/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
32
FORTIFY:=-fstack-protector-all -fPIC
 
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
 
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
 
version:=1.8.9
 
47
version:=1.8.16
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
 
63
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
66
# LIBDIR:=$(PREFIX)/lib
 
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
68
##
67
69
 
68
70
## These settings are for a package-type install
83
85
                        break; \
84
86
                fi; \
85
87
        done)
 
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
89
##
87
90
 
88
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
 
103
        || gpgme-config --cflags; getconf LFS_CFLAGS)
 
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
 
105
        || gpgme-config --libs; getconf LFS_LIBS; \
101
106
        getconf LFS_LDFLAGS)
102
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
111
 
107
112
# Do not change these two
108
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
114
        $(LANGUAGE) -DVERSION='"$(version)"'
110
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
116
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
117
 
284
289
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
285
290
                $@)
286
291
 
 
292
# Uses nested functions
 
293
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
 
294
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
 
295
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
 
296
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
 
297
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
 
298
 
287
299
# Need to add the GnuTLS, Avahi and GPGME libraries
288
300
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
301
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
296
308
 
297
309
# Need to add the GLib and pthread libraries
298
310
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
311
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
299
312
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
313
 
301
314
.PHONY: clean
369
382
 
370
383
# Used by run-server
371
384
confdir/mandos.conf: mandos.conf
372
 
        install --directory confdir
373
 
        install --mode=u=rw,go=r $^ $@
 
385
        install -D --mode=u=rw,go=r $^ $@
374
386
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
375
 
        install --directory confdir
376
 
        install --mode=u=rw $< $@
 
387
        install -D --mode=u=rw $< $@
377
388
# Add a client password
378
389
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
379
390
statedir:
384
395
 
385
396
.PHONY: install-html
386
397
install-html: html
387
 
        install --directory $(htmldir)
388
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
398
        install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
389
399
                $(htmldocs)
390
400
 
391
401
.PHONY: install-server
392
402
install-server: doc
393
 
        install --directory $(CONFDIR)
394
403
        if install --directory --mode=u=rwx --owner=$(USER) \
395
404
                --group=$(GROUP) $(STATEDIR); then \
396
405
                :; \
397
406
        elif install --directory --mode=u=rwx $(STATEDIR); then \
398
407
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
399
408
        fi
400
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
401
 
                        -a -d "$(TMPFILES)" ]; then \
402
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
409
        if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
 
410
                install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
403
411
                        $(TMPFILES)/mandos.conf; \
404
412
        fi
405
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
406
 
                        -a -d "$(SYSUSERS)" ]; then \
407
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
413
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
414
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
408
415
                        $(SYSUSERS)/mandos.conf; \
409
416
        fi
410
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
417
        install --directory $(PREFIX)/sbin
 
418
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
419
                mandos
411
420
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
412
421
                mandos-ctl
413
422
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
414
423
                mandos-monitor
 
424
        install --directory $(CONFDIR)
415
425
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
416
426
                mandos.conf
417
427
        install --mode=u=rw --target-directory=$(CONFDIR) \
418
428
                clients.conf
419
 
        install --mode=u=rw,go=r dbus-mandos.conf \
420
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
421
 
        install --mode=u=rwx,go=rx init.d-mandos \
 
429
        install -D --mode=u=rw,go=r dbus-mandos.conf \
 
430
                $(DBUSPOLICYDIR)/mandos.conf
 
431
        install -D --mode=u=rwx,go=rx init.d-mandos \
422
432
                $(DESTDIR)/etc/init.d/mandos
423
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
424
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
433
        if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
 
434
                install -D --mode=u=rw,go=r mandos.service \
 
435
                        $(SYSTEMD); \
425
436
        fi
426
 
        install --mode=u=rw,go=r default-mandos \
 
437
        install -D --mode=u=rw,go=r default-mandos \
427
438
                $(DESTDIR)/etc/default/mandos
428
439
        if [ -z $(DESTDIR) ]; then \
429
440
                update-rc.d mandos defaults 25 15;\
430
441
        fi
 
442
        install --directory $(MANDIR)/man8 $(MANDIR)/man5
431
443
        gzip --best --to-stdout mandos.8 \
432
444
                > $(MANDIR)/man8/mandos.8.gz
433
445
        gzip --best --to-stdout mandos-monitor.8 \
443
455
 
444
456
.PHONY: install-client-nokey
445
457
install-client-nokey: all doc
446
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
447
458
        install --directory --mode=u=rwx $(KEYDIR) \
448
459
                $(LIBDIR)/mandos/plugins.d \
449
460
                $(LIBDIR)/mandos/plugin-helpers
450
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
451
 
                        -a -d "$(SYSUSERS)" ]; then \
452
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
461
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
462
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
453
463
                        $(SYSUSERS)/mandos-client.conf; \
454
464
        fi
455
465
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
456
 
                install --mode=u=rwx \
457
 
                        --directory "$(CONFDIR)/plugins.d" \
 
466
                install --directory \
 
467
                        --mode=u=rwx "$(CONFDIR)/plugins.d" \
458
468
                        "$(CONFDIR)/plugin-helpers"; \
459
469
        fi
460
 
        install --mode=u=rwx,go=rx --directory \
 
470
        install --directory --mode=u=rwx,go=rx \
461
471
                "$(CONFDIR)/network-hooks.d"
462
472
        install --mode=u=rwx,go=rx \
463
473
                --target-directory=$(LIBDIR)/mandos plugin-runner
464
474
        install --mode=u=rwx,go=rx \
465
475
                --target-directory=$(LIBDIR)/mandos \
466
476
                mandos-to-cryptroot-unlock
 
477
        install --directory $(PREFIX)/sbin
467
478
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
468
479
                mandos-keygen
469
480
        install --mode=u=rwx,go=rx \
487
498
        install --mode=u=rwx,go=rx \
488
499
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
489
500
                plugin-helpers/mandos-client-iprouteadddel
490
 
        install initramfs-tools-hook \
 
501
        install -D initramfs-tools-hook \
491
502
                $(INITRAMFSTOOLS)/hooks/mandos
492
 
        install --mode=u=rw,go=r initramfs-tools-conf \
 
503
        install -D --mode=u=rw,go=r initramfs-tools-conf \
493
504
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
494
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
505
        install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
495
506
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
496
 
        install initramfs-tools-script \
 
507
        install -D initramfs-tools-script \
497
508
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
498
 
        install initramfs-tools-script-stop \
 
509
        install -D initramfs-tools-script-stop \
499
510
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
500
 
        install --directory $(DRACUTMODULE)
501
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
511
        install -D --mode=u=rw,go=r \
 
512
                --target-directory=$(DRACUTMODULE) \
502
513
                dracut-module/ask-password-mandos.path \
503
514
                dracut-module/ask-password-mandos.service
504
515
        install --mode=u=rwxs,go=rx \
507
518
                dracut-module/cmdline-mandos.sh \
508
519
                dracut-module/password-agent
509
520
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
521
        install --directory $(MANDIR)/man8
510
522
        gzip --best --to-stdout mandos-keygen.8 \
511
523
                > $(MANDIR)/man8/mandos-keygen.8.gz
512
524
        gzip --best --to-stdout plugin-runner.8mandos \
609
621
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
610
622
                $(DESTDIR)/etc/default/mandos \
611
623
                $(DESTDIR)/etc/init.d/mandos \
612
 
                $(SYSTEMD)/mandos.service \
613
624
                $(DESTDIR)/run/mandos.pid \
614
625
                $(DESTDIR)/var/run/mandos.pid
 
626
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
627
                -rm --force -- $(SYSTEMD)/mandos.service; \
 
628
        fi
615
629
        -rmdir $(CONFDIR)
616
630
 
617
631
.PHONY: purge-client