/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
 
2
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
 
3
        -Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
5
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
 
6
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
 
7
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
 
8
#       -Wunreachable-code
 
9
#DEBUG=-ggdb3
 
10
# For info about _FORTIFY_SOURCE, see
 
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
 
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
14
LINK_FORTIFY_LD=-z relro -z now
 
15
LINK_FORTIFY=
35
16
 
36
17
# If BROKEN_PIE is set, do not build with -pie
37
18
ifndef BROKEN_PIE
39
20
LINK_FORTIFY += -pie
40
21
endif
41
22
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
 
htmldir:=man
46
 
version:=1.8.9
47
 
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
 
 
50
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
 
        || getent passwd nobody || echo 65534)))
52
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
 
        || getent group nogroup || echo 65534)))
54
 
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
 
23
OPTIMIZE=-Os
 
24
LANGUAGE=-std=gnu99
 
25
htmldir=man
 
26
version=1.4.1
 
27
SED=sed
 
28
 
 
29
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
30
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
56
31
 
57
32
## Use these settings for a traditional /usr/local install
58
 
# PREFIX:=$(DESTDIR)/usr/local
59
 
# CONFDIR:=$(DESTDIR)/etc/mandos
60
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
 
# MANDIR:=$(PREFIX)/man
62
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
 
# LIBDIR:=$(PREFIX)/lib
 
33
# PREFIX=$(DESTDIR)/usr/local
 
34
# CONFDIR=$(DESTDIR)/etc/mandos
 
35
# KEYDIR=$(DESTDIR)/etc/mandos/keys
 
36
# MANDIR=$(PREFIX)/man
 
37
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
 
38
# STATEDIR=$(DESTDIR)/var/lib/mandos
66
39
##
67
40
 
68
41
## These settings are for a package-type install
69
 
PREFIX:=$(DESTDIR)/usr
70
 
CONFDIR:=$(DESTDIR)/etc/mandos
71
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
 
MANDIR:=$(PREFIX)/share/man
73
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
 
LIBDIR:=$(shell \
77
 
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
 
                        echo "$(DESTDIR)$$d"; \
83
 
                        break; \
84
 
                fi; \
85
 
        done)
 
42
PREFIX=$(DESTDIR)/usr
 
43
CONFDIR=$(DESTDIR)/etc/mandos
 
44
KEYDIR=$(DESTDIR)/etc/keys/mandos
 
45
MANDIR=$(PREFIX)/share/man
 
46
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
 
47
STATEDIR=$(DESTDIR)/var/lib/mandos
86
48
##
87
49
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
94
 
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
50
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
 
51
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
 
52
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
53
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
54
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
55
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
56
        getconf LFS_LDFLAGS)
102
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
106
57
 
107
58
# Do not change these two
108
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
110
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
59
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
60
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 
61
        -DVERSION='"$(version)"'
 
62
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
63
 
113
64
# Commands to format a DocBook <refentry> document into a manual page
114
65
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
117
68
        --param make.single.year.ranges         1 \
118
69
        --param man.output.quietly              1 \
119
70
        --param man.authors.section.enabled     0 \
120
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
71
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
121
72
        $(notdir $<); \
122
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
123
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
124
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
125
 
        $(notdir $@); fi >/dev/null)
 
73
        $(MANPOST) $(notdir $@);\
 
74
        LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \
 
75
        --local-file $(notdir $@) >/dev/null)
 
76
# DocBook-to-man post-processing to fix a '\n' escape bug
 
77
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
126
78
 
127
79
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
128
80
        --param make.year.ranges                1 \
134
86
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
135
87
        $<; $(HTMLPOST) $@)
136
88
# Fix citerefentry links
137
 
HTMLPOST:=$(SED) --in-place \
 
89
HTMLPOST=$(SED) --in-place \
138
90
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
139
91
 
140
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
 
92
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
141
93
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
142
94
        plugins.d/plymouth
143
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
144
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
145
 
        $(PLUGIN_HELPERS)
146
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
147
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
95
CPROGS=plugin-runner $(PLUGINS)
 
96
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
97
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
148
98
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
149
 
        dracut-module/password-agent.8mandos \
150
99
        plugins.d/mandos-client.8mandos \
151
100
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
152
101
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
153
102
        plugins.d/plymouth.8mandos intro.8mandos
154
103
 
155
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
156
 
 
157
 
objects:=$(addsuffix .o,$(CPROGS))
158
 
 
159
 
.PHONY: all
 
104
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
105
 
 
106
objects=$(addsuffix .o,$(CPROGS))
 
107
 
160
108
all: $(PROGS) mandos.lsm
161
109
 
162
 
.PHONY: doc
163
110
doc: $(DOCS)
164
111
 
165
 
.PHONY: html
166
112
html: $(htmldocs)
167
113
 
168
114
%.5: %.xml common.ent legalnotice.xml
227
173
                overview.xml legalnotice.xml
228
174
        $(DOCBOOKTOHTML)
229
175
 
230
 
dracut-module/password-agent.8mandos: \
231
 
                dracut-module/password-agent.xml common.ent \
232
 
                overview.xml legalnotice.xml
233
 
        $(DOCBOOKTOMAN)
234
 
dracut-module/password-agent.8mandos.xhtml: \
235
 
                dracut-module/password-agent.xml common.ent \
236
 
                overview.xml legalnotice.xml
237
 
        $(DOCBOOKTOHTML)
238
 
 
239
176
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
240
177
                                        common.ent \
241
178
                                        mandos-options.xml \
284
221
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
285
222
                $@)
286
223
 
287
 
# Need to add the GnuTLS, Avahi and GPGME libraries
288
 
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
 
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
290
 
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
291
 
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
292
 
 
293
 
# Need to add the libnl-route library
294
 
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
295
 
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
296
 
 
297
 
# Need to add the GLib and pthread libraries
298
 
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
299
 
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
 
 
301
 
.PHONY: clean
 
224
plugins.d/mandos-client: plugins.d/mandos-client.c
 
225
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
 
226
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
 
227
 
 
228
.PHONY : all doc html clean distclean run-client run-server install \
 
229
        install-server install-client uninstall uninstall-server \
 
230
        uninstall-client purge purge-server purge-client
 
231
 
302
232
clean:
303
233
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
304
234
 
305
 
.PHONY: distclean
306
235
distclean: clean
307
 
.PHONY: mostlyclean
308
236
mostlyclean: clean
309
 
.PHONY: maintainer-clean
310
237
maintainer-clean: clean
311
238
        -rm --force --recursive keydir confdir statedir
312
239
 
313
 
.PHONY: check
314
 
check: all
 
240
check:  all
315
241
        ./mandos --check
316
 
        ./mandos-ctl --check
317
 
        ./mandos-keygen --version
318
 
        ./plugin-runner --version
319
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
320
 
        ./dracut-module/password-agent --test
321
242
 
322
243
# Run the client with a local config and key
323
 
.PHONY: run-client
324
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
 
        @echo '######################################################'
327
 
        @echo '# The following error messages are harmless and can  #'
328
 
        @echo '#  be safely ignored:                                #'
329
 
        @echo '## From plugin-runner:                               #'
330
 
        @echo '# setgid: Operation not permitted                    #'
331
 
        @echo '# setuid: Operation not permitted                    #'
332
 
        @echo '## From askpass-fifo:                                #'
333
 
        @echo '# mkfifo: Permission denied                          #'
334
 
        @echo '## From mandos-client:                               #'
335
 
        @echo '# Failed to raise privileges: Operation not permi... #'
336
 
        @echo '# Warning: network hook "*" exited with status *     #'
337
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
 
        @echo '# Failed to bring up interface "*": Operation not... #'
339
 
        @echo '#                                                    #'
340
 
        @echo '# (The messages are caused by not running as root,   #'
341
 
        @echo '# but you should NOT run "make run-client" as root   #'
342
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
343
 
        @echo '# root, which is also NOT recommended.)              #'
344
 
        @echo '######################################################'
345
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 
244
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
245
        @echo "###################################################################"
 
246
        @echo "# The following error messages are harmless and can be safely     #"
 
247
        @echo "# ignored.  The messages are caused by not running as root, but   #"
 
248
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
 
249
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
 
250
        @echo "# From plugin-runner: setuid: Operation not permitted             #"
 
251
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
252
        @echo "# From mandos-client: setuid: Operation not permitted             #"
 
253
        @echo "#                     seteuid: Operation not permitted            #"
 
254
        @echo "#                     klogctl: Operation not permitted            #"
 
255
        @echo "###################################################################"
346
256
        ./plugin-runner --plugin-dir=plugins.d \
347
 
                --plugin-helper-dir=plugin-helpers \
348
257
                --config-file=plugin-runner.conf \
349
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
350
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
 
258
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
351
259
                $(CLIENTARGS)
352
260
 
353
261
# Used by run-client
354
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
262
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
355
263
        install --directory keydir
356
264
        ./mandos-keygen --dir keydir --force
357
 
        if ! [ -e keydir/tls-privkey.pem ]; then \
358
 
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
359
 
        fi
360
 
        if ! [ -e keydir/tls-pubkey.pem ]; then \
361
 
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
362
 
        fi
363
265
 
364
266
# Run the server with a local config
365
 
.PHONY: run-server
366
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
 
267
run-server: confdir/mandos.conf confdir/clients.conf
367
268
        ./mandos --debug --no-dbus --configdir=confdir \
368
269
                --statedir=statedir $(SERVERARGS)
369
270
 
371
272
confdir/mandos.conf: mandos.conf
372
273
        install --directory confdir
373
274
        install --mode=u=rw,go=r $^ $@
374
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
275
confdir/clients.conf: clients.conf keydir/seckey.txt
375
276
        install --directory confdir
376
277
        install --mode=u=rw $< $@
377
278
# Add a client password
378
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
279
        ./mandos-keygen --dir keydir --password >> $@
379
280
statedir:
380
281
        install --directory statedir
381
282
 
382
 
.PHONY: install
383
283
install: install-server install-client-nokey
384
284
 
385
 
.PHONY: install-html
386
285
install-html: html
387
286
        install --directory $(htmldir)
388
287
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
389
288
                $(htmldocs)
390
289
 
391
 
.PHONY: install-server
392
290
install-server: doc
393
291
        install --directory $(CONFDIR)
394
 
        if install --directory --mode=u=rwx --owner=$(USER) \
395
 
                --group=$(GROUP) $(STATEDIR); then \
396
 
                :; \
397
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
398
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
399
 
        fi
400
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
401
 
                        -a -d "$(TMPFILES)" ]; then \
402
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
403
 
                        $(TMPFILES)/mandos.conf; \
404
 
        fi
405
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
406
 
                        -a -d "$(SYSUSERS)" ]; then \
407
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
408
 
                        $(SYSUSERS)/mandos.conf; \
409
 
        fi
 
292
        install --directory --mode=u=rwx --owner=$(USER) \
 
293
                --group=$(GROUP) $(STATEDIR)
410
294
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
411
295
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
412
296
                mandos-ctl
420
304
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
421
305
        install --mode=u=rwx,go=rx init.d-mandos \
422
306
                $(DESTDIR)/etc/init.d/mandos
423
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
424
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
425
 
        fi
426
307
        install --mode=u=rw,go=r default-mandos \
427
308
                $(DESTDIR)/etc/default/mandos
428
309
        if [ -z $(DESTDIR) ]; then \
438
319
                > $(MANDIR)/man5/mandos.conf.5.gz
439
320
        gzip --best --to-stdout mandos-clients.conf.5 \
440
321
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
441
 
        gzip --best --to-stdout intro.8mandos \
442
 
                > $(MANDIR)/man8/intro.8mandos.gz
443
322
 
444
 
.PHONY: install-client-nokey
445
323
install-client-nokey: all doc
446
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
 
324
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
447
325
        install --directory --mode=u=rwx $(KEYDIR) \
448
 
                $(LIBDIR)/mandos/plugins.d \
449
 
                $(LIBDIR)/mandos/plugin-helpers
450
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
451
 
                        -a -d "$(SYSUSERS)" ]; then \
452
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
453
 
                        $(SYSUSERS)/mandos-client.conf; \
454
 
        fi
455
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
 
326
                $(PREFIX)/lib/mandos/plugins.d
 
327
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
456
328
                install --mode=u=rwx \
457
 
                        --directory "$(CONFDIR)/plugins.d" \
458
 
                        "$(CONFDIR)/plugin-helpers"; \
 
329
                        --directory "$(CONFDIR)/plugins.d"; \
459
330
        fi
460
331
        install --mode=u=rwx,go=rx --directory \
461
332
                "$(CONFDIR)/network-hooks.d"
462
333
        install --mode=u=rwx,go=rx \
463
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
464
 
        install --mode=u=rwx,go=rx \
465
 
                --target-directory=$(LIBDIR)/mandos \
466
 
                mandos-to-cryptroot-unlock
 
334
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
467
335
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
468
336
                mandos-keygen
469
337
        install --mode=u=rwx,go=rx \
470
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
338
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
471
339
                plugins.d/password-prompt
472
340
        install --mode=u=rwxs,go=rx \
473
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
341
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
474
342
                plugins.d/mandos-client
475
343
        install --mode=u=rwxs,go=rx \
476
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
344
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
477
345
                plugins.d/usplash
478
346
        install --mode=u=rwxs,go=rx \
479
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
347
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
480
348
                plugins.d/splashy
481
349
        install --mode=u=rwxs,go=rx \
482
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
350
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
483
351
                plugins.d/askpass-fifo
484
352
        install --mode=u=rwxs,go=rx \
485
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
353
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
486
354
                plugins.d/plymouth
487
 
        install --mode=u=rwx,go=rx \
488
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
489
 
                plugin-helpers/mandos-client-iprouteadddel
490
355
        install initramfs-tools-hook \
491
356
                $(INITRAMFSTOOLS)/hooks/mandos
492
 
        install --mode=u=rw,go=r initramfs-tools-conf \
493
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
494
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
495
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
357
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
358
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
496
359
        install initramfs-tools-script \
497
360
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
498
 
        install initramfs-tools-script-stop \
499
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
500
 
        install --directory $(DRACUTMODULE)
501
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
502
 
                dracut-module/ask-password-mandos.path \
503
 
                dracut-module/ask-password-mandos.service
504
 
        install --mode=u=rwxs,go=rx \
505
 
                --target-directory=$(DRACUTMODULE) \
506
 
                dracut-module/module-setup.sh \
507
 
                dracut-module/cmdline-mandos.sh \
508
 
                dracut-module/password-agent
509
361
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
510
362
        gzip --best --to-stdout mandos-keygen.8 \
511
363
                > $(MANDIR)/man8/mandos-keygen.8.gz
523
375
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
524
376
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
525
377
                > $(MANDIR)/man8/plymouth.8mandos.gz
526
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
527
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
528
378
 
529
 
.PHONY: install-client
530
379
install-client: install-client-nokey
531
380
# Post-installation stuff
532
381
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
533
 
        if command -v update-initramfs >/dev/null; then \
534
 
            update-initramfs -k all -u; \
535
 
        elif command -v dracut >/dev/null; then \
536
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
537
 
                if [ -w "$$initrd" ]; then \
538
 
                    chmod go-r "$$initrd"; \
539
 
                    dracut --force "$$initrd"; \
540
 
                fi; \
541
 
            done; \
542
 
        fi
 
382
        update-initramfs -k all -u
543
383
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
544
384
 
545
 
.PHONY: uninstall
546
385
uninstall: uninstall-server uninstall-client
547
386
 
548
 
.PHONY: uninstall-server
549
387
uninstall-server:
550
388
        -rm --force $(PREFIX)/sbin/mandos \
551
389
                $(PREFIX)/sbin/mandos-ctl \
558
396
        update-rc.d -f mandos remove
559
397
        -rmdir $(CONFDIR)
560
398
 
561
 
.PHONY: uninstall-client
562
399
uninstall-client:
563
400
# Refuse to uninstall client if /etc/crypttab is explicitly configured
564
401
# to use it.
565
402
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
566
403
                $(DESTDIR)/etc/crypttab
567
404
        -rm --force $(PREFIX)/sbin/mandos-keygen \
568
 
                $(LIBDIR)/mandos/plugin-runner \
569
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
570
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
571
 
                $(LIBDIR)/mandos/plugins.d/usplash \
572
 
                $(LIBDIR)/mandos/plugins.d/splashy \
573
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
574
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
 
405
                $(PREFIX)/lib/mandos/plugin-runner \
 
406
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
 
407
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
 
408
                $(PREFIX)/lib/mandos/plugins.d/usplash \
 
409
                $(PREFIX)/lib/mandos/plugins.d/splashy \
 
410
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
 
411
                $(PREFIX)/lib/mandos/plugins.d/plymouth \
575
412
                $(INITRAMFSTOOLS)/hooks/mandos \
576
413
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
577
414
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
578
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
579
 
                $(DRACUTMODULE)/ask-password-mandos.path \
580
 
                $(DRACUTMODULE)/ask-password-mandos.service \
581
 
                $(DRACUTMODULE)/module-setup.sh \
582
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
583
 
                $(DRACUTMODULE)/password-agent \
584
415
                $(MANDIR)/man8/mandos-keygen.8.gz \
585
416
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
586
417
                $(MANDIR)/man8/mandos-client.8mandos.gz
589
420
                $(MANDIR)/man8/splashy.8mandos.gz \
590
421
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
591
422
                $(MANDIR)/man8/plymouth.8mandos.gz \
592
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
593
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
594
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
595
 
        if command -v update-initramfs >/dev/null; then \
596
 
            update-initramfs -k all -u; \
597
 
        elif command -v dracut >/dev/null; then \
598
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
599
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
600
 
            done; \
601
 
        fi
 
423
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
 
424
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 
425
        update-initramfs -k all -u
602
426
 
603
 
.PHONY: purge
604
427
purge: purge-server purge-client
605
428
 
606
 
.PHONY: purge-server
607
429
purge-server: uninstall-server
608
430
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
609
431
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
610
432
                $(DESTDIR)/etc/default/mandos \
611
433
                $(DESTDIR)/etc/init.d/mandos \
612
 
                $(SYSTEMD)/mandos.service \
613
 
                $(DESTDIR)/run/mandos.pid \
614
434
                $(DESTDIR)/var/run/mandos.pid
615
435
        -rmdir $(CONFDIR)
616
436
 
617
 
.PHONY: purge-client
618
437
purge-client: uninstall-client
619
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
438
        -shred --remove $(KEYDIR)/seckey.txt
620
439
        -rm --force $(CONFDIR)/plugin-runner.conf \
621
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
622
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
440
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
623
441
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)