/mandos/trunk : revision 1131

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2019-07-29 16:35:53 UTC
Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537

Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

files removed:
debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/upstream/metadata

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/po/templates.pot

debian/rules

debian/source/lintian-overrides

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.16

version:=1.8.4

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

done)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

100

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

101

|| gpgme-config --cflags; getconf LFS_CFLAGS)

102

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

103

|| gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

104

getconf LFS_LDFLAGS)

105

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

106

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

107

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

108

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)

GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)

109

110

# Do not change these two

111

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

112

$(LANGUAGE) -DVERSION='"$(version)"'

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

100

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

113

101

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

114

102

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

115

103

159

147

160

148

objects:=$(addsuffix .o,$(CPROGS))

161

149

162

.PHONY: all

163

150

all: $(PROGS) mandos.lsm

164

151

165

.PHONY: doc

166

152

doc: $(DOCS)

167

153

168

.PHONY: html

169

154

html: $(htmldocs)

170

155

171

156

%.5: %.xml common.ent legalnotice.xml

288

273

$@)

289

274

290

275

# Need to add the GnuTLS, Avahi and GPGME libraries

291

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

292

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

293

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

294

) $(AVAHI_LIBS) $(GPGME_LIBS)

276

plugins.d/mandos-client: plugins.d/mandos-client.c

277

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

278

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

279

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

280

) $(LDLIBS) -o $@

295

281

296

282

# Need to add the libnl-route library

297

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

298

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

283

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

284

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

285

) $(LOADLIBES) $(LDLIBS) -o $@

299

286

300

287

# Need to add the GLib and pthread libraries

301

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

302

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

303

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

304

305

.PHONY: clean

288

dracut-module/password-agent: dracut-module/password-agent.c

289

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

290

) $(LOADLIBES) $(LDLIBS) -o $@

291

292

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

293

check run-client run-server install install-html \

294

install-server install-client-nokey install-client uninstall \

295

uninstall-server uninstall-client purge purge-server \

296

purge-client

297

306

298

clean:

307

299

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

308

300

309

.PHONY: distclean

310

301

distclean: clean

311

.PHONY: mostlyclean

312

302

mostlyclean: clean

313

.PHONY: maintainer-clean

314

303

maintainer-clean: clean

315

304

-rm --force --recursive keydir confdir statedir

316

305

317

.PHONY: check

318

306

check: all

319

307

./mandos --check

320

308

./mandos-ctl --check

324

312

./dracut-module/password-agent --test

325

313

326

314

# Run the client with a local config and key

327

.PHONY: run-client

328

run-client: all keydir/seckey.txt keydir/pubkey.txt \

329

keydir/tls-privkey.pem keydir/tls-pubkey.pem

330

@echo '######################################################'

331

@echo '# The following error messages are harmless and can #'

332

@echo '# be safely ignored: #'

333

@echo '## From plugin-runner: #'

334

@echo '# setgid: Operation not permitted #'

335

@echo '# setuid: Operation not permitted #'

336

@echo '## From askpass-fifo: #'

337

@echo '# mkfifo: Permission denied #'

338

@echo '## From mandos-client: #'

339

@echo '# Failed to raise privileges: Operation not permi... #'

340

@echo '# Warning: network hook "*" exited with status * #'

341

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

342

@echo '# Failed to bring up interface "*": Operation not... #'

343

@echo '# #'

344

@echo '# (The messages are caused by not running as root, #'

345

@echo '# but you should NOT run "make run-client" as root #'

346

@echo '# unless you also unpacked and compiled Mandos as #'

347

@echo '# root, which is also NOT recommended.) #'

348

@echo '######################################################'

315

run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem

316

@echo "###################################################################"

317

@echo "# The following error messages are harmless and can be safely #"

318

@echo "# ignored: #"

319

@echo "# From plugin-runner: setgid: Operation not permitted #"

320

@echo "# setuid: Operation not permitted #"

321

@echo "# From askpass-fifo: mkfifo: Permission denied #"

322

@echo "# From mandos-client: #"

323

@echo "# Failed to raise privileges: Operation not permitted #"

324

@echo "# Warning: network hook \"*\" exited with status * #"

325

@echo "# #"

326

@echo "# (The messages are caused by not running as root, but you should #"

327

@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"

328

@echo "# compiled Mandos as root, which is also NOT recommended.) #"

329

@echo "###################################################################"

349

330

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

350

331

./plugin-runner --plugin-dir=plugins.d \

351

332

--plugin-helper-dir=plugin-helpers \

358

339

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

359

340

install --directory keydir

360

341

./mandos-keygen --dir keydir --force

361

if ! [ -e keydir/tls-privkey.pem ]; then \

362

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

363

364

if ! [ -e keydir/tls-pubkey.pem ]; then \

365

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

366

367

342

368

343

# Run the server with a local config

369

.PHONY: run-server

370

344

run-server: confdir/mandos.conf confdir/clients.conf statedir

371

345

./mandos --debug --no-dbus --configdir=confdir \

372

346

--statedir=statedir $(SERVERARGS)

383

357

statedir:

384

358

install --directory statedir

385

359

386

.PHONY: install

387

360

install: install-server install-client-nokey

388

361

389

.PHONY: install-html

390

362

install-html: html

391

363

install --directory $(htmldir)

392

364

install --mode=u=rw,go=r --target-directory=$(htmldir) \

393

365

$(htmldocs)

394

366

395

.PHONY: install-server

396

367

install-server: doc

397

368

install --directory $(CONFDIR)

398

369

if install --directory --mode=u=rwx --owner=$(USER) \

401

372

elif install --directory --mode=u=rwx $(STATEDIR); then \

402

373

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

403

374

404

if [ "$(TMPFILES)" != "$(DESTDIR)" \

405

-a -d "$(TMPFILES)" ]; then \

375

if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \

406

376

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

407

377

$(TMPFILES)/mandos.conf; \

408

378

409

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

410

-a -d "$(SYSUSERS)" ]; then \

411

install --mode=u=rw,go=r sysusers.d-mandos.conf \

412

$(SYSUSERS)/mandos.conf; \

413

414

379

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

415

380

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

416

381

mandos-ctl

445

410

gzip --best --to-stdout intro.8mandos \

446

411

> $(MANDIR)/man8/intro.8mandos.gz

447

412

448

.PHONY: install-client-nokey

449

413

install-client-nokey: all doc

450

414

install --directory $(LIBDIR)/mandos $(CONFDIR)

451

415

install --directory --mode=u=rwx $(KEYDIR) \

452

416

$(LIBDIR)/mandos/plugins.d \

453

417

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

455

-a -d "$(SYSUSERS)" ]; then \

456

install --mode=u=rw,go=r sysusers.d-mandos.conf \

457

$(SYSUSERS)/mandos-client.conf; \

458

459

418

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

460

419

install --mode=u=rwx \

461

420

--directory "$(CONFDIR)/plugins.d" \

466

425

install --mode=u=rwx,go=rx \

467

426

--target-directory=$(LIBDIR)/mandos plugin-runner

468

427

install --mode=u=rwx,go=rx \

469

--target-directory=$(LIBDIR)/mandos \

470

mandos-to-cryptroot-unlock

428

--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock

471

429

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

472

430

mandos-keygen

473

431

install --mode=u=rwx,go=rx \

530

488

gzip --best --to-stdout dracut-module/password-agent.8mandos \

531

489

> $(MANDIR)/man8/password-agent.8mandos.gz

532

490

533

.PHONY: install-client

534

491

install-client: install-client-nokey

535

492

# Post-installation stuff

536

493

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

537

494

if command -v update-initramfs >/dev/null; then \

538

495

update-initramfs -k all -u; \

539

496

elif command -v dracut >/dev/null; then \

540

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

497

for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \

541

498

if [ -w "$$initrd" ]; then \

542

499

chmod go-r "$$initrd"; \

543

500

dracut --force "$$initrd"; \

546

503

547

504

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

548

505

549

.PHONY: uninstall

550

506

uninstall: uninstall-server uninstall-client

551

507

552

.PHONY: uninstall-server

553

508

uninstall-server:

554

509

-rm --force $(PREFIX)/sbin/mandos \

555

510

$(PREFIX)/sbin/mandos-ctl \

562

517

update-rc.d -f mandos remove

563

518

-rmdir $(CONFDIR)

564

519

565

.PHONY: uninstall-client

566

520

uninstall-client:

567

521

# Refuse to uninstall client if /etc/crypttab is explicitly configured

568

522

# to use it.

599

553

if command -v update-initramfs >/dev/null; then \

600

554

update-initramfs -k all -u; \

601

555

elif command -v dracut >/dev/null; then \

602

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

556

for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \

603

557

test -w "$$initrd" && dracut --force "$$initrd"; \

604

558

done; \

605

559

606

560

607

.PHONY: purge

608

561

purge: purge-server purge-client

609

562

610

.PHONY: purge-server

611

563

purge-server: uninstall-server

612

564

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

613

565

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

618

570

$(DESTDIR)/var/run/mandos.pid

619

571

-rmdir $(CONFDIR)

620

572

621

.PHONY: purge-client

622

573

purge-client: uninstall-client

623

574

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

624

575

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »