25
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
44
FEATURES:=-D_FILE_OFFSET_BITS=64
48
PKG_CONFIG?=pkg-config
48
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
51
|| getent passwd nobody || echo 65534)))
50
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
53
|| getent group nogroup || echo 65534)))
55
LINUXVERSION:=$(shell uname --kernel-release)
53
57
## Use these settings for a traditional /usr/local install
54
58
# PREFIX:=$(DESTDIR)/usr/local
55
59
# CONFDIR:=$(DESTDIR)/etc/mandos
56
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
61
# MANDIR:=$(PREFIX)/man
58
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
59
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
65
# LIBDIR:=$(PREFIX)/lib
66
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
72
MANDIR:=$(PREFIX)/share/man
68
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
69
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
72
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
78
"/usr/lib/`dpkg-architecture \
79
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
73
80
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
81
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
75
82
echo "$(DESTDIR)$$d"; \
81
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
82
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
--variable=systemdsystemunitdir)
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
--variable=tmpfilesdir)
84
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
85
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
86
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
87
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
93
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
94
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
95
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
96
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
88
97
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
89
98
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
90
99
getconf LFS_LDFLAGS)
91
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
100
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
101
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
102
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
103
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
94
105
# Do not change these two
95
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
106
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
107
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
97
108
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
109
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
107
118
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
109
120
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
121
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
122
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
123
$(notdir $@); fi >/dev/null)
114
125
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
126
--param make.year.ranges 1 \
128
139
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
140
plugins.d/plymouth
130
141
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
142
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
132
144
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
145
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
146
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
147
dracut-module/password-agent.8mandos \
135
148
plugins.d/mandos-client.8mandos \
136
149
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
150
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
209
222
overview.xml legalnotice.xml
225
dracut-module/password-agent.8mandos: \
226
dracut-module/password-agent.xml common.ent \
227
overview.xml legalnotice.xml
229
dracut-module/password-agent.8mandos.xhtml: \
230
dracut-module/password-agent.xml common.ent \
231
overview.xml legalnotice.xml
212
234
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
214
236
mandos-options.xml \
260
282
# Need to add the GnuTLS, Avahi and GPGME libraries
261
283
plugins.d/mandos-client: plugins.d/mandos-client.c
262
284
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
285
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
264
286
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
287
) $(LDLIBS) -o $@
289
# Need to add the libnl-route library
267
290
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
291
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
292
) $(LOADLIBES) $(LDLIBS) -o $@
294
# Need to add the GLib and pthread libraries
295
dracut-module/password-agent: dracut-module/password-agent.c
296
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
297
) $(LOADLIBES) $(LDLIBS) -o $@
271
299
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
300
check run-client run-server install install-html \
273
301
install-server install-client-nokey install-client uninstall \
282
310
maintainer-clean: clean
283
311
-rm --force --recursive keydir confdir statedir
287
315
./mandos-ctl --check
316
./mandos-keygen --version
317
./plugin-runner --version
318
./plugin-helpers/mandos-client-iprouteadddel --version
319
./dracut-module/password-agent --test
289
321
# Run the client with a local config and key
290
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
291
@echo "###################################################################"
292
@echo "# The following error messages are harmless and can be safely #"
294
@echo "# From plugin-runner: setgid: Operation not permitted #"
295
@echo "# setuid: Operation not permitted #"
296
@echo "# From askpass-fifo: mkfifo: Permission denied #"
297
@echo "# From mandos-client: #"
298
@echo "# Failed to raise privileges: Operation not permitted #"
299
@echo "# Warning: network hook \"*\" exited with status * #"
301
@echo "# (The messages are caused by not running as root, but you should #"
302
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
303
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
304
@echo "###################################################################"
322
run-client: all keydir/seckey.txt keydir/pubkey.txt \
323
keydir/tls-privkey.pem keydir/tls-pubkey.pem
324
@echo '######################################################'
325
@echo '# The following error messages are harmless and can #'
326
@echo '# be safely ignored: #'
327
@echo '## From plugin-runner: #'
328
@echo '# setgid: Operation not permitted #'
329
@echo '# setuid: Operation not permitted #'
330
@echo '## From askpass-fifo: #'
331
@echo '# mkfifo: Permission denied #'
332
@echo '## From mandos-client: #'
333
@echo '# Failed to raise privileges: Operation not permi... #'
334
@echo '# Warning: network hook "*" exited with status * #'
335
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
336
@echo '# Failed to bring up interface "*": Operation not... #'
338
@echo '# (The messages are caused by not running as root, #'
339
@echo '# but you should NOT run "make run-client" as root #'
340
@echo '# unless you also unpacked and compiled Mandos as #'
341
@echo '# root, which is also NOT recommended.) #'
342
@echo '######################################################'
305
343
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
306
344
./plugin-runner --plugin-dir=plugins.d \
307
345
--plugin-helper-dir=plugin-helpers \
347
385
elif install --directory --mode=u=rwx $(STATEDIR); then \
348
386
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
350
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
388
if [ "$(TMPFILES)" != "$(DESTDIR)" \
389
-a -d "$(TMPFILES)" ]; then \
351
390
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
352
391
$(TMPFILES)/mandos.conf; \
400
439
install --mode=u=rwx,go=rx \
401
440
--target-directory=$(LIBDIR)/mandos plugin-runner
402
441
install --mode=u=rwx,go=rx \
403
--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
442
--target-directory=$(LIBDIR)/mandos \
443
mandos-to-cryptroot-unlock
404
444
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
406
446
install --mode=u=rwx,go=rx \
434
474
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
475
install initramfs-tools-script-stop \
436
476
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
477
install --directory $(DRACUTMODULE)
478
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
479
dracut-module/ask-password-mandos.path \
480
dracut-module/ask-password-mandos.service
481
install --mode=u=rwxs,go=rx \
482
--target-directory=$(DRACUTMODULE) \
483
dracut-module/module-setup.sh \
484
dracut-module/cmdline-mandos.sh \
485
dracut-module/password-agent
437
486
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
438
487
gzip --best --to-stdout mandos-keygen.8 \
439
488
> $(MANDIR)/man8/mandos-keygen.8.gz
451
500
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
452
501
gzip --best --to-stdout plugins.d/plymouth.8mandos \
453
502
> $(MANDIR)/man8/plymouth.8mandos.gz
503
gzip --best --to-stdout dracut-module/password-agent.8mandos \
504
> $(MANDIR)/man8/password-agent.8mandos.gz
455
506
install-client: install-client-nokey
456
507
# Post-installation stuff
457
508
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
458
update-initramfs -k all -u
509
if command -v update-initramfs >/dev/null; then \
510
update-initramfs -k all -u; \
511
elif command -v dracut >/dev/null; then \
512
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
513
if [ -w "$$initrd" ]; then \
514
chmod go-r "$$initrd"; \
515
dracut --force "$$initrd"; \
459
519
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
461
521
uninstall: uninstall-server uninstall-client
488
548
$(INITRAMFSTOOLS)/hooks/mandos \
489
549
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
490
550
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
551
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
552
$(DRACUTMODULE)/ask-password-mandos.path \
553
$(DRACUTMODULE)/ask-password-mandos.service \
554
$(DRACUTMODULE)/module-setup.sh \
555
$(DRACUTMODULE)/cmdline-mandos.sh \
556
$(DRACUTMODULE)/password-agent \
491
557
$(MANDIR)/man8/mandos-keygen.8.gz \
492
558
$(MANDIR)/man8/plugin-runner.8mandos.gz \
493
559
$(MANDIR)/man8/mandos-client.8mandos.gz
496
562
$(MANDIR)/man8/splashy.8mandos.gz \
497
563
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
498
564
$(MANDIR)/man8/plymouth.8mandos.gz \
565
$(MANDIR)/man8/password-agent.8mandos.gz \
499
566
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
500
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
501
update-initramfs -k all -u
567
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
568
if command -v update-initramfs >/dev/null; then \
569
update-initramfs -k all -u; \
570
elif command -v dracut >/dev/null; then \
571
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
572
test -w "$$initrd" && dracut --force "$$initrd"; \
503
576
purge: purge-server purge-client