To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.860
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.860
- Committer: Teddy Hogeborn
- Date: 2024-11-17 18:43:11 UTC
- mto: This revision was merged to the branch mainline in revision 412.
- Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g
Debian package: Avoid suggesting a C compiler unnecessarily
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
- files added:
- DBUS-API
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
-Wunsafe-loop-optimizations -Wpointer-arith \
5
7
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
12
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE
13
LINK_FORTIFY_LD=-z relro -fPIE
14
LINK_FORTIFY=-pie
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
34
LINK_FORTIFY_LD:=-z relro -z now
35
LINK_FORTIFY:=
36
37
# If BROKEN_PIE is set, do not build with -pie
38
ifndef BROKEN_PIE
39
FORTIFY += -fPIE
40
LINK_FORTIFY += -pie
41
endif
15
42
#COVERAGE=--coverage
16
OPTIMIZE=-Os
17
LANGUAGE=-std=gnu99
18
htmldir=man
19
version=1.0.5
20
SED=sed
43
OPTIMIZE:=-Os -fno-strict-aliasing
44
LANGUAGE:=-std=gnu11
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
46
htmldir:=man
47
version:=1.8.17
48
SED:=sed
49
PKG_CONFIG?=pkg-config
50
51
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
52
|| getent passwd nobody || echo 65534)))
53
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
54
|| getent group nogroup || echo 65534)))
55
56
LINUXVERSION:=$(shell uname --kernel-release)
21
57
22
58
## Use these settings for a traditional /usr/local install
23
# PREFIX=$(DESTDIR)/usr/local
24
# CONFDIR=$(DESTDIR)/etc/mandos
25
# KEYDIR=$(DESTDIR)/etc/mandos/keys
26
# MANDIR=$(PREFIX)/man
27
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
59
# PREFIX:=$(DESTDIR)/usr/local
60
# BINDIR:=$(PREFIX)/sbin
61
# CONFDIR:=$(DESTDIR)/etc/mandos
62
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
63
# MANDIR:=$(PREFIX)/man
64
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
65
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
66
# STATEDIR:=$(DESTDIR)/var/lib/mandos
67
# LIBDIR:=$(PREFIX)/lib
68
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
28
69
##
29
70
30
71
## These settings are for a package-type install
31
PREFIX=$(DESTDIR)/usr
32
CONFDIR=$(DESTDIR)/etc/mandos
33
KEYDIR=$(DESTDIR)/etc/keys/mandos
34
MANDIR=$(PREFIX)/share/man
35
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
72
PREFIX:=$(DESTDIR)/usr
73
BINDIR:=$(PREFIX)/sbin
74
CONFDIR:=$(DESTDIR)/etc/mandos
75
KEYDIR:=$(DESTDIR)/etc/keys/mandos
76
MANDIR:=$(PREFIX)/share/man
77
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
78
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
79
STATEDIR:=$(DESTDIR)/var/lib/mandos
80
LIBDIR:=$(shell \
81
for d in \
82
"/usr/lib/`dpkg-architecture \
83
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
84
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
85
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
86
echo "$(DESTDIR)$$d"; \
87
break; \
88
fi; \
89
done)
90
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
36
91
##
37
92
38
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
39
GNUTLS_LIBS=$(shell libgnutls-config --libs)
40
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
41
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
42
GPGME_CFLAGS=$(shell gpgme-config --cflags)
43
GPGME_LIBS=$(shell gpgme-config --libs)
93
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
94
--variable=systemdsystemunitdir)
95
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
--variable=tmpfilesdir)
97
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
98
--variable=sysusersdir)
99
100
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
101
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
102
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
103
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
104
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
105
|| gpgme-config --cflags; getconf LFS_CFLAGS)
106
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
107
|| gpgme-config --libs; getconf LFS_LIBS; \
108
getconf LFS_LDFLAGS)
109
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
110
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
111
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
112
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
44
113
45
114
# Do not change these two
46
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
47
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
48
-DVERSION='"$(version)"'
49
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
115
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
116
$(LANGUAGE) -DVERSION='"$(version)"'
117
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
118
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
50
119
51
120
# Commands to format a DocBook <refentry> document into a manual page
52
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
121
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
53
122
--param man.charmap.use.subset 0 \
54
123
--param make.year.ranges 1 \
55
124
--param make.single.year.ranges 1 \
56
125
--param man.output.quietly 1 \
57
126
--param man.authors.section.enabled 0 \
58
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
127
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
59
128
$(notdir $<); \
60
$(MANPOST) $(notdir $@)
61
# DocBook-to-man post-processing to fix a '\n' escape bug
62
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
129
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
130
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
131
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
132
$(notdir $@); fi >/dev/null)
63
133
64
DOCBOOKTOHTML=xsltproc --nonet --xinclude \
134
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
65
135
--param make.year.ranges 1 \
66
136
--param make.single.year.ranges 1 \
67
137
--param man.output.quietly 1 \
69
139
--param citerefentry.link 1 \
70
140
--output $@ \
71
141
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
72
$<; $(HTMLPOST) $@
142
$<; $(HTMLPOST) $@)
73
143
# Fix citerefentry links
74
HTMLPOST=$(SED) --in-place \
144
HTMLPOST:=$(SED) --in-place \
75
145
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
76
146
77
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
78
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
79
CPROGS=plugin-runner $(PLUGINS)
80
PROGS=mandos mandos-keygen mandos-ctl $(CPROGS)
81
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
147
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
148
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
149
plugins.d/plymouth
150
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
151
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
152
$(PLUGIN_HELPERS)
153
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
154
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
155
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
156
dracut-module/password-agent.8mandos \
82
157
plugins.d/mandos-client.8mandos \
83
plugins.d/password-prompt.8mandos mandos.conf.5 \
84
plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
85
plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
86
87
htmldocs=$(addsuffix .xhtml,$(DOCS))
88
89
objects=$(addsuffix .o,$(CPROGS))
90
158
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
159
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
160
plugins.d/plymouth.8mandos intro.8mandos
161
162
htmldocs:=$(addsuffix .xhtml,$(DOCS))
163
164
objects:=$(addsuffix .o,$(CPROGS))
165
166
.PHONY: all
91
167
all: $(PROGS) mandos.lsm
92
168
169
.PHONY: doc
93
170
doc: $(DOCS)
94
171
172
.PHONY: html
95
173
html: $(htmldocs)
96
174
97
175
%.5: %.xml common.ent legalnotice.xml
109
187
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
110
188
$(DOCBOOKTOHTML)
111
189
190
intro.8mandos: intro.xml common.ent legalnotice.xml
191
$(DOCBOOKTOMAN)
192
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
193
$(DOCBOOKTOHTML)
194
112
195
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
113
196
legalnotice.xml
114
197
$(DOCBOOKTOMAN)
123
206
legalnotice.xml
124
207
$(DOCBOOKTOHTML)
125
208
209
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
210
legalnotice.xml
211
$(DOCBOOKTOMAN)
212
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
213
legalnotice.xml
214
$(DOCBOOKTOHTML)
215
216
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
217
legalnotice.xml
218
$(DOCBOOKTOMAN)
219
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
220
legalnotice.xml
221
$(DOCBOOKTOHTML)
222
126
223
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
127
224
legalnotice.xml
128
225
$(DOCBOOKTOMAN)
137
234
overview.xml legalnotice.xml
138
235
$(DOCBOOKTOHTML)
139
236
237
dracut-module/password-agent.8mandos: \
238
dracut-module/password-agent.xml common.ent \
239
overview.xml legalnotice.xml
240
$(DOCBOOKTOMAN)
241
dracut-module/password-agent.8mandos.xhtml: \
242
dracut-module/password-agent.xml common.ent \
243
overview.xml legalnotice.xml
244
$(DOCBOOKTOHTML)
245
140
246
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
141
247
common.ent \
142
248
mandos-options.xml \
150
256
151
257
# Update all these files with version number $(version)
152
258
common.ent: Makefile
153
$(SED) --in-place \
154
--expression='s/^\(<ENTITY VERSION "\)[^"]*">$$/\1$(version)"/' \
155
$@
259
$(strip $(SED) --in-place \
260
--expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
261
$@)
156
262
157
263
mandos: Makefile
158
$(SED) --in-place \
264
$(strip $(SED) --in-place \
159
265
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
160
$@
266
$@)
161
267
162
268
mandos-keygen: Makefile
163
$(SED) --in-place \
269
$(strip $(SED) --in-place \
164
270
--expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
165
$@
271
$@)
166
272
167
273
mandos-ctl: Makefile
168
$(SED) --in-place \
169
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
170
$@
274
$(strip $(SED) --in-place \
275
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
276
$@)
277
278
mandos-monitor: Makefile
279
$(strip $(SED) --in-place \
280
--expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
281
$@)
171
282
172
283
mandos.lsm: Makefile
173
$(SED) --in-place \
284
$(strip $(SED) --in-place \
174
285
--expression='s/^\(Version:\).*/\1\t$(version)/' \
175
$@
176
$(SED) --in-place \
286
$@)
287
$(strip $(SED) --in-place \
177
288
--expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
178
$@
179
$(SED) --in-place \
289
$@)
290
$(strip $(SED) --in-place \
180
291
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
181
$@
182
183
plugins.d/mandos-client: plugins.d/mandos-client.o
184
$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
185
$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
186
187
.PHONY : all doc html clean distclean run-client run-server install \
188
install-server install-client uninstall uninstall-server \
189
uninstall-client purge purge-server purge-client
190
292
$@)
293
294
# Does the linker support the --no-warn-execstack option?
295
ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)
296
# These programs use nested functions, which uses an executable stack
297
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
298
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
299
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
300
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
301
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
302
endif
303
304
# Need to add the GnuTLS, Avahi and GPGME libraries
305
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
306
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
307
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
308
) $(AVAHI_LIBS) $(GPGME_LIBS)
309
310
# Need to add the libnl-route library
311
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
312
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
313
314
# Need to add the GLib and pthread libraries
315
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
316
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
317
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
318
319
.PHONY: clean
191
320
clean:
192
321
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
193
322
323
.PHONY: distclean
194
324
distclean: clean
325
.PHONY: mostlyclean
195
326
mostlyclean: clean
327
.PHONY: maintainer-clean
196
328
maintainer-clean: clean
197
-rm --force --recursive keydir confdir
329
-rm --force --recursive keydir confdir statedir
198
330
199
check: all
331
.PHONY: check
332
check: all
200
333
./mandos --check
334
./mandos-ctl --check
335
./mandos-keygen --version
336
./plugin-runner --version
337
./plugin-helpers/mandos-client-iprouteadddel --version
338
./dracut-module/password-agent --test
201
339
202
340
# Run the client with a local config and key
203
run-client: all keydir/seckey.txt keydir/pubkey.txt
341
.PHONY: run-client
342
run-client: all keydir/seckey.txt keydir/pubkey.txt \
343
keydir/tls-privkey.pem keydir/tls-pubkey.pem
344
@echo '######################################################'
345
@echo '# The following error messages are harmless and can #'
346
@echo '# be safely ignored: #'
347
@echo '## From plugin-runner: #'
348
@echo '# setgid: Operation not permitted #'
349
@echo '# setuid: Operation not permitted #'
350
@echo '## From askpass-fifo: #'
351
@echo '# mkfifo: Permission denied #'
352
@echo '## From mandos-client: #'
353
@echo '# Failed to raise privileges: Operation not permi... #'
354
@echo '# Warning: network hook "*" exited with status * #'
355
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
356
@echo '# Failed to bring up interface "*": Operation not... #'
357
@echo '# #'
358
@echo '# (The messages are caused by not running as root, #'
359
@echo '# but you should NOT run "make run-client" as root #'
360
@echo '# unless you also unpacked and compiled Mandos as #'
361
@echo '# root, which is also NOT recommended.) #'
362
@echo '######################################################'
363
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
204
364
./plugin-runner --plugin-dir=plugins.d \
365
--plugin-helper-dir=plugin-helpers \
205
366
--config-file=plugin-runner.conf \
206
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
367
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
368
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
207
369
$(CLIENTARGS)
208
370
209
371
# Used by run-client
210
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
372
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
211
373
install --directory keydir
212
374
./mandos-keygen --dir keydir --force
375
if ! [ -e keydir/tls-privkey.pem ]; then \
376
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
377
fi
378
if ! [ -e keydir/tls-pubkey.pem ]; then \
379
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
380
fi
213
381
214
382
# Run the server with a local config
215
run-server: confdir/mandos.conf confdir/clients.conf
216
./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
383
.PHONY: run-server
384
run-server: confdir/mandos.conf confdir/clients.conf statedir
385
./mandos --debug --no-dbus --configdir=confdir \
386
--statedir=statedir $(SERVERARGS)
217
387
218
388
# Used by run-server
219
389
confdir/mandos.conf: mandos.conf
220
install --directory confdir
221
install --mode=u=rw,go=r $^ $@
222
confdir/clients.conf: clients.conf keydir/seckey.txt
223
install --directory confdir
224
install --mode=u=rw $< $@
390
install -D --mode=u=rw,go=r $^ $@
391
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
392
install -D --mode=u=rw $< $@
225
393
# Add a client password
226
./mandos-keygen --dir keydir --password >> $@
394
./mandos-keygen --dir keydir --password --no-ssh >> $@
395
statedir:
396
install --directory statedir
227
397
398
.PHONY: install
228
399
install: install-server install-client-nokey
229
400
401
.PHONY: install-html
230
402
install-html: html
231
install --directory $(htmldir)
232
install --mode=u=rw,go=r --target-directory=$(htmldir) \
403
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
233
404
$(htmldocs)
234
405
406
.PHONY: install-server
235
407
install-server: doc
408
if install --directory --mode=u=rwx --owner=$(USER) \
409
--group=$(GROUP) $(STATEDIR); then \
410
:; \
411
elif install --directory --mode=u=rwx $(STATEDIR); then \
412
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
413
fi
414
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
415
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
416
$(TMPFILES)/mandos.conf; \
417
fi
418
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
419
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
420
$(SYSUSERS)/mandos.conf; \
421
fi
422
install --directory $(BINDIR)
423
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos
424
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
425
mandos-ctl
426
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
427
mandos-monitor
236
428
install --directory $(CONFDIR)
237
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
238
429
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
239
430
mandos.conf
240
431
install --mode=u=rw --target-directory=$(CONFDIR) \
241
432
clients.conf
242
install --mode=u=rwx,go=rx init.d-mandos \
433
install -D --mode=u=rw,go=r dbus-mandos.conf \
434
$(DBUSPOLICYDIR)/mandos.conf
435
install -D --mode=u=rwx,go=rx init.d-mandos \
243
436
$(DESTDIR)/etc/init.d/mandos
244
install --mode=u=rw,go=r default-mandos \
437
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
438
install -D --mode=u=rw,go=r mandos.service \
439
$(SYSTEMD); \
440
fi
441
install -D --mode=u=rw,go=r default-mandos \
245
442
$(DESTDIR)/etc/default/mandos
246
443
if [ -z $(DESTDIR) ]; then \
247
444
update-rc.d mandos defaults 25 15;\
248
445
fi
446
install --directory $(MANDIR)/man8 $(MANDIR)/man5
249
447
gzip --best --to-stdout mandos.8 \
250
448
> $(MANDIR)/man8/mandos.8.gz
449
gzip --best --to-stdout mandos-monitor.8 \
450
> $(MANDIR)/man8/mandos-monitor.8.gz
451
gzip --best --to-stdout mandos-ctl.8 \
452
> $(MANDIR)/man8/mandos-ctl.8.gz
251
453
gzip --best --to-stdout mandos.conf.5 \
252
454
> $(MANDIR)/man5/mandos.conf.5.gz
253
455
gzip --best --to-stdout mandos-clients.conf.5 \
254
456
> $(MANDIR)/man5/mandos-clients.conf.5.gz
457
gzip --best --to-stdout intro.8mandos \
458
> $(MANDIR)/man8/intro.8mandos.gz
255
459
460
.PHONY: install-client-nokey
256
461
install-client-nokey: all doc
257
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
258
462
install --directory --mode=u=rwx $(KEYDIR) \
259
$(PREFIX)/lib/mandos/plugins.d
260
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
261
install --mode=u=rwx \
262
--directory "$(CONFDIR)/plugins.d"; \
263
fi
264
install --mode=u=rwx,go=rx \
265
--target-directory=$(PREFIX)/lib/mandos plugin-runner
266
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
463
$(LIBDIR)/mandos/plugins.d \
464
$(LIBDIR)/mandos/plugin-helpers
465
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
466
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
467
$(SYSUSERS)/mandos-client.conf; \
468
fi
469
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
470
install --directory \
471
--mode=u=rwx "$(CONFDIR)/plugins.d" \
472
"$(CONFDIR)/plugin-helpers"; \
473
fi
474
install --directory --mode=u=rwx,go=rx \
475
"$(CONFDIR)/network-hooks.d"
476
install --mode=u=rwx,go=rx \
477
--target-directory=$(LIBDIR)/mandos plugin-runner
478
install --mode=u=rwx,go=rx \
479
--target-directory=$(LIBDIR)/mandos \
480
mandos-to-cryptroot-unlock
481
install --directory $(BINDIR)
482
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
267
483
mandos-keygen
268
484
install --mode=u=rwx,go=rx \
269
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
485
--target-directory=$(LIBDIR)/mandos/plugins.d \
270
486
plugins.d/password-prompt
271
487
install --mode=u=rwxs,go=rx \
272
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
488
--target-directory=$(LIBDIR)/mandos/plugins.d \
273
489
plugins.d/mandos-client
274
490
install --mode=u=rwxs,go=rx \
275
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
491
--target-directory=$(LIBDIR)/mandos/plugins.d \
276
492
plugins.d/usplash
277
493
install --mode=u=rwxs,go=rx \
278
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
494
--target-directory=$(LIBDIR)/mandos/plugins.d \
279
495
plugins.d/splashy
280
496
install --mode=u=rwxs,go=rx \
281
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
497
--target-directory=$(LIBDIR)/mandos/plugins.d \
282
498
plugins.d/askpass-fifo
283
install initramfs-tools-hook \
499
install --mode=u=rwxs,go=rx \
500
--target-directory=$(LIBDIR)/mandos/plugins.d \
501
plugins.d/plymouth
502
install --mode=u=rwx,go=rx \
503
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
504
plugin-helpers/mandos-client-iprouteadddel
505
install -D initramfs-tools-hook \
284
506
$(INITRAMFSTOOLS)/hooks/mandos
285
install --mode=u=rw,go=r initramfs-tools-hook-conf \
286
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
287
install initramfs-tools-script \
507
install -D --mode=u=rw,go=r initramfs-tools-conf \
508
$(INITRAMFSTOOLS)/conf.d/mandos-conf
509
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
510
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
511
install -D initramfs-tools-script \
288
512
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
513
install -D initramfs-tools-script-stop \
514
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
515
install -D --mode=u=rw,go=r \
516
--target-directory=$(DRACUTMODULE) \
517
dracut-module/ask-password-mandos.path \
518
dracut-module/ask-password-mandos.service
519
install --mode=u=rwxs,go=rx \
520
--target-directory=$(DRACUTMODULE) \
521
dracut-module/module-setup.sh \
522
dracut-module/cmdline-mandos.sh \
523
dracut-module/password-agent
289
524
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
525
install --directory $(MANDIR)/man8
290
526
gzip --best --to-stdout mandos-keygen.8 \
291
527
> $(MANDIR)/man8/mandos-keygen.8.gz
292
528
gzip --best --to-stdout plugin-runner.8mandos \
293
529
> $(MANDIR)/man8/plugin-runner.8mandos.gz
530
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
531
> $(MANDIR)/man8/mandos-client.8mandos.gz
294
532
gzip --best --to-stdout plugins.d/password-prompt.8mandos \
295
533
> $(MANDIR)/man8/password-prompt.8mandos.gz
296
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
297
> $(MANDIR)/man8/mandos-client.8mandos.gz
298
534
gzip --best --to-stdout plugins.d/usplash.8mandos \
299
535
> $(MANDIR)/man8/usplash.8mandos.gz
300
536
gzip --best --to-stdout plugins.d/splashy.8mandos \
301
537
> $(MANDIR)/man8/splashy.8mandos.gz
302
538
gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
303
539
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
540
gzip --best --to-stdout plugins.d/plymouth.8mandos \
541
> $(MANDIR)/man8/plymouth.8mandos.gz
542
gzip --best --to-stdout dracut-module/password-agent.8mandos \
543
> $(MANDIR)/man8/password-agent.8mandos.gz
304
544
545
.PHONY: install-client
305
546
install-client: install-client-nokey
306
547
# Post-installation stuff
307
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
308
update-initramfs -k all -u
548
-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"
549
if command -v update-initramfs >/dev/null; then \
550
update-initramfs -k all -u; \
551
elif command -v dracut >/dev/null; then \
552
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
553
if [ -w "$$initrd" ]; then \
554
chmod go-r "$$initrd"; \
555
dracut --force "$$initrd"; \
556
fi; \
557
done; \
558
fi
309
559
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
310
560
561
.PHONY: uninstall
311
562
uninstall: uninstall-server uninstall-client
312
563
564
.PHONY: uninstall-server
313
565
uninstall-server:
314
-rm --force $(PREFIX)/sbin/mandos \
566
-rm --force $(BINDIR)/mandos \
567
$(BINDIR)/mandos-ctl \
568
$(BINDIR)/mandos-monitor \
315
569
$(MANDIR)/man8/mandos.8.gz \
570
$(MANDIR)/man8/mandos-monitor.8.gz \
571
$(MANDIR)/man8/mandos-ctl.8.gz \
316
572
$(MANDIR)/man5/mandos.conf.5.gz \
317
573
$(MANDIR)/man5/mandos-clients.conf.5.gz
318
574
update-rc.d -f mandos remove
319
575
-rmdir $(CONFDIR)
320
576
577
.PHONY: uninstall-client
321
578
uninstall-client:
322
579
# Refuse to uninstall client if /etc/crypttab is explicitly configured
323
580
# to use it.
324
581
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
325
582
$(DESTDIR)/etc/crypttab
326
-rm --force $(PREFIX)/sbin/mandos-keygen \
327
$(PREFIX)/lib/mandos/plugin-runner \
328
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
329
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
330
$(PREFIX)/lib/mandos/plugins.d/usplash \
331
$(PREFIX)/lib/mandos/plugins.d/splashy \
332
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
583
-rm --force $(BINDIR)/mandos-keygen \
584
$(LIBDIR)/mandos/plugin-runner \
585
$(LIBDIR)/mandos/plugins.d/password-prompt \
586
$(LIBDIR)/mandos/plugins.d/mandos-client \
587
$(LIBDIR)/mandos/plugins.d/usplash \
588
$(LIBDIR)/mandos/plugins.d/splashy \
589
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
590
$(LIBDIR)/mandos/plugins.d/plymouth \
333
591
$(INITRAMFSTOOLS)/hooks/mandos \
334
592
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
335
593
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
594
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
595
$(DRACUTMODULE)/ask-password-mandos.path \
596
$(DRACUTMODULE)/ask-password-mandos.service \
597
$(DRACUTMODULE)/module-setup.sh \
598
$(DRACUTMODULE)/cmdline-mandos.sh \
599
$(DRACUTMODULE)/password-agent \
600
$(MANDIR)/man8/mandos-keygen.8.gz \
336
601
$(MANDIR)/man8/plugin-runner.8mandos.gz \
337
$(MANDIR)/man8/mandos-keygen.8.gz \
602
$(MANDIR)/man8/mandos-client.8mandos.gz
338
603
$(MANDIR)/man8/password-prompt.8mandos.gz \
339
604
$(MANDIR)/man8/usplash.8mandos.gz \
340
605
$(MANDIR)/man8/splashy.8mandos.gz \
341
606
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
342
$(MANDIR)/man8/mandos-client.8mandos.gz
343
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
344
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
345
update-initramfs -k all -u
607
$(MANDIR)/man8/plymouth.8mandos.gz \
608
$(MANDIR)/man8/password-agent.8mandos.gz \
609
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
610
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
611
if command -v update-initramfs >/dev/null; then \
612
update-initramfs -k all -u; \
613
elif command -v dracut >/dev/null; then \
614
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
615
test -w "$$initrd" && dracut --force "$$initrd"; \
616
done; \
617
fi
346
618
619
.PHONY: purge
347
620
purge: purge-server purge-client
348
621
622
.PHONY: purge-server
349
623
purge-server: uninstall-server
350
624
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
625
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
351
626
$(DESTDIR)/etc/default/mandos \
352
627
$(DESTDIR)/etc/init.d/mandos \
628
$(DESTDIR)/run/mandos.pid \
353
629
$(DESTDIR)/var/run/mandos.pid
630
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
631
-rm --force -- $(SYSTEMD)/mandos.service; \
632
fi
354
633
-rmdir $(CONFDIR)
355
634
635
.PHONY: purge-client
356
636
purge-client: uninstall-client
357
-shred --remove $(KEYDIR)/seckey.txt
637
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
358
638
-rm --force $(CONFDIR)/plugin-runner.conf \
359
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
639
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
640
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
360
641
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0