To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 237.7.860
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.860
- Committer: Teddy Hogeborn
- Date: 2024-11-17 18:43:11 UTC
- mto: This revision was merged to the branch mainline in revision 412.
- Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g
Debian package: Avoid suggesting a C compiler unnecessarily
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
- files added:
- debian/mandos.maintscript
- files modified:
- .bzrignore
added
removed
Makefile
29
29
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
FEATURES:=-D_FILE_OFFSET_BITS=64
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
version:=1.8.9
47
version:=1.8.17
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
56
57
57
58
## Use these settings for a traditional /usr/local install
58
59
# PREFIX:=$(DESTDIR)/usr/local
60
# BINDIR:=$(PREFIX)/sbin
59
61
# CONFDIR:=$(DESTDIR)/etc/mandos
60
62
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
63
# MANDIR:=$(PREFIX)/man
63
65
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
66
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
67
# LIBDIR:=$(PREFIX)/lib
68
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
69
##
67
70
68
71
## These settings are for a package-type install
69
72
PREFIX:=$(DESTDIR)/usr
73
BINDIR:=$(PREFIX)/sbin
70
74
CONFDIR:=$(DESTDIR)/etc/mandos
71
75
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
76
MANDIR:=$(PREFIX)/share/man
83
87
break; \
84
88
fi; \
85
89
done)
90
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
91
##
87
92
88
93
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
101
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
102
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
103
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
104
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
105
|| gpgme-config --cflags; getconf LFS_CFLAGS)
106
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
107
|| gpgme-config --libs; getconf LFS_LIBS; \
101
108
getconf LFS_LDFLAGS)
102
109
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
110
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
113
107
114
# Do not change these two
108
115
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
116
$(LANGUAGE) -DVERSION='"$(version)"'
110
117
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
118
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
119
284
291
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
285
292
$@)
286
293
294
# Does the linker support the --no-warn-execstack option?
295
ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)
296
# These programs use nested functions, which uses an executable stack
297
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
298
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
299
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
300
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
301
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
302
endif
303
287
304
# Need to add the GnuTLS, Avahi and GPGME libraries
288
305
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
306
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
296
313
297
314
# Need to add the GLib and pthread libraries
298
315
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
316
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
299
317
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
318
301
319
.PHONY: clean
369
387
370
388
# Used by run-server
371
389
confdir/mandos.conf: mandos.conf
372
install --directory confdir
373
install --mode=u=rw,go=r $^ $@
390
install -D --mode=u=rw,go=r $^ $@
374
391
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
375
install --directory confdir
376
install --mode=u=rw $< $@
392
install -D --mode=u=rw $< $@
377
393
# Add a client password
378
394
./mandos-keygen --dir keydir --password --no-ssh >> $@
379
395
statedir:
384
400
385
401
.PHONY: install-html
386
402
install-html: html
387
install --directory $(htmldir)
388
install --mode=u=rw,go=r --target-directory=$(htmldir) \
403
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
389
404
$(htmldocs)
390
405
391
406
.PHONY: install-server
392
407
install-server: doc
393
install --directory $(CONFDIR)
394
408
if install --directory --mode=u=rwx --owner=$(USER) \
395
409
--group=$(GROUP) $(STATEDIR); then \
396
410
:; \
397
411
elif install --directory --mode=u=rwx $(STATEDIR); then \
398
412
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
399
413
fi
400
if [ "$(TMPFILES)" != "$(DESTDIR)" \
401
-a -d "$(TMPFILES)" ]; then \
402
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
414
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
415
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
403
416
$(TMPFILES)/mandos.conf; \
404
417
fi
405
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
406
-a -d "$(SYSUSERS)" ]; then \
407
install --mode=u=rw,go=r sysusers.d-mandos.conf \
418
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
419
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
408
420
$(SYSUSERS)/mandos.conf; \
409
421
fi
410
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
411
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
422
install --directory $(BINDIR)
423
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos
424
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
412
425
mandos-ctl
413
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
426
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
414
427
mandos-monitor
428
install --directory $(CONFDIR)
415
429
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
416
430
mandos.conf
417
431
install --mode=u=rw --target-directory=$(CONFDIR) \
418
432
clients.conf
419
install --mode=u=rw,go=r dbus-mandos.conf \
420
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
421
install --mode=u=rwx,go=rx init.d-mandos \
433
install -D --mode=u=rw,go=r dbus-mandos.conf \
434
$(DBUSPOLICYDIR)/mandos.conf
435
install -D --mode=u=rwx,go=rx init.d-mandos \
422
436
$(DESTDIR)/etc/init.d/mandos
423
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
424
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
437
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
438
install -D --mode=u=rw,go=r mandos.service \
439
$(SYSTEMD); \
425
440
fi
426
install --mode=u=rw,go=r default-mandos \
441
install -D --mode=u=rw,go=r default-mandos \
427
442
$(DESTDIR)/etc/default/mandos
428
443
if [ -z $(DESTDIR) ]; then \
429
444
update-rc.d mandos defaults 25 15;\
430
445
fi
446
install --directory $(MANDIR)/man8 $(MANDIR)/man5
431
447
gzip --best --to-stdout mandos.8 \
432
448
> $(MANDIR)/man8/mandos.8.gz
433
449
gzip --best --to-stdout mandos-monitor.8 \
443
459
444
460
.PHONY: install-client-nokey
445
461
install-client-nokey: all doc
446
install --directory $(LIBDIR)/mandos $(CONFDIR)
447
462
install --directory --mode=u=rwx $(KEYDIR) \
448
463
$(LIBDIR)/mandos/plugins.d \
449
464
$(LIBDIR)/mandos/plugin-helpers
450
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
451
-a -d "$(SYSUSERS)" ]; then \
452
install --mode=u=rw,go=r sysusers.d-mandos.conf \
465
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
466
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
453
467
$(SYSUSERS)/mandos-client.conf; \
454
468
fi
455
469
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
456
install --mode=u=rwx \
457
--directory "$(CONFDIR)/plugins.d" \
470
install --directory \
471
--mode=u=rwx "$(CONFDIR)/plugins.d" \
458
472
"$(CONFDIR)/plugin-helpers"; \
459
473
fi
460
install --mode=u=rwx,go=rx --directory \
474
install --directory --mode=u=rwx,go=rx \
461
475
"$(CONFDIR)/network-hooks.d"
462
476
install --mode=u=rwx,go=rx \
463
477
--target-directory=$(LIBDIR)/mandos plugin-runner
464
478
install --mode=u=rwx,go=rx \
465
479
--target-directory=$(LIBDIR)/mandos \
466
480
mandos-to-cryptroot-unlock
467
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
481
install --directory $(BINDIR)
482
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
468
483
mandos-keygen
469
484
install --mode=u=rwx,go=rx \
470
485
--target-directory=$(LIBDIR)/mandos/plugins.d \
487
502
install --mode=u=rwx,go=rx \
488
503
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
489
504
plugin-helpers/mandos-client-iprouteadddel
490
install initramfs-tools-hook \
505
install -D initramfs-tools-hook \
491
506
$(INITRAMFSTOOLS)/hooks/mandos
492
install --mode=u=rw,go=r initramfs-tools-conf \
507
install -D --mode=u=rw,go=r initramfs-tools-conf \
493
508
$(INITRAMFSTOOLS)/conf.d/mandos-conf
494
install --mode=u=rw,go=r initramfs-tools-conf-hook \
509
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
495
510
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
496
install initramfs-tools-script \
511
install -D initramfs-tools-script \
497
512
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
498
install initramfs-tools-script-stop \
513
install -D initramfs-tools-script-stop \
499
514
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
500
install --directory $(DRACUTMODULE)
501
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
515
install -D --mode=u=rw,go=r \
516
--target-directory=$(DRACUTMODULE) \
502
517
dracut-module/ask-password-mandos.path \
503
518
dracut-module/ask-password-mandos.service
504
519
install --mode=u=rwxs,go=rx \
507
522
dracut-module/cmdline-mandos.sh \
508
523
dracut-module/password-agent
509
524
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
525
install --directory $(MANDIR)/man8
510
526
gzip --best --to-stdout mandos-keygen.8 \
511
527
> $(MANDIR)/man8/mandos-keygen.8.gz
512
528
gzip --best --to-stdout plugin-runner.8mandos \
529
545
.PHONY: install-client
530
546
install-client: install-client-nokey
531
547
# Post-installation stuff
532
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
548
-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"
533
549
if command -v update-initramfs >/dev/null; then \
534
550
update-initramfs -k all -u; \
535
551
elif command -v dracut >/dev/null; then \
547
563
548
564
.PHONY: uninstall-server
549
565
uninstall-server:
550
-rm --force $(PREFIX)/sbin/mandos \
551
$(PREFIX)/sbin/mandos-ctl \
552
$(PREFIX)/sbin/mandos-monitor \
566
-rm --force $(BINDIR)/mandos \
567
$(BINDIR)/mandos-ctl \
568
$(BINDIR)/mandos-monitor \
553
569
$(MANDIR)/man8/mandos.8.gz \
554
570
$(MANDIR)/man8/mandos-monitor.8.gz \
555
571
$(MANDIR)/man8/mandos-ctl.8.gz \
564
580
# to use it.
565
581
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
566
582
$(DESTDIR)/etc/crypttab
567
-rm --force $(PREFIX)/sbin/mandos-keygen \
583
-rm --force $(BINDIR)/mandos-keygen \
568
584
$(LIBDIR)/mandos/plugin-runner \
569
585
$(LIBDIR)/mandos/plugins.d/password-prompt \
570
586
$(LIBDIR)/mandos/plugins.d/mandos-client \
609
625
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
610
626
$(DESTDIR)/etc/default/mandos \
611
627
$(DESTDIR)/etc/init.d/mandos \
612
$(SYSTEMD)/mandos.service \
613
628
$(DESTDIR)/run/mandos.pid \
614
629
$(DESTDIR)/var/run/mandos.pid
630
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
631
-rm --force -- $(SYSTEMD)/mandos.service; \
632
fi
615
633
-rmdir $(CONFDIR)
616
634
617
635
.PHONY: purge-client
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0