/mandos/trunk : revision 1152

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2019-08-05 21:14:05 UTC
Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9

Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

files removed:
debian/mandos.maintscript

debian/po/de.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

FEATURES:=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.17

version:=1.8.6

SED:=sed

PKG_CONFIG?=pkg-config

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# BINDIR:=$(PREFIX)/sbin

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

BINDIR:=$(PREFIX)/sbin

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

100

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

101

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

102

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

103

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

104

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

105

|| gpgme-config --cflags; getconf LFS_CFLAGS)

106

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

107

|| gpgme-config --libs; getconf LFS_LIBS; \

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

108

getconf LFS_LDFLAGS)

109

100

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

110

101

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

113

104

114

105

# Do not change these two

115

106

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

116

$(LANGUAGE) -DVERSION='"$(version)"'

107

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

117

108

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

118

109

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

119

110

163

154

164

155

objects:=$(addsuffix .o,$(CPROGS))

165

156

166

.PHONY: all

167

157

all: $(PROGS) mandos.lsm

168

158

169

.PHONY: doc

170

159

doc: $(DOCS)

171

160

172

.PHONY: html

173

161

html: $(htmldocs)

174

162

175

163

%.5: %.xml common.ent legalnotice.xml

291

279

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

292

280

$@)

293

281

294

# Does the linker support the --no-warn-execstack option?

295

ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)

296

# These programs use nested functions, which uses an executable stack

297

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

298

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

299

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

300

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

301

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

302

endif

303

304

282

# Need to add the GnuTLS, Avahi and GPGME libraries

305

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

306

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

307

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

308

) $(AVAHI_LIBS) $(GPGME_LIBS)

283

plugins.d/mandos-client: plugins.d/mandos-client.c

284

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

285

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

286

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

287

) $(LDLIBS) -o $@

309

288

310

289

# Need to add the libnl-route library

311

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

312

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

290

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

291

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

292

) $(LOADLIBES) $(LDLIBS) -o $@

313

293

314

294

# Need to add the GLib and pthread libraries

315

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

316

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

317

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

318

319

.PHONY: clean

295

dracut-module/password-agent: dracut-module/password-agent.c

296

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

297

) $(LOADLIBES) $(LDLIBS) -o $@

298

299

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

300

check run-client run-server install install-html \

301

install-server install-client-nokey install-client uninstall \

302

uninstall-server uninstall-client purge purge-server \

303

purge-client

304

320

305

clean:

321

306

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

322

307

323

.PHONY: distclean

324

308

distclean: clean

325

.PHONY: mostlyclean

326

309

mostlyclean: clean

327

.PHONY: maintainer-clean

328

310

maintainer-clean: clean

329

311

-rm --force --recursive keydir confdir statedir

330

312

331

.PHONY: check

332

313

check: all

333

314

./mandos --check

334

315

./mandos-ctl --check

338

319

./dracut-module/password-agent --test

339

320

340

321

# Run the client with a local config and key

341

.PHONY: run-client

342

322

run-client: all keydir/seckey.txt keydir/pubkey.txt \

343

323

keydir/tls-privkey.pem keydir/tls-pubkey.pem

344

324

@echo '######################################################'

372

352

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

373

353

install --directory keydir

374

354

./mandos-keygen --dir keydir --force

375

if ! [ -e keydir/tls-privkey.pem ]; then \

376

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

377

378

if ! [ -e keydir/tls-pubkey.pem ]; then \

379

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

380

381

355

382

356

# Run the server with a local config

383

.PHONY: run-server

384

357

run-server: confdir/mandos.conf confdir/clients.conf statedir

385

358

./mandos --debug --no-dbus --configdir=confdir \

386

359

--statedir=statedir $(SERVERARGS)

387

360

388

361

# Used by run-server

389

362

confdir/mandos.conf: mandos.conf

390

install -D --mode=u=rw,go=r $^ $@

363

install --directory confdir

364

install --mode=u=rw,go=r $^ $@

391

365

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

392

install -D --mode=u=rw $< $@

366

install --directory confdir

367

install --mode=u=rw $< $@

393

368

# Add a client password

394

369

./mandos-keygen --dir keydir --password --no-ssh >> $@

395

370

statedir:

396

371

install --directory statedir

397

372

398

.PHONY: install

399

373

install: install-server install-client-nokey

400

374

401

.PHONY: install-html

402

375

install-html: html

403

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

376

install --directory $(htmldir)

377

install --mode=u=rw,go=r --target-directory=$(htmldir) \

404

378

$(htmldocs)

405

379

406

.PHONY: install-server

407

380

install-server: doc

381

install --directory $(CONFDIR)

408

382

if install --directory --mode=u=rwx --owner=$(USER) \

409

383

--group=$(GROUP) $(STATEDIR); then \

410

384

:; \

411

385

elif install --directory --mode=u=rwx $(STATEDIR); then \

412

386

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

413

387

414

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

415

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

388

if [ "$(TMPFILES)" != "$(DESTDIR)" \

389

-a -d "$(TMPFILES)" ]; then \

390

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

416

391

$(TMPFILES)/mandos.conf; \

417

392

418

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

419

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

420

$(SYSUSERS)/mandos.conf; \

421

422

install --directory $(BINDIR)

423

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos

424

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

393

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

394

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

425

395

mandos-ctl

426

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

396

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

427

397

mandos-monitor

428

install --directory $(CONFDIR)

429

398

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

430

399

mandos.conf

431

400

install --mode=u=rw --target-directory=$(CONFDIR) \

432

401

clients.conf

433

install -D --mode=u=rw,go=r dbus-mandos.conf \

434

$(DBUSPOLICYDIR)/mandos.conf

435

install -D --mode=u=rwx,go=rx init.d-mandos \

402

install --mode=u=rw,go=r dbus-mandos.conf \

403

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

404

install --mode=u=rwx,go=rx init.d-mandos \

436

405

$(DESTDIR)/etc/init.d/mandos

437

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

438

install -D --mode=u=rw,go=r mandos.service \

439

$(SYSTEMD); \

406

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

407

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

440

408

441

install -D --mode=u=rw,go=r default-mandos \

409

install --mode=u=rw,go=r default-mandos \

442

410

$(DESTDIR)/etc/default/mandos

443

411

if [ -z $(DESTDIR) ]; then \

444

412

update-rc.d mandos defaults 25 15;\

445

413

446

install --directory $(MANDIR)/man8 $(MANDIR)/man5

447

414

gzip --best --to-stdout mandos.8 \

448

415

> $(MANDIR)/man8/mandos.8.gz

449

416

gzip --best --to-stdout mandos-monitor.8 \

457

424

gzip --best --to-stdout intro.8mandos \

458

425

> $(MANDIR)/man8/intro.8mandos.gz

459

426

460

.PHONY: install-client-nokey

461

427

install-client-nokey: all doc

428

install --directory $(LIBDIR)/mandos $(CONFDIR)

462

429

install --directory --mode=u=rwx $(KEYDIR) \

463

430

$(LIBDIR)/mandos/plugins.d \

464

431

$(LIBDIR)/mandos/plugin-helpers

465

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

466

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

467

$(SYSUSERS)/mandos-client.conf; \

468

469

432

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

470

install --directory \

471

--mode=u=rwx "$(CONFDIR)/plugins.d" \

433

install --mode=u=rwx \

434

--directory "$(CONFDIR)/plugins.d" \

472

435

"$(CONFDIR)/plugin-helpers"; \

473

436

474

install --directory --mode=u=rwx,go=rx \

437

install --mode=u=rwx,go=rx --directory \

475

438

"$(CONFDIR)/network-hooks.d"

476

439

install --mode=u=rwx,go=rx \

477

440

--target-directory=$(LIBDIR)/mandos plugin-runner

478

441

install --mode=u=rwx,go=rx \

479

442

--target-directory=$(LIBDIR)/mandos \

480

443

mandos-to-cryptroot-unlock

481

install --directory $(BINDIR)

482

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

444

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

483

445

mandos-keygen

484

446

install --mode=u=rwx,go=rx \

485

447

--target-directory=$(LIBDIR)/mandos/plugins.d \

502

464

install --mode=u=rwx,go=rx \

503

465

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

504

466

plugin-helpers/mandos-client-iprouteadddel

505

install -D initramfs-tools-hook \

467

install initramfs-tools-hook \

506

468

$(INITRAMFSTOOLS)/hooks/mandos

507

install -D --mode=u=rw,go=r initramfs-tools-conf \

469

install --mode=u=rw,go=r initramfs-tools-conf \

508

470

$(INITRAMFSTOOLS)/conf.d/mandos-conf

509

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

471

install --mode=u=rw,go=r initramfs-tools-conf-hook \

510

472

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

511

install -D initramfs-tools-script \

473

install initramfs-tools-script \

512

474

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

513

install -D initramfs-tools-script-stop \

475

install initramfs-tools-script-stop \

514

476

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

515

install -D --mode=u=rw,go=r \

516

--target-directory=$(DRACUTMODULE) \

477

install --directory $(DRACUTMODULE)

478

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

517

479

dracut-module/ask-password-mandos.path \

518

480

dracut-module/ask-password-mandos.service

519

481

install --mode=u=rwxs,go=rx \

522

484

dracut-module/cmdline-mandos.sh \

523

485

dracut-module/password-agent

524

486

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

525

install --directory $(MANDIR)/man8

526

487

gzip --best --to-stdout mandos-keygen.8 \

527

488

> $(MANDIR)/man8/mandos-keygen.8.gz

528

489

gzip --best --to-stdout plugin-runner.8mandos \

542

503

gzip --best --to-stdout dracut-module/password-agent.8mandos \

543

504

> $(MANDIR)/man8/password-agent.8mandos.gz

544

505

545

.PHONY: install-client

546

506

install-client: install-client-nokey

547

507

# Post-installation stuff

548

-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"

508

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

549

509

if command -v update-initramfs >/dev/null; then \

550

510

update-initramfs -k all -u; \

551

511

elif command -v dracut >/dev/null; then \

558

518

559

519

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

560

520

561

.PHONY: uninstall

562

521

uninstall: uninstall-server uninstall-client

563

522

564

.PHONY: uninstall-server

565

523

uninstall-server:

566

-rm --force $(BINDIR)/mandos \

567

$(BINDIR)/mandos-ctl \

568

$(BINDIR)/mandos-monitor \

524

-rm --force $(PREFIX)/sbin/mandos \

525

$(PREFIX)/sbin/mandos-ctl \

526

$(PREFIX)/sbin/mandos-monitor \

569

527

$(MANDIR)/man8/mandos.8.gz \

570

528

$(MANDIR)/man8/mandos-monitor.8.gz \

571

529

$(MANDIR)/man8/mandos-ctl.8.gz \

574

532

update-rc.d -f mandos remove

575

533

-rmdir $(CONFDIR)

576

534

577

.PHONY: uninstall-client

578

535

uninstall-client:

579

536

# Refuse to uninstall client if /etc/crypttab is explicitly configured

580

537

# to use it.

581

538

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

582

539

$(DESTDIR)/etc/crypttab

583

-rm --force $(BINDIR)/mandos-keygen \

540

-rm --force $(PREFIX)/sbin/mandos-keygen \

584

541

$(LIBDIR)/mandos/plugin-runner \

585

542

$(LIBDIR)/mandos/plugins.d/password-prompt \

586

543

$(LIBDIR)/mandos/plugins.d/mandos-client \

616

573

done; \

617

574

618

575

619

.PHONY: purge

620

576

purge: purge-server purge-client

621

577

622

.PHONY: purge-server

623

578

purge-server: uninstall-server

624

579

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

625

580

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

626

581

$(DESTDIR)/etc/default/mandos \

627

582

$(DESTDIR)/etc/init.d/mandos \

583

$(SYSTEMD)/mandos.service \

628

584

$(DESTDIR)/run/mandos.pid \

629

585

$(DESTDIR)/var/run/mandos.pid

630

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

631

-rm --force -- $(SYSTEMD)/mandos.service; \

632

633

586

-rmdir $(CONFDIR)

634

587

635

.PHONY: purge-client

636

588

purge-client: uninstall-client

637

589

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

638

590

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »