To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 1152
- compare with another revision
- download diff
- download tarball
- view history from revision 1152
- Committer: Teddy Hogeborn
- Date: 2019-08-05 21:14:05 UTC
- Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9
Override lintian warnings about upgrading from old versions
There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version. We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general. We prefer the code being there, for the sake of the users.
* debian/mandos-client.lintian-overrides
(maintainer-script-supports-ancient-package-version): New.
debian/mandos.lintian-overrides
(maintainer-script-supports-ancient-package-version): - '' -
There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version. We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general. We prefer the code being there, for the sake of the users.
* debian/mandos-client.lintian-overrides
(maintainer-script-supports-ancient-package-version): New.
debian/mandos.lintian-overrides
(maintainer-script-supports-ancient-package-version): - '' -
- files removed:
- debian/mandos.maintscript
- files modified:
- .bzrignore
added
removed
Makefile
29
29
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
34
33
LINK_FORTIFY_LD:=-z relro -z now
35
34
LINK_FORTIFY:=
36
35
42
41
#COVERAGE=--coverage
43
42
OPTIMIZE:=-Os -fno-strict-aliasing
44
43
LANGUAGE:=-std=gnu11
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
44
FEATURES:=-D_FILE_OFFSET_BITS=64
46
45
htmldir:=man
47
version:=1.8.17
46
version:=1.8.6
48
47
SED:=sed
49
48
PKG_CONFIG?=pkg-config
50
49
64
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
65
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
66
65
# LIBDIR:=$(PREFIX)/lib
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
68
66
##
69
67
70
68
## These settings are for a package-type install
85
83
break; \
86
84
fi; \
87
85
done)
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
89
86
##
90
87
91
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
92
89
--variable=systemdsystemunitdir)
93
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
94
91
--variable=tmpfilesdir)
95
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
--variable=sysusersdir)
97
92
98
93
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
99
94
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
100
95
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
101
96
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
103
|| gpgme-config --cflags; getconf LFS_CFLAGS)
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
105
|| gpgme-config --libs; getconf LFS_LIBS; \
97
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
98
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
106
99
getconf LFS_LDFLAGS)
107
100
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
108
101
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
111
104
112
105
# Do not change these two
113
106
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
114
$(LANGUAGE) -DVERSION='"$(version)"'
107
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
115
108
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
116
109
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
117
110
161
154
162
155
objects:=$(addsuffix .o,$(CPROGS))
163
156
164
.PHONY: all
165
157
all: $(PROGS) mandos.lsm
166
158
167
.PHONY: doc
168
159
doc: $(DOCS)
169
160
170
.PHONY: html
171
161
html: $(htmldocs)
172
162
173
163
%.5: %.xml common.ent legalnotice.xml
289
279
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
290
280
$@)
291
281
292
# Does the linker support the --no-warn-execstack option?
293
ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)
294
# These programs use nested functions, which uses an executable stack
295
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
296
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
297
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
298
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
299
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
300
endif
301
302
282
# Need to add the GnuTLS, Avahi and GPGME libraries
303
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
304
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
305
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
306
) $(AVAHI_LIBS) $(GPGME_LIBS)
283
plugins.d/mandos-client: plugins.d/mandos-client.c
284
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
285
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
286
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
287
) $(LDLIBS) -o $@
307
288
308
289
# Need to add the libnl-route library
309
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
310
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
290
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
291
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
292
) $(LOADLIBES) $(LDLIBS) -o $@
311
293
312
294
# Need to add the GLib and pthread libraries
313
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
314
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
315
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
316
317
.PHONY: clean
295
dracut-module/password-agent: dracut-module/password-agent.c
296
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
297
) $(LOADLIBES) $(LDLIBS) -o $@
298
299
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
300
check run-client run-server install install-html \
301
install-server install-client-nokey install-client uninstall \
302
uninstall-server uninstall-client purge purge-server \
303
purge-client
304
318
305
clean:
319
306
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
320
307
321
.PHONY: distclean
322
308
distclean: clean
323
.PHONY: mostlyclean
324
309
mostlyclean: clean
325
.PHONY: maintainer-clean
326
310
maintainer-clean: clean
327
311
-rm --force --recursive keydir confdir statedir
328
312
329
.PHONY: check
330
313
check: all
331
314
./mandos --check
332
315
./mandos-ctl --check
336
319
./dracut-module/password-agent --test
337
320
338
321
# Run the client with a local config and key
339
.PHONY: run-client
340
322
run-client: all keydir/seckey.txt keydir/pubkey.txt \
341
323
keydir/tls-privkey.pem keydir/tls-pubkey.pem
342
324
@echo '######################################################'
370
352
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
371
353
install --directory keydir
372
354
./mandos-keygen --dir keydir --force
373
if ! [ -e keydir/tls-privkey.pem ]; then \
374
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
375
fi
376
if ! [ -e keydir/tls-pubkey.pem ]; then \
377
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
378
fi
379
355
380
356
# Run the server with a local config
381
.PHONY: run-server
382
357
run-server: confdir/mandos.conf confdir/clients.conf statedir
383
358
./mandos --debug --no-dbus --configdir=confdir \
384
359
--statedir=statedir $(SERVERARGS)
385
360
386
361
# Used by run-server
387
362
confdir/mandos.conf: mandos.conf
388
install -D --mode=u=rw,go=r $^ $@
363
install --directory confdir
364
install --mode=u=rw,go=r $^ $@
389
365
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
390
install -D --mode=u=rw $< $@
366
install --directory confdir
367
install --mode=u=rw $< $@
391
368
# Add a client password
392
369
./mandos-keygen --dir keydir --password --no-ssh >> $@
393
370
statedir:
394
371
install --directory statedir
395
372
396
.PHONY: install
397
373
install: install-server install-client-nokey
398
374
399
.PHONY: install-html
400
375
install-html: html
401
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
376
install --directory $(htmldir)
377
install --mode=u=rw,go=r --target-directory=$(htmldir) \
402
378
$(htmldocs)
403
379
404
.PHONY: install-server
405
380
install-server: doc
381
install --directory $(CONFDIR)
406
382
if install --directory --mode=u=rwx --owner=$(USER) \
407
383
--group=$(GROUP) $(STATEDIR); then \
408
384
:; \
409
385
elif install --directory --mode=u=rwx $(STATEDIR); then \
410
386
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
411
387
fi
412
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
413
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
388
if [ "$(TMPFILES)" != "$(DESTDIR)" \
389
-a -d "$(TMPFILES)" ]; then \
390
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
414
391
$(TMPFILES)/mandos.conf; \
415
392
fi
416
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
417
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
418
$(SYSUSERS)/mandos.conf; \
419
fi
420
install --directory $(PREFIX)/sbin
421
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
422
mandos
393
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
423
394
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
424
395
mandos-ctl
425
396
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
426
397
mandos-monitor
427
install --directory $(CONFDIR)
428
398
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
429
399
mandos.conf
430
400
install --mode=u=rw --target-directory=$(CONFDIR) \
431
401
clients.conf
432
install -D --mode=u=rw,go=r dbus-mandos.conf \
433
$(DBUSPOLICYDIR)/mandos.conf
434
install -D --mode=u=rwx,go=rx init.d-mandos \
402
install --mode=u=rw,go=r dbus-mandos.conf \
403
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
404
install --mode=u=rwx,go=rx init.d-mandos \
435
405
$(DESTDIR)/etc/init.d/mandos
436
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
437
install -D --mode=u=rw,go=r mandos.service \
438
$(SYSTEMD); \
406
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
407
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
439
408
fi
440
install -D --mode=u=rw,go=r default-mandos \
409
install --mode=u=rw,go=r default-mandos \
441
410
$(DESTDIR)/etc/default/mandos
442
411
if [ -z $(DESTDIR) ]; then \
443
412
update-rc.d mandos defaults 25 15;\
444
413
fi
445
install --directory $(MANDIR)/man8 $(MANDIR)/man5
446
414
gzip --best --to-stdout mandos.8 \
447
415
> $(MANDIR)/man8/mandos.8.gz
448
416
gzip --best --to-stdout mandos-monitor.8 \
456
424
gzip --best --to-stdout intro.8mandos \
457
425
> $(MANDIR)/man8/intro.8mandos.gz
458
426
459
.PHONY: install-client-nokey
460
427
install-client-nokey: all doc
428
install --directory $(LIBDIR)/mandos $(CONFDIR)
461
429
install --directory --mode=u=rwx $(KEYDIR) \
462
430
$(LIBDIR)/mandos/plugins.d \
463
431
$(LIBDIR)/mandos/plugin-helpers
464
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
465
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
466
$(SYSUSERS)/mandos-client.conf; \
467
fi
468
432
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
469
install --directory \
470
--mode=u=rwx "$(CONFDIR)/plugins.d" \
433
install --mode=u=rwx \
434
--directory "$(CONFDIR)/plugins.d" \
471
435
"$(CONFDIR)/plugin-helpers"; \
472
436
fi
473
install --directory --mode=u=rwx,go=rx \
437
install --mode=u=rwx,go=rx --directory \
474
438
"$(CONFDIR)/network-hooks.d"
475
439
install --mode=u=rwx,go=rx \
476
440
--target-directory=$(LIBDIR)/mandos plugin-runner
477
441
install --mode=u=rwx,go=rx \
478
442
--target-directory=$(LIBDIR)/mandos \
479
443
mandos-to-cryptroot-unlock
480
install --directory $(PREFIX)/sbin
481
444
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
482
445
mandos-keygen
483
446
install --mode=u=rwx,go=rx \
501
464
install --mode=u=rwx,go=rx \
502
465
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
503
466
plugin-helpers/mandos-client-iprouteadddel
504
install -D initramfs-tools-hook \
467
install initramfs-tools-hook \
505
468
$(INITRAMFSTOOLS)/hooks/mandos
506
install -D --mode=u=rw,go=r initramfs-tools-conf \
469
install --mode=u=rw,go=r initramfs-tools-conf \
507
470
$(INITRAMFSTOOLS)/conf.d/mandos-conf
508
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
471
install --mode=u=rw,go=r initramfs-tools-conf-hook \
509
472
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
510
install -D initramfs-tools-script \
473
install initramfs-tools-script \
511
474
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
512
install -D initramfs-tools-script-stop \
475
install initramfs-tools-script-stop \
513
476
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
514
install -D --mode=u=rw,go=r \
515
--target-directory=$(DRACUTMODULE) \
477
install --directory $(DRACUTMODULE)
478
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
516
479
dracut-module/ask-password-mandos.path \
517
480
dracut-module/ask-password-mandos.service
518
481
install --mode=u=rwxs,go=rx \
521
484
dracut-module/cmdline-mandos.sh \
522
485
dracut-module/password-agent
523
486
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
524
install --directory $(MANDIR)/man8
525
487
gzip --best --to-stdout mandos-keygen.8 \
526
488
> $(MANDIR)/man8/mandos-keygen.8.gz
527
489
gzip --best --to-stdout plugin-runner.8mandos \
541
503
gzip --best --to-stdout dracut-module/password-agent.8mandos \
542
504
> $(MANDIR)/man8/password-agent.8mandos.gz
543
505
544
.PHONY: install-client
545
506
install-client: install-client-nokey
546
507
# Post-installation stuff
547
508
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
557
518
fi
558
519
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
559
520
560
.PHONY: uninstall
561
521
uninstall: uninstall-server uninstall-client
562
522
563
.PHONY: uninstall-server
564
523
uninstall-server:
565
524
-rm --force $(PREFIX)/sbin/mandos \
566
525
$(PREFIX)/sbin/mandos-ctl \
573
532
update-rc.d -f mandos remove
574
533
-rmdir $(CONFDIR)
575
534
576
.PHONY: uninstall-client
577
535
uninstall-client:
578
536
# Refuse to uninstall client if /etc/crypttab is explicitly configured
579
537
# to use it.
615
573
done; \
616
574
fi
617
575
618
.PHONY: purge
619
576
purge: purge-server purge-client
620
577
621
.PHONY: purge-server
622
578
purge-server: uninstall-server
623
579
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
624
580
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
625
581
$(DESTDIR)/etc/default/mandos \
626
582
$(DESTDIR)/etc/init.d/mandos \
583
$(SYSTEMD)/mandos.service \
627
584
$(DESTDIR)/run/mandos.pid \
628
585
$(DESTDIR)/var/run/mandos.pid
629
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
630
-rm --force -- $(SYSTEMD)/mandos.service; \
631
fi
632
586
-rmdir $(CONFDIR)
633
587
634
.PHONY: purge-client
635
588
purge-client: uninstall-client
636
589
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
637
590
-rm --force $(CONFDIR)/plugin-runner.conf \
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0