/mandos/release : revision 237.7.89

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (237.17.9 wireless-network-hook)
mto: (237.7.109 trunk) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 290.
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files removed:
bugs.xml

debian/mandos-client.examples

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

mandos.service

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Winline -Wvolatile-register-var

# -Wunreachable-code

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# For info about _FORTIFY_SOURCE, see

# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

# Check which sanitizing options can be used

SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \

-o /dev/null >/dev/null 2>&1 && echo $(option)))

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

htmldir=man

version=1.7.6

version=1.4.1

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX=$(DESTDIR)/usr/local

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \

$(GPGME_CFLAGS) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

# Commands to format a DocBook <refentry> document into a manual page

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

--param make.single.year.ranges 1 \

100

--param man.output.quietly 1 \

101

--param man.authors.section.enabled 0 \

102

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

103

$(notdir $<); \

104

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

105

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

106

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

107

fi >/dev/null)

$(MANPOST) $(notdir $@);\

LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \

--local-file $(notdir $@) >/dev/null)

# DocBook-to-man post-processing to fix a '\n' escape bug

MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

108

109

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

110

--param make.year.ranges 1 \

122

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

123

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

124

plugins.d/plymouth

125

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

126

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

CPROGS=plugin-runner $(PLUGINS)

127

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

128

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

129

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

256

225

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

257

226

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

258

227

259

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

260

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

261

) $(LOADLIBES) $(LDLIBS) -o $@

262

263

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

264

check run-client run-server install install-html \

265

install-server install-client-nokey install-client uninstall \

266

uninstall-server uninstall-client purge purge-server \

267

purge-client

228

.PHONY : all doc html clean distclean run-client run-server install \

229

install-server install-client uninstall uninstall-server \

230

uninstall-client purge purge-server purge-client

268

231

269

232

clean:

270

233

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

276

239

277

240

check: all

278

241

./mandos --check

279

./mandos-ctl --check

280

242

281

243

# Run the client with a local config and key

282

244

run-client: all keydir/seckey.txt keydir/pubkey.txt

285

247

@echo "# ignored. The messages are caused by not running as root, but #"

286

248

@echo "# you should NOT run \"make run-client\" as root unless you also #"

287

249

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

288

@echo "# From plugin-runner: setgid: Operation not permitted #"

289

@echo "# setuid: Operation not permitted #"

250

@echo "# From plugin-runner: setuid: Operation not permitted #"

290

251

@echo "# From askpass-fifo: mkfifo: Permission denied #"

291

@echo "# From mandos-client: #"

292

@echo "# Failed to raise privileges: Operation not permitted #"

293

@echo "# Warning: network hook \"*\" exited with status * #"

252

@echo "# From mandos-client: setuid: Operation not permitted #"

253

@echo "# seteuid: Operation not permitted #"

254

@echo "# klogctl: Operation not permitted #"

294

255

@echo "###################################################################"

295

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

296

256

./plugin-runner --plugin-dir=plugins.d \

297

--plugin-helper-dir=plugin-helpers \

298

257

--config-file=plugin-runner.conf \

299

258

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

300

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

301

259

$(CLIENTARGS)

302

260

303

261

# Used by run-client

306

264

./mandos-keygen --dir keydir --force

307

265

308

266

# Run the server with a local config

309

run-server: confdir/mandos.conf confdir/clients.conf statedir

267

run-server: confdir/mandos.conf confdir/clients.conf

310

268

./mandos --debug --no-dbus --configdir=confdir \

311

269

--statedir=statedir $(SERVERARGS)

312

270

318

276

install --directory confdir

319

277

install --mode=u=rw $< $@

320

278

# Add a client password

321

./mandos-keygen --dir keydir --password --no-ssh >> $@

279

./mandos-keygen --dir keydir --password >> $@

322

280

statedir:

323

281

install --directory statedir

324

282

331

289

332

290

install-server: doc

333

291

install --directory $(CONFDIR)

334

if install --directory --mode=u=rwx --owner=$(USER) \

335

--group=$(GROUP) $(STATEDIR); then \

336

:; \

337

elif install --directory --mode=u=rwx $(STATEDIR); then \

338

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

339

292

install --directory --mode=u=rwx --owner=$(USER) \

293

--group=$(GROUP) $(STATEDIR)

340

294

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

341

295

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

342

296

mandos-ctl

350

304

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

351

305

install --mode=u=rwx,go=rx init.d-mandos \

352

306

$(DESTDIR)/etc/init.d/mandos

353

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

354

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

355

356

307

install --mode=u=rw,go=r default-mandos \

357

308

$(DESTDIR)/etc/default/mandos

358

309

if [ -z $(DESTDIR) ]; then \

368

319

> $(MANDIR)/man5/mandos.conf.5.gz

369

320

gzip --best --to-stdout mandos-clients.conf.5 \

370

321

> $(MANDIR)/man5/mandos-clients.conf.5.gz

371

gzip --best --to-stdout intro.8mandos \

372

> $(MANDIR)/man8/intro.8mandos.gz

373

322

374

323

install-client-nokey: all doc

375

install --directory $(LIBDIR)/mandos $(CONFDIR)

324

install --directory $(PREFIX)/lib/mandos $(CONFDIR)

376

325

install --directory --mode=u=rwx $(KEYDIR) \

377

$(LIBDIR)/mandos/plugins.d \

378

$(LIBDIR)/mandos/plugin-helpers

379

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

326

$(PREFIX)/lib/mandos/plugins.d

327

if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \

380

328

install --mode=u=rwx \

381

329

--directory "$(CONFDIR)/plugins.d"; \

382

install --directory "$(CONFDIR)/plugin-helpers"; \

383

330

384

331

install --mode=u=rwx,go=rx --directory \

385

332

"$(CONFDIR)/network-hooks.d"

386

333

install --mode=u=rwx,go=rx \

387

--target-directory=$(LIBDIR)/mandos plugin-runner

334

--target-directory=$(PREFIX)/lib/mandos plugin-runner

388

335

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

389

336

mandos-keygen

390

337

install --mode=u=rwx,go=rx \

391

--target-directory=$(LIBDIR)/mandos/plugins.d \

338

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

392

339

plugins.d/password-prompt

393

340

install --mode=u=rwxs,go=rx \

394

--target-directory=$(LIBDIR)/mandos/plugins.d \

341

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

395

342

plugins.d/mandos-client

396

343

install --mode=u=rwxs,go=rx \

397

--target-directory=$(LIBDIR)/mandos/plugins.d \

344

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

398

345

plugins.d/usplash

399

346

install --mode=u=rwxs,go=rx \

400

--target-directory=$(LIBDIR)/mandos/plugins.d \

347

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

401

348

plugins.d/splashy

402

349

install --mode=u=rwxs,go=rx \

403

--target-directory=$(LIBDIR)/mandos/plugins.d \

350

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

404

351

plugins.d/askpass-fifo

405

352

install --mode=u=rwxs,go=rx \

406

--target-directory=$(LIBDIR)/mandos/plugins.d \

353

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

407

354

plugins.d/plymouth

408

install --mode=u=rwxs,go=rx \

409

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

410

plugin-helpers/mandos-client-iprouteadddel

411

355

install initramfs-tools-hook \

412

356

$(INITRAMFSTOOLS)/hooks/mandos

413

357

install --mode=u=rw,go=r initramfs-tools-hook-conf \

458

402

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

459

403

$(DESTDIR)/etc/crypttab

460

404

-rm --force $(PREFIX)/sbin/mandos-keygen \

461

$(LIBDIR)/mandos/plugin-runner \

462

$(LIBDIR)/mandos/plugins.d/password-prompt \

463

$(LIBDIR)/mandos/plugins.d/mandos-client \

464

$(LIBDIR)/mandos/plugins.d/usplash \

465

$(LIBDIR)/mandos/plugins.d/splashy \

466

$(LIBDIR)/mandos/plugins.d/askpass-fifo \

467

$(LIBDIR)/mandos/plugins.d/plymouth \

405

$(PREFIX)/lib/mandos/plugin-runner \

406

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

407

$(PREFIX)/lib/mandos/plugins.d/mandos-client \

408

$(PREFIX)/lib/mandos/plugins.d/usplash \

409

$(PREFIX)/lib/mandos/plugins.d/splashy \

410

$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \

411

$(PREFIX)/lib/mandos/plugins.d/plymouth \

468

412

$(INITRAMFSTOOLS)/hooks/mandos \

469

413

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

470

414

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

476

420

$(MANDIR)/man8/splashy.8mandos.gz \

477

421

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

478

422

$(MANDIR)/man8/plymouth.8mandos.gz \

479

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

480

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

423

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

424

$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)

481

425

update-initramfs -k all -u

482

426

483

427

purge: purge-server purge-client

487

431

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

488

432

$(DESTDIR)/etc/default/mandos \

489

433

$(DESTDIR)/etc/init.d/mandos \

490

$(SYSTEMD)/mandos.service \

491

$(DESTDIR)/run/mandos.pid \

492

434

$(DESTDIR)/var/run/mandos.pid

493

435

-rmdir $(CONFDIR)

494

436

Older »