25
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
FEATURES:=-D_FILE_OFFSET_BITS=64
48
PKG_CONFIG?=pkg-config
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
|| getent passwd nobody || echo 65534)))
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
|| getent group nogroup || echo 65534)))
55
LINUXVERSION:=$(shell uname --kernel-release)
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
49
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
57
51
## Use these settings for a traditional /usr/local install
58
52
# PREFIX:=$(DESTDIR)/usr/local
71
64
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
65
MANDIR:=$(PREFIX)/share/man
73
66
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
67
STATEDIR:=$(DESTDIR)/var/lib/mandos
78
"/usr/lib/`dpkg-architecture \
79
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
70
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
71
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
72
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
73
echo "$(DESTDIR)$$d"; \
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
--variable=systemdsystemunitdir)
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
--variable=tmpfilesdir)
92
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
--variable=sysusersdir)
79
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
80
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
95
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
82
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
83
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
84
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
85
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
99
86
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
87
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
101
88
getconf LFS_LDFLAGS)
102
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
89
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
90
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
107
92
# Do not change these two
108
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
110
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
93
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
94
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
95
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
113
97
# Commands to format a DocBook <refentry> document into a manual page
114
98
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
120
104
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
122
106
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
123
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
124
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
125
$(notdir $@); fi >/dev/null)
107
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
108
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
127
111
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
128
112
--param make.year.ranges 1 \
141
125
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
142
126
plugins.d/plymouth
143
127
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
144
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
128
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
146
129
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
147
130
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
148
131
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
149
dracut-module/password-agent.8mandos \
150
132
plugins.d/mandos-client.8mandos \
151
133
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
152
134
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
224
206
overview.xml legalnotice.xml
227
dracut-module/password-agent.8mandos: \
228
dracut-module/password-agent.xml common.ent \
229
overview.xml legalnotice.xml
231
dracut-module/password-agent.8mandos.xhtml: \
232
dracut-module/password-agent.xml common.ent \
233
overview.xml legalnotice.xml
236
209
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
238
211
mandos-options.xml \
284
257
# Need to add the GnuTLS, Avahi and GPGME libraries
285
258
plugins.d/mandos-client: plugins.d/mandos-client.c
286
259
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
287
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
260
) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
288
261
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
289
262
) $(LDLIBS) -o $@
291
# Need to add the libnl-route library
292
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
293
265
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
294
266
) $(LOADLIBES) $(LDLIBS) -o $@
296
# Need to add the GLib and pthread libraries
297
dracut-module/password-agent: dracut-module/password-agent.c
298
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
299
) $(LOADLIBES) $(LDLIBS) -o $@
301
268
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
302
269
check run-client run-server install install-html \
303
270
install-server install-client-nokey install-client uninstall \
312
279
maintainer-clean: clean
313
280
-rm --force --recursive keydir confdir statedir
317
284
./mandos-ctl --check
318
./mandos-keygen --version
319
./plugin-runner --version
320
./plugin-helpers/mandos-client-iprouteadddel --version
321
./dracut-module/password-agent --test
323
286
# Run the client with a local config and key
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
@echo '######################################################'
327
@echo '# The following error messages are harmless and can #'
328
@echo '# be safely ignored: #'
329
@echo '## From plugin-runner: #'
330
@echo '# setgid: Operation not permitted #'
331
@echo '# setuid: Operation not permitted #'
332
@echo '## From askpass-fifo: #'
333
@echo '# mkfifo: Permission denied #'
334
@echo '## From mandos-client: #'
335
@echo '# Failed to raise privileges: Operation not permi... #'
336
@echo '# Warning: network hook "*" exited with status * #'
337
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
@echo '# Failed to bring up interface "*": Operation not... #'
340
@echo '# (The messages are caused by not running as root, #'
341
@echo '# but you should NOT run "make run-client" as root #'
342
@echo '# unless you also unpacked and compiled Mandos as #'
343
@echo '# root, which is also NOT recommended.) #'
344
@echo '######################################################'
287
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
288
@echo "###################################################################"
289
@echo "# The following error messages are harmless and can be safely #"
291
@echo "# From plugin-runner: setgid: Operation not permitted #"
292
@echo "# setuid: Operation not permitted #"
293
@echo "# From askpass-fifo: mkfifo: Permission denied #"
294
@echo "# From mandos-client: #"
295
@echo "# Failed to raise privileges: Operation not permitted #"
296
@echo "# Warning: network hook \"*\" exited with status * #"
298
@echo "# (The messages are caused by not running as root, but you should #"
299
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
300
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
301
@echo "###################################################################"
345
302
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
346
303
./plugin-runner --plugin-dir=plugins.d \
347
304
--plugin-helper-dir=plugin-helpers \
387
344
elif install --directory --mode=u=rwx $(STATEDIR); then \
388
345
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
390
if [ "$(TMPFILES)" != "$(DESTDIR)" \
391
-a -d "$(TMPFILES)" ]; then \
347
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
392
348
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
393
349
$(TMPFILES)/mandos.conf; \
395
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
396
-a -d "$(SYSUSERS)" ]; then \
397
install --mode=u=rw,go=r sysusers.d-mandos.conf \
398
$(SYSUSERS)/mandos.conf; \
400
351
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
401
352
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
436
387
install --directory --mode=u=rwx $(KEYDIR) \
437
388
$(LIBDIR)/mandos/plugins.d \
438
389
$(LIBDIR)/mandos/plugin-helpers
439
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
440
-a -d "$(SYSUSERS)" ]; then \
441
install --mode=u=rw,go=r sysusers.d-mandos.conf \
442
$(SYSUSERS)/mandos-client.conf; \
444
390
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
445
391
install --mode=u=rwx \
446
392
--directory "$(CONFDIR)/plugins.d" \
451
397
install --mode=u=rwx,go=rx \
452
398
--target-directory=$(LIBDIR)/mandos plugin-runner
453
399
install --mode=u=rwx,go=rx \
454
--target-directory=$(LIBDIR)/mandos \
455
mandos-to-cryptroot-unlock
400
--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
456
401
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
458
403
install --mode=u=rwx,go=rx \
486
431
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
487
432
install initramfs-tools-script-stop \
488
433
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
489
install --directory $(DRACUTMODULE)
490
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
491
dracut-module/ask-password-mandos.path \
492
dracut-module/ask-password-mandos.service
493
install --mode=u=rwxs,go=rx \
494
--target-directory=$(DRACUTMODULE) \
495
dracut-module/module-setup.sh \
496
dracut-module/cmdline-mandos.sh \
497
dracut-module/password-agent
498
434
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
499
435
gzip --best --to-stdout mandos-keygen.8 \
500
436
> $(MANDIR)/man8/mandos-keygen.8.gz
512
448
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
513
449
gzip --best --to-stdout plugins.d/plymouth.8mandos \
514
450
> $(MANDIR)/man8/plymouth.8mandos.gz
515
gzip --best --to-stdout dracut-module/password-agent.8mandos \
516
> $(MANDIR)/man8/password-agent.8mandos.gz
518
452
install-client: install-client-nokey
519
453
# Post-installation stuff
520
454
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
521
if command -v update-initramfs >/dev/null; then \
522
update-initramfs -k all -u; \
523
elif command -v dracut >/dev/null; then \
524
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
525
if [ -w "$$initrd" ]; then \
526
chmod go-r "$$initrd"; \
527
dracut --force "$$initrd"; \
455
update-initramfs -k all -u
531
456
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
533
458
uninstall: uninstall-server uninstall-client
560
485
$(INITRAMFSTOOLS)/hooks/mandos \
561
486
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
562
487
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
563
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
564
$(DRACUTMODULE)/ask-password-mandos.path \
565
$(DRACUTMODULE)/ask-password-mandos.service \
566
$(DRACUTMODULE)/module-setup.sh \
567
$(DRACUTMODULE)/cmdline-mandos.sh \
568
$(DRACUTMODULE)/password-agent \
569
488
$(MANDIR)/man8/mandos-keygen.8.gz \
570
489
$(MANDIR)/man8/plugin-runner.8mandos.gz \
571
490
$(MANDIR)/man8/mandos-client.8mandos.gz
574
493
$(MANDIR)/man8/splashy.8mandos.gz \
575
494
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
576
495
$(MANDIR)/man8/plymouth.8mandos.gz \
577
$(MANDIR)/man8/password-agent.8mandos.gz \
578
496
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
579
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
580
if command -v update-initramfs >/dev/null; then \
581
update-initramfs -k all -u; \
582
elif command -v dracut >/dev/null; then \
583
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
584
test -w "$$initrd" && dracut --force "$$initrd"; \
497
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
498
update-initramfs -k all -u
588
500
purge: purge-server purge-client