/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
 
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
3
 
        -Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
 
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
 
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
 
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
 
5
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
        -Wunsafe-loop-optimizations -Wpointer-arith \
5
7
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
 
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
7
 
        -Wpacked -Wnested-externs -Wunreachable-code -Winline \
8
 
        -Wvolatile-register-var
9
 
DEBUG=-ggdb3
10
 
# For info about _FORTIFY_SOURCE, see
11
 
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
12
 
FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all
 
8
        -Wconversion -Wlogical-op -Waggregate-return \
 
9
        -Wstrict-prototypes -Wold-style-definition \
 
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
 
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
 
12
        -Wvolatile-register-var -Woverlength-strings
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
 
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
 
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
 
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
 
22
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
 
23
        -fsanitize=return -fsanitize=signed-integer-overflow \
 
24
        -fsanitize=bounds -fsanitize=alignment \
 
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
 
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
 
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
33
LINK_FORTIFY_LD:=-z relro -z now
 
34
LINK_FORTIFY:=
 
35
 
 
36
# If BROKEN_PIE is set, do not build with -pie
 
37
ifndef BROKEN_PIE
 
38
FORTIFY += -fPIE
 
39
LINK_FORTIFY += -pie
 
40
endif
13
41
#COVERAGE=--coverage
14
 
OPTIMIZE=-Os
15
 
LANGUAGE=-std=gnu99
16
 
# PREFIX=/usr/local
17
 
PREFIX=$(DESTDIR)/usr
18
 
# CONFDIR=/usr/local/lib/mandos
19
 
CONFDIR=$(DESTDIR)/etc/mandos
20
 
# MANDIR=/usr/local/man
21
 
MANDIR=$(DESTDIR)/usr/share/man
22
 
 
23
 
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
24
 
GNUTLS_LIBS=$(shell libgnutls-config --libs)
25
 
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
26
 
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
27
 
GPGME_CFLAGS=$(shell gpgme-config --cflags)
28
 
GPGME_LIBS=$(shell gpgme-config --libs)
 
42
OPTIMIZE:=-Os -fno-strict-aliasing
 
43
LANGUAGE:=-std=gnu11
 
44
htmldir:=man
 
45
version:=1.8.4
 
46
SED:=sed
 
47
 
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
49
        || getent passwd nobody || echo 65534)))
 
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
51
        || getent group nogroup || echo 65534)))
 
52
 
 
53
## Use these settings for a traditional /usr/local install
 
54
# PREFIX:=$(DESTDIR)/usr/local
 
55
# CONFDIR:=$(DESTDIR)/etc/mandos
 
56
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
 
57
# MANDIR:=$(PREFIX)/man
 
58
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
 
61
# LIBDIR:=$(PREFIX)/lib
 
62
##
 
63
 
 
64
## These settings are for a package-type install
 
65
PREFIX:=$(DESTDIR)/usr
 
66
CONFDIR:=$(DESTDIR)/etc/mandos
 
67
KEYDIR:=$(DESTDIR)/etc/keys/mandos
 
68
MANDIR:=$(PREFIX)/share/man
 
69
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
70
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
 
72
LIBDIR:=$(shell \
 
73
        for d in \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
 
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
 
77
                        echo "$(DESTDIR)$$d"; \
 
78
                        break; \
 
79
                fi; \
 
80
        done)
 
81
##
 
82
 
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
85
 
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
92
        getconf LFS_LDFLAGS)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
29
97
 
30
98
# Do not change these two
31
 
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
32
 
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
33
 
LDFLAGS=$(COVERAGE)
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
34
103
 
35
 
# Commands to format a DocBook refentry document into a manual page
36
 
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
 
104
# Commands to format a DocBook <refentry> document into a manual page
 
105
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
37
106
        --param man.charmap.use.subset          0 \
38
107
        --param make.year.ranges                1 \
39
108
        --param make.single.year.ranges         1 \
40
109
        --param man.output.quietly              1 \
41
110
        --param man.authors.section.enabled     0 \
42
 
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
111
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
43
112
        $(notdir $<); \
44
 
        $(MANPOST) $(notdir $@)
45
 
# DocBook-to-man post-processing to fix a \n escape bug
46
 
MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
47
 
 
48
 
PLUGINS=plugins.d/password-prompt plugins.d/password-request
49
 
PROGS=plugin-runner $(PLUGINS)
50
 
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
51
 
        plugins.d/password-request.8mandos \
52
 
        plugins.d/password-prompt.8mandos mandos.conf.5 \
53
 
        mandos-clients.conf.5
54
 
 
55
 
objects=$(addsuffix .o,$(PROGS))
56
 
 
57
 
all: $(PROGS)
 
113
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
 
114
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
115
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
116
        $(notdir $@); fi >/dev/null)
 
117
 
 
118
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
 
119
        --param make.year.ranges                1 \
 
120
        --param make.single.year.ranges         1 \
 
121
        --param man.output.quietly              1 \
 
122
        --param man.authors.section.enabled     0 \
 
123
        --param citerefentry.link               1 \
 
124
        --output $@ \
 
125
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
 
126
        $<; $(HTMLPOST) $@)
 
127
# Fix citerefentry links
 
128
HTMLPOST:=$(SED) --in-place \
 
129
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
 
130
 
 
131
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
 
132
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
 
133
        plugins.d/plymouth
 
134
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
 
135
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
136
        $(PLUGIN_HELPERS)
 
137
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
138
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
139
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
140
        dracut-module/password-agent.8mandos \
 
141
        plugins.d/mandos-client.8mandos \
 
142
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
 
143
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
 
144
        plugins.d/plymouth.8mandos intro.8mandos
 
145
 
 
146
htmldocs:=$(addsuffix .xhtml,$(DOCS))
 
147
 
 
148
objects:=$(addsuffix .o,$(CPROGS))
 
149
 
 
150
all: $(PROGS) mandos.lsm
58
151
 
59
152
doc: $(DOCS)
60
153
 
61
 
%.5: %.xml legalnotice.xml
62
 
        $(DOCBOOKTOMAN)
63
 
 
64
 
%.8: %.xml legalnotice.xml
65
 
        $(DOCBOOKTOMAN)
66
 
 
67
 
%.8mandos: %.xml legalnotice.xml
68
 
        $(DOCBOOKTOMAN)
69
 
 
70
 
mandos.8: mandos.xml mandos-options.xml overview.xml legalnotice.xml
71
 
        $(DOCBOOKTOMAN)
72
 
 
73
 
mandos-keygen.8: mandos-keygen.xml overview.xml legalnotice.xml
74
 
        $(DOCBOOKTOMAN)
75
 
 
76
 
mandos.conf.5: mandos.conf.xml mandos-options.xml legalnotice.xml
77
 
        $(DOCBOOKTOMAN)
78
 
 
79
 
plugin-runner.8mandos: plugin-runner.xml overview.xml legalnotice.xml
80
 
        $(DOCBOOKTOMAN)
81
 
 
82
 
plugins.d/password-request.8mandos: plugins.d/password-request.xml \
83
 
                                        mandos-options.xml \
84
 
                                        overview.xml legalnotice.xml
85
 
        $(DOCBOOKTOMAN)
86
 
 
87
 
plugins.d/password-request: plugins.d/password-request.o
88
 
        $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
89
 
                $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
90
 
 
91
 
.PHONY : all doc clean distclean run-client run-server install \
92
 
        install-server install-client uninstall uninstall-server \
93
 
        uninstall-client purge purge-server purge-client
 
154
html: $(htmldocs)
 
155
 
 
156
%.5: %.xml common.ent legalnotice.xml
 
157
        $(DOCBOOKTOMAN)
 
158
%.5.xhtml: %.xml common.ent legalnotice.xml
 
159
        $(DOCBOOKTOHTML)
 
160
 
 
161
%.8: %.xml common.ent legalnotice.xml
 
162
        $(DOCBOOKTOMAN)
 
163
%.8.xhtml: %.xml common.ent legalnotice.xml
 
164
        $(DOCBOOKTOHTML)
 
165
 
 
166
%.8mandos: %.xml common.ent legalnotice.xml
 
167
        $(DOCBOOKTOMAN)
 
168
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
 
169
        $(DOCBOOKTOHTML)
 
170
 
 
171
intro.8mandos: intro.xml common.ent legalnotice.xml
 
172
        $(DOCBOOKTOMAN)
 
173
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
 
174
        $(DOCBOOKTOHTML)
 
175
 
 
176
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
 
177
                legalnotice.xml
 
178
        $(DOCBOOKTOMAN)
 
179
mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \
 
180
                overview.xml legalnotice.xml
 
181
        $(DOCBOOKTOHTML)
 
182
 
 
183
mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \
 
184
                legalnotice.xml
 
185
        $(DOCBOOKTOMAN)
 
186
mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \
 
187
                 legalnotice.xml
 
188
        $(DOCBOOKTOHTML)
 
189
 
 
190
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
 
191
                legalnotice.xml
 
192
        $(DOCBOOKTOMAN)
 
193
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
 
194
                 legalnotice.xml
 
195
        $(DOCBOOKTOHTML)
 
196
 
 
197
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
 
198
                legalnotice.xml
 
199
        $(DOCBOOKTOMAN)
 
200
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
 
201
                 legalnotice.xml
 
202
        $(DOCBOOKTOHTML)
 
203
 
 
204
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
 
205
                legalnotice.xml
 
206
        $(DOCBOOKTOMAN)
 
207
mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \
 
208
                legalnotice.xml
 
209
        $(DOCBOOKTOHTML)
 
210
 
 
211
plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \
 
212
                legalnotice.xml
 
213
        $(DOCBOOKTOMAN)
 
214
plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \
 
215
                overview.xml legalnotice.xml
 
216
        $(DOCBOOKTOHTML)
 
217
 
 
218
dracut-module/password-agent.8mandos: \
 
219
                dracut-module/password-agent.xml common.ent \
 
220
                overview.xml legalnotice.xml
 
221
        $(DOCBOOKTOMAN)
 
222
dracut-module/password-agent.8mandos.xhtml: \
 
223
                dracut-module/password-agent.xml common.ent \
 
224
                overview.xml legalnotice.xml
 
225
        $(DOCBOOKTOHTML)
 
226
 
 
227
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
 
228
                                        common.ent \
 
229
                                        mandos-options.xml \
 
230
                                        overview.xml legalnotice.xml
 
231
        $(DOCBOOKTOMAN)
 
232
plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \
 
233
                                        common.ent \
 
234
                                        mandos-options.xml \
 
235
                                        overview.xml legalnotice.xml
 
236
        $(DOCBOOKTOHTML)
 
237
 
 
238
# Update all these files with version number $(version)
 
239
common.ent: Makefile
 
240
        $(strip $(SED) --in-place \
 
241
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
 
242
                $@)
 
243
 
 
244
mandos: Makefile
 
245
        $(strip $(SED) --in-place \
 
246
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
247
                $@)
 
248
 
 
249
mandos-keygen: Makefile
 
250
        $(strip $(SED) --in-place \
 
251
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
 
252
                $@)
 
253
 
 
254
mandos-ctl: Makefile
 
255
        $(strip $(SED) --in-place \
 
256
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
257
                $@)
 
258
 
 
259
mandos-monitor: Makefile
 
260
        $(strip $(SED) --in-place \
 
261
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
262
                $@)
 
263
 
 
264
mandos.lsm: Makefile
 
265
        $(strip $(SED) --in-place \
 
266
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
 
267
                $@)
 
268
        $(strip $(SED) --in-place \
 
269
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
 
270
                $@)
 
271
        $(strip $(SED) --in-place \
 
272
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
 
273
                $@)
 
274
 
 
275
# Need to add the GnuTLS, Avahi and GPGME libraries
 
276
plugins.d/mandos-client: plugins.d/mandos-client.c
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
 
281
 
 
282
# Need to add the libnl-route library
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
286
 
 
287
# Need to add the GLib and pthread libraries
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
94
297
 
95
298
clean:
96
 
        -rm --force $(PROGS) $(objects) $(DOCS) core
 
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
97
300
 
98
301
distclean: clean
99
302
mostlyclean: clean
100
303
maintainer-clean: clean
101
 
        -rm --force --recursive keydir confdir
 
304
        -rm --force --recursive keydir confdir statedir
102
305
 
103
 
check:
 
306
check: all
104
307
        ./mandos --check
 
308
        ./mandos-ctl --check
 
309
        ./mandos-keygen --version
 
310
        ./plugin-runner --version
 
311
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
312
        ./dracut-module/password-agent --test
105
313
 
106
314
# Run the client with a local config and key
107
 
run-client: all keydir/seckey.txt keydir/pubkey.txt \
108
 
        keydir/secring.gpg keydir/pubring.gpg
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
316
        @echo "###################################################################"
 
317
        @echo "# The following error messages are harmless and can be safely     #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
 
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 
329
        @echo "###################################################################"
 
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
109
331
        ./plugin-runner --plugin-dir=plugins.d \
 
332
                --plugin-helper-dir=plugin-helpers \
110
333
                --config-file=plugin-runner.conf \
111
 
                --options-for=password-request:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt
 
334
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
 
335
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
 
336
                $(CLIENTARGS)
112
337
 
113
338
# Used by run-client
114
 
keydir/secring.gpg: keydir/seckey.txt
115
 
        gpg --homedir $(dir $<) --import $^
116
 
keydir/pubring.gpg: keydir/pubkey.txt
117
 
        gpg --homedir $(dir $<) --import $^
118
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
119
340
        install --directory keydir
120
341
        ./mandos-keygen --dir keydir --force
121
342
 
122
343
# Run the server with a local config
123
 
run-server: confdir/mandos.conf confdir/clients.conf
124
 
        ./mandos --debug --configdir=confdir
 
344
run-server: confdir/mandos.conf confdir/clients.conf statedir
 
345
        ./mandos --debug --no-dbus --configdir=confdir \
 
346
                --statedir=statedir $(SERVERARGS)
125
347
 
126
348
# Used by run-server
127
349
confdir/mandos.conf: mandos.conf
128
350
        install --directory confdir
129
 
        install $^ $@
130
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
351
        install --mode=u=rw,go=r $^ $@
 
352
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
131
353
        install --directory confdir
132
 
        install clients.conf $@
 
354
        install --mode=u=rw $< $@
133
355
# Add a client password
134
 
        ./mandos-keygen --dir keydir --password >> $@
135
 
 
136
 
install: install-server install-client
 
356
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
357
statedir:
 
358
        install --directory statedir
 
359
 
 
360
install: install-server install-client-nokey
 
361
 
 
362
install-html: html
 
363
        install --directory $(htmldir)
 
364
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
365
                $(htmldocs)
137
366
 
138
367
install-server: doc
139
 
        install --directory --parents $(CONFDIR) $(MANDIR)/man5 \
140
 
                $(MANDIR)/man8
141
 
        install --mode=0755 mandos $(PREFIX)/sbin/mandos
142
 
        install --mode=0644 --target-directory=$(CONFDIR) mandos.conf
143
 
        install --mode=0640 --target-directory=$(CONFDIR) \
 
368
        install --directory $(CONFDIR)
 
369
        if install --directory --mode=u=rwx --owner=$(USER) \
 
370
                --group=$(GROUP) $(STATEDIR); then \
 
371
                :; \
 
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
 
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
 
374
        fi
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
377
                        $(TMPFILES)/mandos.conf; \
 
378
        fi
 
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
381
                mandos-ctl
 
382
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
383
                mandos-monitor
 
384
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
 
385
                mandos.conf
 
386
        install --mode=u=rw --target-directory=$(CONFDIR) \
144
387
                clients.conf
 
388
        install --mode=u=rw,go=r dbus-mandos.conf \
 
389
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
 
390
        install --mode=u=rwx,go=rx init.d-mandos \
 
391
                $(DESTDIR)/etc/init.d/mandos
 
392
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
393
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
394
        fi
 
395
        install --mode=u=rw,go=r default-mandos \
 
396
                $(DESTDIR)/etc/default/mandos
 
397
        if [ -z $(DESTDIR) ]; then \
 
398
                update-rc.d mandos defaults 25 15;\
 
399
        fi
145
400
        gzip --best --to-stdout mandos.8 \
146
401
                > $(MANDIR)/man8/mandos.8.gz
 
402
        gzip --best --to-stdout mandos-monitor.8 \
 
403
                > $(MANDIR)/man8/mandos-monitor.8.gz
 
404
        gzip --best --to-stdout mandos-ctl.8 \
 
405
                > $(MANDIR)/man8/mandos-ctl.8.gz
147
406
        gzip --best --to-stdout mandos.conf.5 \
148
407
                > $(MANDIR)/man5/mandos.conf.5.gz
149
408
        gzip --best --to-stdout mandos-clients.conf.5 \
150
409
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
 
410
        gzip --best --to-stdout intro.8mandos \
 
411
                > $(MANDIR)/man8/intro.8mandos.gz
151
412
 
152
 
install-client: all doc /usr/share/initramfs-tools/hooks/.
153
 
        install --directory --parents $(PREFIX)/lib/mandos \
154
 
                $(CONFDIR) $(MANDIR)/man8
155
 
        install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d
156
 
        chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d
157
 
        install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \
158
 
                plugin-runner
159
 
        install --mode=0755 --target-directory=$(PREFIX)/sbin \
 
413
install-client-nokey: all doc
 
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
 
415
        install --directory --mode=u=rwx $(KEYDIR) \
 
416
                $(LIBDIR)/mandos/plugins.d \
 
417
                $(LIBDIR)/mandos/plugin-helpers
 
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
 
419
                install --mode=u=rwx \
 
420
                        --directory "$(CONFDIR)/plugins.d" \
 
421
                        "$(CONFDIR)/plugin-helpers"; \
 
422
        fi
 
423
        install --mode=u=rwx,go=rx --directory \
 
424
                "$(CONFDIR)/network-hooks.d"
 
425
        install --mode=u=rwx,go=rx \
 
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
427
        install --mode=u=rwx,go=rx \
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
 
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
160
430
                mandos-keygen
161
 
        install --mode=0755 \
162
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
431
        install --mode=u=rwx,go=rx \
 
432
                --target-directory=$(LIBDIR)/mandos/plugins.d \
163
433
                plugins.d/password-prompt
164
 
        install --mode=4755 \
165
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
166
 
                plugins.d/password-request
 
434
        install --mode=u=rwxs,go=rx \
 
435
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
436
                plugins.d/mandos-client
 
437
        install --mode=u=rwxs,go=rx \
 
438
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
439
                plugins.d/usplash
 
440
        install --mode=u=rwxs,go=rx \
 
441
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
442
                plugins.d/splashy
 
443
        install --mode=u=rwxs,go=rx \
 
444
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
445
                plugins.d/askpass-fifo
 
446
        install --mode=u=rwxs,go=rx \
 
447
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
448
                plugins.d/plymouth
 
449
        install --mode=u=rwx,go=rx \
 
450
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
 
451
                plugin-helpers/mandos-client-iprouteadddel
167
452
        install initramfs-tools-hook \
168
 
                /usr/share/initramfs-tools/hooks/mandos
169
 
        install initramfs-tools-hook-conf \
170
 
                /usr/share/initramfs-tools/conf-hooks.d/mandos
 
453
                $(INITRAMFSTOOLS)/hooks/mandos
 
454
        install --mode=u=rw,go=r initramfs-tools-conf \
 
455
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
456
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
457
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
171
458
        install initramfs-tools-script \
172
 
                /usr/share/initramfs-tools/scripts/local-top/mandos
 
459
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
460
        install initramfs-tools-script-stop \
 
461
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
462
        install --directory $(DRACUTMODULE)
 
463
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
464
                dracut-module/ask-password-mandos.path \
 
465
                dracut-module/ask-password-mandos.service
 
466
        install --mode=u=rwxs,go=rx \
 
467
                --target-directory=$(DRACUTMODULE) \
 
468
                dracut-module/module-setup.sh \
 
469
                dracut-module/cmdline-mandos.sh \
 
470
                dracut-module/password-agent
 
471
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
173
472
        gzip --best --to-stdout mandos-keygen.8 \
174
473
                > $(MANDIR)/man8/mandos-keygen.8.gz
175
474
        gzip --best --to-stdout plugin-runner.8mandos \
176
475
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
 
476
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
 
477
                > $(MANDIR)/man8/mandos-client.8mandos.gz
177
478
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
178
479
                > $(MANDIR)/man8/password-prompt.8mandos.gz
179
 
        gzip --best --to-stdout plugins.d/password-request.8mandos \
180
 
                > $(MANDIR)/man8/password-request.8mandos.gz
181
 
        -$(PREFIX)/sbin/mandos-keygen
182
 
        update-initramfs -k all -u
 
480
        gzip --best --to-stdout plugins.d/usplash.8mandos \
 
481
                > $(MANDIR)/man8/usplash.8mandos.gz
 
482
        gzip --best --to-stdout plugins.d/splashy.8mandos \
 
483
                > $(MANDIR)/man8/splashy.8mandos.gz
 
484
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
 
485
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
 
486
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
 
487
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
 
490
 
 
491
install-client: install-client-nokey
 
492
# Post-installation stuff
 
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
 
494
        if command -v update-initramfs >/dev/null; then \
 
495
            update-initramfs -k all -u; \
 
496
        elif command -v dracut >/dev/null; then \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
498
                if [ -w "$$initrd" ]; then \
 
499
                    chmod go-r "$$initrd"; \
 
500
                    dracut --force "$$initrd"; \
 
501
                fi; \
 
502
            done; \
 
503
        fi
 
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
183
505
 
184
506
uninstall: uninstall-server uninstall-client
185
507
 
186
 
uninstall-server: $(PREFIX)/sbin/mandos
 
508
uninstall-server:
187
509
        -rm --force $(PREFIX)/sbin/mandos \
 
510
                $(PREFIX)/sbin/mandos-ctl \
 
511
                $(PREFIX)/sbin/mandos-monitor \
188
512
                $(MANDIR)/man8/mandos.8.gz \
 
513
                $(MANDIR)/man8/mandos-monitor.8.gz \
 
514
                $(MANDIR)/man8/mandos-ctl.8.gz \
189
515
                $(MANDIR)/man5/mandos.conf.5.gz \
190
516
                $(MANDIR)/man5/mandos-clients.conf.5.gz
 
517
        update-rc.d -f mandos remove
191
518
        -rmdir $(CONFDIR)
192
519
 
193
520
uninstall-client:
194
521
# Refuse to uninstall client if /etc/crypttab is explicitly configured
195
522
# to use it.
196
523
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
197
 
                /etc/crypttab
 
524
                $(DESTDIR)/etc/crypttab
198
525
        -rm --force $(PREFIX)/sbin/mandos-keygen \
199
 
                $(PREFIX)/lib/mandos/plugin-runner \
200
 
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
201
 
                $(PREFIX)/lib/mandos/plugins.d/password-request \
202
 
                /usr/share/initramfs-tools/hooks/mandos \
203
 
                /usr/share/initramfs-tools/conf-hooks.d/mandos \
 
526
                $(LIBDIR)/mandos/plugin-runner \
 
527
                $(LIBDIR)/mandos/plugins.d/password-prompt \
 
528
                $(LIBDIR)/mandos/plugins.d/mandos-client \
 
529
                $(LIBDIR)/mandos/plugins.d/usplash \
 
530
                $(LIBDIR)/mandos/plugins.d/splashy \
 
531
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
 
532
                $(LIBDIR)/mandos/plugins.d/plymouth \
 
533
                $(INITRAMFSTOOLS)/hooks/mandos \
 
534
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
 
535
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
536
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
537
                $(DRACUTMODULE)/ask-password-mandos.path \
 
538
                $(DRACUTMODULE)/ask-password-mandos.service \
 
539
                $(DRACUTMODULE)/module-setup.sh \
 
540
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
541
                $(DRACUTMODULE)/password-agent \
 
542
                $(MANDIR)/man8/mandos-keygen.8.gz \
204
543
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
205
 
                $(MANDIR)/man8/mandos-keygen.8.gz \
 
544
                $(MANDIR)/man8/mandos-client.8mandos.gz
206
545
                $(MANDIR)/man8/password-prompt.8mandos.gz \
207
 
                $(MANDIR)/man8/password-request.8mandos.gz
208
 
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
209
 
                 $(PREFIX)/lib/mandos $(CONFDIR)
210
 
        update-initramfs -k all -u
 
546
                $(MANDIR)/man8/usplash.8mandos.gz \
 
547
                $(MANDIR)/man8/splashy.8mandos.gz \
 
548
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
 
549
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
550
                $(MANDIR)/man8/password-agent.8mandos.gz \
 
551
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
 
552
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
553
        if command -v update-initramfs >/dev/null; then \
 
554
            update-initramfs -k all -u; \
 
555
        elif command -v dracut >/dev/null; then \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
558
            done; \
 
559
        fi
211
560
 
212
561
purge: purge-server purge-client
213
562
 
214
563
purge-server: uninstall-server
215
 
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf
 
564
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
 
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
 
566
                $(DESTDIR)/etc/default/mandos \
 
567
                $(DESTDIR)/etc/init.d/mandos \
 
568
                $(SYSTEMD)/mandos.service \
 
569
                $(DESTDIR)/run/mandos.pid \
 
570
                $(DESTDIR)/var/run/mandos.pid
216
571
        -rmdir $(CONFDIR)
217
572
 
218
573
purge-client: uninstall-client
219
 
        -rm --force $(CONFDIR)/seckey.txt $(CONFDIR)/pubkey.txt
220
 
        -rmdir $(CONFDIR) $(CONFDIR)/plugins.d
 
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
575
        -rm --force $(CONFDIR)/plugin-runner.conf \
 
576
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
577
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
578
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)