/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-08-05 21:14:05 UTC
  • Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9
Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
25
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
 
44
FEATURES:=-D_FILE_OFFSET_BITS=64
44
45
htmldir:=man
45
 
version:=1.8.4
 
46
version:=1.8.6
46
47
SED:=sed
 
48
PKG_CONFIG?=pkg-config
47
49
 
48
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
51
        || getent passwd nobody || echo 65534)))
50
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
53
        || getent group nogroup || echo 65534)))
52
54
 
 
55
LINUXVERSION:=$(shell uname --kernel-release)
 
56
 
53
57
## Use these settings for a traditional /usr/local install
54
58
# PREFIX:=$(DESTDIR)/usr/local
55
59
# CONFDIR:=$(DESTDIR)/etc/mandos
56
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
61
# MANDIR:=$(PREFIX)/man
58
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
59
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
65
# LIBDIR:=$(PREFIX)/lib
61
66
##
66
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
72
MANDIR:=$(PREFIX)/share/man
68
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
69
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
70
76
LIBDIR:=$(shell \
71
77
        for d in \
72
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
78
        "/usr/lib/`dpkg-architecture \
 
79
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
73
80
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
81
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
75
82
                        echo "$(DESTDIR)$$d"; \
78
85
        done)
79
86
##
80
87
 
81
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
82
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
89
                        --variable=systemdsystemunitdir)
 
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
91
                        --variable=tmpfilesdir)
83
92
 
84
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
85
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
86
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
87
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
93
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
 
94
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
 
95
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
 
96
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
88
97
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
89
98
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
90
99
        getconf LFS_LDFLAGS)
91
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
100
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
 
101
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
 
102
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
 
103
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
93
104
 
94
105
# Do not change these two
95
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
106
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
107
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
97
108
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
109
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
99
110
 
107
118
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
119
        $(notdir $<); \
109
120
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
112
 
        fi >/dev/null)
 
121
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
122
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
123
        $(notdir $@); fi >/dev/null)
113
124
 
114
125
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
126
        --param make.year.ranges                1 \
128
139
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
140
        plugins.d/plymouth
130
141
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
 
142
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
143
        $(PLUGIN_HELPERS)
132
144
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
145
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
146
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
147
        dracut-module/password-agent.8mandos \
135
148
        plugins.d/mandos-client.8mandos \
136
149
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
150
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
209
222
                overview.xml legalnotice.xml
210
223
        $(DOCBOOKTOHTML)
211
224
 
 
225
dracut-module/password-agent.8mandos: \
 
226
                dracut-module/password-agent.xml common.ent \
 
227
                overview.xml legalnotice.xml
 
228
        $(DOCBOOKTOMAN)
 
229
dracut-module/password-agent.8mandos.xhtml: \
 
230
                dracut-module/password-agent.xml common.ent \
 
231
                overview.xml legalnotice.xml
 
232
        $(DOCBOOKTOHTML)
 
233
 
212
234
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
213
235
                                        common.ent \
214
236
                                        mandos-options.xml \
260
282
# Need to add the GnuTLS, Avahi and GPGME libraries
261
283
plugins.d/mandos-client: plugins.d/mandos-client.c
262
284
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
263
 
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
 
285
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
264
286
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
287
                ) $(LDLIBS) -o $@
266
288
 
 
289
# Need to add the libnl-route library
267
290
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
291
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
292
                ) $(LOADLIBES) $(LDLIBS) -o $@
270
293
 
 
294
# Need to add the GLib and pthread libraries
 
295
dracut-module/password-agent: dracut-module/password-agent.c
 
296
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
297
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
298
 
271
299
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
300
        check run-client run-server install install-html \
273
301
        install-server install-client-nokey install-client uninstall \
282
310
maintainer-clean: clean
283
311
        -rm --force --recursive keydir confdir statedir
284
312
 
285
 
check:  all
 
313
check: all
286
314
        ./mandos --check
287
315
        ./mandos-ctl --check
 
316
        ./mandos-keygen --version
 
317
        ./plugin-runner --version
 
318
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
319
        ./dracut-module/password-agent --test
288
320
 
289
321
# Run the client with a local config and key
290
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
291
 
        @echo "###################################################################"
292
 
        @echo "# The following error messages are harmless and can be safely     #"
293
 
        @echo "# ignored:                                                        #"
294
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
295
 
        @echo "#                     setuid: Operation not permitted             #"
296
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
297
 
        @echo "# From mandos-client:                                             #"
298
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
299
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
300
 
        @echo "#                                                                 #"
301
 
        @echo "# (The messages are caused by not running as root, but you should #"
302
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
303
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
304
 
        @echo "###################################################################"
 
322
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
323
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
324
        @echo '######################################################'
 
325
        @echo '# The following error messages are harmless and can  #'
 
326
        @echo '#  be safely ignored:                                #'
 
327
        @echo '## From plugin-runner:                               #'
 
328
        @echo '# setgid: Operation not permitted                    #'
 
329
        @echo '# setuid: Operation not permitted                    #'
 
330
        @echo '## From askpass-fifo:                                #'
 
331
        @echo '# mkfifo: Permission denied                          #'
 
332
        @echo '## From mandos-client:                               #'
 
333
        @echo '# Failed to raise privileges: Operation not permi... #'
 
334
        @echo '# Warning: network hook "*" exited with status *     #'
 
335
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
 
336
        @echo '# Failed to bring up interface "*": Operation not... #'
 
337
        @echo '#                                                    #'
 
338
        @echo '# (The messages are caused by not running as root,   #'
 
339
        @echo '# but you should NOT run "make run-client" as root   #'
 
340
        @echo '# unless you also unpacked and compiled Mandos as    #'
 
341
        @echo '# root, which is also NOT recommended.)              #'
 
342
        @echo '######################################################'
305
343
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
306
344
        ./plugin-runner --plugin-dir=plugins.d \
307
345
                --plugin-helper-dir=plugin-helpers \
347
385
        elif install --directory --mode=u=rwx $(STATEDIR); then \
348
386
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
349
387
        fi
350
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
388
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
 
389
                        -a -d "$(TMPFILES)" ]; then \
351
390
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
352
391
                        $(TMPFILES)/mandos.conf; \
353
392
        fi
400
439
        install --mode=u=rwx,go=rx \
401
440
                --target-directory=$(LIBDIR)/mandos plugin-runner
402
441
        install --mode=u=rwx,go=rx \
403
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
 
442
                --target-directory=$(LIBDIR)/mandos \
 
443
                mandos-to-cryptroot-unlock
404
444
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
405
445
                mandos-keygen
406
446
        install --mode=u=rwx,go=rx \
434
474
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
435
475
        install initramfs-tools-script-stop \
436
476
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
477
        install --directory $(DRACUTMODULE)
 
478
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
479
                dracut-module/ask-password-mandos.path \
 
480
                dracut-module/ask-password-mandos.service
 
481
        install --mode=u=rwxs,go=rx \
 
482
                --target-directory=$(DRACUTMODULE) \
 
483
                dracut-module/module-setup.sh \
 
484
                dracut-module/cmdline-mandos.sh \
 
485
                dracut-module/password-agent
437
486
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
438
487
        gzip --best --to-stdout mandos-keygen.8 \
439
488
                > $(MANDIR)/man8/mandos-keygen.8.gz
451
500
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
452
501
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
453
502
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
503
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
504
                > $(MANDIR)/man8/password-agent.8mandos.gz
454
505
 
455
506
install-client: install-client-nokey
456
507
# Post-installation stuff
457
508
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
458
 
        update-initramfs -k all -u
 
509
        if command -v update-initramfs >/dev/null; then \
 
510
            update-initramfs -k all -u; \
 
511
        elif command -v dracut >/dev/null; then \
 
512
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
513
                if [ -w "$$initrd" ]; then \
 
514
                    chmod go-r "$$initrd"; \
 
515
                    dracut --force "$$initrd"; \
 
516
                fi; \
 
517
            done; \
 
518
        fi
459
519
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
460
520
 
461
521
uninstall: uninstall-server uninstall-client
488
548
                $(INITRAMFSTOOLS)/hooks/mandos \
489
549
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
490
550
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
551
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
552
                $(DRACUTMODULE)/ask-password-mandos.path \
 
553
                $(DRACUTMODULE)/ask-password-mandos.service \
 
554
                $(DRACUTMODULE)/module-setup.sh \
 
555
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
556
                $(DRACUTMODULE)/password-agent \
491
557
                $(MANDIR)/man8/mandos-keygen.8.gz \
492
558
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
493
559
                $(MANDIR)/man8/mandos-client.8mandos.gz
496
562
                $(MANDIR)/man8/splashy.8mandos.gz \
497
563
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
498
564
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
565
                $(MANDIR)/man8/password-agent.8mandos.gz \
499
566
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
500
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
501
 
        update-initramfs -k all -u
 
567
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
568
        if command -v update-initramfs >/dev/null; then \
 
569
            update-initramfs -k all -u; \
 
570
        elif command -v dracut >/dev/null; then \
 
571
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
572
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
573
            done; \
 
574
        fi
502
575
 
503
576
purge: purge-server purge-client
504
577