/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-27 10:11:45 UTC
  • Revision ID: teddy@recompile.se-20190727101145-jnpbpf8220gldbcd
Add dracut(8) support

Add support for the dracut(8) system for generating initramfs image
files; dracut is an alternative to the "initramfs-tools" package.

* .bzrignore (dracut-module/password-agent): Ignore new binary file.
* dracut-module: New directory for the dracut module.
* INSTALL (Prerequisites/Libraries/Mandos Client): Add dracut as an
                                                   alternative to
                                                   initramfs-tools,
                                                   and also add GLib.
* Makefile (DRACUTMODULE, GLIB_CFLAGS, GLIB_LIBS): New.
  (CPROGS): Add "dracut-module/password-agent".
  (DOCS): Add "dracut-module/password-agent.8mandos".
  (dracut-module/password-agent.8mandos): New.
  (dracut-module/password-agent.8mandos.xhtml): - '' -
  (dracut-module/password-agent): - '' -
  (check): Add command to run tests of password-agent(8mandos).
  (install-client-nokey): Also install the dracut module directory,
                          its files, and the password-agent(8mandos)
                          manual page.
  (install-client): To update the initramfs image file, run
                    update-initramfs or dracut depending on what is
                    installed.
  (uninstall-client): - '' - and also uninstall the the files in the
                      dracut module directory, that directory itself,
                      and the password-agent(8mandos) manual page.
* debian/control (Build-Depends): Add "libglib2.0-dev (>=2.40)".
  (Package: mandos-client/Depends): Add "dracut (>= 044+241-3)" as an
                                    alternative dependency to
                                    initramfs-tools.
  (Package: mandos-client/Conflicts): New; set to
                                      "dracut-config-generic".
  (debian/mandos-client.README.Debian): Document alternative commands
                                        to update the initramfs image
                                        for when dracut is used.
* debian/mandos-client.postinst (update_initramfs): Use alternative
                                                    commands to update
                                                    the initramfs
                                                    image for when
                                                    dracut is used.
* debian/tests/control (password-agent, password-agent-suid): Add two
                                                              new tests.
* dracut-module/ask-password-mandos.path: New.
* dracut-module/ask-password-mandos.service: - '' -
* dracut-module/cmdline-mandos.sh: - '' -
* dracut-module/module-setup.sh: - '' -
* dracut-module/password-agent.c: - '' -
* dracut-module/password-agent.xml: - '' -
* initramfs-unpack: Use the dracut "skipcpio" command, if available.
                    Also be more flexible and try hard to detect where
                    compressed data starts.
* plugins.d/mandos-client.xml (SECURITY): Be more precise that the
                                          mandos-client binary might
                                          not always be setuid, but
                                          that the program assumes
                                          that it has been started
                                          that way.
* plugins.d/password-prompt.c: Add new "--prompt" option.
  (conflict_detection): First try to detect the new PID file of
                        plymouth.
  (main): Define and use new "prompt" variable.
* plugins.d/password-prompt.xml (SYNOPSIS): Show new --prompt option.
  (DESCRIPTION): Describe new behavior of looking for plymouth PID
                 file.
  (OPTIONS): Document new "--prompt" option.
  (ENVIRONMENT): Clarify that the CRYPTTAB_SOURCE and CRYPTTAB_NAME
                 environment variables are not used if the --prompt
                 option is used.  Remove unnecessarily specific
                 details about where the CRYPTTAB_SOURCE and
                 CRYPTTAB_NAME comes from, since this can now be
                 either initramfs-tools or dracut.
  (SEE ALSO): Remove superfluous crypttab(5) reference, and add commas
              to separate the other references.
* plugins.d/plymouth.c: Add new "--prompt" and "--debug" options.
  (debug): New global flag.
  (fprintf_plus): New function, used for debug output.
  (exec_and_wait): Add extra "const" to "argv" argument.
  (main): Define and use new "prompt" variable.  Add debug output.
  (main/options, main/parse_opt): New; used to parse options.
* plugins.d/plymouth.xml (SYNOPSIS): Show new options.
  (OPTIONS): Document new options.
  (ENVIRONMENT): Clarify that the cryptsource and crypttarget
                 environment variables are not used if the --prompt
                 option is used.  Remove unnecessarily specific
                 details about where the cryptsource and crypttarget
                 comes from, since this can now be either
                 initramfs-tools or dracut.
  (EXAMPLE): Add an example using an option.
  (SEE ALSO): Remove superfluous crypttab(5) reference.
* plugins.d/splashy.xml (ENVIRONMENT): Clarify that the cryptsource
                                       and crypttarget environment
                                       variables are not used if the
                                       --prompt option is used.
                                       Remove unnecessarily specific
                                       details about where the
                                       cryptsource and crypttarget
                                       comes from, since this can now
                                       be either initramfs-tools or
                                       dracut.
  (SEE ALSO): Remove superfluous crypttab(5) reference.
* plugins.d/usplash.xml (ENVIRONMENT): Clarify that the cryptsource
                                       and crypttarget environment
                                       variables are not used if the
                                       --prompt option is used.
                                       Remove unnecessarily specific
                                       details about where the
                                       cryptsource and crypttarget
                                       comes from, since this can now
                                       be either initramfs-tools or
                                       dracut.
  (SEE ALSO): Remove superfluous crypttab(5) reference.

Show diffs side-by-side

added added

removed removed

Lines of Context:
25
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
56
56
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
57
# MANDIR:=$(PREFIX)/man
58
58
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
59
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
61
# LIBDIR:=$(PREFIX)/lib
61
62
##
66
67
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
68
MANDIR:=$(PREFIX)/share/man
68
69
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
70
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
69
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
70
72
LIBDIR:=$(shell \
71
73
        for d in \
90
92
        getconf LFS_LDFLAGS)
91
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
93
97
 
94
98
# Do not change these two
95
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
107
111
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
112
        $(notdir $<); \
109
113
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
112
 
        fi >/dev/null)
 
114
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
115
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
116
        $(notdir $@); fi >/dev/null)
113
117
 
114
118
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
119
        --param make.year.ranges                1 \
128
132
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
133
        plugins.d/plymouth
130
134
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
 
135
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
136
        $(PLUGIN_HELPERS)
132
137
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
138
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
139
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
140
        dracut-module/password-agent.8mandos \
135
141
        plugins.d/mandos-client.8mandos \
136
142
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
143
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
209
215
                overview.xml legalnotice.xml
210
216
        $(DOCBOOKTOHTML)
211
217
 
 
218
dracut-module/password-agent.8mandos: \
 
219
                dracut-module/password-agent.xml common.ent \
 
220
                overview.xml legalnotice.xml
 
221
        $(DOCBOOKTOMAN)
 
222
dracut-module/password-agent.8mandos.xhtml: \
 
223
                dracut-module/password-agent.xml common.ent \
 
224
                overview.xml legalnotice.xml
 
225
        $(DOCBOOKTOHTML)
 
226
 
212
227
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
213
228
                                        common.ent \
214
229
                                        mandos-options.xml \
260
275
# Need to add the GnuTLS, Avahi and GPGME libraries
261
276
plugins.d/mandos-client: plugins.d/mandos-client.c
262
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
264
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
280
                ) $(LDLIBS) -o $@
266
281
 
 
282
# Need to add the libnl-route library
267
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
270
286
 
 
287
# Need to add the GLib and pthread libraries
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
271
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
293
        check run-client run-server install install-html \
273
294
        install-server install-client-nokey install-client uninstall \
282
303
maintainer-clean: clean
283
304
        -rm --force --recursive keydir confdir statedir
284
305
 
285
 
check:  all
 
306
check: all
286
307
        ./mandos --check
287
308
        ./mandos-ctl --check
 
309
        ./mandos-keygen --version
 
310
        ./plugin-runner --version
 
311
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
312
        ./dracut-module/password-agent --test
288
313
 
289
314
# Run the client with a local config and key
290
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
434
459
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
460
        install initramfs-tools-script-stop \
436
461
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
462
        install --directory $(DRACUTMODULE)
 
463
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
464
                dracut-module/ask-password-mandos.path \
 
465
                dracut-module/ask-password-mandos.service
 
466
        install --mode=u=rwxs,go=rx \
 
467
                --target-directory=$(DRACUTMODULE) \
 
468
                dracut-module/module-setup.sh \
 
469
                dracut-module/cmdline-mandos.sh \
 
470
                dracut-module/password-agent
437
471
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
438
472
        gzip --best --to-stdout mandos-keygen.8 \
439
473
                > $(MANDIR)/man8/mandos-keygen.8.gz
451
485
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
452
486
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
453
487
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
454
490
 
455
491
install-client: install-client-nokey
456
492
# Post-installation stuff
457
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
458
 
        update-initramfs -k all -u
 
494
        if command -v update-initramfs >/dev/null; then \
 
495
            update-initramfs -k all -u; \
 
496
        elif command -v dracut >/dev/null; then \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
498
                if [ -w "$$initrd" ]; then \
 
499
                    chmod go-r "$$initrd"; \
 
500
                    dracut --force "$$initrd"; \
 
501
                fi; \
 
502
            done; \
 
503
        fi
459
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
460
505
 
461
506
uninstall: uninstall-server uninstall-client
488
533
                $(INITRAMFSTOOLS)/hooks/mandos \
489
534
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
490
535
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
536
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
537
                $(DRACUTMODULE)/ask-password-mandos.path \
 
538
                $(DRACUTMODULE)/ask-password-mandos.service \
 
539
                $(DRACUTMODULE)/module-setup.sh \
 
540
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
541
                $(DRACUTMODULE)/password-agent \
491
542
                $(MANDIR)/man8/mandos-keygen.8.gz \
492
543
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
493
544
                $(MANDIR)/man8/mandos-client.8mandos.gz
496
547
                $(MANDIR)/man8/splashy.8mandos.gz \
497
548
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
498
549
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
550
                $(MANDIR)/man8/password-agent.8mandos.gz \
499
551
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
500
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
501
 
        update-initramfs -k all -u
 
552
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
553
        if command -v update-initramfs >/dev/null; then \
 
554
            update-initramfs -k all -u; \
 
555
        elif command -v dracut >/dev/null; then \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
558
            done; \
 
559
        fi
502
560
 
503
561
purge: purge-server purge-client
504
562