/mandos/trunk : revision 1237

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2021-02-03 23:10:42 UTC
Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej

mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

files added:
debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/upstream/metadata

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.4

version:=1.8.14

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

done)

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

100

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

101

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)

GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)

102

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

103

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

104

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

105

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

106

107

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

100

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

108

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

109

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

101

110

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

102

111

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

103

112

147

156

148

157

objects:=$(addsuffix .o,$(CPROGS))

149

158

159

.PHONY: all

150

160

all: $(PROGS) mandos.lsm

151

161

162

.PHONY: doc

152

163

doc: $(DOCS)

153

164

165

.PHONY: html

154

166

html: $(htmldocs)

155

167

156

168

%.5: %.xml common.ent legalnotice.xml

273

285

$@)

274

286

275

287

# Need to add the GnuTLS, Avahi and GPGME libraries

276

plugins.d/mandos-client: plugins.d/mandos-client.c

277

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

278

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

279

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

280

) $(LDLIBS) -o $@

288

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

289

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

290

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

291

) $(AVAHI_LIBS) $(GPGME_LIBS)

281

292

282

293

# Need to add the libnl-route library

283

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

284

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

285

) $(LOADLIBES) $(LDLIBS) -o $@

294

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

295

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

286

296

287

297

# Need to add the GLib and pthread libraries

288

dracut-module/password-agent: dracut-module/password-agent.c

289

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

290

) $(LOADLIBES) $(LDLIBS) -o $@

291

292

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

293

check run-client run-server install install-html \

294

install-server install-client-nokey install-client uninstall \

295

uninstall-server uninstall-client purge purge-server \

296

purge-client

297

298

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

299

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

300

301

.PHONY: clean

298

302

clean:

299

303

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

300

304

305

.PHONY: distclean

301

306

distclean: clean

307

.PHONY: mostlyclean

302

308

mostlyclean: clean

309

.PHONY: maintainer-clean

303

310

maintainer-clean: clean

304

311

-rm --force --recursive keydir confdir statedir

305

312

313

.PHONY: check

306

314

check: all

307

315

./mandos --check

308

316

./mandos-ctl --check

312

320

./dracut-module/password-agent --test

313

321

314

322

# Run the client with a local config and key

315

run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem

316

@echo "###################################################################"

317

@echo "# The following error messages are harmless and can be safely #"

318

@echo "# ignored: #"

319

@echo "# From plugin-runner: setgid: Operation not permitted #"

320

@echo "# setuid: Operation not permitted #"

321

@echo "# From askpass-fifo: mkfifo: Permission denied #"

322

@echo "# From mandos-client: #"

323

@echo "# Failed to raise privileges: Operation not permitted #"

324

@echo "# Warning: network hook \"*\" exited with status * #"

325

@echo "# #"

326

@echo "# (The messages are caused by not running as root, but you should #"

327

@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"

328

@echo "# compiled Mandos as root, which is also NOT recommended.) #"

329

@echo "###################################################################"

323

.PHONY: run-client

324

run-client: all keydir/seckey.txt keydir/pubkey.txt \

325

keydir/tls-privkey.pem keydir/tls-pubkey.pem

326

@echo '######################################################'

327

@echo '# The following error messages are harmless and can #'

328

@echo '# be safely ignored: #'

329

@echo '## From plugin-runner: #'

330

@echo '# setgid: Operation not permitted #'

331

@echo '# setuid: Operation not permitted #'

332

@echo '## From askpass-fifo: #'

333

@echo '# mkfifo: Permission denied #'

334

@echo '## From mandos-client: #'

335

@echo '# Failed to raise privileges: Operation not permi... #'

336

@echo '# Warning: network hook "*" exited with status * #'

337

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

338

@echo '# Failed to bring up interface "*": Operation not... #'

339

@echo '# #'

340

@echo '# (The messages are caused by not running as root, #'

341

@echo '# but you should NOT run "make run-client" as root #'

342

@echo '# unless you also unpacked and compiled Mandos as #'

343

@echo '# root, which is also NOT recommended.) #'

344

@echo '######################################################'

330

345

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

331

346

./plugin-runner --plugin-dir=plugins.d \

332

347

--plugin-helper-dir=plugin-helpers \

339

354

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

340

355

install --directory keydir

341

356

./mandos-keygen --dir keydir --force

357

if ! [ -e keydir/tls-privkey.pem ]; then \

358

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

359

360

if ! [ -e keydir/tls-pubkey.pem ]; then \

361

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

362

342

363

343

364

# Run the server with a local config

365

.PHONY: run-server

344

366

run-server: confdir/mandos.conf confdir/clients.conf statedir

345

367

./mandos --debug --no-dbus --configdir=confdir \

346

368

--statedir=statedir $(SERVERARGS)

357

379

statedir:

358

380

install --directory statedir

359

381

382

.PHONY: install

360

383

install: install-server install-client-nokey

361

384

385

.PHONY: install-html

362

386

install-html: html

363

387

install --directory $(htmldir)

364

388

install --mode=u=rw,go=r --target-directory=$(htmldir) \

365

389

$(htmldocs)

366

390

391

.PHONY: install-server

367

392

install-server: doc

368

393

install --directory $(CONFDIR)

369

394

if install --directory --mode=u=rwx --owner=$(USER) \

372

397

elif install --directory --mode=u=rwx $(STATEDIR); then \

373

398

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

374

399

375

if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \

400

if [ "$(TMPFILES)" != "$(DESTDIR)" \

401

-a -d "$(TMPFILES)" ]; then \

376

402

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

377

403

$(TMPFILES)/mandos.conf; \

378

404

405

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

406

-a -d "$(SYSUSERS)" ]; then \

407

install --mode=u=rw,go=r sysusers.d-mandos.conf \

408

$(SYSUSERS)/mandos.conf; \

409

379

410

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

380

411

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

381

412

mandos-ctl

410

441

gzip --best --to-stdout intro.8mandos \

411

442

> $(MANDIR)/man8/intro.8mandos.gz

412

443

444

.PHONY: install-client-nokey

413

445

install-client-nokey: all doc

414

446

install --directory $(LIBDIR)/mandos $(CONFDIR)

415

447

install --directory --mode=u=rwx $(KEYDIR) \

416

448

$(LIBDIR)/mandos/plugins.d \

417

449

$(LIBDIR)/mandos/plugin-helpers

450

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

451

-a -d "$(SYSUSERS)" ]; then \

452

install --mode=u=rw,go=r sysusers.d-mandos.conf \

453

$(SYSUSERS)/mandos-client.conf; \

454

418

455

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

419

456

install --mode=u=rwx \

420

457

--directory "$(CONFDIR)/plugins.d" \

425

462

install --mode=u=rwx,go=rx \

426

463

--target-directory=$(LIBDIR)/mandos plugin-runner

427

464

install --mode=u=rwx,go=rx \

428

--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock

465

--target-directory=$(LIBDIR)/mandos \

466

mandos-to-cryptroot-unlock

429

467

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

430

468

mandos-keygen

431

469

install --mode=u=rwx,go=rx \

488

526

gzip --best --to-stdout dracut-module/password-agent.8mandos \

489

527

> $(MANDIR)/man8/password-agent.8mandos.gz

490

528

529

.PHONY: install-client

491

530

install-client: install-client-nokey

492

531

# Post-installation stuff

493

532

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

494

533

if command -v update-initramfs >/dev/null; then \

495

534

update-initramfs -k all -u; \

496

535

elif command -v dracut >/dev/null; then \

497

for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \

536

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

498

537

if [ -w "$$initrd" ]; then \

499

538

chmod go-r "$$initrd"; \

500

539

dracut --force "$$initrd"; \

503

542

504

543

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

505

544

545

.PHONY: uninstall

506

546

uninstall: uninstall-server uninstall-client

507

547

548

.PHONY: uninstall-server

508

549

uninstall-server:

509

550

-rm --force $(PREFIX)/sbin/mandos \

510

551

$(PREFIX)/sbin/mandos-ctl \

517

558

update-rc.d -f mandos remove

518

559

-rmdir $(CONFDIR)

519

560

561

.PHONY: uninstall-client

520

562

uninstall-client:

521

563

# Refuse to uninstall client if /etc/crypttab is explicitly configured

522

564

# to use it.

553

595

if command -v update-initramfs >/dev/null; then \

554

596

update-initramfs -k all -u; \

555

597

elif command -v dracut >/dev/null; then \

556

for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \

598

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

557

599

test -w "$$initrd" && dracut --force "$$initrd"; \

558

600

done; \

559

601

560

602

603

.PHONY: purge

561

604

purge: purge-server purge-client

562

605

606

.PHONY: purge-server

563

607

purge-server: uninstall-server

564

608

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

565

609

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

570

614

$(DESTDIR)/var/run/mandos.pid

571

615

-rmdir $(CONFDIR)

572

616

617

.PHONY: purge-client

573

618

purge-client: uninstall-client

574

619

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

575

620

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »