/mandos/release : revision 237.7.860

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-11-17 18:43:11 UTC
mto: This revision was merged to the branch mainline in revision 412.
Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g

Debian package: Avoid suggesting a C compiler unnecessarily

The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.

debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.15

version:=1.8.17

SED:=sed

PKG_CONFIG?=pkg-config

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# BINDIR:=$(PREFIX)/sbin

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

BINDIR:=$(PREFIX)/sbin

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

108

113

109

114

# Do not change these two

110

115

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

111

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

116

$(LANGUAGE) -DVERSION='"$(version)"'

112

117

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

113

118

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

114

119

286

291

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

287

292

$@)

288

293

294

# Does the linker support the --no-warn-execstack option?

295

ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)

296

# These programs use nested functions, which uses an executable stack

297

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

298

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

299

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

300

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

301

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

302

endif

303

289

304

# Need to add the GnuTLS, Avahi and GPGME libraries

290

305

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

291

306

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

372

387

373

388

# Used by run-server

374

389

confdir/mandos.conf: mandos.conf

375

install --directory confdir

376

install --mode=u=rw,go=r $^ $@

390

install -D --mode=u=rw,go=r $^ $@

377

391

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

378

install --directory confdir

379

install --mode=u=rw $< $@

392

install -D --mode=u=rw $< $@

380

393

# Add a client password

381

394

./mandos-keygen --dir keydir --password --no-ssh >> $@

382

395

statedir:

387

400

388

401

.PHONY: install-html

389

402

install-html: html

390

install --directory $(htmldir)

391

install --mode=u=rw,go=r --target-directory=$(htmldir) \

403

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

392

404

$(htmldocs)

393

405

394

406

.PHONY: install-server

395

407

install-server: doc

396

install --directory $(CONFDIR)

397

408

if install --directory --mode=u=rwx --owner=$(USER) \

398

409

--group=$(GROUP) $(STATEDIR); then \

399

410

:; \

400

411

elif install --directory --mode=u=rwx $(STATEDIR); then \

401

412

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

402

413

403

if [ "$(TMPFILES)" != "$(DESTDIR)" \

404

-a -d "$(TMPFILES)" ]; then \

405

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

414

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

415

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

406

416

$(TMPFILES)/mandos.conf; \

407

417

408

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

409

-a -d "$(SYSUSERS)" ]; then \

410

install --mode=u=rw,go=r sysusers.d-mandos.conf \

418

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

419

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

411

420

$(SYSUSERS)/mandos.conf; \

412

421

413

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

414

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

422

install --directory $(BINDIR)

423

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos

424

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

415

425

mandos-ctl

416

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

426

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

417

427

mandos-monitor

428

install --directory $(CONFDIR)

418

429

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

419

430

mandos.conf

420

431

install --mode=u=rw --target-directory=$(CONFDIR) \

421

432

clients.conf

422

install --mode=u=rw,go=r dbus-mandos.conf \

423

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

424

install --mode=u=rwx,go=rx init.d-mandos \

433

install -D --mode=u=rw,go=r dbus-mandos.conf \

434

$(DBUSPOLICYDIR)/mandos.conf

435

install -D --mode=u=rwx,go=rx init.d-mandos \

425

436

$(DESTDIR)/etc/init.d/mandos

426

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

427

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

437

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

438

install -D --mode=u=rw,go=r mandos.service \

439

$(SYSTEMD); \

428

440

429

install --mode=u=rw,go=r default-mandos \

441

install -D --mode=u=rw,go=r default-mandos \

430

442

$(DESTDIR)/etc/default/mandos

431

443

if [ -z $(DESTDIR) ]; then \

432

444

update-rc.d mandos defaults 25 15;\

433

445

446

install --directory $(MANDIR)/man8 $(MANDIR)/man5

434

447

gzip --best --to-stdout mandos.8 \

435

448

> $(MANDIR)/man8/mandos.8.gz

436

449

gzip --best --to-stdout mandos-monitor.8 \

446

459

447

460

.PHONY: install-client-nokey

448

461

install-client-nokey: all doc

449

install --directory $(LIBDIR)/mandos $(CONFDIR)

450

462

install --directory --mode=u=rwx $(KEYDIR) \

451

463

$(LIBDIR)/mandos/plugins.d \

452

464

$(LIBDIR)/mandos/plugin-helpers

453

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

454

-a -d "$(SYSUSERS)" ]; then \

455

install --mode=u=rw,go=r sysusers.d-mandos.conf \

465

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

466

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

456

467

$(SYSUSERS)/mandos-client.conf; \

457

468

458

469

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

459

install --mode=u=rwx \

460

--directory "$(CONFDIR)/plugins.d" \

470

install --directory \

471

--mode=u=rwx "$(CONFDIR)/plugins.d" \

461

472

"$(CONFDIR)/plugin-helpers"; \

462

473

463

install --mode=u=rwx,go=rx --directory \

474

install --directory --mode=u=rwx,go=rx \

464

475

"$(CONFDIR)/network-hooks.d"

465

476

install --mode=u=rwx,go=rx \

466

477

--target-directory=$(LIBDIR)/mandos plugin-runner

467

478

install --mode=u=rwx,go=rx \

468

479

--target-directory=$(LIBDIR)/mandos \

469

480

mandos-to-cryptroot-unlock

470

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

481

install --directory $(BINDIR)

482

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

471

483

mandos-keygen

472

484

install --mode=u=rwx,go=rx \

473

485

--target-directory=$(LIBDIR)/mandos/plugins.d \

490

502

install --mode=u=rwx,go=rx \

491

503

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

492

504

plugin-helpers/mandos-client-iprouteadddel

493

install initramfs-tools-hook \

505

install -D initramfs-tools-hook \

494

506

$(INITRAMFSTOOLS)/hooks/mandos

495

install --mode=u=rw,go=r initramfs-tools-conf \

507

install -D --mode=u=rw,go=r initramfs-tools-conf \

496

508

$(INITRAMFSTOOLS)/conf.d/mandos-conf

497

install --mode=u=rw,go=r initramfs-tools-conf-hook \

509

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

498

510

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

499

install initramfs-tools-script \

511

install -D initramfs-tools-script \

500

512

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

501

install initramfs-tools-script-stop \

513

install -D initramfs-tools-script-stop \

502

514

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

503

install --directory $(DRACUTMODULE)

504

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

515

install -D --mode=u=rw,go=r \

516

--target-directory=$(DRACUTMODULE) \

505

517

dracut-module/ask-password-mandos.path \

506

518

dracut-module/ask-password-mandos.service

507

519

install --mode=u=rwxs,go=rx \

510

522

dracut-module/cmdline-mandos.sh \

511

523

dracut-module/password-agent

512

524

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

525

install --directory $(MANDIR)/man8

513

526

gzip --best --to-stdout mandos-keygen.8 \

514

527

> $(MANDIR)/man8/mandos-keygen.8.gz

515

528

gzip --best --to-stdout plugin-runner.8mandos \

532

545

.PHONY: install-client

533

546

install-client: install-client-nokey

534

547

# Post-installation stuff

535

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

548

-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"

536

549

if command -v update-initramfs >/dev/null; then \

537

550

update-initramfs -k all -u; \

538

551

elif command -v dracut >/dev/null; then \

550

563

551

564

.PHONY: uninstall-server

552

565

uninstall-server:

553

-rm --force $(PREFIX)/sbin/mandos \

554

$(PREFIX)/sbin/mandos-ctl \

555

$(PREFIX)/sbin/mandos-monitor \

566

-rm --force $(BINDIR)/mandos \

567

$(BINDIR)/mandos-ctl \

568

$(BINDIR)/mandos-monitor \

556

569

$(MANDIR)/man8/mandos.8.gz \

557

570

$(MANDIR)/man8/mandos-monitor.8.gz \

558

571

$(MANDIR)/man8/mandos-ctl.8.gz \

567

580

# to use it.

568

581

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

569

582

$(DESTDIR)/etc/crypttab

570

-rm --force $(PREFIX)/sbin/mandos-keygen \

583

-rm --force $(BINDIR)/mandos-keygen \

571

584

$(LIBDIR)/mandos/plugin-runner \

572

585

$(LIBDIR)/mandos/plugins.d/password-prompt \

573

586

$(LIBDIR)/mandos/plugins.d/mandos-client \

612

625

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

613

626

$(DESTDIR)/etc/default/mandos \

614

627

$(DESTDIR)/etc/init.d/mandos \

615

$(SYSTEMD)/mandos.service \

616

628

$(DESTDIR)/run/mandos.pid \

617

629

$(DESTDIR)/var/run/mandos.pid

630

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

631

-rm --force -- $(SYSTEMD)/mandos.service; \

632

618

633

-rmdir $(CONFDIR)

619

634

620

635

.PHONY: purge-client

Older »