/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-07-29 16:35:53 UTC
  • Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537
Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
#DEBUG=-ggdb3
14
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
 
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
 
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
17
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
 
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
 
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
19
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
20
22
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
21
23
        -fsanitize=return -fsanitize=signed-integer-overflow \
23
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
24
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
25
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
26
 
        -fsanitize=enum
27
 
# Check which sanitizing options can be used
28
 
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
 
        echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
 
        -o /dev/null >/dev/null 2>&1 && echo $(option)))
31
 
LINK_FORTIFY_LD=-z relro -z now
32
 
LINK_FORTIFY=
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
33
LINK_FORTIFY_LD:=-z relro -z now
 
34
LINK_FORTIFY:=
33
35
 
34
36
# If BROKEN_PIE is set, do not build with -pie
35
37
ifndef BROKEN_PIE
37
39
LINK_FORTIFY += -pie
38
40
endif
39
41
#COVERAGE=--coverage
40
 
OPTIMIZE=-Os -fno-strict-aliasing
41
 
LANGUAGE=-std=gnu11
42
 
htmldir=man
43
 
version=1.7.6
44
 
SED=sed
 
42
OPTIMIZE:=-Os -fno-strict-aliasing
 
43
LANGUAGE:=-std=gnu11
 
44
htmldir:=man
 
45
version:=1.8.4
 
46
SED:=sed
45
47
 
46
 
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
 
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
 
48
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
49
        || getent passwd nobody || echo 65534)))
 
50
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
51
        || getent group nogroup || echo 65534)))
48
52
 
49
53
## Use these settings for a traditional /usr/local install
50
 
# PREFIX=$(DESTDIR)/usr/local
51
 
# CONFDIR=$(DESTDIR)/etc/mandos
52
 
# KEYDIR=$(DESTDIR)/etc/mandos/keys
53
 
# MANDIR=$(PREFIX)/man
54
 
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
55
 
# STATEDIR=$(DESTDIR)/var/lib/mandos
56
 
# LIBDIR=$(PREFIX)/lib
 
54
# PREFIX:=$(DESTDIR)/usr/local
 
55
# CONFDIR:=$(DESTDIR)/etc/mandos
 
56
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
 
57
# MANDIR:=$(PREFIX)/man
 
58
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
59
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
60
# STATEDIR:=$(DESTDIR)/var/lib/mandos
 
61
# LIBDIR:=$(PREFIX)/lib
57
62
##
58
63
 
59
64
## These settings are for a package-type install
60
 
PREFIX=$(DESTDIR)/usr
61
 
CONFDIR=$(DESTDIR)/etc/mandos
62
 
KEYDIR=$(DESTDIR)/etc/keys/mandos
63
 
MANDIR=$(PREFIX)/share/man
64
 
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
65
 
STATEDIR=$(DESTDIR)/var/lib/mandos
66
 
LIBDIR=$(shell \
 
65
PREFIX:=$(DESTDIR)/usr
 
66
CONFDIR:=$(DESTDIR)/etc/mandos
 
67
KEYDIR:=$(DESTDIR)/etc/keys/mandos
 
68
MANDIR:=$(PREFIX)/share/man
 
69
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
70
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
71
STATEDIR:=$(DESTDIR)/var/lib/mandos
 
72
LIBDIR:=$(shell \
67
73
        for d in \
68
74
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
69
75
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
80
        done)
75
81
##
76
82
 
77
 
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
83
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
84
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
78
85
 
79
 
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
80
 
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
81
 
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
82
 
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
83
 
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
84
 
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
86
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
 
87
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
 
88
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
 
89
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
90
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
91
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
85
92
        getconf LFS_LDFLAGS)
86
 
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
87
 
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
 
93
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
94
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
95
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
 
96
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
88
97
 
89
98
# Do not change these two
90
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
91
 
        $(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
92
 
        $(GPGME_CFLAGS) -DVERSION='"$(version)"'
93
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
99
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
 
100
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
101
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
102
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
94
103
 
95
104
# Commands to format a DocBook <refentry> document into a manual page
96
105
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
102
111
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
103
112
        $(notdir $<); \
104
113
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
105
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
106
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
107
 
        fi >/dev/null)
 
114
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
115
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
116
        $(notdir $@); fi >/dev/null)
108
117
 
109
118
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
110
119
        --param make.year.ranges                1 \
116
125
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
117
126
        $<; $(HTMLPOST) $@)
118
127
# Fix citerefentry links
119
 
HTMLPOST=$(SED) --in-place \
 
128
HTMLPOST:=$(SED) --in-place \
120
129
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
121
130
 
122
 
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
 
131
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
123
132
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
124
133
        plugins.d/plymouth
125
 
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
126
 
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
127
 
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
128
 
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
134
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
 
135
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
136
        $(PLUGIN_HELPERS)
 
137
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
138
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
129
139
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
140
        dracut-module/password-agent.8mandos \
130
141
        plugins.d/mandos-client.8mandos \
131
142
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
132
143
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
133
144
        plugins.d/plymouth.8mandos intro.8mandos
134
145
 
135
 
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
146
htmldocs:=$(addsuffix .xhtml,$(DOCS))
136
147
 
137
 
objects=$(addsuffix .o,$(CPROGS))
 
148
objects:=$(addsuffix .o,$(CPROGS))
138
149
 
139
150
all: $(PROGS) mandos.lsm
140
151
 
204
215
                overview.xml legalnotice.xml
205
216
        $(DOCBOOKTOHTML)
206
217
 
 
218
dracut-module/password-agent.8mandos: \
 
219
                dracut-module/password-agent.xml common.ent \
 
220
                overview.xml legalnotice.xml
 
221
        $(DOCBOOKTOMAN)
 
222
dracut-module/password-agent.8mandos.xhtml: \
 
223
                dracut-module/password-agent.xml common.ent \
 
224
                overview.xml legalnotice.xml
 
225
        $(DOCBOOKTOHTML)
 
226
 
207
227
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
208
228
                                        common.ent \
209
229
                                        mandos-options.xml \
252
272
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
253
273
                $@)
254
274
 
 
275
# Need to add the GnuTLS, Avahi and GPGME libraries
255
276
plugins.d/mandos-client: plugins.d/mandos-client.c
256
 
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
257
 
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
 
277
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
278
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
279
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
280
                ) $(LDLIBS) -o $@
258
281
 
 
282
# Need to add the libnl-route library
259
283
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
260
284
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
261
285
                ) $(LOADLIBES) $(LDLIBS) -o $@
262
286
 
 
287
# Need to add the GLib and pthread libraries
 
288
dracut-module/password-agent: dracut-module/password-agent.c
 
289
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
290
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
291
 
263
292
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
264
293
        check run-client run-server install install-html \
265
294
        install-server install-client-nokey install-client uninstall \
274
303
maintainer-clean: clean
275
304
        -rm --force --recursive keydir confdir statedir
276
305
 
277
 
check:  all
 
306
check: all
278
307
        ./mandos --check
279
308
        ./mandos-ctl --check
 
309
        ./mandos-keygen --version
 
310
        ./plugin-runner --version
 
311
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
312
        ./dracut-module/password-agent --test
280
313
 
281
314
# Run the client with a local config and key
282
 
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
315
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
283
316
        @echo "###################################################################"
284
317
        @echo "# The following error messages are harmless and can be safely     #"
285
 
        @echo "# ignored.  The messages are caused by not running as root, but   #"
286
 
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
287
 
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
 
318
        @echo "# ignored:                                                        #"
288
319
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
289
320
        @echo "#                     setuid: Operation not permitted             #"
290
321
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
291
322
        @echo "# From mandos-client:                                             #"
292
323
        @echo "#             Failed to raise privileges: Operation not permitted #"
293
324
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
325
        @echo "#                                                                 #"
 
326
        @echo "# (The messages are caused by not running as root, but you should #"
 
327
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
 
328
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
294
329
        @echo "###################################################################"
295
330
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
296
331
        ./plugin-runner --plugin-dir=plugins.d \
297
332
                --plugin-helper-dir=plugin-helpers \
298
333
                --config-file=plugin-runner.conf \
299
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
334
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
300
335
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
301
336
                $(CLIENTARGS)
302
337
 
303
338
# Used by run-client
304
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
339
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
305
340
        install --directory keydir
306
341
        ./mandos-keygen --dir keydir --force
307
342
 
314
349
confdir/mandos.conf: mandos.conf
315
350
        install --directory confdir
316
351
        install --mode=u=rw,go=r $^ $@
317
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
352
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
318
353
        install --directory confdir
319
354
        install --mode=u=rw $< $@
320
355
# Add a client password
337
372
        elif install --directory --mode=u=rwx $(STATEDIR); then \
338
373
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
339
374
        fi
 
375
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
376
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
377
                        $(TMPFILES)/mandos.conf; \
 
378
        fi
340
379
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
341
380
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
342
381
                mandos-ctl
378
417
                $(LIBDIR)/mandos/plugin-helpers
379
418
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
380
419
                install --mode=u=rwx \
381
 
                        --directory "$(CONFDIR)/plugins.d"; \
382
 
                install --directory "$(CONFDIR)/plugin-helpers"; \
 
420
                        --directory "$(CONFDIR)/plugins.d" \
 
421
                        "$(CONFDIR)/plugin-helpers"; \
383
422
        fi
384
423
        install --mode=u=rwx,go=rx --directory \
385
424
                "$(CONFDIR)/network-hooks.d"
386
425
        install --mode=u=rwx,go=rx \
387
426
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
427
        install --mode=u=rwx,go=rx \
 
428
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
388
429
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
389
430
                mandos-keygen
390
431
        install --mode=u=rwx,go=rx \
410
451
                plugin-helpers/mandos-client-iprouteadddel
411
452
        install initramfs-tools-hook \
412
453
                $(INITRAMFSTOOLS)/hooks/mandos
413
 
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
414
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
 
454
        install --mode=u=rw,go=r initramfs-tools-conf \
 
455
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
456
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
457
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
415
458
        install initramfs-tools-script \
416
459
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
460
        install initramfs-tools-script-stop \
 
461
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
462
        install --directory $(DRACUTMODULE)
 
463
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
464
                dracut-module/ask-password-mandos.path \
 
465
                dracut-module/ask-password-mandos.service
 
466
        install --mode=u=rwxs,go=rx \
 
467
                --target-directory=$(DRACUTMODULE) \
 
468
                dracut-module/module-setup.sh \
 
469
                dracut-module/cmdline-mandos.sh \
 
470
                dracut-module/password-agent
417
471
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
418
472
        gzip --best --to-stdout mandos-keygen.8 \
419
473
                > $(MANDIR)/man8/mandos-keygen.8.gz
431
485
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
432
486
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
433
487
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
488
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
489
                > $(MANDIR)/man8/password-agent.8mandos.gz
434
490
 
435
491
install-client: install-client-nokey
436
492
# Post-installation stuff
437
493
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
438
 
        update-initramfs -k all -u
 
494
        if command -v update-initramfs >/dev/null; then \
 
495
            update-initramfs -k all -u; \
 
496
        elif command -v dracut >/dev/null; then \
 
497
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
498
                if [ -w "$$initrd" ]; then \
 
499
                    chmod go-r "$$initrd"; \
 
500
                    dracut --force "$$initrd"; \
 
501
                fi; \
 
502
            done; \
 
503
        fi
439
504
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
440
505
 
441
506
uninstall: uninstall-server uninstall-client
468
533
                $(INITRAMFSTOOLS)/hooks/mandos \
469
534
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
470
535
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
536
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
537
                $(DRACUTMODULE)/ask-password-mandos.path \
 
538
                $(DRACUTMODULE)/ask-password-mandos.service \
 
539
                $(DRACUTMODULE)/module-setup.sh \
 
540
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
541
                $(DRACUTMODULE)/password-agent \
471
542
                $(MANDIR)/man8/mandos-keygen.8.gz \
472
543
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
473
544
                $(MANDIR)/man8/mandos-client.8mandos.gz
476
547
                $(MANDIR)/man8/splashy.8mandos.gz \
477
548
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
478
549
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
550
                $(MANDIR)/man8/password-agent.8mandos.gz \
479
551
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
480
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
481
 
        update-initramfs -k all -u
 
552
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
553
        if command -v update-initramfs >/dev/null; then \
 
554
            update-initramfs -k all -u; \
 
555
        elif command -v dracut >/dev/null; then \
 
556
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
 
557
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
558
            done; \
 
559
        fi
482
560
 
483
561
purge: purge-server purge-client
484
562
 
493
571
        -rmdir $(CONFDIR)
494
572
 
495
573
purge-client: uninstall-client
496
 
        -shred --remove $(KEYDIR)/seckey.txt
 
574
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
497
575
        -rm --force $(CONFDIR)/plugin-runner.conf \
498
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
 
576
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
577
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
499
578
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)