/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-08-05 21:14:05 UTC
  • Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9
Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
41
41
#COVERAGE=--coverage
42
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
43
LANGUAGE:=-std=gnu11
 
44
FEATURES:=-D_FILE_OFFSET_BITS=64
44
45
htmldir:=man
45
 
version:=1.8.4
 
46
version:=1.8.6
46
47
SED:=sed
 
48
PKG_CONFIG?=pkg-config
47
49
 
48
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
51
        || getent passwd nobody || echo 65534)))
50
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
53
        || getent group nogroup || echo 65534)))
52
54
 
 
55
LINUXVERSION:=$(shell uname --kernel-release)
 
56
 
53
57
## Use these settings for a traditional /usr/local install
54
58
# PREFIX:=$(DESTDIR)/usr/local
55
59
# CONFDIR:=$(DESTDIR)/etc/mandos
56
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
61
# MANDIR:=$(PREFIX)/man
58
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
59
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
60
65
# LIBDIR:=$(PREFIX)/lib
61
66
##
66
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
67
72
MANDIR:=$(PREFIX)/share/man
68
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
69
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
70
76
LIBDIR:=$(shell \
71
77
        for d in \
72
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
78
        "/usr/lib/`dpkg-architecture \
 
79
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
73
80
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
74
81
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
75
82
                        echo "$(DESTDIR)$$d"; \
78
85
        done)
79
86
##
80
87
 
81
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
82
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
89
                        --variable=systemdsystemunitdir)
 
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
91
                        --variable=tmpfilesdir)
83
92
 
84
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
85
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
86
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
87
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
93
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
 
94
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
 
95
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
 
96
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
88
97
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
89
98
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
90
99
        getconf LFS_LDFLAGS)
91
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
92
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
100
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
 
101
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
 
102
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
 
103
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
93
104
 
94
105
# Do not change these two
95
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
96
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
106
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
107
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
97
108
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
98
109
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
99
110
 
107
118
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
108
119
        $(notdir $<); \
109
120
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
110
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
111
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
112
 
        fi >/dev/null)
 
121
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
122
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
123
        $(notdir $@); fi >/dev/null)
113
124
 
114
125
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
115
126
        --param make.year.ranges                1 \
128
139
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
129
140
        plugins.d/plymouth
130
141
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
131
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
 
142
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
143
        $(PLUGIN_HELPERS)
132
144
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
133
145
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
134
146
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
147
        dracut-module/password-agent.8mandos \
135
148
        plugins.d/mandos-client.8mandos \
136
149
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
137
150
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
209
222
                overview.xml legalnotice.xml
210
223
        $(DOCBOOKTOHTML)
211
224
 
 
225
dracut-module/password-agent.8mandos: \
 
226
                dracut-module/password-agent.xml common.ent \
 
227
                overview.xml legalnotice.xml
 
228
        $(DOCBOOKTOMAN)
 
229
dracut-module/password-agent.8mandos.xhtml: \
 
230
                dracut-module/password-agent.xml common.ent \
 
231
                overview.xml legalnotice.xml
 
232
        $(DOCBOOKTOHTML)
 
233
 
212
234
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
213
235
                                        common.ent \
214
236
                                        mandos-options.xml \
264
286
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
265
287
                ) $(LDLIBS) -o $@
266
288
 
 
289
# Need to add the libnl-route library
267
290
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
268
291
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
269
292
                ) $(LOADLIBES) $(LDLIBS) -o $@
270
293
 
 
294
# Need to add the GLib and pthread libraries
 
295
dracut-module/password-agent: dracut-module/password-agent.c
 
296
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
297
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
298
 
271
299
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
272
300
        check run-client run-server install install-html \
273
301
        install-server install-client-nokey install-client uninstall \
288
316
        ./mandos-keygen --version
289
317
        ./plugin-runner --version
290
318
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
319
        ./dracut-module/password-agent --test
291
320
 
292
321
# Run the client with a local config and key
293
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
294
 
        @echo "###################################################################"
295
 
        @echo "# The following error messages are harmless and can be safely     #"
296
 
        @echo "# ignored:                                                        #"
297
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
298
 
        @echo "#                     setuid: Operation not permitted             #"
299
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
300
 
        @echo "# From mandos-client:                                             #"
301
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
302
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
303
 
        @echo "#                                                                 #"
304
 
        @echo "# (The messages are caused by not running as root, but you should #"
305
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
306
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
307
 
        @echo "###################################################################"
 
322
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
323
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
324
        @echo '######################################################'
 
325
        @echo '# The following error messages are harmless and can  #'
 
326
        @echo '#  be safely ignored:                                #'
 
327
        @echo '## From plugin-runner:                               #'
 
328
        @echo '# setgid: Operation not permitted                    #'
 
329
        @echo '# setuid: Operation not permitted                    #'
 
330
        @echo '## From askpass-fifo:                                #'
 
331
        @echo '# mkfifo: Permission denied                          #'
 
332
        @echo '## From mandos-client:                               #'
 
333
        @echo '# Failed to raise privileges: Operation not permi... #'
 
334
        @echo '# Warning: network hook "*" exited with status *     #'
 
335
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
 
336
        @echo '# Failed to bring up interface "*": Operation not... #'
 
337
        @echo '#                                                    #'
 
338
        @echo '# (The messages are caused by not running as root,   #'
 
339
        @echo '# but you should NOT run "make run-client" as root   #'
 
340
        @echo '# unless you also unpacked and compiled Mandos as    #'
 
341
        @echo '# root, which is also NOT recommended.)              #'
 
342
        @echo '######################################################'
308
343
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
309
344
        ./plugin-runner --plugin-dir=plugins.d \
310
345
                --plugin-helper-dir=plugin-helpers \
350
385
        elif install --directory --mode=u=rwx $(STATEDIR); then \
351
386
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
352
387
        fi
353
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
388
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
 
389
                        -a -d "$(TMPFILES)" ]; then \
354
390
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
355
391
                        $(TMPFILES)/mandos.conf; \
356
392
        fi
403
439
        install --mode=u=rwx,go=rx \
404
440
                --target-directory=$(LIBDIR)/mandos plugin-runner
405
441
        install --mode=u=rwx,go=rx \
406
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
 
442
                --target-directory=$(LIBDIR)/mandos \
 
443
                mandos-to-cryptroot-unlock
407
444
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
408
445
                mandos-keygen
409
446
        install --mode=u=rwx,go=rx \
437
474
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
438
475
        install initramfs-tools-script-stop \
439
476
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
477
        install --directory $(DRACUTMODULE)
 
478
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
479
                dracut-module/ask-password-mandos.path \
 
480
                dracut-module/ask-password-mandos.service
 
481
        install --mode=u=rwxs,go=rx \
 
482
                --target-directory=$(DRACUTMODULE) \
 
483
                dracut-module/module-setup.sh \
 
484
                dracut-module/cmdline-mandos.sh \
 
485
                dracut-module/password-agent
440
486
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
441
487
        gzip --best --to-stdout mandos-keygen.8 \
442
488
                > $(MANDIR)/man8/mandos-keygen.8.gz
454
500
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
455
501
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
456
502
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
503
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
504
                > $(MANDIR)/man8/password-agent.8mandos.gz
457
505
 
458
506
install-client: install-client-nokey
459
507
# Post-installation stuff
460
508
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
461
 
        update-initramfs -k all -u
 
509
        if command -v update-initramfs >/dev/null; then \
 
510
            update-initramfs -k all -u; \
 
511
        elif command -v dracut >/dev/null; then \
 
512
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
513
                if [ -w "$$initrd" ]; then \
 
514
                    chmod go-r "$$initrd"; \
 
515
                    dracut --force "$$initrd"; \
 
516
                fi; \
 
517
            done; \
 
518
        fi
462
519
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
463
520
 
464
521
uninstall: uninstall-server uninstall-client
491
548
                $(INITRAMFSTOOLS)/hooks/mandos \
492
549
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
493
550
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
551
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
552
                $(DRACUTMODULE)/ask-password-mandos.path \
 
553
                $(DRACUTMODULE)/ask-password-mandos.service \
 
554
                $(DRACUTMODULE)/module-setup.sh \
 
555
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
556
                $(DRACUTMODULE)/password-agent \
494
557
                $(MANDIR)/man8/mandos-keygen.8.gz \
495
558
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
496
559
                $(MANDIR)/man8/mandos-client.8mandos.gz
499
562
                $(MANDIR)/man8/splashy.8mandos.gz \
500
563
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
501
564
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
565
                $(MANDIR)/man8/password-agent.8mandos.gz \
502
566
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
503
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
504
 
        update-initramfs -k all -u
 
567
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
568
        if command -v update-initramfs >/dev/null; then \
 
569
            update-initramfs -k all -u; \
 
570
        elif command -v dracut >/dev/null; then \
 
571
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
572
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
573
            done; \
 
574
        fi
505
575
 
506
576
purge: purge-server purge-client
507
577