/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2019-08-05 21:14:05 UTC
  • Revision ID: teddy@recompile.se-20190805211405-9m6hecekaihpttz9
Override lintian warnings about upgrading from old versions

There are some really things which are imperative that we fix in case
someone were to upgrade from a really old version.  We want to keep
these fixes in the postinst maintainer scripts, even though lintian
complains about such old upgrades not being supported by Debian in
general.  We prefer the code being there, for the sake of the users.

* debian/mandos-client.lintian-overrides
  (maintainer-script-supports-ancient-package-version): New.
  debian/mandos.lintian-overrides
  (maintainer-script-supports-ancient-package-version): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
#DEBUG=-ggdb3
14
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
 
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
 
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
17
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
 
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
 
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
19
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
20
22
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
21
23
        -fsanitize=return -fsanitize=signed-integer-overflow \
23
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
24
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
25
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
26
 
        -fsanitize=enum
27
 
# Check which sanitizing options can be used
28
 
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
 
        echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
 
        -o /dev/null >/dev/null 2>&1 && echo $(option)))
31
 
LINK_FORTIFY_LD=-z relro -z now
32
 
LINK_FORTIFY=
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
33
LINK_FORTIFY_LD:=-z relro -z now
 
34
LINK_FORTIFY:=
33
35
 
34
36
# If BROKEN_PIE is set, do not build with -pie
35
37
ifndef BROKEN_PIE
37
39
LINK_FORTIFY += -pie
38
40
endif
39
41
#COVERAGE=--coverage
40
 
OPTIMIZE=-Os -fno-strict-aliasing
41
 
LANGUAGE=-std=gnu11
42
 
htmldir=man
43
 
version=1.7.6
44
 
SED=sed
45
 
 
46
 
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
 
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
 
42
OPTIMIZE:=-Os -fno-strict-aliasing
 
43
LANGUAGE:=-std=gnu11
 
44
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
htmldir:=man
 
46
version:=1.8.6
 
47
SED:=sed
 
48
PKG_CONFIG?=pkg-config
 
49
 
 
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
51
        || getent passwd nobody || echo 65534)))
 
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
53
        || getent group nogroup || echo 65534)))
 
54
 
 
55
LINUXVERSION:=$(shell uname --kernel-release)
48
56
 
49
57
## Use these settings for a traditional /usr/local install
50
 
# PREFIX=$(DESTDIR)/usr/local
51
 
# CONFDIR=$(DESTDIR)/etc/mandos
52
 
# KEYDIR=$(DESTDIR)/etc/mandos/keys
53
 
# MANDIR=$(PREFIX)/man
54
 
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
55
 
# STATEDIR=$(DESTDIR)/var/lib/mandos
56
 
# LIBDIR=$(PREFIX)/lib
 
58
# PREFIX:=$(DESTDIR)/usr/local
 
59
# CONFDIR:=$(DESTDIR)/etc/mandos
 
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
 
61
# MANDIR:=$(PREFIX)/man
 
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
 
65
# LIBDIR:=$(PREFIX)/lib
57
66
##
58
67
 
59
68
## These settings are for a package-type install
60
 
PREFIX=$(DESTDIR)/usr
61
 
CONFDIR=$(DESTDIR)/etc/mandos
62
 
KEYDIR=$(DESTDIR)/etc/keys/mandos
63
 
MANDIR=$(PREFIX)/share/man
64
 
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
65
 
STATEDIR=$(DESTDIR)/var/lib/mandos
66
 
LIBDIR=$(shell \
 
69
PREFIX:=$(DESTDIR)/usr
 
70
CONFDIR:=$(DESTDIR)/etc/mandos
 
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
 
72
MANDIR:=$(PREFIX)/share/man
 
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
 
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
 
76
LIBDIR:=$(shell \
67
77
        for d in \
68
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
78
        "/usr/lib/`dpkg-architecture \
 
79
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
69
80
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
70
81
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
71
82
                        echo "$(DESTDIR)$$d"; \
74
85
        done)
75
86
##
76
87
 
77
 
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
 
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
89
                        --variable=systemdsystemunitdir)
 
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
91
                        --variable=tmpfilesdir)
79
92
 
80
 
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
81
 
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
82
 
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
83
 
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
84
 
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
85
 
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
93
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
 
94
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
 
95
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
 
96
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
 
97
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
98
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
86
99
        getconf LFS_LDFLAGS)
87
 
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
88
 
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
 
100
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
 
101
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
 
102
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
 
103
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
89
104
 
90
105
# Do not change these two
91
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
92
 
        $(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
93
 
        $(GPGME_CFLAGS) -DVERSION='"$(version)"'
94
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
106
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
107
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
108
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
109
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
95
110
 
96
111
# Commands to format a DocBook <refentry> document into a manual page
97
112
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
103
118
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
104
119
        $(notdir $<); \
105
120
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
106
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
107
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
108
 
        fi >/dev/null)
 
121
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
122
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
123
        $(notdir $@); fi >/dev/null)
109
124
 
110
125
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
111
126
        --param make.year.ranges                1 \
117
132
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
118
133
        $<; $(HTMLPOST) $@)
119
134
# Fix citerefentry links
120
 
HTMLPOST=$(SED) --in-place \
 
135
HTMLPOST:=$(SED) --in-place \
121
136
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
122
137
 
123
 
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
 
138
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
124
139
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
125
140
        plugins.d/plymouth
126
 
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
127
 
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
128
 
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
129
 
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
141
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
 
142
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
143
        $(PLUGIN_HELPERS)
 
144
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
145
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
130
146
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
147
        dracut-module/password-agent.8mandos \
131
148
        plugins.d/mandos-client.8mandos \
132
149
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
133
150
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
134
151
        plugins.d/plymouth.8mandos intro.8mandos
135
152
 
136
 
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
153
htmldocs:=$(addsuffix .xhtml,$(DOCS))
137
154
 
138
 
objects=$(addsuffix .o,$(CPROGS))
 
155
objects:=$(addsuffix .o,$(CPROGS))
139
156
 
140
157
all: $(PROGS) mandos.lsm
141
158
 
205
222
                overview.xml legalnotice.xml
206
223
        $(DOCBOOKTOHTML)
207
224
 
 
225
dracut-module/password-agent.8mandos: \
 
226
                dracut-module/password-agent.xml common.ent \
 
227
                overview.xml legalnotice.xml
 
228
        $(DOCBOOKTOMAN)
 
229
dracut-module/password-agent.8mandos.xhtml: \
 
230
                dracut-module/password-agent.xml common.ent \
 
231
                overview.xml legalnotice.xml
 
232
        $(DOCBOOKTOHTML)
 
233
 
208
234
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
209
235
                                        common.ent \
210
236
                                        mandos-options.xml \
253
279
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
254
280
                $@)
255
281
 
 
282
# Need to add the GnuTLS, Avahi and GPGME libraries
256
283
plugins.d/mandos-client: plugins.d/mandos-client.c
257
 
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
258
 
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
 
284
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
 
285
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
 
286
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
 
287
                ) $(LDLIBS) -o $@
259
288
 
 
289
# Need to add the libnl-route library
260
290
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
261
291
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
262
292
                ) $(LOADLIBES) $(LDLIBS) -o $@
263
293
 
 
294
# Need to add the GLib and pthread libraries
 
295
dracut-module/password-agent: dracut-module/password-agent.c
 
296
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
 
297
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
298
 
264
299
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
265
300
        check run-client run-server install install-html \
266
301
        install-server install-client-nokey install-client uninstall \
275
310
maintainer-clean: clean
276
311
        -rm --force --recursive keydir confdir statedir
277
312
 
278
 
check:  all
 
313
check: all
279
314
        ./mandos --check
280
315
        ./mandos-ctl --check
 
316
        ./mandos-keygen --version
 
317
        ./plugin-runner --version
 
318
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
319
        ./dracut-module/password-agent --test
281
320
 
282
321
# Run the client with a local config and key
283
 
run-client: all keydir/seckey.txt keydir/pubkey.txt
284
 
        @echo "###################################################################"
285
 
        @echo "# The following error messages are harmless and can be safely     #"
286
 
        @echo "# ignored.  The messages are caused by not running as root, but   #"
287
 
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
288
 
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
289
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
290
 
        @echo "#                     setuid: Operation not permitted             #"
291
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
292
 
        @echo "# From mandos-client:                                             #"
293
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
294
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
295
 
        @echo "###################################################################"
 
322
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
323
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
324
        @echo '######################################################'
 
325
        @echo '# The following error messages are harmless and can  #'
 
326
        @echo '#  be safely ignored:                                #'
 
327
        @echo '## From plugin-runner:                               #'
 
328
        @echo '# setgid: Operation not permitted                    #'
 
329
        @echo '# setuid: Operation not permitted                    #'
 
330
        @echo '## From askpass-fifo:                                #'
 
331
        @echo '# mkfifo: Permission denied                          #'
 
332
        @echo '## From mandos-client:                               #'
 
333
        @echo '# Failed to raise privileges: Operation not permi... #'
 
334
        @echo '# Warning: network hook "*" exited with status *     #'
 
335
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
 
336
        @echo '# Failed to bring up interface "*": Operation not... #'
 
337
        @echo '#                                                    #'
 
338
        @echo '# (The messages are caused by not running as root,   #'
 
339
        @echo '# but you should NOT run "make run-client" as root   #'
 
340
        @echo '# unless you also unpacked and compiled Mandos as    #'
 
341
        @echo '# root, which is also NOT recommended.)              #'
 
342
        @echo '######################################################'
296
343
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
297
344
        ./plugin-runner --plugin-dir=plugins.d \
298
345
                --plugin-helper-dir=plugin-helpers \
299
346
                --config-file=plugin-runner.conf \
300
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
347
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
301
348
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
302
349
                $(CLIENTARGS)
303
350
 
304
351
# Used by run-client
305
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
352
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
306
353
        install --directory keydir
307
354
        ./mandos-keygen --dir keydir --force
308
355
 
315
362
confdir/mandos.conf: mandos.conf
316
363
        install --directory confdir
317
364
        install --mode=u=rw,go=r $^ $@
318
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
365
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
319
366
        install --directory confdir
320
367
        install --mode=u=rw $< $@
321
368
# Add a client password
338
385
        elif install --directory --mode=u=rwx $(STATEDIR); then \
339
386
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
340
387
        fi
341
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
342
 
                install --mode=u=rwx,go=r tmpfiles.d-mandos.conf \
 
388
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
 
389
                        -a -d "$(TMPFILES)" ]; then \
 
390
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
343
391
                        $(TMPFILES)/mandos.conf; \
344
392
        fi
345
393
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
390
438
                "$(CONFDIR)/network-hooks.d"
391
439
        install --mode=u=rwx,go=rx \
392
440
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
441
        install --mode=u=rwx,go=rx \
 
442
                --target-directory=$(LIBDIR)/mandos \
 
443
                mandos-to-cryptroot-unlock
393
444
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
394
445
                mandos-keygen
395
446
        install --mode=u=rwx,go=rx \
415
466
                plugin-helpers/mandos-client-iprouteadddel
416
467
        install initramfs-tools-hook \
417
468
                $(INITRAMFSTOOLS)/hooks/mandos
418
 
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
419
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
 
469
        install --mode=u=rw,go=r initramfs-tools-conf \
 
470
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
471
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
472
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
420
473
        install initramfs-tools-script \
421
474
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
475
        install initramfs-tools-script-stop \
 
476
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
477
        install --directory $(DRACUTMODULE)
 
478
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
479
                dracut-module/ask-password-mandos.path \
 
480
                dracut-module/ask-password-mandos.service
 
481
        install --mode=u=rwxs,go=rx \
 
482
                --target-directory=$(DRACUTMODULE) \
 
483
                dracut-module/module-setup.sh \
 
484
                dracut-module/cmdline-mandos.sh \
 
485
                dracut-module/password-agent
422
486
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
423
487
        gzip --best --to-stdout mandos-keygen.8 \
424
488
                > $(MANDIR)/man8/mandos-keygen.8.gz
436
500
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
437
501
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
438
502
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
503
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
504
                > $(MANDIR)/man8/password-agent.8mandos.gz
439
505
 
440
506
install-client: install-client-nokey
441
507
# Post-installation stuff
442
508
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
443
 
        update-initramfs -k all -u
 
509
        if command -v update-initramfs >/dev/null; then \
 
510
            update-initramfs -k all -u; \
 
511
        elif command -v dracut >/dev/null; then \
 
512
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
513
                if [ -w "$$initrd" ]; then \
 
514
                    chmod go-r "$$initrd"; \
 
515
                    dracut --force "$$initrd"; \
 
516
                fi; \
 
517
            done; \
 
518
        fi
444
519
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
445
520
 
446
521
uninstall: uninstall-server uninstall-client
473
548
                $(INITRAMFSTOOLS)/hooks/mandos \
474
549
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
475
550
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
551
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
552
                $(DRACUTMODULE)/ask-password-mandos.path \
 
553
                $(DRACUTMODULE)/ask-password-mandos.service \
 
554
                $(DRACUTMODULE)/module-setup.sh \
 
555
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
556
                $(DRACUTMODULE)/password-agent \
476
557
                $(MANDIR)/man8/mandos-keygen.8.gz \
477
558
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
478
559
                $(MANDIR)/man8/mandos-client.8mandos.gz
481
562
                $(MANDIR)/man8/splashy.8mandos.gz \
482
563
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
483
564
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
565
                $(MANDIR)/man8/password-agent.8mandos.gz \
484
566
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
485
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
486
 
        update-initramfs -k all -u
 
567
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
568
        if command -v update-initramfs >/dev/null; then \
 
569
            update-initramfs -k all -u; \
 
570
        elif command -v dracut >/dev/null; then \
 
571
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
572
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
573
            done; \
 
574
        fi
487
575
 
488
576
purge: purge-server purge-client
489
577
 
498
586
        -rmdir $(CONFDIR)
499
587
 
500
588
purge-client: uninstall-client
501
 
        -shred --remove $(KEYDIR)/seckey.txt
 
589
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
502
590
        -rm --force $(CONFDIR)/plugin-runner.conf \
503
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
 
591
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
592
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
504
593
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)