To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 1111
- compare with another revision
- download diff
- download tarball
- view history from revision 1111
- Committer: Teddy Hogeborn
- Date: 2019-07-14 22:39:15 UTC
- Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
- files added:
- bugs.xml
- debian/upstream
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
-Wunsafe-loop-optimizations -Wpointer-arith \
5
7
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
LINK_FORTIFY_LD=-z relro -z now
15
LINK_FORTIFY=
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
16
35
17
36
# If BROKEN_PIE is set, do not build with -pie
18
37
ifndef BROKEN_PIE
20
39
LINK_FORTIFY += -pie
21
40
endif
22
41
#COVERAGE=--coverage
23
OPTIMIZE=-Os
24
LANGUAGE=-std=gnu99
25
htmldir=man
26
version=1.4.1
27
SED=sed
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
htmldir:=man
45
version:=1.8.4
46
SED:=sed
47
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
49
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
28
50
29
51
## Use these settings for a traditional /usr/local install
30
# PREFIX=$(DESTDIR)/usr/local
31
# CONFDIR=$(DESTDIR)/etc/mandos
32
# KEYDIR=$(DESTDIR)/etc/mandos/keys
33
# MANDIR=$(PREFIX)/man
34
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
52
# PREFIX:=$(DESTDIR)/usr/local
53
# CONFDIR:=$(DESTDIR)/etc/mandos
54
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
55
# MANDIR:=$(PREFIX)/man
56
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
57
# STATEDIR:=$(DESTDIR)/var/lib/mandos
58
# LIBDIR:=$(PREFIX)/lib
35
59
##
36
60
37
61
## These settings are for a package-type install
38
PREFIX=$(DESTDIR)/usr
39
CONFDIR=$(DESTDIR)/etc/mandos
40
KEYDIR=$(DESTDIR)/etc/keys/mandos
41
MANDIR=$(PREFIX)/share/man
42
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
62
PREFIX:=$(DESTDIR)/usr
63
CONFDIR:=$(DESTDIR)/etc/mandos
64
KEYDIR:=$(DESTDIR)/etc/keys/mandos
65
MANDIR:=$(PREFIX)/share/man
66
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
67
STATEDIR:=$(DESTDIR)/var/lib/mandos
68
LIBDIR:=$(shell \
69
for d in \
70
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
71
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
72
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
73
echo "$(DESTDIR)$$d"; \
74
break; \
75
fi; \
76
done)
43
77
##
44
78
45
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
46
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
47
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
48
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
49
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
50
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
79
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
80
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
81
82
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
83
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
84
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
85
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
86
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
87
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
51
88
getconf LFS_LDFLAGS)
89
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
90
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
52
91
53
92
# Do not change these two
54
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
55
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
56
-DVERSION='"$(version)"'
57
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
93
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
94
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
95
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
58
96
59
97
# Commands to format a DocBook <refentry> document into a manual page
60
98
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
63
101
--param make.single.year.ranges 1 \
64
102
--param man.output.quietly 1 \
65
103
--param man.authors.section.enabled 0 \
66
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
104
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
67
105
$(notdir $<); \
68
$(MANPOST) $(notdir $@);\
69
LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \
70
--local-file $(notdir $@) >/dev/null)
71
# DocBook-to-man post-processing to fix a '\n' escape bug
72
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
106
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
107
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
108
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
109
fi >/dev/null)
73
110
74
111
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
75
112
--param make.year.ranges 1 \
81
118
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
82
119
$<; $(HTMLPOST) $@)
83
120
# Fix citerefentry links
84
HTMLPOST=$(SED) --in-place \
121
HTMLPOST:=$(SED) --in-place \
85
122
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
86
123
87
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
124
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
88
125
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
89
126
plugins.d/plymouth
90
CPROGS=plugin-runner $(PLUGINS)
91
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
92
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
127
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
128
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
129
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
130
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
93
131
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
94
132
plugins.d/mandos-client.8mandos \
95
133
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
96
134
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
97
135
plugins.d/plymouth.8mandos intro.8mandos
98
136
99
htmldocs=$(addsuffix .xhtml,$(DOCS))
137
htmldocs:=$(addsuffix .xhtml,$(DOCS))
100
138
101
objects=$(addsuffix .o,$(CPROGS))
139
objects:=$(addsuffix .o,$(CPROGS))
102
140
103
141
all: $(PROGS) mandos.lsm
104
142
216
254
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
217
255
$@)
218
256
257
# Need to add the GnuTLS, Avahi and GPGME libraries
219
258
plugins.d/mandos-client: plugins.d/mandos-client.c
220
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
221
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
222
223
.PHONY : all doc html clean distclean run-client run-server install \
224
install-server install-client uninstall uninstall-server \
225
uninstall-client purge purge-server purge-client
259
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
260
) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
261
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
262
) $(LDLIBS) -o $@
263
264
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
265
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
266
) $(LOADLIBES) $(LDLIBS) -o $@
267
268
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
269
check run-client run-server install install-html \
270
install-server install-client-nokey install-client uninstall \
271
uninstall-server uninstall-client purge purge-server \
272
purge-client
226
273
227
274
clean:
228
275
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
230
277
distclean: clean
231
278
mostlyclean: clean
232
279
maintainer-clean: clean
233
-rm --force --recursive keydir confdir
280
-rm --force --recursive keydir confdir statedir
234
281
235
282
check: all
236
283
./mandos --check
284
./mandos-ctl --check
237
285
238
286
# Run the client with a local config and key
239
run-client: all keydir/seckey.txt keydir/pubkey.txt
287
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
240
288
@echo "###################################################################"
241
289
@echo "# The following error messages are harmless and can be safely #"
242
@echo "# ignored. The messages are caused by not running as root, but #"
243
@echo "# you should NOT run \"make run-client\" as root unless you also #"
244
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
245
@echo "# From plugin-runner: setuid: Operation not permitted #"
290
@echo "# ignored: #"
291
@echo "# From plugin-runner: setgid: Operation not permitted #"
292
@echo "# setuid: Operation not permitted #"
246
293
@echo "# From askpass-fifo: mkfifo: Permission denied #"
247
@echo "# From mandos-client: setuid: Operation not permitted #"
248
@echo "# seteuid: Operation not permitted #"
249
@echo "# klogctl: Operation not permitted #"
294
@echo "# From mandos-client: #"
295
@echo "# Failed to raise privileges: Operation not permitted #"
296
@echo "# Warning: network hook \"*\" exited with status * #"
297
@echo "# #"
298
@echo "# (The messages are caused by not running as root, but you should #"
299
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
300
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
250
301
@echo "###################################################################"
302
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
251
303
./plugin-runner --plugin-dir=plugins.d \
304
--plugin-helper-dir=plugin-helpers \
252
305
--config-file=plugin-runner.conf \
253
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
306
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
307
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
254
308
$(CLIENTARGS)
255
309
256
310
# Used by run-client
257
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
311
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
258
312
install --directory keydir
259
313
./mandos-keygen --dir keydir --force
260
314
261
315
# Run the server with a local config
262
run-server: confdir/mandos.conf confdir/clients.conf
263
@echo "#################################################################"
264
@echo "# NOTE: Please IGNORE the error about \"Could not open file #"
265
@echo "# u'/var/run/mandos.pid'\" - it is harmless and is caused by #"
266
@echo "# the server not running as root. Do NOT run \"make run-server\" #"
267
@echo "# server as root if you didn't also unpack and compile it thus. #"
268
@echo "#################################################################"
269
./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
316
run-server: confdir/mandos.conf confdir/clients.conf statedir
317
./mandos --debug --no-dbus --configdir=confdir \
318
--statedir=statedir $(SERVERARGS)
270
319
271
320
# Used by run-server
272
321
confdir/mandos.conf: mandos.conf
273
322
install --directory confdir
274
323
install --mode=u=rw,go=r $^ $@
275
confdir/clients.conf: clients.conf keydir/seckey.txt
324
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
276
325
install --directory confdir
277
326
install --mode=u=rw $< $@
278
327
# Add a client password
279
./mandos-keygen --dir keydir --password >> $@
328
./mandos-keygen --dir keydir --password --no-ssh >> $@
329
statedir:
330
install --directory statedir
280
331
281
332
install: install-server install-client-nokey
282
333
287
338
288
339
install-server: doc
289
340
install --directory $(CONFDIR)
341
if install --directory --mode=u=rwx --owner=$(USER) \
342
--group=$(GROUP) $(STATEDIR); then \
343
:; \
344
elif install --directory --mode=u=rwx $(STATEDIR); then \
345
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
346
fi
347
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
348
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
349
$(TMPFILES)/mandos.conf; \
350
fi
290
351
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
291
352
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
292
353
mandos-ctl
300
361
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
301
362
install --mode=u=rwx,go=rx init.d-mandos \
302
363
$(DESTDIR)/etc/init.d/mandos
364
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
365
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
366
fi
303
367
install --mode=u=rw,go=r default-mandos \
304
368
$(DESTDIR)/etc/default/mandos
305
369
if [ -z $(DESTDIR) ]; then \
315
379
> $(MANDIR)/man5/mandos.conf.5.gz
316
380
gzip --best --to-stdout mandos-clients.conf.5 \
317
381
> $(MANDIR)/man5/mandos-clients.conf.5.gz
382
gzip --best --to-stdout intro.8mandos \
383
> $(MANDIR)/man8/intro.8mandos.gz
318
384
319
385
install-client-nokey: all doc
320
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
386
install --directory $(LIBDIR)/mandos $(CONFDIR)
321
387
install --directory --mode=u=rwx $(KEYDIR) \
322
$(PREFIX)/lib/mandos/plugins.d
323
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
388
$(LIBDIR)/mandos/plugins.d \
389
$(LIBDIR)/mandos/plugin-helpers
390
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
324
391
install --mode=u=rwx \
325
--directory "$(CONFDIR)/plugins.d"; \
392
--directory "$(CONFDIR)/plugins.d" \
393
"$(CONFDIR)/plugin-helpers"; \
326
394
fi
327
395
install --mode=u=rwx,go=rx --directory \
328
396
"$(CONFDIR)/network-hooks.d"
329
397
install --mode=u=rwx,go=rx \
330
--target-directory=$(PREFIX)/lib/mandos plugin-runner
398
--target-directory=$(LIBDIR)/mandos plugin-runner
399
install --mode=u=rwx,go=rx \
400
--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
331
401
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
332
402
mandos-keygen
333
403
install --mode=u=rwx,go=rx \
334
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
404
--target-directory=$(LIBDIR)/mandos/plugins.d \
335
405
plugins.d/password-prompt
336
406
install --mode=u=rwxs,go=rx \
337
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
407
--target-directory=$(LIBDIR)/mandos/plugins.d \
338
408
plugins.d/mandos-client
339
409
install --mode=u=rwxs,go=rx \
340
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
410
--target-directory=$(LIBDIR)/mandos/plugins.d \
341
411
plugins.d/usplash
342
412
install --mode=u=rwxs,go=rx \
343
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
413
--target-directory=$(LIBDIR)/mandos/plugins.d \
344
414
plugins.d/splashy
345
415
install --mode=u=rwxs,go=rx \
346
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
416
--target-directory=$(LIBDIR)/mandos/plugins.d \
347
417
plugins.d/askpass-fifo
348
418
install --mode=u=rwxs,go=rx \
349
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
419
--target-directory=$(LIBDIR)/mandos/plugins.d \
350
420
plugins.d/plymouth
421
install --mode=u=rwx,go=rx \
422
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
423
plugin-helpers/mandos-client-iprouteadddel
351
424
install initramfs-tools-hook \
352
425
$(INITRAMFSTOOLS)/hooks/mandos
353
install --mode=u=rw,go=r initramfs-tools-hook-conf \
354
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
426
install --mode=u=rw,go=r initramfs-tools-conf \
427
$(INITRAMFSTOOLS)/conf.d/mandos-conf
428
install --mode=u=rw,go=r initramfs-tools-conf-hook \
429
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
355
430
install initramfs-tools-script \
356
431
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
432
install initramfs-tools-script-stop \
433
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
357
434
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
358
435
gzip --best --to-stdout mandos-keygen.8 \
359
436
> $(MANDIR)/man8/mandos-keygen.8.gz
398
475
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
399
476
$(DESTDIR)/etc/crypttab
400
477
-rm --force $(PREFIX)/sbin/mandos-keygen \
401
$(PREFIX)/lib/mandos/plugin-runner \
402
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
403
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
404
$(PREFIX)/lib/mandos/plugins.d/usplash \
405
$(PREFIX)/lib/mandos/plugins.d/splashy \
406
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
407
$(PREFIX)/lib/mandos/plugins.d/plymouth \
478
$(LIBDIR)/mandos/plugin-runner \
479
$(LIBDIR)/mandos/plugins.d/password-prompt \
480
$(LIBDIR)/mandos/plugins.d/mandos-client \
481
$(LIBDIR)/mandos/plugins.d/usplash \
482
$(LIBDIR)/mandos/plugins.d/splashy \
483
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
484
$(LIBDIR)/mandos/plugins.d/plymouth \
408
485
$(INITRAMFSTOOLS)/hooks/mandos \
409
486
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
410
487
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
416
493
$(MANDIR)/man8/splashy.8mandos.gz \
417
494
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
418
495
$(MANDIR)/man8/plymouth.8mandos.gz \
419
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
420
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
496
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
497
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
421
498
update-initramfs -k all -u
422
499
423
500
purge: purge-server purge-client
427
504
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
428
505
$(DESTDIR)/etc/default/mandos \
429
506
$(DESTDIR)/etc/init.d/mandos \
507
$(SYSTEMD)/mandos.service \
508
$(DESTDIR)/run/mandos.pid \
430
509
$(DESTDIR)/var/run/mandos.pid
431
510
-rmdir $(CONFDIR)
432
511
433
512
purge-client: uninstall-client
434
-shred --remove $(KEYDIR)/seckey.txt
513
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
435
514
-rm --force $(CONFDIR)/plugin-runner.conf \
436
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
515
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
516
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
437
517
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0