/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC
 
32
FORTIFY:=-fstack-protector-all -fPIC
 
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
 
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
 
version:=1.8.15
 
47
version:=1.8.16
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
 
63
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
66
# LIBDIR:=$(PREFIX)/lib
 
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
68
##
67
69
 
68
70
## These settings are for a package-type install
83
85
                        break; \
84
86
                fi; \
85
87
        done)
 
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
89
##
87
90
 
88
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
108
111
 
109
112
# Do not change these two
110
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
111
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
114
        $(LANGUAGE) -DVERSION='"$(version)"'
112
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
113
116
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
114
117
 
286
289
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
287
290
                $@)
288
291
 
 
292
# Uses nested functions
 
293
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
 
294
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
 
295
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
 
296
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
 
297
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
 
298
 
289
299
# Need to add the GnuTLS, Avahi and GPGME libraries
290
300
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
291
301
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
372
382
 
373
383
# Used by run-server
374
384
confdir/mandos.conf: mandos.conf
375
 
        install --directory confdir
376
 
        install --mode=u=rw,go=r $^ $@
 
385
        install -D --mode=u=rw,go=r $^ $@
377
386
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
378
 
        install --directory confdir
379
 
        install --mode=u=rw $< $@
 
387
        install -D --mode=u=rw $< $@
380
388
# Add a client password
381
389
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
382
390
statedir:
387
395
 
388
396
.PHONY: install-html
389
397
install-html: html
390
 
        install --directory $(htmldir)
391
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
398
        install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
392
399
                $(htmldocs)
393
400
 
394
401
.PHONY: install-server
395
402
install-server: doc
396
 
        install --directory $(CONFDIR)
397
403
        if install --directory --mode=u=rwx --owner=$(USER) \
398
404
                --group=$(GROUP) $(STATEDIR); then \
399
405
                :; \
400
406
        elif install --directory --mode=u=rwx $(STATEDIR); then \
401
407
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
402
408
        fi
403
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
404
 
                        -a -d "$(TMPFILES)" ]; then \
405
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
409
        if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
 
410
                install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
406
411
                        $(TMPFILES)/mandos.conf; \
407
412
        fi
408
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
409
 
                        -a -d "$(SYSUSERS)" ]; then \
410
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
413
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
414
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
411
415
                        $(SYSUSERS)/mandos.conf; \
412
416
        fi
413
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
417
        install --directory $(PREFIX)/sbin
 
418
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
419
                mandos
414
420
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
415
421
                mandos-ctl
416
422
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
417
423
                mandos-monitor
 
424
        install --directory $(CONFDIR)
418
425
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
419
426
                mandos.conf
420
427
        install --mode=u=rw --target-directory=$(CONFDIR) \
421
428
                clients.conf
422
 
        install --mode=u=rw,go=r dbus-mandos.conf \
423
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
424
 
        install --mode=u=rwx,go=rx init.d-mandos \
 
429
        install -D --mode=u=rw,go=r dbus-mandos.conf \
 
430
                $(DBUSPOLICYDIR)/mandos.conf
 
431
        install -D --mode=u=rwx,go=rx init.d-mandos \
425
432
                $(DESTDIR)/etc/init.d/mandos
426
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
427
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
433
        if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
 
434
                install -D --mode=u=rw,go=r mandos.service \
 
435
                        $(SYSTEMD); \
428
436
        fi
429
 
        install --mode=u=rw,go=r default-mandos \
 
437
        install -D --mode=u=rw,go=r default-mandos \
430
438
                $(DESTDIR)/etc/default/mandos
431
439
        if [ -z $(DESTDIR) ]; then \
432
440
                update-rc.d mandos defaults 25 15;\
433
441
        fi
 
442
        install --directory $(MANDIR)/man8 $(MANDIR)/man5
434
443
        gzip --best --to-stdout mandos.8 \
435
444
                > $(MANDIR)/man8/mandos.8.gz
436
445
        gzip --best --to-stdout mandos-monitor.8 \
446
455
 
447
456
.PHONY: install-client-nokey
448
457
install-client-nokey: all doc
449
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
450
458
        install --directory --mode=u=rwx $(KEYDIR) \
451
459
                $(LIBDIR)/mandos/plugins.d \
452
460
                $(LIBDIR)/mandos/plugin-helpers
453
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
454
 
                        -a -d "$(SYSUSERS)" ]; then \
455
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
461
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
462
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
456
463
                        $(SYSUSERS)/mandos-client.conf; \
457
464
        fi
458
465
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
459
 
                install --mode=u=rwx \
460
 
                        --directory "$(CONFDIR)/plugins.d" \
 
466
                install --directory \
 
467
                        --mode=u=rwx "$(CONFDIR)/plugins.d" \
461
468
                        "$(CONFDIR)/plugin-helpers"; \
462
469
        fi
463
 
        install --mode=u=rwx,go=rx --directory \
 
470
        install --directory --mode=u=rwx,go=rx \
464
471
                "$(CONFDIR)/network-hooks.d"
465
472
        install --mode=u=rwx,go=rx \
466
473
                --target-directory=$(LIBDIR)/mandos plugin-runner
467
474
        install --mode=u=rwx,go=rx \
468
475
                --target-directory=$(LIBDIR)/mandos \
469
476
                mandos-to-cryptroot-unlock
 
477
        install --directory $(PREFIX)/sbin
470
478
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
471
479
                mandos-keygen
472
480
        install --mode=u=rwx,go=rx \
490
498
        install --mode=u=rwx,go=rx \
491
499
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
492
500
                plugin-helpers/mandos-client-iprouteadddel
493
 
        install initramfs-tools-hook \
 
501
        install -D initramfs-tools-hook \
494
502
                $(INITRAMFSTOOLS)/hooks/mandos
495
 
        install --mode=u=rw,go=r initramfs-tools-conf \
 
503
        install -D --mode=u=rw,go=r initramfs-tools-conf \
496
504
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
497
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
505
        install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
498
506
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
499
 
        install initramfs-tools-script \
 
507
        install -D initramfs-tools-script \
500
508
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
501
 
        install initramfs-tools-script-stop \
 
509
        install -D initramfs-tools-script-stop \
502
510
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
503
 
        install --directory $(DRACUTMODULE)
504
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
511
        install -D --mode=u=rw,go=r \
 
512
                --target-directory=$(DRACUTMODULE) \
505
513
                dracut-module/ask-password-mandos.path \
506
514
                dracut-module/ask-password-mandos.service
507
515
        install --mode=u=rwxs,go=rx \
510
518
                dracut-module/cmdline-mandos.sh \
511
519
                dracut-module/password-agent
512
520
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
521
        install --directory $(MANDIR)/man8
513
522
        gzip --best --to-stdout mandos-keygen.8 \
514
523
                > $(MANDIR)/man8/mandos-keygen.8.gz
515
524
        gzip --best --to-stdout plugin-runner.8mandos \
612
621
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
613
622
                $(DESTDIR)/etc/default/mandos \
614
623
                $(DESTDIR)/etc/init.d/mandos \
615
 
                $(SYSTEMD)/mandos.service \
616
624
                $(DESTDIR)/run/mandos.pid \
617
625
                $(DESTDIR)/var/run/mandos.pid
 
626
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
627
                -rm --force -- $(SYSTEMD)/mandos.service; \
 
628
        fi
618
629
        -rmdir $(CONFDIR)
619
630
 
620
631
.PHONY: purge-client