/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-14 22:39:15 UTC
  • Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging

The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious.  It has
become clear that sanitizing is only really meant for use while
debugging.

As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.

* Makefile (DEBUG): Add "$(SANITIZE)".
  (SANITIZE): Comment out.
  (CFLAGS): Remove "$(SANITIZE)".
  (plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
                             we no longer need to remove the leak
                             sanitizer by overriding CFLAGS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
25
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
 
28
        -fsanitize=enum
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
45
45
version:=1.8.4
46
46
SED:=sed
47
47
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
49
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
52
50
 
53
51
## Use these settings for a traditional /usr/local install
54
52
# PREFIX:=$(DESTDIR)/usr/local
56
54
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
55
# MANDIR:=$(PREFIX)/man
58
56
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
59
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
60
57
# STATEDIR:=$(DESTDIR)/var/lib/mandos
61
58
# LIBDIR:=$(PREFIX)/lib
62
59
##
67
64
KEYDIR:=$(DESTDIR)/etc/keys/mandos
68
65
MANDIR:=$(PREFIX)/share/man
69
66
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
70
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
71
67
STATEDIR:=$(DESTDIR)/var/lib/mandos
72
68
LIBDIR:=$(shell \
73
69
        for d in \
92
88
        getconf LFS_LDFLAGS)
93
89
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
94
90
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
95
 
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
96
 
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
97
91
 
98
92
# Do not change these two
99
93
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
100
94
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
101
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
102
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
95
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
103
96
 
104
97
# Commands to format a DocBook <refentry> document into a manual page
105
98
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
111
104
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
112
105
        $(notdir $<); \
113
106
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
114
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
115
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
116
 
        $(notdir $@); fi >/dev/null)
 
107
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
 
108
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
 
109
        fi >/dev/null)
117
110
 
118
111
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
119
112
        --param make.year.ranges                1 \
132
125
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
133
126
        plugins.d/plymouth
134
127
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
135
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
136
 
        $(PLUGIN_HELPERS)
 
128
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
137
129
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
138
130
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
139
131
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
140
 
        dracut-module/password-agent.8mandos \
141
132
        plugins.d/mandos-client.8mandos \
142
133
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
143
134
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
215
206
                overview.xml legalnotice.xml
216
207
        $(DOCBOOKTOHTML)
217
208
 
218
 
dracut-module/password-agent.8mandos: \
219
 
                dracut-module/password-agent.xml common.ent \
220
 
                overview.xml legalnotice.xml
221
 
        $(DOCBOOKTOMAN)
222
 
dracut-module/password-agent.8mandos.xhtml: \
223
 
                dracut-module/password-agent.xml common.ent \
224
 
                overview.xml legalnotice.xml
225
 
        $(DOCBOOKTOHTML)
226
 
 
227
209
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
228
210
                                        common.ent \
229
211
                                        mandos-options.xml \
275
257
# Need to add the GnuTLS, Avahi and GPGME libraries
276
258
plugins.d/mandos-client: plugins.d/mandos-client.c
277
259
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
278
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
260
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
279
261
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
280
262
                ) $(LDLIBS) -o $@
281
263
 
282
 
# Need to add the libnl-route library
283
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
284
265
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
285
266
                ) $(LOADLIBES) $(LDLIBS) -o $@
286
267
 
287
 
# Need to add the GLib and pthread libraries
288
 
dracut-module/password-agent: dracut-module/password-agent.c
289
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
290
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
291
 
 
292
268
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
293
269
        check run-client run-server install install-html \
294
270
        install-server install-client-nokey install-client uninstall \
303
279
maintainer-clean: clean
304
280
        -rm --force --recursive keydir confdir statedir
305
281
 
306
 
check: all
 
282
check:  all
307
283
        ./mandos --check
308
284
        ./mandos-ctl --check
309
 
        ./mandos-keygen --version
310
 
        ./plugin-runner --version
311
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
312
 
        ./dracut-module/password-agent --test
313
285
 
314
286
# Run the client with a local config and key
315
287
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
459
431
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
460
432
        install initramfs-tools-script-stop \
461
433
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
462
 
        install --directory $(DRACUTMODULE)
463
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
464
 
                dracut-module/ask-password-mandos.path \
465
 
                dracut-module/ask-password-mandos.service
466
 
        install --mode=u=rwxs,go=rx \
467
 
                --target-directory=$(DRACUTMODULE) \
468
 
                dracut-module/module-setup.sh \
469
 
                dracut-module/cmdline-mandos.sh \
470
 
                dracut-module/password-agent
471
434
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
472
435
        gzip --best --to-stdout mandos-keygen.8 \
473
436
                > $(MANDIR)/man8/mandos-keygen.8.gz
485
448
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
486
449
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
487
450
                > $(MANDIR)/man8/plymouth.8mandos.gz
488
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
489
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
490
451
 
491
452
install-client: install-client-nokey
492
453
# Post-installation stuff
493
454
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
494
 
        if command -v update-initramfs >/dev/null; then \
495
 
            update-initramfs -k all -u; \
496
 
        elif command -v dracut >/dev/null; then \
497
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
498
 
                if [ -w "$$initrd" ]; then \
499
 
                    chmod go-r "$$initrd"; \
500
 
                    dracut --force "$$initrd"; \
501
 
                fi; \
502
 
            done; \
503
 
        fi
 
455
        update-initramfs -k all -u
504
456
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
505
457
 
506
458
uninstall: uninstall-server uninstall-client
533
485
                $(INITRAMFSTOOLS)/hooks/mandos \
534
486
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
535
487
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
536
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
537
 
                $(DRACUTMODULE)/ask-password-mandos.path \
538
 
                $(DRACUTMODULE)/ask-password-mandos.service \
539
 
                $(DRACUTMODULE)/module-setup.sh \
540
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
541
 
                $(DRACUTMODULE)/password-agent \
542
488
                $(MANDIR)/man8/mandos-keygen.8.gz \
543
489
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
544
490
                $(MANDIR)/man8/mandos-client.8mandos.gz
547
493
                $(MANDIR)/man8/splashy.8mandos.gz \
548
494
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
549
495
                $(MANDIR)/man8/plymouth.8mandos.gz \
550
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
551
496
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
552
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
553
 
        if command -v update-initramfs >/dev/null; then \
554
 
            update-initramfs -k all -u; \
555
 
        elif command -v dracut >/dev/null; then \
556
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
557
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
558
 
            done; \
559
 
        fi
 
497
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
 
498
        update-initramfs -k all -u
560
499
 
561
500
purge: purge-server purge-client
562
501