/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
 
2
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
 
3
        -Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
5
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
 
6
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
 
7
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
 
8
#       -Wunreachable-code
 
9
#DEBUG=-ggdb3
 
10
# For info about _FORTIFY_SOURCE, see
 
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
 
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
14
LINK_FORTIFY_LD=-z relro -z now
 
15
LINK_FORTIFY=
35
16
 
36
17
# If BROKEN_PIE is set, do not build with -pie
37
18
ifndef BROKEN_PIE
39
20
LINK_FORTIFY += -pie
40
21
endif
41
22
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
45
 
htmldir:=man
46
 
version:=1.8.8
47
 
SED:=sed
48
 
PKG_CONFIG?=pkg-config
49
 
 
50
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
 
        || getent passwd nobody || echo 65534)))
52
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
 
        || getent group nogroup || echo 65534)))
54
 
 
55
 
LINUXVERSION:=$(shell uname --kernel-release)
 
23
OPTIMIZE=-Os
 
24
LANGUAGE=-std=gnu99
 
25
htmldir=man
 
26
version=1.4.1
 
27
SED=sed
 
28
 
 
29
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
30
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
56
31
 
57
32
## Use these settings for a traditional /usr/local install
58
 
# PREFIX:=$(DESTDIR)/usr/local
59
 
# CONFDIR:=$(DESTDIR)/etc/mandos
60
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
 
# MANDIR:=$(PREFIX)/man
62
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
 
# LIBDIR:=$(PREFIX)/lib
 
33
# PREFIX=$(DESTDIR)/usr/local
 
34
# CONFDIR=$(DESTDIR)/etc/mandos
 
35
# KEYDIR=$(DESTDIR)/etc/mandos/keys
 
36
# MANDIR=$(PREFIX)/man
 
37
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
 
38
# STATEDIR=$(DESTDIR)/var/lib/mandos
66
39
##
67
40
 
68
41
## These settings are for a package-type install
69
 
PREFIX:=$(DESTDIR)/usr
70
 
CONFDIR:=$(DESTDIR)/etc/mandos
71
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
 
MANDIR:=$(PREFIX)/share/man
73
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
 
LIBDIR:=$(shell \
77
 
        for d in \
78
 
        "/usr/lib/`dpkg-architecture \
79
 
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
 
                        echo "$(DESTDIR)$$d"; \
83
 
                        break; \
84
 
                fi; \
85
 
        done)
 
42
PREFIX=$(DESTDIR)/usr
 
43
CONFDIR=$(DESTDIR)/etc/mandos
 
44
KEYDIR=$(DESTDIR)/etc/keys/mandos
 
45
MANDIR=$(PREFIX)/share/man
 
46
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
 
47
STATEDIR=$(DESTDIR)/var/lib/mandos
86
48
##
87
49
 
88
 
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
 
                        --variable=systemdsystemunitdir)
90
 
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
 
                        --variable=tmpfilesdir)
92
 
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
 
                        --variable=sysusersdir)
94
 
 
95
 
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
 
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
 
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
 
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
50
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
 
51
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
 
52
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
53
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
54
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
55
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
56
        getconf LFS_LDFLAGS)
102
 
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
 
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
 
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
 
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
106
57
 
107
58
# Do not change these two
108
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
110
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
59
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
60
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 
61
        -DVERSION='"$(version)"'
 
62
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
63
 
113
64
# Commands to format a DocBook <refentry> document into a manual page
114
65
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
117
68
        --param make.single.year.ranges         1 \
118
69
        --param man.output.quietly              1 \
119
70
        --param man.authors.section.enabled     0 \
120
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
71
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
121
72
        $(notdir $<); \
122
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
123
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
124
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
125
 
        $(notdir $@); fi >/dev/null)
 
73
        $(MANPOST) $(notdir $@);\
 
74
        LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \
 
75
        --local-file $(notdir $@) >/dev/null)
 
76
# DocBook-to-man post-processing to fix a '\n' escape bug
 
77
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
126
78
 
127
79
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
128
80
        --param make.year.ranges                1 \
134
86
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
135
87
        $<; $(HTMLPOST) $@)
136
88
# Fix citerefentry links
137
 
HTMLPOST:=$(SED) --in-place \
 
89
HTMLPOST=$(SED) --in-place \
138
90
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
139
91
 
140
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
 
92
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
141
93
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
142
94
        plugins.d/plymouth
143
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
144
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
145
 
        $(PLUGIN_HELPERS)
146
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
147
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
95
CPROGS=plugin-runner $(PLUGINS)
 
96
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
97
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
148
98
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
149
 
        dracut-module/password-agent.8mandos \
150
99
        plugins.d/mandos-client.8mandos \
151
100
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
152
101
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
153
102
        plugins.d/plymouth.8mandos intro.8mandos
154
103
 
155
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
 
104
htmldocs=$(addsuffix .xhtml,$(DOCS))
156
105
 
157
 
objects:=$(addsuffix .o,$(CPROGS))
 
106
objects=$(addsuffix .o,$(CPROGS))
158
107
 
159
108
all: $(PROGS) mandos.lsm
160
109
 
224
173
                overview.xml legalnotice.xml
225
174
        $(DOCBOOKTOHTML)
226
175
 
227
 
dracut-module/password-agent.8mandos: \
228
 
                dracut-module/password-agent.xml common.ent \
229
 
                overview.xml legalnotice.xml
230
 
        $(DOCBOOKTOMAN)
231
 
dracut-module/password-agent.8mandos.xhtml: \
232
 
                dracut-module/password-agent.xml common.ent \
233
 
                overview.xml legalnotice.xml
234
 
        $(DOCBOOKTOHTML)
235
 
 
236
176
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
237
177
                                        common.ent \
238
178
                                        mandos-options.xml \
281
221
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
282
222
                $@)
283
223
 
284
 
# Need to add the GnuTLS, Avahi and GPGME libraries
285
224
plugins.d/mandos-client: plugins.d/mandos-client.c
286
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
287
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
288
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
289
 
                ) $(LDLIBS) -o $@
290
 
 
291
 
# Need to add the libnl-route library
292
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
293
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
294
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
295
 
 
296
 
# Need to add the GLib and pthread libraries
297
 
dracut-module/password-agent: dracut-module/password-agent.c
298
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
299
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
300
 
 
301
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
302
 
        check run-client run-server install install-html \
303
 
        install-server install-client-nokey install-client uninstall \
304
 
        uninstall-server uninstall-client purge purge-server \
305
 
        purge-client
 
225
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
 
226
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
 
227
 
 
228
.PHONY : all doc html clean distclean run-client run-server install \
 
229
        install-server install-client uninstall uninstall-server \
 
230
        uninstall-client purge purge-server purge-client
306
231
 
307
232
clean:
308
233
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
312
237
maintainer-clean: clean
313
238
        -rm --force --recursive keydir confdir statedir
314
239
 
315
 
check: all
 
240
check:  all
316
241
        ./mandos --check
317
 
        ./mandos-ctl --check
318
 
        ./mandos-keygen --version
319
 
        ./plugin-runner --version
320
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
321
 
        ./dracut-module/password-agent --test
322
242
 
323
243
# Run the client with a local config and key
324
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
 
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
 
        @echo '######################################################'
327
 
        @echo '# The following error messages are harmless and can  #'
328
 
        @echo '#  be safely ignored:                                #'
329
 
        @echo '## From plugin-runner:                               #'
330
 
        @echo '# setgid: Operation not permitted                    #'
331
 
        @echo '# setuid: Operation not permitted                    #'
332
 
        @echo '## From askpass-fifo:                                #'
333
 
        @echo '# mkfifo: Permission denied                          #'
334
 
        @echo '## From mandos-client:                               #'
335
 
        @echo '# Failed to raise privileges: Operation not permi... #'
336
 
        @echo '# Warning: network hook "*" exited with status *     #'
337
 
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
 
        @echo '# Failed to bring up interface "*": Operation not... #'
339
 
        @echo '#                                                    #'
340
 
        @echo '# (The messages are caused by not running as root,   #'
341
 
        @echo '# but you should NOT run "make run-client" as root   #'
342
 
        @echo '# unless you also unpacked and compiled Mandos as    #'
343
 
        @echo '# root, which is also NOT recommended.)              #'
344
 
        @echo '######################################################'
345
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 
244
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
245
        @echo "###################################################################"
 
246
        @echo "# The following error messages are harmless and can be safely     #"
 
247
        @echo "# ignored.  The messages are caused by not running as root, but   #"
 
248
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
 
249
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
 
250
        @echo "# From plugin-runner: setuid: Operation not permitted             #"
 
251
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
252
        @echo "# From mandos-client: setuid: Operation not permitted             #"
 
253
        @echo "#                     seteuid: Operation not permitted            #"
 
254
        @echo "#                     klogctl: Operation not permitted            #"
 
255
        @echo "###################################################################"
346
256
        ./plugin-runner --plugin-dir=plugins.d \
347
 
                --plugin-helper-dir=plugin-helpers \
348
257
                --config-file=plugin-runner.conf \
349
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
350
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
 
258
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
351
259
                $(CLIENTARGS)
352
260
 
353
261
# Used by run-client
354
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
262
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
355
263
        install --directory keydir
356
264
        ./mandos-keygen --dir keydir --force
357
265
 
358
266
# Run the server with a local config
359
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
 
267
run-server: confdir/mandos.conf confdir/clients.conf
360
268
        ./mandos --debug --no-dbus --configdir=confdir \
361
269
                --statedir=statedir $(SERVERARGS)
362
270
 
364
272
confdir/mandos.conf: mandos.conf
365
273
        install --directory confdir
366
274
        install --mode=u=rw,go=r $^ $@
367
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
275
confdir/clients.conf: clients.conf keydir/seckey.txt
368
276
        install --directory confdir
369
277
        install --mode=u=rw $< $@
370
278
# Add a client password
371
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
279
        ./mandos-keygen --dir keydir --password >> $@
372
280
statedir:
373
281
        install --directory statedir
374
282
 
381
289
 
382
290
install-server: doc
383
291
        install --directory $(CONFDIR)
384
 
        if install --directory --mode=u=rwx --owner=$(USER) \
385
 
                --group=$(GROUP) $(STATEDIR); then \
386
 
                :; \
387
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
388
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
389
 
        fi
390
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
391
 
                        -a -d "$(TMPFILES)" ]; then \
392
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
393
 
                        $(TMPFILES)/mandos.conf; \
394
 
        fi
395
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
396
 
                        -a -d "$(SYSUSERS)" ]; then \
397
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
398
 
                        $(SYSUSERS)/mandos.conf; \
399
 
        fi
 
292
        install --directory --mode=u=rwx --owner=$(USER) \
 
293
                --group=$(GROUP) $(STATEDIR)
400
294
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
401
295
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
402
296
                mandos-ctl
410
304
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
411
305
        install --mode=u=rwx,go=rx init.d-mandos \
412
306
                $(DESTDIR)/etc/init.d/mandos
413
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
414
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
415
 
        fi
416
307
        install --mode=u=rw,go=r default-mandos \
417
308
                $(DESTDIR)/etc/default/mandos
418
309
        if [ -z $(DESTDIR) ]; then \
428
319
                > $(MANDIR)/man5/mandos.conf.5.gz
429
320
        gzip --best --to-stdout mandos-clients.conf.5 \
430
321
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
431
 
        gzip --best --to-stdout intro.8mandos \
432
 
                > $(MANDIR)/man8/intro.8mandos.gz
433
322
 
434
323
install-client-nokey: all doc
435
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
 
324
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
436
325
        install --directory --mode=u=rwx $(KEYDIR) \
437
 
                $(LIBDIR)/mandos/plugins.d \
438
 
                $(LIBDIR)/mandos/plugin-helpers
439
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
440
 
                        -a -d "$(SYSUSERS)" ]; then \
441
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
442
 
                        $(SYSUSERS)/mandos-client.conf; \
443
 
        fi
444
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
 
326
                $(PREFIX)/lib/mandos/plugins.d
 
327
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
445
328
                install --mode=u=rwx \
446
 
                        --directory "$(CONFDIR)/plugins.d" \
447
 
                        "$(CONFDIR)/plugin-helpers"; \
 
329
                        --directory "$(CONFDIR)/plugins.d"; \
448
330
        fi
449
331
        install --mode=u=rwx,go=rx --directory \
450
332
                "$(CONFDIR)/network-hooks.d"
451
333
        install --mode=u=rwx,go=rx \
452
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
453
 
        install --mode=u=rwx,go=rx \
454
 
                --target-directory=$(LIBDIR)/mandos \
455
 
                mandos-to-cryptroot-unlock
 
334
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
456
335
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
457
336
                mandos-keygen
458
337
        install --mode=u=rwx,go=rx \
459
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
338
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
460
339
                plugins.d/password-prompt
461
340
        install --mode=u=rwxs,go=rx \
462
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
341
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
463
342
                plugins.d/mandos-client
464
343
        install --mode=u=rwxs,go=rx \
465
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
344
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
466
345
                plugins.d/usplash
467
346
        install --mode=u=rwxs,go=rx \
468
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
347
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
469
348
                plugins.d/splashy
470
349
        install --mode=u=rwxs,go=rx \
471
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
350
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
472
351
                plugins.d/askpass-fifo
473
352
        install --mode=u=rwxs,go=rx \
474
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
353
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
475
354
                plugins.d/plymouth
476
 
        install --mode=u=rwx,go=rx \
477
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
478
 
                plugin-helpers/mandos-client-iprouteadddel
479
355
        install initramfs-tools-hook \
480
356
                $(INITRAMFSTOOLS)/hooks/mandos
481
 
        install --mode=u=rw,go=r initramfs-tools-conf \
482
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
483
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
484
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
357
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
358
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
485
359
        install initramfs-tools-script \
486
360
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
487
 
        install initramfs-tools-script-stop \
488
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
489
 
        install --directory $(DRACUTMODULE)
490
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
491
 
                dracut-module/ask-password-mandos.path \
492
 
                dracut-module/ask-password-mandos.service
493
 
        install --mode=u=rwxs,go=rx \
494
 
                --target-directory=$(DRACUTMODULE) \
495
 
                dracut-module/module-setup.sh \
496
 
                dracut-module/cmdline-mandos.sh \
497
 
                dracut-module/password-agent
498
361
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
499
362
        gzip --best --to-stdout mandos-keygen.8 \
500
363
                > $(MANDIR)/man8/mandos-keygen.8.gz
512
375
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
513
376
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
514
377
                > $(MANDIR)/man8/plymouth.8mandos.gz
515
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
516
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
517
378
 
518
379
install-client: install-client-nokey
519
380
# Post-installation stuff
520
381
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
521
 
        if command -v update-initramfs >/dev/null; then \
522
 
            update-initramfs -k all -u; \
523
 
        elif command -v dracut >/dev/null; then \
524
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
525
 
                if [ -w "$$initrd" ]; then \
526
 
                    chmod go-r "$$initrd"; \
527
 
                    dracut --force "$$initrd"; \
528
 
                fi; \
529
 
            done; \
530
 
        fi
 
382
        update-initramfs -k all -u
531
383
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
532
384
 
533
385
uninstall: uninstall-server uninstall-client
550
402
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
551
403
                $(DESTDIR)/etc/crypttab
552
404
        -rm --force $(PREFIX)/sbin/mandos-keygen \
553
 
                $(LIBDIR)/mandos/plugin-runner \
554
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
555
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
556
 
                $(LIBDIR)/mandos/plugins.d/usplash \
557
 
                $(LIBDIR)/mandos/plugins.d/splashy \
558
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
559
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
 
405
                $(PREFIX)/lib/mandos/plugin-runner \
 
406
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
 
407
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
 
408
                $(PREFIX)/lib/mandos/plugins.d/usplash \
 
409
                $(PREFIX)/lib/mandos/plugins.d/splashy \
 
410
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
 
411
                $(PREFIX)/lib/mandos/plugins.d/plymouth \
560
412
                $(INITRAMFSTOOLS)/hooks/mandos \
561
413
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
562
414
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
563
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
564
 
                $(DRACUTMODULE)/ask-password-mandos.path \
565
 
                $(DRACUTMODULE)/ask-password-mandos.service \
566
 
                $(DRACUTMODULE)/module-setup.sh \
567
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
568
 
                $(DRACUTMODULE)/password-agent \
569
415
                $(MANDIR)/man8/mandos-keygen.8.gz \
570
416
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
571
417
                $(MANDIR)/man8/mandos-client.8mandos.gz
574
420
                $(MANDIR)/man8/splashy.8mandos.gz \
575
421
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
576
422
                $(MANDIR)/man8/plymouth.8mandos.gz \
577
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
578
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
579
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
580
 
        if command -v update-initramfs >/dev/null; then \
581
 
            update-initramfs -k all -u; \
582
 
        elif command -v dracut >/dev/null; then \
583
 
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
584
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
585
 
            done; \
586
 
        fi
 
423
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
 
424
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 
425
        update-initramfs -k all -u
587
426
 
588
427
purge: purge-server purge-client
589
428
 
592
431
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
593
432
                $(DESTDIR)/etc/default/mandos \
594
433
                $(DESTDIR)/etc/init.d/mandos \
595
 
                $(SYSTEMD)/mandos.service \
596
 
                $(DESTDIR)/run/mandos.pid \
597
434
                $(DESTDIR)/var/run/mandos.pid
598
435
        -rmdir $(CONFDIR)
599
436
 
600
437
purge-client: uninstall-client
601
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
438
        -shred --remove $(KEYDIR)/seckey.txt
602
439
        -rm --force $(CONFDIR)/plugin-runner.conf \
603
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
604
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
440
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
605
441
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)