/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
initramfs-tools-hook-conf

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

# Check which sanitizing options can be used

SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \

-o /dev/null >/dev/null 2>&1 && echo $(option)))

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

FORTIFY += -fPIE

LINK_FORTIFY += -pie

endif

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Wunreachable-code -Winline \

-Wvolatile-register-var

DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see

# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>

FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

htmldir:=man

version:=1.7.20

SED:=sed

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

# PREFIX=/usr/local

PREFIX=$(DESTDIR)/usr

# CONFDIR=/usr/local/lib/mandos

CONFDIR=$(DESTDIR)/etc/mandos

# MANDIR=/usr/local/man

MANDIR=$(DESTDIR)/usr/share/man

GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)

GNUTLS_LIBS=$(shell libgnutls-config --libs)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags)

GPGME_LIBS=$(shell gpgme-config --libs)

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

LDFLAGS=$(COVERAGE)

# Commands to format a DocBook <refentry> document into a manual page

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

# Commands to format a DocBook refentry document into a manual page

DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \

--param man.charmap.use.subset 0 \

--param make.year.ranges 1 \

--param make.single.year.ranges 1 \

100

--param man.output.quietly 1 \

101

--param man.authors.section.enabled 0 \

102

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

103

$(notdir $<); \

104

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

105

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

106

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

107

fi >/dev/null)

108

109

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

110

--param make.year.ranges 1 \

111

--param make.single.year.ranges 1 \

112

--param man.output.quietly 1 \

113

--param man.authors.section.enabled 0 \

114

--param citerefentry.link 1 \

115

--output $@ \

116

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

117

$<; $(HTMLPOST) $@)

118

# Fix citerefentry links

119

HTMLPOST:=$(SED) --in-place \

120

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

121

122

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

123

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

124

plugins.d/plymouth

125

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

126

CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

127

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

128

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

129

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

130

plugins.d/mandos-client.8mandos \

131

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

132

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

133

plugins.d/plymouth.8mandos intro.8mandos

134

135

htmldocs:=$(addsuffix .xhtml,$(DOCS))

136

137

objects:=$(addsuffix .o,$(CPROGS))

138

139

all: $(PROGS) mandos.lsm

$(MANPOST) $(notdir $@)

# DocBook-to-man post-processing to fix a \n escape bug

MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

PLUGINS=plugins.d/password-prompt plugins.d/password-request

PROGS=plugin-runner $(PLUGINS)

DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \

plugins.d/password-request.8mandos \

plugins.d/password-prompt.8mandos mandos.conf.5 \

mandos-clients.conf.5

objects=$(addsuffix .o,$(PROGS))

all: $(PROGS)

140

141

doc: $(DOCS)

142

143

html: $(htmldocs)

144

145

%.5: %.xml common.ent legalnotice.xml

146

$(DOCBOOKTOMAN)

147

%.5.xhtml: %.xml common.ent legalnotice.xml

148

$(DOCBOOKTOHTML)

149

150

%.8: %.xml common.ent legalnotice.xml

151

$(DOCBOOKTOMAN)

152

%.8.xhtml: %.xml common.ent legalnotice.xml

153

$(DOCBOOKTOHTML)

154

155

%.8mandos: %.xml common.ent legalnotice.xml

156

$(DOCBOOKTOMAN)

157

%.8mandos.xhtml: %.xml common.ent legalnotice.xml

158

$(DOCBOOKTOHTML)

159

160

intro.8mandos: intro.xml common.ent legalnotice.xml

161

$(DOCBOOKTOMAN)

162

intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml

163

$(DOCBOOKTOHTML)

164

165

mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \

166

legalnotice.xml

167

$(DOCBOOKTOMAN)

168

mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \

169

overview.xml legalnotice.xml

170

$(DOCBOOKTOHTML)

171

172

mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \

173

legalnotice.xml

174

$(DOCBOOKTOMAN)

175

mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \

176

legalnotice.xml

177

$(DOCBOOKTOHTML)

178

179

mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \

180

legalnotice.xml

181

$(DOCBOOKTOMAN)

182

mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \

183

legalnotice.xml

184

$(DOCBOOKTOHTML)

185

186

mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \

187

legalnotice.xml

188

$(DOCBOOKTOMAN)

189

mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \

190

legalnotice.xml

191

$(DOCBOOKTOHTML)

192

193

mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \

194

legalnotice.xml

195

$(DOCBOOKTOMAN)

196

mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \

197

legalnotice.xml

198

$(DOCBOOKTOHTML)

199

200

plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \

201

legalnotice.xml

202

$(DOCBOOKTOMAN)

203

plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \

204

overview.xml legalnotice.xml

205

$(DOCBOOKTOHTML)

206

207

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

208

common.ent \

209

mandos-options.xml \

210

overview.xml legalnotice.xml

211

$(DOCBOOKTOMAN)

212

plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \

213

common.ent \

214

mandos-options.xml \

215

overview.xml legalnotice.xml

216

$(DOCBOOKTOHTML)

217

218

# Update all these files with version number $(version)

219

common.ent: Makefile

220

$(strip $(SED) --in-place \

221

--expression='s/^$<!ENTITY version "$[^"]*">$$/\1$(version)">/' \

222

$@)

223

224

mandos: Makefile

225

$(strip $(SED) --in-place \

226

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

227

$@)

228

229

mandos-keygen: Makefile

230

$(strip $(SED) --in-place \

231

--expression='s/^$VERSION="$[^"]*"$$/\1$(version)"/' \

232

$@)

233

234

mandos-ctl: Makefile

235

$(strip $(SED) --in-place \

236

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

237

$@)

238

239

mandos-monitor: Makefile

240

$(strip $(SED) --in-place \

241

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

242

$@)

243

244

mandos.lsm: Makefile

245

$(strip $(SED) --in-place \

246

--expression='s/^$Version:$.*/\1\t$(version)/' \

247

$@)

248

$(strip $(SED) --in-place \

249

--expression='s/^$Entered-date:$.*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \

250

$@)

251

$(strip $(SED) --in-place \

252

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

253

$@)

254

255

# Need to add the GnuTLS, Avahi and GPGME libraries, and can't use

256

# -fsanitize=leak because GnuTLS and GPGME both leak memory.

257

plugins.d/mandos-client: plugins.d/mandos-client.c

258

$(CC) $(filter-out -fsanitize=leak,$(CFLAGS)) $(strip\

259

) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) $(strip\

260

) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH) $^ $(strip\

261

) -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

262

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

263

264

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

265

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

266

) $(LOADLIBES) $(LDLIBS) -o $@

267

268

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

269

check run-client run-server install install-html \

270

install-server install-client-nokey install-client uninstall \

271

uninstall-server uninstall-client purge purge-server \

272

purge-client

%.5: %.xml

$(DOCBOOKTOMAN)

%.8: %.xml

$(DOCBOOKTOMAN)

%.8mandos: %.xml

$(DOCBOOKTOMAN)

mandos.8: mandos.xml mandos-options.xml

$(DOCBOOKTOMAN)

mandos.conf.5: mandos.conf.xml mandos-options.xml

$(DOCBOOKTOMAN)

plugins.d/password-request: plugins.d/password-request.o

$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \

$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@

.PHONY : all doc clean distclean run-client run-server install \

install-server install-client uninstall uninstall-server \

uninstall-client purge purge-server purge-client

273

274

clean:

275

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

-rm --force $(PROGS) $(objects) $(DOCS) core

276

277

distclean: clean

278

mostlyclean: clean

279

maintainer-clean: clean

280

-rm --force --recursive keydir confdir statedir

-rm --force --recursive keydir confdir

281

282

check: all

check:

283

./mandos --check

284

./mandos-ctl --check

285

286

# Run the client with a local config and key

287

run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem

288

@echo "###################################################################"

289

@echo "# The following error messages are harmless and can be safely #"

290

@echo "# ignored: #"

291

@echo "# From plugin-runner: setgid: Operation not permitted #"

292

@echo "# setuid: Operation not permitted #"

293

@echo "# From askpass-fifo: mkfifo: Permission denied #"

294

@echo "# From mandos-client: #"

295

@echo "# Failed to raise privileges: Operation not permitted #"

296

@echo "# Warning: network hook \"*\" exited with status * #"

297

@echo "# #"

298

@echo "# (The messages are caused by not running as root, but you should #"

299

@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"

300

@echo "# compiled Mandos as root, which is also NOT recommended.) #"

301

@echo "###################################################################"

302

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

# Run the server with a local key

run-client: all keydir/seckey.txt keydir/pubkey.txt \

keydir/secring.gpg keydir/pubring.gpg

303

./plugin-runner --plugin-dir=plugins.d \

304

--plugin-helper-dir=plugin-helpers \

305

--config-file=plugin-runner.conf \

306

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

307

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

308

$(CLIENTARGS)

--options-for=password-request:--keydir=keydir

309

100

310

101

# Used by run-client

311

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

102

keydir/secring.gpg: keydir/seckey.txt

103

gpg --homedir $(dir $<) --import $^

104

keydir/pubring.gpg: keydir/pubkey.txt

105

gpg --homedir $(dir $<) --import $^

106

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

312

107

install --directory keydir

313

108

./mandos-keygen --dir keydir --force

314

109

315

110

# Run the server with a local config

316

run-server: confdir/mandos.conf confdir/clients.conf statedir

317

./mandos --debug --no-dbus --configdir=confdir \

318

--statedir=statedir $(SERVERARGS)

111

run-server: confdir/mandos.conf confdir/clients.conf

112

./mandos --debug --configdir=confdir

319

113

320

114

# Used by run-server

321

115

confdir/mandos.conf: mandos.conf

322

116

install --directory confdir

323

install --mode=u=rw,go=r $^ $@

324

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

117

install $^ $@

118

confdir/clients.conf: clients.conf keydir/seckey.txt

325

119

install --directory confdir

326

install --mode=u=rw $< $@

120

install clients.conf $@

327

121

# Add a client password

328

./mandos-keygen --dir keydir --password --no-ssh >> $@

329

statedir:

330

install --directory statedir

331

332

install: install-server install-client-nokey

333

334

install-html: html

335

install --directory $(htmldir)

336

install --mode=u=rw,go=r --target-directory=$(htmldir) \

337

$(htmldocs)

122

./mandos-keygen --dir keydir --password >> $@

123

124

install: install-server install-client

338

125

339

126

install-server: doc

340

install --directory $(CONFDIR)

341

if install --directory --mode=u=rwx --owner=$(USER) \

342

--group=$(GROUP) $(STATEDIR); then \

343

:; \

344

elif install --directory --mode=u=rwx $(STATEDIR); then \

345

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

346

347

if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \

348

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

349

$(TMPFILES)/mandos.conf; \

350

351

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

352

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

353

mandos-ctl

354

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

355

mandos-monitor

356

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

357

mandos.conf

358

install --mode=u=rw --target-directory=$(CONFDIR) \

127

install --directory --parents $(CONFDIR) $(MANDIR)/man5 \

128

$(MANDIR)/man8

129

install --mode=0755 mandos $(PREFIX)/sbin/mandos

130

install --mode=0644 --target-directory=$(CONFDIR) mandos.conf

131

install --mode=0640 --target-directory=$(CONFDIR) \

359

132

clients.conf

360

install --mode=u=rw,go=r dbus-mandos.conf \

361

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

362

install --mode=u=rwx,go=rx init.d-mandos \

363

$(DESTDIR)/etc/init.d/mandos

364

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

365

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

366

367

install --mode=u=rw,go=r default-mandos \

368

$(DESTDIR)/etc/default/mandos

369

if [ -z $(DESTDIR) ]; then \

370

update-rc.d mandos defaults 25 15;\

371

372

133

gzip --best --to-stdout mandos.8 \

373

134

> $(MANDIR)/man8/mandos.8.gz

374

gzip --best --to-stdout mandos-monitor.8 \

375

> $(MANDIR)/man8/mandos-monitor.8.gz

376

gzip --best --to-stdout mandos-ctl.8 \

377

> $(MANDIR)/man8/mandos-ctl.8.gz

378

135

gzip --best --to-stdout mandos.conf.5 \

379

136

> $(MANDIR)/man5/mandos.conf.5.gz

380

137

gzip --best --to-stdout mandos-clients.conf.5 \

381

138

> $(MANDIR)/man5/mandos-clients.conf.5.gz

382

gzip --best --to-stdout intro.8mandos \

383

> $(MANDIR)/man8/intro.8mandos.gz

384

139

385

install-client-nokey: all doc

386

install --directory $(LIBDIR)/mandos $(CONFDIR)

387

install --directory --mode=u=rwx $(KEYDIR) \

388

$(LIBDIR)/mandos/plugins.d \

389

$(LIBDIR)/mandos/plugin-helpers

390

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

391

install --mode=u=rwx \

392

--directory "$(CONFDIR)/plugins.d" \

393

"$(CONFDIR)/plugin-helpers"; \

394

395

install --mode=u=rwx,go=rx --directory \

396

"$(CONFDIR)/network-hooks.d"

397

install --mode=u=rwx,go=rx \

398

--target-directory=$(LIBDIR)/mandos plugin-runner

399

install --mode=u=rwx,go=rx \

400

--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock

401

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

140

install-client: all doc /usr/share/initramfs-tools/hooks/.

141

install --directory --parents $(PREFIX)/lib/mandos \

142

$(CONFDIR) $(MANDIR)/man8

143

install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d

144

chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d

145

install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \

146

plugin-runner

147

install --mode=0755 --target-directory=$(PREFIX)/sbin \

402

148

mandos-keygen

403

install --mode=u=rwx,go=rx \

404

--target-directory=$(LIBDIR)/mandos/plugins.d \

149

install --mode=0755 \

150

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

405

151

plugins.d/password-prompt

406

install --mode=u=rwxs,go=rx \

407

--target-directory=$(LIBDIR)/mandos/plugins.d \

408

plugins.d/mandos-client

409

install --mode=u=rwxs,go=rx \

410

--target-directory=$(LIBDIR)/mandos/plugins.d \

411

plugins.d/usplash

412

install --mode=u=rwxs,go=rx \

413

--target-directory=$(LIBDIR)/mandos/plugins.d \

414

plugins.d/splashy

415

install --mode=u=rwxs,go=rx \

416

--target-directory=$(LIBDIR)/mandos/plugins.d \

417

plugins.d/askpass-fifo

418

install --mode=u=rwxs,go=rx \

419

--target-directory=$(LIBDIR)/mandos/plugins.d \

420

plugins.d/plymouth

421

install --mode=u=rwx,go=rx \

422

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

423

plugin-helpers/mandos-client-iprouteadddel

152

install --mode=4755 \

153

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

154

plugins.d/password-request

424

155

install initramfs-tools-hook \

425

$(INITRAMFSTOOLS)/hooks/mandos

426

install --mode=u=rw,go=r initramfs-tools-conf \

427

$(INITRAMFSTOOLS)/conf.d/mandos-conf

156

/usr/share/initramfs-tools/hooks/mandos

157

install initramfs-tools-hook-conf \

158

/usr/share/initramfs-tools/conf-hooks.d/mandos

428

159

install initramfs-tools-script \

429

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

430

install initramfs-tools-script-stop \

431

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

432

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

160

/usr/share/initramfs-tools/scripts/local-top/mandos

433

161

gzip --best --to-stdout mandos-keygen.8 \

434

162

> $(MANDIR)/man8/mandos-keygen.8.gz

435

163

gzip --best --to-stdout plugin-runner.8mandos \

436

164

> $(MANDIR)/man8/plugin-runner.8mandos.gz

437

gzip --best --to-stdout plugins.d/mandos-client.8mandos \

438

> $(MANDIR)/man8/mandos-client.8mandos.gz

439

165

gzip --best --to-stdout plugins.d/password-prompt.8mandos \

440

166

> $(MANDIR)/man8/password-prompt.8mandos.gz

441

gzip --best --to-stdout plugins.d/usplash.8mandos \

442

> $(MANDIR)/man8/usplash.8mandos.gz

443

gzip --best --to-stdout plugins.d/splashy.8mandos \

444

> $(MANDIR)/man8/splashy.8mandos.gz

445

gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \

446

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

447

gzip --best --to-stdout plugins.d/plymouth.8mandos \

448

> $(MANDIR)/man8/plymouth.8mandos.gz

449

450

install-client: install-client-nokey

451

# Post-installation stuff

452

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

167

gzip --best --to-stdout plugins.d/password-request.8mandos \

168

> $(MANDIR)/man8/password-request.8mandos.gz

169

-$(PREFIX)/sbin/mandos-keygen

453

170

update-initramfs -k all -u

454

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

455

171

456

172

uninstall: uninstall-server uninstall-client

457

173

458

uninstall-server:

174

uninstall-server: $(PREFIX)/sbin/mandos

459

175

-rm --force $(PREFIX)/sbin/mandos \

460

$(PREFIX)/sbin/mandos-ctl \

461

$(PREFIX)/sbin/mandos-monitor \

462

176

$(MANDIR)/man8/mandos.8.gz \

463

$(MANDIR)/man8/mandos-monitor.8.gz \

464

$(MANDIR)/man8/mandos-ctl.8.gz \

465

177

$(MANDIR)/man5/mandos.conf.5.gz \

466

178

$(MANDIR)/man5/mandos-clients.conf.5.gz

467

update-rc.d -f mandos remove

468

179

-rmdir $(CONFDIR)

469

180

470

181

uninstall-client:

471

182

# Refuse to uninstall client if /etc/crypttab is explicitly configured

472

183

# to use it.

473

184

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

474

$(DESTDIR)/etc/crypttab

185

/etc/crypttab

475

186

-rm --force $(PREFIX)/sbin/mandos-keygen \

476

$(LIBDIR)/mandos/plugin-runner \

477

$(LIBDIR)/mandos/plugins.d/password-prompt \

478

$(LIBDIR)/mandos/plugins.d/mandos-client \

479

$(LIBDIR)/mandos/plugins.d/usplash \

480

$(LIBDIR)/mandos/plugins.d/splashy \

481

$(LIBDIR)/mandos/plugins.d/askpass-fifo \

482

$(LIBDIR)/mandos/plugins.d/plymouth \

483

$(INITRAMFSTOOLS)/hooks/mandos \

484

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

485

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

187

$(PREFIX)/lib/mandos/plugin-runner \

188

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

189

$(PREFIX)/lib/mandos/plugins.d/password-request \

190

/usr/share/initramfs-tools/hooks/mandos \

191

/usr/share/initramfs-tools/conf-hooks.d/mandos \

192

$(MANDIR)/man8/plugin-runner.8mandos.gz \

486

193

$(MANDIR)/man8/mandos-keygen.8.gz \

487

$(MANDIR)/man8/plugin-runner.8mandos.gz \

488

$(MANDIR)/man8/mandos-client.8mandos.gz

489

194

$(MANDIR)/man8/password-prompt.8mandos.gz \

490

$(MANDIR)/man8/usplash.8mandos.gz \

491

$(MANDIR)/man8/splashy.8mandos.gz \

492

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

493

$(MANDIR)/man8/plymouth.8mandos.gz \

494

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

495

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

195

$(MANDIR)/man8/password-request.8mandos.gz

196

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

197

$(PREFIX)/lib/mandos $(CONFDIR)

496

198

update-initramfs -k all -u

497

199

498

200

purge: purge-server purge-client

499

201

500

202

purge-server: uninstall-server

501

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

502

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

503

$(DESTDIR)/etc/default/mandos \

504

$(DESTDIR)/etc/init.d/mandos \

505

$(SYSTEMD)/mandos.service \

506

$(DESTDIR)/run/mandos.pid \

507

$(DESTDIR)/var/run/mandos.pid

203

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf

508

204

-rmdir $(CONFDIR)

509

205

510

206

purge-client: uninstall-client

511

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

512

-rm --force $(CONFDIR)/plugin-runner.conf \

513

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

514

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

515

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

207

-rm --force $(CONFDIR)/seckey.txt $(CONFDIR)/pubkey.txt

208

-rmdir $(CONFDIR) $(CONFDIR)/plugins.d

Older »