/mandos/trunk : revision 1237

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2021-02-03 23:10:42 UTC
Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej

mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Wunreachable-code -Winline \

-Wvolatile-register-var

DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see

# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>

FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum -fsanitize-address-use-after-scope

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

FORTIFY += -fPIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

# PREFIX=/usr/local

PREFIX=$(DESTDIR)/usr

# CONFDIR=/usr/local/lib/mandos

CONFDIR=$(DESTDIR)/etc/mandos

# MANDIR=/usr/local/man

MANDIR=$(DESTDIR)/usr/share/man

GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)

GNUTLS_LIBS=$(shell libgnutls-config --libs)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags)

GPGME_LIBS=$(shell gpgme-config --libs)

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.14

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

100

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

101

getconf LFS_LDFLAGS)

102

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

103

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

104

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

105

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

106

107

# Do not change these two

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

LDFLAGS=$(COVERAGE)

108

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

109

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

110

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

111

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

112

# Commands to format a DocBook refentry document into a manual page

DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \

113

# Commands to format a DocBook <refentry> document into a manual page

114

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

115

--param man.charmap.use.subset 0 \

116

--param make.year.ranges 1 \

117

--param make.single.year.ranges 1 \

118

--param man.output.quietly 1 \

119

--param man.authors.section.enabled 0 \

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

120

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

121

$(notdir $<); \

$(MANPOST) $(notdir $@)

# DocBook-to-man post-processing to fix a \n escape bug

MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

PLUGINS=plugins.d/password-prompt plugins.d/password-request

PROGS=plugin-runner $(PLUGINS)

DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \

plugins.d/password-request.8mandos \

plugins.d/password-prompt.8mandos mandos.conf.5 \

mandos-clients.conf.5

objects=$(addsuffix .o,$(PROGS))

all: $(PROGS)

122

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

123

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

124

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

125

$(notdir $@); fi >/dev/null)

126

127

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

128

--param make.year.ranges 1 \

129

--param make.single.year.ranges 1 \

130

--param man.output.quietly 1 \

131

--param man.authors.section.enabled 0 \

132

--param citerefentry.link 1 \

133

--output $@ \

134

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

135

$<; $(HTMLPOST) $@)

136

# Fix citerefentry links

137

HTMLPOST:=$(SED) --in-place \

138

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

139

140

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

141

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

142

plugins.d/plymouth

143

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

144

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

145

$(PLUGIN_HELPERS)

146

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

147

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

148

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

149

dracut-module/password-agent.8mandos \

150

plugins.d/mandos-client.8mandos \

151

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

152

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

153

plugins.d/plymouth.8mandos intro.8mandos

154

155

htmldocs:=$(addsuffix .xhtml,$(DOCS))

156

157

objects:=$(addsuffix .o,$(CPROGS))

158

159

.PHONY: all

160

all: $(PROGS) mandos.lsm

161

162

.PHONY: doc

163

doc: $(DOCS)

164

%.5: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8mandos: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.8: mandos.xml mandos-options.xml

$(DOCBOOKTOMAN)

mandos.conf.5: mandos.conf.xml mandos-options.xml

$(DOCBOOKTOMAN)

plugins.d/password-request: plugins.d/password-request.o

$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \

$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@

.PHONY : all doc clean distclean run-client run-server install \

install-server install-client uninstall uninstall-server \

uninstall-client purge purge-server purge-client

165

.PHONY: html

166

html: $(htmldocs)

167

168

%.5: %.xml common.ent legalnotice.xml

169

$(DOCBOOKTOMAN)

170

%.5.xhtml: %.xml common.ent legalnotice.xml

171

$(DOCBOOKTOHTML)

172

173

%.8: %.xml common.ent legalnotice.xml

174

$(DOCBOOKTOMAN)

175

%.8.xhtml: %.xml common.ent legalnotice.xml

176

$(DOCBOOKTOHTML)

177

178

%.8mandos: %.xml common.ent legalnotice.xml

179

$(DOCBOOKTOMAN)

180

%.8mandos.xhtml: %.xml common.ent legalnotice.xml

181

$(DOCBOOKTOHTML)

182

183

intro.8mandos: intro.xml common.ent legalnotice.xml

184

$(DOCBOOKTOMAN)

185

intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml

186

$(DOCBOOKTOHTML)

187

188

mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \

189

legalnotice.xml

190

$(DOCBOOKTOMAN)

191

mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \

192

overview.xml legalnotice.xml

193

$(DOCBOOKTOHTML)

194

195

mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \

196

legalnotice.xml

197

$(DOCBOOKTOMAN)

198

mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \

199

legalnotice.xml

200

$(DOCBOOKTOHTML)

201

202

mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \

203

legalnotice.xml

204

$(DOCBOOKTOMAN)

205

mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \

206

legalnotice.xml

207

$(DOCBOOKTOHTML)

208

209

mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \

210

legalnotice.xml

211

$(DOCBOOKTOMAN)

212

mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \

213

legalnotice.xml

214

$(DOCBOOKTOHTML)

215

216

mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \

217

legalnotice.xml

218

$(DOCBOOKTOMAN)

219

mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \

220

legalnotice.xml

221

$(DOCBOOKTOHTML)

222

223

plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \

224

legalnotice.xml

225

$(DOCBOOKTOMAN)

226

plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \

227

overview.xml legalnotice.xml

228

$(DOCBOOKTOHTML)

229

230

dracut-module/password-agent.8mandos: \

231

dracut-module/password-agent.xml common.ent \

232

overview.xml legalnotice.xml

233

$(DOCBOOKTOMAN)

234

dracut-module/password-agent.8mandos.xhtml: \

235

dracut-module/password-agent.xml common.ent \

236

overview.xml legalnotice.xml

237

$(DOCBOOKTOHTML)

238

239

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

240

common.ent \

241

mandos-options.xml \

242

overview.xml legalnotice.xml

243

$(DOCBOOKTOMAN)

244

plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \

245

common.ent \

246

mandos-options.xml \

247

overview.xml legalnotice.xml

248

$(DOCBOOKTOHTML)

249

250

# Update all these files with version number $(version)

251

common.ent: Makefile

252

$(strip $(SED) --in-place \

253

--expression='s/^$<!ENTITY version "$[^"]*">$$/\1$(version)">/' \

254

$@)

255

256

mandos: Makefile

257

$(strip $(SED) --in-place \

258

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

259

$@)

260

261

mandos-keygen: Makefile

262

$(strip $(SED) --in-place \

263

--expression='s/^$VERSION="$[^"]*"$$/\1$(version)"/' \

264

$@)

265

266

mandos-ctl: Makefile

267

$(strip $(SED) --in-place \

268

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

269

$@)

270

271

mandos-monitor: Makefile

272

$(strip $(SED) --in-place \

273

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

274

$@)

275

276

mandos.lsm: Makefile

277

$(strip $(SED) --in-place \

278

--expression='s/^$Version:$.*/\1\t$(version)/' \

279

$@)

280

$(strip $(SED) --in-place \

281

--expression='s/^$Entered-date:$.*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \

282

$@)

283

$(strip $(SED) --in-place \

284

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

285

$@)

286

287

# Need to add the GnuTLS, Avahi and GPGME libraries

288

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

289

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

290

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

291

) $(AVAHI_LIBS) $(GPGME_LIBS)

292

293

# Need to add the libnl-route library

294

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

295

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

296

297

# Need to add the GLib and pthread libraries

298

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

299

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

300

301

.PHONY: clean

302

clean:

-rm --force $(PROGS) $(objects) $(DOCS) core

303

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

304

305

.PHONY: distclean

306

distclean: clean

307

.PHONY: mostlyclean

308

mostlyclean: clean

309

.PHONY: maintainer-clean

310

maintainer-clean: clean

-rm --force --recursive keydir confdir

311

-rm --force --recursive keydir confdir statedir

312

check:

313

.PHONY: check

314

check: all

315

./mandos --check

316

./mandos-ctl --check

317

./mandos-keygen --version

318

./plugin-runner --version

319

./plugin-helpers/mandos-client-iprouteadddel --version

320

./dracut-module/password-agent --test

321

322

# Run the client with a local config and key

323

.PHONY: run-client

324

run-client: all keydir/seckey.txt keydir/pubkey.txt \

keydir/secring.gpg keydir/pubring.gpg

325

keydir/tls-privkey.pem keydir/tls-pubkey.pem

326

@echo '######################################################'

327

@echo '# The following error messages are harmless and can #'

328

@echo '# be safely ignored: #'

329

@echo '## From plugin-runner: #'

330

@echo '# setgid: Operation not permitted #'

331

@echo '# setuid: Operation not permitted #'

332

@echo '## From askpass-fifo: #'

333

@echo '# mkfifo: Permission denied #'

334

@echo '## From mandos-client: #'

335

@echo '# Failed to raise privileges: Operation not permi... #'

336

@echo '# Warning: network hook "*" exited with status * #'

337

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

338

@echo '# Failed to bring up interface "*": Operation not... #'

339

@echo '# #'

340

@echo '# (The messages are caused by not running as root, #'

341

@echo '# but you should NOT run "make run-client" as root #'

342

@echo '# unless you also unpacked and compiled Mandos as #'

343

@echo '# root, which is also NOT recommended.) #'

344

@echo '######################################################'

345

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

346

./plugin-runner --plugin-dir=plugins.d \

347

--plugin-helper-dir=plugin-helpers \

348

--config-file=plugin-runner.conf \

100

--options-for=password-request:--keydir=keydir

349

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

350

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

351

$(CLIENTARGS)

101

352

102

353

# Used by run-client

103

keydir/secring.gpg: keydir/seckey.txt

104

gpg --homedir $(dir $<) --import $^

105

keydir/pubring.gpg: keydir/pubkey.txt

106

gpg --homedir $(dir $<) --import $^

107

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

354

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

108

355

install --directory keydir

109

356

./mandos-keygen --dir keydir --force

357

if ! [ -e keydir/tls-privkey.pem ]; then \

358

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

359

360

if ! [ -e keydir/tls-pubkey.pem ]; then \

361

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

362

110

363

111

364

# Run the server with a local config

112

run-server: confdir/mandos.conf confdir/clients.conf

113

./mandos --debug --configdir=confdir

365

.PHONY: run-server

366

run-server: confdir/mandos.conf confdir/clients.conf statedir

367

./mandos --debug --no-dbus --configdir=confdir \

368

--statedir=statedir $(SERVERARGS)

114

369

115

370

# Used by run-server

116

371

confdir/mandos.conf: mandos.conf

117

372

install --directory confdir

118

install $^ $@

119

confdir/clients.conf: clients.conf keydir/seckey.txt

373

install --mode=u=rw,go=r $^ $@

374

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

120

375

install --directory confdir

121

install clients.conf $@

376

install --mode=u=rw $< $@

122

377

# Add a client password

123

./mandos-keygen --dir keydir --password >> $@

124

125

install: install-server install-client

126

378

./mandos-keygen --dir keydir --password --no-ssh >> $@

379

statedir:

380

install --directory statedir

381

382

.PHONY: install

383

install: install-server install-client-nokey

384

385

.PHONY: install-html

386

install-html: html

387

install --directory $(htmldir)

388

install --mode=u=rw,go=r --target-directory=$(htmldir) \

389

$(htmldocs)

390

391

.PHONY: install-server

127

392

install-server: doc

128

install --directory --parents $(CONFDIR) $(MANDIR)/man5 \

129

$(MANDIR)/man8

130

install --mode=0755 mandos $(PREFIX)/sbin/mandos

131

install --mode=0644 --target-directory=$(CONFDIR) mandos.conf

132

install --mode=0640 --target-directory=$(CONFDIR) \

393

install --directory $(CONFDIR)

394

if install --directory --mode=u=rwx --owner=$(USER) \

395

--group=$(GROUP) $(STATEDIR); then \

396

:; \

397

elif install --directory --mode=u=rwx $(STATEDIR); then \

398

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

399

400

if [ "$(TMPFILES)" != "$(DESTDIR)" \

401

-a -d "$(TMPFILES)" ]; then \

402

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

403

$(TMPFILES)/mandos.conf; \

404

405

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

406

-a -d "$(SYSUSERS)" ]; then \

407

install --mode=u=rw,go=r sysusers.d-mandos.conf \

408

$(SYSUSERS)/mandos.conf; \

409

410

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

411

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

412

mandos-ctl

413

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

414

mandos-monitor

415

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

416

mandos.conf

417

install --mode=u=rw --target-directory=$(CONFDIR) \

133

418

clients.conf

419

install --mode=u=rw,go=r dbus-mandos.conf \

420

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

421

install --mode=u=rwx,go=rx init.d-mandos \

422

$(DESTDIR)/etc/init.d/mandos

423

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

424

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

425

426

install --mode=u=rw,go=r default-mandos \

427

$(DESTDIR)/etc/default/mandos

428

if [ -z $(DESTDIR) ]; then \

429

update-rc.d mandos defaults 25 15;\

430

134

431

gzip --best --to-stdout mandos.8 \

135

432

> $(MANDIR)/man8/mandos.8.gz

433

gzip --best --to-stdout mandos-monitor.8 \

434

> $(MANDIR)/man8/mandos-monitor.8.gz

435

gzip --best --to-stdout mandos-ctl.8 \

436

> $(MANDIR)/man8/mandos-ctl.8.gz

136

437

gzip --best --to-stdout mandos.conf.5 \

137

438

> $(MANDIR)/man5/mandos.conf.5.gz

138

439

gzip --best --to-stdout mandos-clients.conf.5 \

139

440

> $(MANDIR)/man5/mandos-clients.conf.5.gz

441

gzip --best --to-stdout intro.8mandos \

442

> $(MANDIR)/man8/intro.8mandos.gz

140

443

141

install-client: all doc /usr/share/initramfs-tools/hooks/.

142

install --directory --parents $(PREFIX)/lib/mandos \

143

$(CONFDIR) $(MANDIR)/man8

144

install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d

145

chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d

146

install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \

147

plugin-runner

148

install --mode=0755 --target-directory=$(PREFIX)/sbin \

444

.PHONY: install-client-nokey

445

install-client-nokey: all doc

446

install --directory $(LIBDIR)/mandos $(CONFDIR)

447

install --directory --mode=u=rwx $(KEYDIR) \

448

$(LIBDIR)/mandos/plugins.d \

449

$(LIBDIR)/mandos/plugin-helpers

450

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

451

-a -d "$(SYSUSERS)" ]; then \

452

install --mode=u=rw,go=r sysusers.d-mandos.conf \

453

$(SYSUSERS)/mandos-client.conf; \

454

455

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

456

install --mode=u=rwx \

457

--directory "$(CONFDIR)/plugins.d" \

458

"$(CONFDIR)/plugin-helpers"; \

459

460

install --mode=u=rwx,go=rx --directory \

461

"$(CONFDIR)/network-hooks.d"

462

install --mode=u=rwx,go=rx \

463

--target-directory=$(LIBDIR)/mandos plugin-runner

464

install --mode=u=rwx,go=rx \

465

--target-directory=$(LIBDIR)/mandos \

466

mandos-to-cryptroot-unlock

467

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

149

468

mandos-keygen

150

install --mode=0755 \

151

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

469

install --mode=u=rwx,go=rx \

470

--target-directory=$(LIBDIR)/mandos/plugins.d \

152

471

plugins.d/password-prompt

153

install --mode=4755 \

154

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

155

plugins.d/password-request

472

install --mode=u=rwxs,go=rx \

473

--target-directory=$(LIBDIR)/mandos/plugins.d \

474

plugins.d/mandos-client

475

install --mode=u=rwxs,go=rx \

476

--target-directory=$(LIBDIR)/mandos/plugins.d \

477

plugins.d/usplash

478

install --mode=u=rwxs,go=rx \

479

--target-directory=$(LIBDIR)/mandos/plugins.d \

480

plugins.d/splashy

481

install --mode=u=rwxs,go=rx \

482

--target-directory=$(LIBDIR)/mandos/plugins.d \

483

plugins.d/askpass-fifo

484

install --mode=u=rwxs,go=rx \

485

--target-directory=$(LIBDIR)/mandos/plugins.d \

486

plugins.d/plymouth

487

install --mode=u=rwx,go=rx \

488

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

489

plugin-helpers/mandos-client-iprouteadddel

156

490

install initramfs-tools-hook \

157

/usr/share/initramfs-tools/hooks/mandos

158

install initramfs-tools-hook-conf \

159

/usr/share/initramfs-tools/conf-hooks.d/mandos

491

$(INITRAMFSTOOLS)/hooks/mandos

492

install --mode=u=rw,go=r initramfs-tools-conf \

493

$(INITRAMFSTOOLS)/conf.d/mandos-conf

494

install --mode=u=rw,go=r initramfs-tools-conf-hook \

495

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

160

496

install initramfs-tools-script \

161

/usr/share/initramfs-tools/scripts/local-top/mandos

497

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

498

install initramfs-tools-script-stop \

499

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

500

install --directory $(DRACUTMODULE)

501

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

502

dracut-module/ask-password-mandos.path \

503

dracut-module/ask-password-mandos.service

504

install --mode=u=rwxs,go=rx \

505

--target-directory=$(DRACUTMODULE) \

506

dracut-module/module-setup.sh \

507

dracut-module/cmdline-mandos.sh \

508

dracut-module/password-agent

509

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

162

510

gzip --best --to-stdout mandos-keygen.8 \

163

511

> $(MANDIR)/man8/mandos-keygen.8.gz

164

512

gzip --best --to-stdout plugin-runner.8mandos \

165

513

> $(MANDIR)/man8/plugin-runner.8mandos.gz

514

gzip --best --to-stdout plugins.d/mandos-client.8mandos \

515

> $(MANDIR)/man8/mandos-client.8mandos.gz

166

516

gzip --best --to-stdout plugins.d/password-prompt.8mandos \

167

517

> $(MANDIR)/man8/password-prompt.8mandos.gz

168

gzip --best --to-stdout plugins.d/password-request.8mandos \

169

> $(MANDIR)/man8/password-request.8mandos.gz

170

-$(PREFIX)/sbin/mandos-keygen

171

update-initramfs -k all -u

172

518

gzip --best --to-stdout plugins.d/usplash.8mandos \

519

> $(MANDIR)/man8/usplash.8mandos.gz

520

gzip --best --to-stdout plugins.d/splashy.8mandos \

521

> $(MANDIR)/man8/splashy.8mandos.gz

522

gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \

523

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

524

gzip --best --to-stdout plugins.d/plymouth.8mandos \

525

> $(MANDIR)/man8/plymouth.8mandos.gz

526

gzip --best --to-stdout dracut-module/password-agent.8mandos \

527

> $(MANDIR)/man8/password-agent.8mandos.gz

528

529

.PHONY: install-client

530

install-client: install-client-nokey

531

# Post-installation stuff

532

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

533

if command -v update-initramfs >/dev/null; then \

534

update-initramfs -k all -u; \

535

elif command -v dracut >/dev/null; then \

536

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

537

if [ -w "$$initrd" ]; then \

538

chmod go-r "$$initrd"; \

539

dracut --force "$$initrd"; \

540

fi; \

541

done; \

542

543

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

544

545

.PHONY: uninstall

173

546

uninstall: uninstall-server uninstall-client

174

547

175

uninstall-server: $(PREFIX)/sbin/mandos

548

.PHONY: uninstall-server

549

uninstall-server:

176

550

-rm --force $(PREFIX)/sbin/mandos \

551

$(PREFIX)/sbin/mandos-ctl \

552

$(PREFIX)/sbin/mandos-monitor \

177

553

$(MANDIR)/man8/mandos.8.gz \

554

$(MANDIR)/man8/mandos-monitor.8.gz \

555

$(MANDIR)/man8/mandos-ctl.8.gz \

178

556

$(MANDIR)/man5/mandos.conf.5.gz \

179

557

$(MANDIR)/man5/mandos-clients.conf.5.gz

558

update-rc.d -f mandos remove

180

559

-rmdir $(CONFDIR)

181

560

561

.PHONY: uninstall-client

182

562

uninstall-client:

183

563

# Refuse to uninstall client if /etc/crypttab is explicitly configured

184

564

# to use it.

185

565

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

186

/etc/crypttab

566

$(DESTDIR)/etc/crypttab

187

567

-rm --force $(PREFIX)/sbin/mandos-keygen \

188

$(PREFIX)/lib/mandos/plugin-runner \

189

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

190

$(PREFIX)/lib/mandos/plugins.d/password-request \

191

/usr/share/initramfs-tools/hooks/mandos \

192

/usr/share/initramfs-tools/conf-hooks.d/mandos \

568

$(LIBDIR)/mandos/plugin-runner \

569

$(LIBDIR)/mandos/plugins.d/password-prompt \

570

$(LIBDIR)/mandos/plugins.d/mandos-client \

571

$(LIBDIR)/mandos/plugins.d/usplash \

572

$(LIBDIR)/mandos/plugins.d/splashy \

573

$(LIBDIR)/mandos/plugins.d/askpass-fifo \

574

$(LIBDIR)/mandos/plugins.d/plymouth \

575

$(INITRAMFSTOOLS)/hooks/mandos \

576

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

577

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

578

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

579

$(DRACUTMODULE)/ask-password-mandos.path \

580

$(DRACUTMODULE)/ask-password-mandos.service \

581

$(DRACUTMODULE)/module-setup.sh \

582

$(DRACUTMODULE)/cmdline-mandos.sh \

583

$(DRACUTMODULE)/password-agent \

584

$(MANDIR)/man8/mandos-keygen.8.gz \

193

585

$(MANDIR)/man8/plugin-runner.8mandos.gz \

194

$(MANDIR)/man8/mandos-keygen.8.gz \

586

$(MANDIR)/man8/mandos-client.8mandos.gz

195

587

$(MANDIR)/man8/password-prompt.8mandos.gz \

196

$(MANDIR)/man8/password-request.8mandos.gz

197

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

198

$(PREFIX)/lib/mandos $(CONFDIR)

199

update-initramfs -k all -u

588

$(MANDIR)/man8/usplash.8mandos.gz \

589

$(MANDIR)/man8/splashy.8mandos.gz \

590

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

591

$(MANDIR)/man8/plymouth.8mandos.gz \

592

$(MANDIR)/man8/password-agent.8mandos.gz \

593

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

594

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

595

if command -v update-initramfs >/dev/null; then \

596

update-initramfs -k all -u; \

597

elif command -v dracut >/dev/null; then \

598

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

599

test -w "$$initrd" && dracut --force "$$initrd"; \

600

done; \

601

200

602

603

.PHONY: purge

201

604

purge: purge-server purge-client

202

605

606

.PHONY: purge-server

203

607

purge-server: uninstall-server

204

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf

608

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

609

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

610

$(DESTDIR)/etc/default/mandos \

611

$(DESTDIR)/etc/init.d/mandos \

612

$(SYSTEMD)/mandos.service \

613

$(DESTDIR)/run/mandos.pid \

614

$(DESTDIR)/var/run/mandos.pid

205

615

-rmdir $(CONFDIR)

206

616

617

.PHONY: purge-client

207

618

purge-client: uninstall-client

208

-rm --force $(CONFDIR)/seckey.txt $(CONFDIR)/pubkey.txt

209

-rmdir $(CONFDIR) $(CONFDIR)/plugins.d

619

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

620

-rm --force $(CONFDIR)/plugin-runner.conf \

621

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

622

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

623

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »