/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
 
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
3
 
        -Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
 
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
 
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
 
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
 
5
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
        -Wunsafe-loop-optimizations -Wpointer-arith \
5
7
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
 
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
7
 
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
 
#       -Wunreachable-code
9
 
#DEBUG=-ggdb3
10
 
# For info about _FORTIFY_SOURCE, see
11
 
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
 
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
 
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
 
LINK_FORTIFY_LD=-z relro -z now
15
 
LINK_FORTIFY=
 
8
        -Wconversion -Wlogical-op -Waggregate-return \
 
9
        -Wstrict-prototypes -Wold-style-definition \
 
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
 
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
 
12
        -Wvolatile-register-var -Woverlength-strings
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
 
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
 
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
 
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
 
22
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
 
23
        -fsanitize=return -fsanitize=signed-integer-overflow \
 
24
        -fsanitize=bounds -fsanitize=alignment \
 
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
 
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
 
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
33
LINK_FORTIFY_LD:=-z relro -z now
 
34
LINK_FORTIFY:=
16
35
 
17
36
# If BROKEN_PIE is set, do not build with -pie
18
37
ifndef BROKEN_PIE
20
39
LINK_FORTIFY += -pie
21
40
endif
22
41
#COVERAGE=--coverage
23
 
OPTIMIZE=-Os
24
 
LANGUAGE=-std=gnu99
25
 
htmldir=man
26
 
version=1.6.0
27
 
SED=sed
 
42
OPTIMIZE:=-Os -fno-strict-aliasing
 
43
LANGUAGE:=-std=gnu11
 
44
htmldir:=man
 
45
version:=1.8.4
 
46
SED:=sed
28
47
 
29
 
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
30
 
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
49
        || getent passwd nobody || echo 65534)))
 
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
51
        || getent group nogroup || echo 65534)))
31
52
 
32
53
## Use these settings for a traditional /usr/local install
33
 
# PREFIX=$(DESTDIR)/usr/local
34
 
# CONFDIR=$(DESTDIR)/etc/mandos
35
 
# KEYDIR=$(DESTDIR)/etc/mandos/keys
36
 
# MANDIR=$(PREFIX)/man
37
 
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
38
 
# STATEDIR=$(DESTDIR)/var/lib/mandos
 
54
# PREFIX:=$(DESTDIR)/usr/local
 
55
# CONFDIR:=$(DESTDIR)/etc/mandos
 
56
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
 
57
# MANDIR:=$(PREFIX)/man
 
58
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
 
61
# LIBDIR:=$(PREFIX)/lib
39
62
##
40
63
 
41
64
## These settings are for a package-type install
42
 
PREFIX=$(DESTDIR)/usr
43
 
CONFDIR=$(DESTDIR)/etc/mandos
44
 
KEYDIR=$(DESTDIR)/etc/keys/mandos
45
 
MANDIR=$(PREFIX)/share/man
46
 
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
47
 
STATEDIR=$(DESTDIR)/var/lib/mandos
 
65
PREFIX:=$(DESTDIR)/usr
 
66
CONFDIR:=$(DESTDIR)/etc/mandos
 
67
KEYDIR:=$(DESTDIR)/etc/keys/mandos
 
68
MANDIR:=$(PREFIX)/share/man
 
69
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
70
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
 
72
LIBDIR:=$(shell \
 
73
        for d in \
 
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
 
76
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
 
77
                        echo "$(DESTDIR)$$d"; \
 
78
                        break; \
 
79
                fi; \
 
80
        done)
48
81
##
49
82
 
50
 
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
51
 
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
52
 
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
53
 
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
54
 
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
55
 
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
85
 
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
56
92
        getconf LFS_LDFLAGS)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
57
97
 
58
98
# Do not change these two
59
 
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
60
 
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
61
 
        -DVERSION='"$(version)"'
62
 
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
63
103
 
64
104
# Commands to format a DocBook <refentry> document into a manual page
65
105
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
70
110
        --param man.authors.section.enabled     0 \
71
111
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
72
112
        $(notdir $<); \
73
 
        $(MANPOST) $(notdir $@);\
74
113
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
75
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
76
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
77
 
        fi >/dev/null)
78
 
# DocBook-to-man post-processing to fix a '\n' escape bug
79
 
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
 
114
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
115
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
116
        $(notdir $@); fi >/dev/null)
80
117
 
81
118
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
82
119
        --param make.year.ranges                1 \
88
125
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
89
126
        $<; $(HTMLPOST) $@)
90
127
# Fix citerefentry links
91
 
HTMLPOST=$(SED) --in-place \
 
128
HTMLPOST:=$(SED) --in-place \
92
129
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
93
130
 
94
 
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
 
131
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
95
132
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
96
133
        plugins.d/plymouth
97
 
CPROGS=plugin-runner $(PLUGINS)
98
 
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
99
 
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
134
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
 
135
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
136
        $(PLUGIN_HELPERS)
 
137
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
138
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
100
139
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
140
        dracut-module/password-agent.8mandos \
101
141
        plugins.d/mandos-client.8mandos \
102
142
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
103
143
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
104
144
        plugins.d/plymouth.8mandos intro.8mandos
105
145
 
106
 
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
146
htmldocs:=$(addsuffix .xhtml,$(DOCS))
107
147
 
108
 
objects=$(addsuffix .o,$(CPROGS))
 
148
objects:=$(addsuffix .o,$(CPROGS))
109
149
 
110
150
all: $(PROGS) mandos.lsm
111
151
 
175
215
                overview.xml legalnotice.xml
176
216
        $(DOCBOOKTOHTML)
177
217
 
 
218
dracut-module/password-agent.8mandos: \
 
219
                dracut-module/password-agent.xml common.ent \
 
220
                overview.xml legalnotice.xml
 
221
        $(DOCBOOKTOMAN)
 
222
dracut-module/password-agent.8mandos.xhtml: \
 
223
                dracut-module/password-agent.xml common.ent \
 
224
                overview.xml legalnotice.xml
 
225
        $(DOCBOOKTOHTML)
 
226
 
178
227
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
179
228
                                        common.ent \
180
229
                                        mandos-options.xml \
223
272
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
224
273
                $@)
225
274
 
 
275
# Need to add the GnuTLS, Avahi and GPGME libraries
226
276
plugins.d/mandos-client: plugins.d/mandos-client.c
227
 
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
228
 
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
229
 
 
230
 
.PHONY : all doc html clean distclean run-client run-server install \
231
 
        install-server install-client uninstall uninstall-server \
232
 
        uninstall-client purge purge-server purge-client
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
 
281
 
 
282
# Need to add the libnl-route library
 
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
286
 
 
287
# Need to add the GLib and pthread libraries
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
 
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
293
        check run-client run-server install install-html \
 
294
        install-server install-client-nokey install-client uninstall \
 
295
        uninstall-server uninstall-client purge purge-server \
 
296
        purge-client
233
297
 
234
298
clean:
235
299
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
239
303
maintainer-clean: clean
240
304
        -rm --force --recursive keydir confdir statedir
241
305
 
242
 
check:  all
 
306
check: all
243
307
        ./mandos --check
244
308
        ./mandos-ctl --check
 
309
        ./mandos-keygen --version
 
310
        ./plugin-runner --version
 
311
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
312
        ./dracut-module/password-agent --test
245
313
 
246
314
# Run the client with a local config and key
247
 
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
248
316
        @echo "###################################################################"
249
317
        @echo "# The following error messages are harmless and can be safely     #"
250
 
        @echo "# ignored.  The messages are caused by not running as root, but   #"
251
 
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
252
 
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
253
 
        @echo "# From plugin-runner: setuid: Operation not permitted             #"
 
318
        @echo "# ignored:                                                        #"
 
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
320
        @echo "#                     setuid: Operation not permitted             #"
254
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
255
 
        @echo "# From mandos-client: setuid: Operation not permitted             #"
256
 
        @echo "#                     seteuid: Operation not permitted            #"
257
 
        @echo "#                     klogctl: Operation not permitted            #"
 
322
        @echo "# From mandos-client:                                             #"
 
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
258
329
        @echo "###################################################################"
 
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
259
331
        ./plugin-runner --plugin-dir=plugins.d \
 
332
                --plugin-helper-dir=plugin-helpers \
260
333
                --config-file=plugin-runner.conf \
261
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
334
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
 
335
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
262
336
                $(CLIENTARGS)
263
337
 
264
338
# Used by run-client
265
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
266
340
        install --directory keydir
267
341
        ./mandos-keygen --dir keydir --force
268
342
 
275
349
confdir/mandos.conf: mandos.conf
276
350
        install --directory confdir
277
351
        install --mode=u=rw,go=r $^ $@
278
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
352
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
279
353
        install --directory confdir
280
354
        install --mode=u=rw $< $@
281
355
# Add a client password
282
 
        ./mandos-keygen --dir keydir --password >> $@
 
356
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
283
357
statedir:
284
358
        install --directory statedir
285
359
 
292
366
 
293
367
install-server: doc
294
368
        install --directory $(CONFDIR)
295
 
        install --directory --mode=u=rwx --owner=$(USER) \
296
 
                --group=$(GROUP) $(STATEDIR)
 
369
        if install --directory --mode=u=rwx --owner=$(USER) \
 
370
                --group=$(GROUP) $(STATEDIR); then \
 
371
                :; \
 
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
 
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
 
374
        fi
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
377
                        $(TMPFILES)/mandos.conf; \
 
378
        fi
297
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
298
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
299
381
                mandos-ctl
307
389
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
308
390
        install --mode=u=rwx,go=rx init.d-mandos \
309
391
                $(DESTDIR)/etc/init.d/mandos
 
392
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
393
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
394
        fi
310
395
        install --mode=u=rw,go=r default-mandos \
311
396
                $(DESTDIR)/etc/default/mandos
312
397
        if [ -z $(DESTDIR) ]; then \
326
411
                > $(MANDIR)/man8/intro.8mandos.gz
327
412
 
328
413
install-client-nokey: all doc
329
 
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
 
414
        install --directory $(LIBDIR)/mandos $(CONFDIR)
330
415
        install --directory --mode=u=rwx $(KEYDIR) \
331
 
                $(PREFIX)/lib/mandos/plugins.d
332
 
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
 
416
                $(LIBDIR)/mandos/plugins.d \
 
417
                $(LIBDIR)/mandos/plugin-helpers
 
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
333
419
                install --mode=u=rwx \
334
 
                        --directory "$(CONFDIR)/plugins.d"; \
 
420
                        --directory "$(CONFDIR)/plugins.d" \
 
421
                        "$(CONFDIR)/plugin-helpers"; \
335
422
        fi
336
423
        install --mode=u=rwx,go=rx --directory \
337
424
                "$(CONFDIR)/network-hooks.d"
338
425
        install --mode=u=rwx,go=rx \
339
 
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
 
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
427
        install --mode=u=rwx,go=rx \
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
340
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
341
430
                mandos-keygen
342
431
        install --mode=u=rwx,go=rx \
343
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
432
                --target-directory=$(LIBDIR)/mandos/plugins.d \
344
433
                plugins.d/password-prompt
345
434
        install --mode=u=rwxs,go=rx \
346
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
435
                --target-directory=$(LIBDIR)/mandos/plugins.d \
347
436
                plugins.d/mandos-client
348
437
        install --mode=u=rwxs,go=rx \
349
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
438
                --target-directory=$(LIBDIR)/mandos/plugins.d \
350
439
                plugins.d/usplash
351
440
        install --mode=u=rwxs,go=rx \
352
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
441
                --target-directory=$(LIBDIR)/mandos/plugins.d \
353
442
                plugins.d/splashy
354
443
        install --mode=u=rwxs,go=rx \
355
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
444
                --target-directory=$(LIBDIR)/mandos/plugins.d \
356
445
                plugins.d/askpass-fifo
357
446
        install --mode=u=rwxs,go=rx \
358
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
447
                --target-directory=$(LIBDIR)/mandos/plugins.d \
359
448
                plugins.d/plymouth
 
449
        install --mode=u=rwx,go=rx \
 
450
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
 
451
                plugin-helpers/mandos-client-iprouteadddel
360
452
        install initramfs-tools-hook \
361
453
                $(INITRAMFSTOOLS)/hooks/mandos
362
 
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
363
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
 
454
        install --mode=u=rw,go=r initramfs-tools-conf \
 
455
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
456
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
457
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
364
458
        install initramfs-tools-script \
365
459
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
460
        install initramfs-tools-script-stop \
 
461
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
462
        install --directory $(DRACUTMODULE)
 
463
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
464
                dracut-module/ask-password-mandos.path \
 
465
                dracut-module/ask-password-mandos.service
 
466
        install --mode=u=rwxs,go=rx \
 
467
                --target-directory=$(DRACUTMODULE) \
 
468
                dracut-module/module-setup.sh \
 
469
                dracut-module/cmdline-mandos.sh \
 
470
                dracut-module/password-agent
366
471
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
367
472
        gzip --best --to-stdout mandos-keygen.8 \
368
473
                > $(MANDIR)/man8/mandos-keygen.8.gz
380
485
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
381
486
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
382
487
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
383
490
 
384
491
install-client: install-client-nokey
385
492
# Post-installation stuff
386
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
387
 
        update-initramfs -k all -u
 
494
        if command -v update-initramfs >/dev/null; then \
 
495
            update-initramfs -k all -u; \
 
496
        elif command -v dracut >/dev/null; then \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
498
                if [ -w "$$initrd" ]; then \
 
499
                    chmod go-r "$$initrd"; \
 
500
                    dracut --force "$$initrd"; \
 
501
                fi; \
 
502
            done; \
 
503
        fi
388
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
389
505
 
390
506
uninstall: uninstall-server uninstall-client
407
523
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
408
524
                $(DESTDIR)/etc/crypttab
409
525
        -rm --force $(PREFIX)/sbin/mandos-keygen \
410
 
                $(PREFIX)/lib/mandos/plugin-runner \
411
 
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
412
 
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
413
 
                $(PREFIX)/lib/mandos/plugins.d/usplash \
414
 
                $(PREFIX)/lib/mandos/plugins.d/splashy \
415
 
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
416
 
                $(PREFIX)/lib/mandos/plugins.d/plymouth \
 
526
                $(LIBDIR)/mandos/plugin-runner \
 
527
                $(LIBDIR)/mandos/plugins.d/password-prompt \
 
528
                $(LIBDIR)/mandos/plugins.d/mandos-client \
 
529
                $(LIBDIR)/mandos/plugins.d/usplash \
 
530
                $(LIBDIR)/mandos/plugins.d/splashy \
 
531
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
 
532
                $(LIBDIR)/mandos/plugins.d/plymouth \
417
533
                $(INITRAMFSTOOLS)/hooks/mandos \
418
534
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
419
535
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
536
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
537
                $(DRACUTMODULE)/ask-password-mandos.path \
 
538
                $(DRACUTMODULE)/ask-password-mandos.service \
 
539
                $(DRACUTMODULE)/module-setup.sh \
 
540
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
541
                $(DRACUTMODULE)/password-agent \
420
542
                $(MANDIR)/man8/mandos-keygen.8.gz \
421
543
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
422
544
                $(MANDIR)/man8/mandos-client.8mandos.gz
425
547
                $(MANDIR)/man8/splashy.8mandos.gz \
426
548
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
427
549
                $(MANDIR)/man8/plymouth.8mandos.gz \
428
 
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
429
 
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
430
 
        update-initramfs -k all -u
 
550
                $(MANDIR)/man8/password-agent.8mandos.gz \
 
551
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
 
552
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
553
        if command -v update-initramfs >/dev/null; then \
 
554
            update-initramfs -k all -u; \
 
555
        elif command -v dracut >/dev/null; then \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
558
            done; \
 
559
        fi
431
560
 
432
561
purge: purge-server purge-client
433
562
 
436
565
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
437
566
                $(DESTDIR)/etc/default/mandos \
438
567
                $(DESTDIR)/etc/init.d/mandos \
 
568
                $(SYSTEMD)/mandos.service \
 
569
                $(DESTDIR)/run/mandos.pid \
439
570
                $(DESTDIR)/var/run/mandos.pid
440
571
        -rmdir $(CONFDIR)
441
572
 
442
573
purge-client: uninstall-client
443
 
        -shred --remove $(KEYDIR)/seckey.txt
 
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
444
575
        -rm --force $(CONFDIR)/plugin-runner.conf \
445
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
 
576
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
577
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
446
578
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)