/mandos/trunk : revision 1152

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2019-08-05 21:14:05 UTC
Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9

Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

files removed:
debian/mandos.maintscript

debian/po/de.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

FEATURES:=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.16

version:=1.8.6

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

107

100

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

108

101

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

111

104

112

105

# Do not change these two

113

106

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

107

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

115

108

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

116

109

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

117

110

161

154

162

155

objects:=$(addsuffix .o,$(CPROGS))

163

156

164

.PHONY: all

165

157

all: $(PROGS) mandos.lsm

166

158

167

.PHONY: doc

168

159

doc: $(DOCS)

169

160

170

.PHONY: html

171

161

html: $(htmldocs)

172

162

173

163

%.5: %.xml common.ent legalnotice.xml

289

279

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

290

280

$@)

291

281

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

299

282

# Need to add the GnuTLS, Avahi and GPGME libraries

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

302

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

303

) $(AVAHI_LIBS) $(GPGME_LIBS)

283

plugins.d/mandos-client: plugins.d/mandos-client.c

284

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

285

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

286

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

287

) $(LDLIBS) -o $@

304

288

305

289

# Need to add the libnl-route library

306

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

307

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

290

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

291

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

292

) $(LOADLIBES) $(LDLIBS) -o $@

308

293

309

294

# Need to add the GLib and pthread libraries

310

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

311

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

312

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

313

314

.PHONY: clean

295

dracut-module/password-agent: dracut-module/password-agent.c

296

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

297

) $(LOADLIBES) $(LDLIBS) -o $@

298

299

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

300

check run-client run-server install install-html \

301

install-server install-client-nokey install-client uninstall \

302

uninstall-server uninstall-client purge purge-server \

303

purge-client

304

315

305

clean:

316

306

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

317

307

318

.PHONY: distclean

319

308

distclean: clean

320

.PHONY: mostlyclean

321

309

mostlyclean: clean

322

.PHONY: maintainer-clean

323

310

maintainer-clean: clean

324

311

-rm --force --recursive keydir confdir statedir

325

312

326

.PHONY: check

327

313

check: all

328

314

./mandos --check

329

315

./mandos-ctl --check

333

319

./dracut-module/password-agent --test

334

320

335

321

# Run the client with a local config and key

336

.PHONY: run-client

337

322

run-client: all keydir/seckey.txt keydir/pubkey.txt \

338

323

keydir/tls-privkey.pem keydir/tls-pubkey.pem

339

324

@echo '######################################################'

367

352

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

368

353

install --directory keydir

369

354

./mandos-keygen --dir keydir --force

370

if ! [ -e keydir/tls-privkey.pem ]; then \

371

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

372

373

if ! [ -e keydir/tls-pubkey.pem ]; then \

374

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

375

376

355

377

356

# Run the server with a local config

378

.PHONY: run-server

379

357

run-server: confdir/mandos.conf confdir/clients.conf statedir

380

358

./mandos --debug --no-dbus --configdir=confdir \

381

359

--statedir=statedir $(SERVERARGS)

382

360

383

361

# Used by run-server

384

362

confdir/mandos.conf: mandos.conf

385

install -D --mode=u=rw,go=r $^ $@

363

install --directory confdir

364

install --mode=u=rw,go=r $^ $@

386

365

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

387

install -D --mode=u=rw $< $@

366

install --directory confdir

367

install --mode=u=rw $< $@

388

368

# Add a client password

389

369

./mandos-keygen --dir keydir --password --no-ssh >> $@

390

370

statedir:

391

371

install --directory statedir

392

372

393

.PHONY: install

394

373

install: install-server install-client-nokey

395

374

396

.PHONY: install-html

397

375

install-html: html

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

376

install --directory $(htmldir)

377

install --mode=u=rw,go=r --target-directory=$(htmldir) \

399

378

$(htmldocs)

400

379

401

.PHONY: install-server

402

380

install-server: doc

381

install --directory $(CONFDIR)

403

382

if install --directory --mode=u=rwx --owner=$(USER) \

404

383

--group=$(GROUP) $(STATEDIR); then \

405

384

:; \

406

385

elif install --directory --mode=u=rwx $(STATEDIR); then \

407

386

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

408

387

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

388

if [ "$(TMPFILES)" != "$(DESTDIR)" \

389

-a -d "$(TMPFILES)" ]; then \

390

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

411

391

$(TMPFILES)/mandos.conf; \

412

392

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

415

$(SYSUSERS)/mandos.conf; \

416

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

393

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

420

394

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

421

395

mandos-ctl

422

396

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

423

397

mandos-monitor

424

install --directory $(CONFDIR)

425

398

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

426

399

mandos.conf

427

400

install --mode=u=rw --target-directory=$(CONFDIR) \

428

401

clients.conf

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

402

install --mode=u=rw,go=r dbus-mandos.conf \

403

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

404

install --mode=u=rwx,go=rx init.d-mandos \

432

405

$(DESTDIR)/etc/init.d/mandos

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

406

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

407

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

436

408

437

install -D --mode=u=rw,go=r default-mandos \

409

install --mode=u=rw,go=r default-mandos \

438

410

$(DESTDIR)/etc/default/mandos

439

411

if [ -z $(DESTDIR) ]; then \

440

412

update-rc.d mandos defaults 25 15;\

441

413

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

443

414

gzip --best --to-stdout mandos.8 \

444

415

> $(MANDIR)/man8/mandos.8.gz

445

416

gzip --best --to-stdout mandos-monitor.8 \

453

424

gzip --best --to-stdout intro.8mandos \

454

425

> $(MANDIR)/man8/intro.8mandos.gz

455

426

456

.PHONY: install-client-nokey

457

427

install-client-nokey: all doc

428

install --directory $(LIBDIR)/mandos $(CONFDIR)

458

429

install --directory --mode=u=rwx $(KEYDIR) \

459

430

$(LIBDIR)/mandos/plugins.d \

460

431

$(LIBDIR)/mandos/plugin-helpers

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

463

$(SYSUSERS)/mandos-client.conf; \

464

465

432

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

433

install --mode=u=rwx \

434

--directory "$(CONFDIR)/plugins.d" \

468

435

"$(CONFDIR)/plugin-helpers"; \

469

436

470

install --directory --mode=u=rwx,go=rx \

437

install --mode=u=rwx,go=rx --directory \

471

438

"$(CONFDIR)/network-hooks.d"

472

439

install --mode=u=rwx,go=rx \

473

440

--target-directory=$(LIBDIR)/mandos plugin-runner

474

441

install --mode=u=rwx,go=rx \

475

442

--target-directory=$(LIBDIR)/mandos \

476

443

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

478

444

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

479

445

mandos-keygen

480

446

install --mode=u=rwx,go=rx \

498

464

install --mode=u=rwx,go=rx \

499

465

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

500

466

plugin-helpers/mandos-client-iprouteadddel

501

install -D initramfs-tools-hook \

467

install initramfs-tools-hook \

502

468

$(INITRAMFSTOOLS)/hooks/mandos

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

469

install --mode=u=rw,go=r initramfs-tools-conf \

504

470

$(INITRAMFSTOOLS)/conf.d/mandos-conf

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

471

install --mode=u=rw,go=r initramfs-tools-conf-hook \

506

472

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

507

install -D initramfs-tools-script \

473

install initramfs-tools-script \

508

474

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

509

install -D initramfs-tools-script-stop \

475

install initramfs-tools-script-stop \

510

476

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

477

install --directory $(DRACUTMODULE)

478

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

513

479

dracut-module/ask-password-mandos.path \

514

480

dracut-module/ask-password-mandos.service

515

481

install --mode=u=rwxs,go=rx \

518

484

dracut-module/cmdline-mandos.sh \

519

485

dracut-module/password-agent

520

486

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

522

487

gzip --best --to-stdout mandos-keygen.8 \

523

488

> $(MANDIR)/man8/mandos-keygen.8.gz

524

489

gzip --best --to-stdout plugin-runner.8mandos \

538

503

gzip --best --to-stdout dracut-module/password-agent.8mandos \

539

504

> $(MANDIR)/man8/password-agent.8mandos.gz

540

505

541

.PHONY: install-client

542

506

install-client: install-client-nokey

543

507

# Post-installation stuff

544

508

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

554

518

555

519

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

556

520

557

.PHONY: uninstall

558

521

uninstall: uninstall-server uninstall-client

559

522

560

.PHONY: uninstall-server

561

523

uninstall-server:

562

524

-rm --force $(PREFIX)/sbin/mandos \

563

525

$(PREFIX)/sbin/mandos-ctl \

570

532

update-rc.d -f mandos remove

571

533

-rmdir $(CONFDIR)

572

534

573

.PHONY: uninstall-client

574

535

uninstall-client:

575

536

# Refuse to uninstall client if /etc/crypttab is explicitly configured

576

537

# to use it.

612

573

done; \

613

574

614

575

615

.PHONY: purge

616

576

purge: purge-server purge-client

617

577

618

.PHONY: purge-server

619

578

purge-server: uninstall-server

620

579

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

621

580

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

622

581

$(DESTDIR)/etc/default/mandos \

623

582

$(DESTDIR)/etc/init.d/mandos \

583

$(SYSTEMD)/mandos.service \

624

584

$(DESTDIR)/run/mandos.pid \

625

585

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

629

586

-rmdir $(CONFDIR)

630

587

631

.PHONY: purge-client

632

588

purge-client: uninstall-client

633

589

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

634

590

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »