/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 05:53:59 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
 
2
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
 
3
        -Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
5
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
35
 
 
36
 
# If BROKEN_PIE is set, do not build with -pie
37
 
ifndef BROKEN_PIE
38
 
FORTIFY += -fPIE
39
 
LINK_FORTIFY += -pie
40
 
endif
 
6
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
 
7
        -Wpacked -Wnested-externs -Wunreachable-code -Winline \
 
8
        -Wvolatile-register-var
 
9
DEBUG=-ggdb3
 
10
# For info about _FORTIFY_SOURCE, see
 
11
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
 
12
FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all
41
13
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
htmldir:=man
45
 
version:=1.8.4
46
 
SED:=sed
47
 
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
52
 
 
53
 
## Use these settings for a traditional /usr/local install
54
 
# PREFIX:=$(DESTDIR)/usr/local
55
 
# CONFDIR:=$(DESTDIR)/etc/mandos
56
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
 
# MANDIR:=$(PREFIX)/man
58
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
59
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
 
# LIBDIR:=$(PREFIX)/lib
61
 
##
62
 
 
63
 
## These settings are for a package-type install
64
 
PREFIX:=$(DESTDIR)/usr
65
 
CONFDIR:=$(DESTDIR)/etc/mandos
66
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
 
MANDIR:=$(PREFIX)/share/man
68
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
69
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
70
 
LIBDIR:=$(shell \
71
 
        for d in \
72
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
73
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
75
 
                        echo "$(DESTDIR)$$d"; \
76
 
                        break; \
77
 
                fi; \
78
 
        done)
79
 
##
80
 
 
81
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
82
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
83
 
 
84
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
85
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
86
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
87
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
88
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
89
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
90
 
        getconf LFS_LDFLAGS)
91
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
14
OPTIMIZE=-Os
 
15
LANGUAGE=-std=gnu99
 
16
# PREFIX=/usr/local
 
17
PREFIX=$(DESTDIR)/usr
 
18
# CONFDIR=/usr/local/lib/mandos
 
19
CONFDIR=$(DESTDIR)/etc/mandos
 
20
# MANDIR=/usr/local/man
 
21
MANDIR=$(DESTDIR)/usr/share/man
 
22
 
 
23
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
 
24
GNUTLS_LIBS=$(shell libgnutls-config --libs)
 
25
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
26
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
27
GPGME_CFLAGS=$(shell gpgme-config --cflags)
 
28
GPGME_LIBS=$(shell gpgme-config --libs)
93
29
 
94
30
# Do not change these two
95
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
97
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
31
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
32
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
33
LDFLAGS=$(COVERAGE)
99
34
 
100
 
# Commands to format a DocBook <refentry> document into a manual page
101
 
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
 
35
# Commands to format a DocBook refentry document into a manual page
 
36
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
102
37
        --param man.charmap.use.subset          0 \
103
38
        --param make.year.ranges                1 \
104
39
        --param make.single.year.ranges         1 \
105
40
        --param man.output.quietly              1 \
106
41
        --param man.authors.section.enabled     0 \
107
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
42
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
43
        $(notdir $<); \
109
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
112
 
        fi >/dev/null)
113
 
 
114
 
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
 
        --param make.year.ranges                1 \
116
 
        --param make.single.year.ranges         1 \
117
 
        --param man.output.quietly              1 \
118
 
        --param man.authors.section.enabled     0 \
119
 
        --param citerefentry.link               1 \
120
 
        --output $@ \
121
 
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
122
 
        $<; $(HTMLPOST) $@)
123
 
# Fix citerefentry links
124
 
HTMLPOST:=$(SED) --in-place \
125
 
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
126
 
 
127
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
128
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
 
        plugins.d/plymouth
130
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
132
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
 
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
135
 
        plugins.d/mandos-client.8mandos \
136
 
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
 
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
138
 
        plugins.d/plymouth.8mandos intro.8mandos
139
 
 
140
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
141
 
 
142
 
objects:=$(addsuffix .o,$(CPROGS))
143
 
 
144
 
all: $(PROGS) mandos.lsm
 
44
        $(MANPOST) $(notdir $@)
 
45
# DocBook-to-man post-processing to fix a \n escape bug
 
46
MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
 
47
 
 
48
PLUGINS=plugins.d/password-prompt plugins.d/password-request
 
49
PROGS=plugin-runner $(PLUGINS)
 
50
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
 
51
        plugins.d/password-request.8mandos \
 
52
        plugins.d/password-prompt.8mandos mandos.conf.5 \
 
53
        mandos-clients.conf.5
 
54
 
 
55
objects=$(addsuffix .o,$(PROGS))
 
56
 
 
57
all: $(PROGS)
145
58
 
146
59
doc: $(DOCS)
147
60
 
148
 
html: $(htmldocs)
149
 
 
150
 
%.5: %.xml common.ent legalnotice.xml
151
 
        $(DOCBOOKTOMAN)
152
 
%.5.xhtml: %.xml common.ent legalnotice.xml
153
 
        $(DOCBOOKTOHTML)
154
 
 
155
 
%.8: %.xml common.ent legalnotice.xml
156
 
        $(DOCBOOKTOMAN)
157
 
%.8.xhtml: %.xml common.ent legalnotice.xml
158
 
        $(DOCBOOKTOHTML)
159
 
 
160
 
%.8mandos: %.xml common.ent legalnotice.xml
161
 
        $(DOCBOOKTOMAN)
162
 
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
163
 
        $(DOCBOOKTOHTML)
164
 
 
165
 
intro.8mandos: intro.xml common.ent legalnotice.xml
166
 
        $(DOCBOOKTOMAN)
167
 
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
168
 
        $(DOCBOOKTOHTML)
169
 
 
170
 
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
171
 
                legalnotice.xml
172
 
        $(DOCBOOKTOMAN)
173
 
mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \
174
 
                overview.xml legalnotice.xml
175
 
        $(DOCBOOKTOHTML)
176
 
 
177
 
mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \
178
 
                legalnotice.xml
179
 
        $(DOCBOOKTOMAN)
180
 
mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \
181
 
                 legalnotice.xml
182
 
        $(DOCBOOKTOHTML)
183
 
 
184
 
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
185
 
                legalnotice.xml
186
 
        $(DOCBOOKTOMAN)
187
 
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
188
 
                 legalnotice.xml
189
 
        $(DOCBOOKTOHTML)
190
 
 
191
 
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
192
 
                legalnotice.xml
193
 
        $(DOCBOOKTOMAN)
194
 
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
195
 
                 legalnotice.xml
196
 
        $(DOCBOOKTOHTML)
197
 
 
198
 
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
199
 
                legalnotice.xml
200
 
        $(DOCBOOKTOMAN)
201
 
mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \
202
 
                legalnotice.xml
203
 
        $(DOCBOOKTOHTML)
204
 
 
205
 
plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \
206
 
                legalnotice.xml
207
 
        $(DOCBOOKTOMAN)
208
 
plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \
209
 
                overview.xml legalnotice.xml
210
 
        $(DOCBOOKTOHTML)
211
 
 
212
 
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
213
 
                                        common.ent \
214
 
                                        mandos-options.xml \
215
 
                                        overview.xml legalnotice.xml
216
 
        $(DOCBOOKTOMAN)
217
 
plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \
218
 
                                        common.ent \
219
 
                                        mandos-options.xml \
220
 
                                        overview.xml legalnotice.xml
221
 
        $(DOCBOOKTOHTML)
222
 
 
223
 
# Update all these files with version number $(version)
224
 
common.ent: Makefile
225
 
        $(strip $(SED) --in-place \
226
 
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
227
 
                $@)
228
 
 
229
 
mandos: Makefile
230
 
        $(strip $(SED) --in-place \
231
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
232
 
                $@)
233
 
 
234
 
mandos-keygen: Makefile
235
 
        $(strip $(SED) --in-place \
236
 
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
237
 
                $@)
238
 
 
239
 
mandos-ctl: Makefile
240
 
        $(strip $(SED) --in-place \
241
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
242
 
                $@)
243
 
 
244
 
mandos-monitor: Makefile
245
 
        $(strip $(SED) --in-place \
246
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
247
 
                $@)
248
 
 
249
 
mandos.lsm: Makefile
250
 
        $(strip $(SED) --in-place \
251
 
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
252
 
                $@)
253
 
        $(strip $(SED) --in-place \
254
 
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
255
 
                $@)
256
 
        $(strip $(SED) --in-place \
257
 
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
258
 
                $@)
259
 
 
260
 
# Need to add the GnuTLS, Avahi and GPGME libraries
261
 
plugins.d/mandos-client: plugins.d/mandos-client.c
262
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
264
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
 
                ) $(LDLIBS) -o $@
266
 
 
267
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
270
 
 
271
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
 
        check run-client run-server install install-html \
273
 
        install-server install-client-nokey install-client uninstall \
274
 
        uninstall-server uninstall-client purge purge-server \
275
 
        purge-client
 
61
%.5: %.xml
 
62
        $(DOCBOOKTOMAN)
 
63
 
 
64
%.8: %.xml
 
65
        $(DOCBOOKTOMAN)
 
66
 
 
67
%.8mandos: %.xml
 
68
        $(DOCBOOKTOMAN)
 
69
 
 
70
mandos.8: mandos.xml mandos-options.xml
 
71
        $(DOCBOOKTOMAN)
 
72
 
 
73
mandos.conf.5: mandos.conf.xml mandos-options.xml
 
74
        $(DOCBOOKTOMAN)
 
75
 
 
76
plugins.d/password-request: plugins.d/password-request.o
 
77
        $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
 
78
                $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
 
79
 
 
80
.PHONY : all doc clean distclean run-client run-server install \
 
81
        install-server install-client uninstall uninstall-server \
 
82
        uninstall-client purge purge-server purge-client
276
83
 
277
84
clean:
278
 
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
 
85
        -rm --force $(PROGS) $(objects) $(DOCS) core
279
86
 
280
87
distclean: clean
281
88
mostlyclean: clean
282
89
maintainer-clean: clean
283
 
        -rm --force --recursive keydir confdir statedir
 
90
        -rm --force --recursive keydir confdir
284
91
 
285
 
check:  all
 
92
check:
286
93
        ./mandos --check
287
 
        ./mandos-ctl --check
288
94
 
289
 
# Run the client with a local config and key
290
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
291
 
        @echo "###################################################################"
292
 
        @echo "# The following error messages are harmless and can be safely     #"
293
 
        @echo "# ignored:                                                        #"
294
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
295
 
        @echo "#                     setuid: Operation not permitted             #"
296
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
297
 
        @echo "# From mandos-client:                                             #"
298
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
299
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
300
 
        @echo "#                                                                 #"
301
 
        @echo "# (The messages are caused by not running as root, but you should #"
302
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
303
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
304
 
        @echo "###################################################################"
305
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 
95
# Run the server with a local key
 
96
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
97
        keydir/secring.gpg keydir/pubring.gpg
306
98
        ./plugin-runner --plugin-dir=plugins.d \
307
 
                --plugin-helper-dir=plugin-helpers \
308
 
                --config-file=plugin-runner.conf \
309
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
310
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
311
 
                $(CLIENTARGS)
 
99
                --options-for=password-request:--keydir=keydir
312
100
 
313
101
# Used by run-client
314
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
102
keydir/secring.gpg: keydir/seckey.txt
 
103
        gpg --homedir $(dir $<) --import $^
 
104
keydir/pubring.gpg: keydir/pubkey.txt
 
105
        gpg --homedir $(dir $<) --import $^
 
106
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
315
107
        install --directory keydir
316
108
        ./mandos-keygen --dir keydir --force
317
109
 
318
110
# Run the server with a local config
319
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
320
 
        ./mandos --debug --no-dbus --configdir=confdir \
321
 
                --statedir=statedir $(SERVERARGS)
 
111
run-server: confdir/mandos.conf confdir/clients.conf
 
112
        ./mandos --debug --configdir=confdir
322
113
 
323
114
# Used by run-server
324
115
confdir/mandos.conf: mandos.conf
325
116
        install --directory confdir
326
 
        install --mode=u=rw,go=r $^ $@
327
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
117
        install $^ $@
 
118
confdir/clients.conf: clients.conf keydir/seckey.txt
328
119
        install --directory confdir
329
 
        install --mode=u=rw $< $@
 
120
        install clients.conf $@
330
121
# Add a client password
331
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
332
 
statedir:
333
 
        install --directory statedir
334
 
 
335
 
install: install-server install-client-nokey
336
 
 
337
 
install-html: html
338
 
        install --directory $(htmldir)
339
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
340
 
                $(htmldocs)
 
122
        ./mandos-keygen --dir keydir --password >> $@
 
123
 
 
124
install: install-server install-client
341
125
 
342
126
install-server: doc
343
 
        install --directory $(CONFDIR)
344
 
        if install --directory --mode=u=rwx --owner=$(USER) \
345
 
                --group=$(GROUP) $(STATEDIR); then \
346
 
                :; \
347
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
348
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
349
 
        fi
350
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
351
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
352
 
                        $(TMPFILES)/mandos.conf; \
353
 
        fi
354
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
355
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
356
 
                mandos-ctl
357
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
358
 
                mandos-monitor
359
 
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
360
 
                mandos.conf
361
 
        install --mode=u=rw --target-directory=$(CONFDIR) \
 
127
        install --directory --parents $(CONFDIR) $(MANDIR)/man5 \
 
128
                $(MANDIR)/man8
 
129
        install --mode=0755 mandos $(PREFIX)/sbin/mandos
 
130
        install --mode=0644 --target-directory=$(CONFDIR) mandos.conf
 
131
        install --mode=0640 --target-directory=$(CONFDIR) \
362
132
                clients.conf
363
 
        install --mode=u=rw,go=r dbus-mandos.conf \
364
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
365
 
        install --mode=u=rwx,go=rx init.d-mandos \
366
 
                $(DESTDIR)/etc/init.d/mandos
367
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
368
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
369
 
        fi
370
 
        install --mode=u=rw,go=r default-mandos \
371
 
                $(DESTDIR)/etc/default/mandos
372
 
        if [ -z $(DESTDIR) ]; then \
373
 
                update-rc.d mandos defaults 25 15;\
374
 
        fi
375
133
        gzip --best --to-stdout mandos.8 \
376
134
                > $(MANDIR)/man8/mandos.8.gz
377
 
        gzip --best --to-stdout mandos-monitor.8 \
378
 
                > $(MANDIR)/man8/mandos-monitor.8.gz
379
 
        gzip --best --to-stdout mandos-ctl.8 \
380
 
                > $(MANDIR)/man8/mandos-ctl.8.gz
381
135
        gzip --best --to-stdout mandos.conf.5 \
382
136
                > $(MANDIR)/man5/mandos.conf.5.gz
383
137
        gzip --best --to-stdout mandos-clients.conf.5 \
384
138
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
385
 
        gzip --best --to-stdout intro.8mandos \
386
 
                > $(MANDIR)/man8/intro.8mandos.gz
387
139
 
388
 
install-client-nokey: all doc
389
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
390
 
        install --directory --mode=u=rwx $(KEYDIR) \
391
 
                $(LIBDIR)/mandos/plugins.d \
392
 
                $(LIBDIR)/mandos/plugin-helpers
393
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
394
 
                install --mode=u=rwx \
395
 
                        --directory "$(CONFDIR)/plugins.d" \
396
 
                        "$(CONFDIR)/plugin-helpers"; \
397
 
        fi
398
 
        install --mode=u=rwx,go=rx --directory \
399
 
                "$(CONFDIR)/network-hooks.d"
400
 
        install --mode=u=rwx,go=rx \
401
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
402
 
        install --mode=u=rwx,go=rx \
403
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
404
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
140
install-client: all doc /usr/share/initramfs-tools/hooks/.
 
141
        install --directory --parents $(PREFIX)/lib/mandos \
 
142
                $(CONFDIR) $(MANDIR)/man8
 
143
        install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d
 
144
        chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d
 
145
        install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \
 
146
                plugin-runner
 
147
        install --mode=0755 --target-directory=$(PREFIX)/sbin \
405
148
                mandos-keygen
406
 
        install --mode=u=rwx,go=rx \
407
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
149
        install --mode=0755 \
 
150
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
408
151
                plugins.d/password-prompt
409
 
        install --mode=u=rwxs,go=rx \
410
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
411
 
                plugins.d/mandos-client
412
 
        install --mode=u=rwxs,go=rx \
413
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
414
 
                plugins.d/usplash
415
 
        install --mode=u=rwxs,go=rx \
416
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
417
 
                plugins.d/splashy
418
 
        install --mode=u=rwxs,go=rx \
419
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
420
 
                plugins.d/askpass-fifo
421
 
        install --mode=u=rwxs,go=rx \
422
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
423
 
                plugins.d/plymouth
424
 
        install --mode=u=rwx,go=rx \
425
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
426
 
                plugin-helpers/mandos-client-iprouteadddel
 
152
        install --mode=4755 \
 
153
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
154
                plugins.d/password-request
427
155
        install initramfs-tools-hook \
428
 
                $(INITRAMFSTOOLS)/hooks/mandos
429
 
        install --mode=u=rw,go=r initramfs-tools-conf \
430
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
431
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
432
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
156
                /usr/share/initramfs-tools/hooks/mandos
 
157
        install initramfs-tools-hook-conf \
 
158
                /usr/share/initramfs-tools/conf-hooks.d/mandos
433
159
        install initramfs-tools-script \
434
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
 
        install initramfs-tools-script-stop \
436
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
437
 
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
160
                /usr/share/initramfs-tools/scripts/local-top/mandos
438
161
        gzip --best --to-stdout mandos-keygen.8 \
439
162
                > $(MANDIR)/man8/mandos-keygen.8.gz
440
163
        gzip --best --to-stdout plugin-runner.8mandos \
441
164
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
442
 
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
443
 
                > $(MANDIR)/man8/mandos-client.8mandos.gz
444
165
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
445
166
                > $(MANDIR)/man8/password-prompt.8mandos.gz
446
 
        gzip --best --to-stdout plugins.d/usplash.8mandos \
447
 
                > $(MANDIR)/man8/usplash.8mandos.gz
448
 
        gzip --best --to-stdout plugins.d/splashy.8mandos \
449
 
                > $(MANDIR)/man8/splashy.8mandos.gz
450
 
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
451
 
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
452
 
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
453
 
                > $(MANDIR)/man8/plymouth.8mandos.gz
454
 
 
455
 
install-client: install-client-nokey
456
 
# Post-installation stuff
457
 
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
 
167
        gzip --best --to-stdout plugins.d/password-request.8mandos \
 
168
                > $(MANDIR)/man8/password-request.8mandos.gz
 
169
        -$(PREFIX)/sbin/mandos-keygen
458
170
        update-initramfs -k all -u
459
 
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
460
171
 
461
172
uninstall: uninstall-server uninstall-client
462
173
 
463
 
uninstall-server:
 
174
uninstall-server: $(PREFIX)/sbin/mandos
464
175
        -rm --force $(PREFIX)/sbin/mandos \
465
 
                $(PREFIX)/sbin/mandos-ctl \
466
 
                $(PREFIX)/sbin/mandos-monitor \
467
176
                $(MANDIR)/man8/mandos.8.gz \
468
 
                $(MANDIR)/man8/mandos-monitor.8.gz \
469
 
                $(MANDIR)/man8/mandos-ctl.8.gz \
470
177
                $(MANDIR)/man5/mandos.conf.5.gz \
471
178
                $(MANDIR)/man5/mandos-clients.conf.5.gz
472
 
        update-rc.d -f mandos remove
473
179
        -rmdir $(CONFDIR)
474
180
 
475
181
uninstall-client:
476
182
# Refuse to uninstall client if /etc/crypttab is explicitly configured
477
183
# to use it.
478
184
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
479
 
                $(DESTDIR)/etc/crypttab
 
185
                /etc/crypttab
480
186
        -rm --force $(PREFIX)/sbin/mandos-keygen \
481
 
                $(LIBDIR)/mandos/plugin-runner \
482
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
483
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
484
 
                $(LIBDIR)/mandos/plugins.d/usplash \
485
 
                $(LIBDIR)/mandos/plugins.d/splashy \
486
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
487
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
488
 
                $(INITRAMFSTOOLS)/hooks/mandos \
489
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
490
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
187
                $(PREFIX)/lib/mandos/plugin-runner \
 
188
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
 
189
                $(PREFIX)/lib/mandos/plugins.d/password-request \
 
190
                /usr/share/initramfs-tools/hooks/mandos \
 
191
                /usr/share/initramfs-tools/conf-hooks.d/mandos \
 
192
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
491
193
                $(MANDIR)/man8/mandos-keygen.8.gz \
492
 
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
493
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
494
194
                $(MANDIR)/man8/password-prompt.8mandos.gz \
495
 
                $(MANDIR)/man8/usplash.8mandos.gz \
496
 
                $(MANDIR)/man8/splashy.8mandos.gz \
497
 
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
498
 
                $(MANDIR)/man8/plymouth.8mandos.gz \
499
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
500
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
 
195
                $(MANDIR)/man8/password-request.8mandos.gz
 
196
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
 
197
                 $(PREFIX)/lib/mandos $(CONFDIR)
501
198
        update-initramfs -k all -u
502
199
 
503
200
purge: purge-server purge-client
504
201
 
505
202
purge-server: uninstall-server
506
 
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
507
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
508
 
                $(DESTDIR)/etc/default/mandos \
509
 
                $(DESTDIR)/etc/init.d/mandos \
510
 
                $(SYSTEMD)/mandos.service \
511
 
                $(DESTDIR)/run/mandos.pid \
512
 
                $(DESTDIR)/var/run/mandos.pid
 
203
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf
513
204
        -rmdir $(CONFDIR)
514
205
 
515
206
purge-client: uninstall-client
516
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
517
 
        -rm --force $(CONFDIR)/plugin-runner.conf \
518
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
519
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
520
 
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
 
207
        -rm --force $(CONFDIR)/seckey.txt $(CONFDIR)/pubkey.txt
 
208
        -rmdir $(CONFDIR) $(CONFDIR)/plugins.d