHONY: purge-server
421
619
purge-server: uninstall-server
422
620
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
423
621
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
424
622
$(DESTDIR)/etc/default/mandos \
425
623
$(DESTDIR)/etc/init.d/mandos \
624
$(DESTDIR)/run/mandos.pid \
426
625
$(DESTDIR)/var/run/mandos.pid
626
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
627
-rm --force -- $(SYSTEMD)/mandos.service; \
628
fi
427
629
-rmdir $(CONFDIR)
428
630
631
.PHONY: purge-client
429
632
purge-client: uninstall-client
430
-shred --remove $(KEYDIR)/seckey.txt
633
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
431
634
-rm --force $(CONFDIR)/plugin-runner.conf \
432
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
635
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
636
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
433
637
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0