/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2021-02-03 23:10:42 UTC
  • Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

Show diffs side-by-side

added added

removed removed

Lines of Context:
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
#DEBUG:=-ggdb3 -fsanitize=address 
14
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
13
 
 
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
 
15
## Check which sanitizing options can be used
 
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
17
#       echo 'int main(){}' | $(CC) --language=c $(option) \
 
18
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
17
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
19
21
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
23
25
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
24
26
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
25
27
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
26
 
        -fsanitize=enum
27
 
# Check which sanitizing options can be used
28
 
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
 
        echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
 
        -o /dev/null >/dev/null 2>&1 && echo $(option)))
 
28
        -fsanitize=enum -fsanitize-address-use-after-scope
 
29
 
 
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
 
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
31
33
LINK_FORTIFY_LD:=-z relro -z now
32
34
LINK_FORTIFY:=
33
35
 
39
41
#COVERAGE=--coverage
40
42
OPTIMIZE:=-Os -fno-strict-aliasing
41
43
LANGUAGE:=-std=gnu11
 
44
FEATURES:=-D_FILE_OFFSET_BITS=64
42
45
htmldir:=man
43
 
version:=1.7.19
 
46
version:=1.8.14
44
47
SED:=sed
45
 
 
46
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
 
48
PKG_CONFIG?=pkg-config
 
49
 
 
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
 
51
        || getent passwd nobody || echo 65534)))
 
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
 
53
        || getent group nogroup || echo 65534)))
 
54
 
 
55
LINUXVERSION:=$(shell uname --kernel-release)
48
56
 
49
57
## Use these settings for a traditional /usr/local install
50
58
# PREFIX:=$(DESTDIR)/usr/local
52
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
53
61
# MANDIR:=$(PREFIX)/man
54
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
 
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
55
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
56
65
# LIBDIR:=$(PREFIX)/lib
57
66
##
62
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
63
72
MANDIR:=$(PREFIX)/share/man
64
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
 
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
65
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
66
76
LIBDIR:=$(shell \
67
77
        for d in \
68
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
78
        "/usr/lib/`dpkg-architecture \
 
79
                        -qDEB_HOST_MULTIARCH 2>/dev/null`" \
69
80
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
70
81
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
71
82
                        echo "$(DESTDIR)$$d"; \
74
85
        done)
75
86
##
76
87
 
77
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
89
                        --variable=systemdsystemunitdir)
 
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
91
                        --variable=tmpfilesdir)
 
92
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
 
93
                        --variable=sysusersdir)
79
94
 
80
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
81
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
82
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
83
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
 
95
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
 
96
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
 
97
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
 
98
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
84
99
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
85
100
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
86
101
        getconf LFS_LDFLAGS)
87
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
88
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
 
102
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
 
103
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
 
104
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
 
105
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
89
106
 
90
107
# Do not change these two
91
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
92
 
        $(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
93
 
        $(GPGME_CFLAGS) -DVERSION='"$(version)"'
94
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
108
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
109
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
110
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
 
111
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
95
112
 
96
113
# Commands to format a DocBook <refentry> document into a manual page
97
114
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
103
120
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
104
121
        $(notdir $<); \
105
122
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
106
 
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
107
 
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
108
 
        fi >/dev/null)
 
123
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
 
124
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
 
125
        $(notdir $@); fi >/dev/null)
109
126
 
110
127
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
111
128
        --param make.year.ranges                1 \
124
141
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
125
142
        plugins.d/plymouth
126
143
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
127
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
 
144
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
 
145
        $(PLUGIN_HELPERS)
128
146
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
129
147
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
130
148
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
 
149
        dracut-module/password-agent.8mandos \
131
150
        plugins.d/mandos-client.8mandos \
132
151
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
133
152
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
137
156
 
138
157
objects:=$(addsuffix .o,$(CPROGS))
139
158
 
 
159
.PHONY: all
140
160
all: $(PROGS) mandos.lsm
141
161
 
 
162
.PHONY: doc
142
163
doc: $(DOCS)
143
164
 
 
165
.PHONY: html
144
166
html: $(htmldocs)
145
167
 
146
168
%.5: %.xml common.ent legalnotice.xml
205
227
                overview.xml legalnotice.xml
206
228
        $(DOCBOOKTOHTML)
207
229
 
 
230
dracut-module/password-agent.8mandos: \
 
231
                dracut-module/password-agent.xml common.ent \
 
232
                overview.xml legalnotice.xml
 
233
        $(DOCBOOKTOMAN)
 
234
dracut-module/password-agent.8mandos.xhtml: \
 
235
                dracut-module/password-agent.xml common.ent \
 
236
                overview.xml legalnotice.xml
 
237
        $(DOCBOOKTOHTML)
 
238
 
208
239
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
209
240
                                        common.ent \
210
241
                                        mandos-options.xml \
253
284
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
254
285
                $@)
255
286
 
256
 
# Need to add the GnuTLS, Avahi and GPGME libraries, and can't use
257
 
# -fsanitize=leak because GnuTLS and GPGME both leak memory.
258
 
plugins.d/mandos-client: plugins.d/mandos-client.c
259
 
        $(CC) $(filter-out -fsanitize=leak,$(CFLAGS)) $(strip\
260
 
                ) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH) $^ $(strip\
261
 
                ) -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
262
 
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
263
 
 
264
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
265
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
266
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
267
 
 
268
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
269
 
        check run-client run-server install install-html \
270
 
        install-server install-client-nokey install-client uninstall \
271
 
        uninstall-server uninstall-client purge purge-server \
272
 
        purge-client
273
 
 
 
287
# Need to add the GnuTLS, Avahi and GPGME libraries
 
288
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
 
289
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
 
290
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
 
291
        ) $(AVAHI_LIBS) $(GPGME_LIBS)
 
292
 
 
293
# Need to add the libnl-route library
 
294
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
 
295
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
 
296
 
 
297
# Need to add the GLib and pthread libraries
 
298
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
299
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
 
300
 
 
301
.PHONY: clean
274
302
clean:
275
303
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
276
304
 
 
305
.PHONY: distclean
277
306
distclean: clean
 
307
.PHONY: mostlyclean
278
308
mostlyclean: clean
 
309
.PHONY: maintainer-clean
279
310
maintainer-clean: clean
280
311
        -rm --force --recursive keydir confdir statedir
281
312
 
282
 
check:  all
 
313
.PHONY: check
 
314
check: all
283
315
        ./mandos --check
284
316
        ./mandos-ctl --check
 
317
        ./mandos-keygen --version
 
318
        ./plugin-runner --version
 
319
        ./plugin-helpers/mandos-client-iprouteadddel --version
 
320
        ./dracut-module/password-agent --test
285
321
 
286
322
# Run the client with a local config and key
287
 
run-client: all keydir/seckey.txt keydir/pubkey.txt
288
 
        @echo "###################################################################"
289
 
        @echo "# The following error messages are harmless and can be safely     #"
290
 
        @echo "# ignored:                                                        #"
291
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
292
 
        @echo "#                     setuid: Operation not permitted             #"
293
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
294
 
        @echo "# From mandos-client:                                             #"
295
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
296
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
297
 
        @echo "#                                                                 #"
298
 
        @echo "# (The messages are caused by not running as root, but you should #"
299
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
300
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
301
 
        @echo "###################################################################"
 
323
.PHONY: run-client
 
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
 
325
                        keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
326
        @echo '######################################################'
 
327
        @echo '# The following error messages are harmless and can  #'
 
328
        @echo '#  be safely ignored:                                #'
 
329
        @echo '## From plugin-runner:                               #'
 
330
        @echo '# setgid: Operation not permitted                    #'
 
331
        @echo '# setuid: Operation not permitted                    #'
 
332
        @echo '## From askpass-fifo:                                #'
 
333
        @echo '# mkfifo: Permission denied                          #'
 
334
        @echo '## From mandos-client:                               #'
 
335
        @echo '# Failed to raise privileges: Operation not permi... #'
 
336
        @echo '# Warning: network hook "*" exited with status *     #'
 
337
        @echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
 
338
        @echo '# Failed to bring up interface "*": Operation not... #'
 
339
        @echo '#                                                    #'
 
340
        @echo '# (The messages are caused by not running as root,   #'
 
341
        @echo '# but you should NOT run "make run-client" as root   #'
 
342
        @echo '# unless you also unpacked and compiled Mandos as    #'
 
343
        @echo '# root, which is also NOT recommended.)              #'
 
344
        @echo '######################################################'
302
345
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
303
346
        ./plugin-runner --plugin-dir=plugins.d \
304
347
                --plugin-helper-dir=plugin-helpers \
305
348
                --config-file=plugin-runner.conf \
306
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
349
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
307
350
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
308
351
                $(CLIENTARGS)
309
352
 
310
353
# Used by run-client
311
 
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
 
354
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
312
355
        install --directory keydir
313
356
        ./mandos-keygen --dir keydir --force
 
357
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
358
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
359
        fi
 
360
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
361
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
362
        fi
314
363
 
315
364
# Run the server with a local config
 
365
.PHONY: run-server
316
366
run-server: confdir/mandos.conf confdir/clients.conf statedir
317
367
        ./mandos --debug --no-dbus --configdir=confdir \
318
368
                --statedir=statedir $(SERVERARGS)
321
371
confdir/mandos.conf: mandos.conf
322
372
        install --directory confdir
323
373
        install --mode=u=rw,go=r $^ $@
324
 
confdir/clients.conf: clients.conf keydir/seckey.txt
 
374
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
325
375
        install --directory confdir
326
376
        install --mode=u=rw $< $@
327
377
# Add a client password
329
379
statedir:
330
380
        install --directory statedir
331
381
 
 
382
.PHONY: install
332
383
install: install-server install-client-nokey
333
384
 
 
385
.PHONY: install-html
334
386
install-html: html
335
387
        install --directory $(htmldir)
336
388
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
337
389
                $(htmldocs)
338
390
 
 
391
.PHONY: install-server
339
392
install-server: doc
340
393
        install --directory $(CONFDIR)
341
394
        if install --directory --mode=u=rwx --owner=$(USER) \
344
397
        elif install --directory --mode=u=rwx $(STATEDIR); then \
345
398
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
346
399
        fi
347
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
400
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
 
401
                        -a -d "$(TMPFILES)" ]; then \
348
402
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
349
403
                        $(TMPFILES)/mandos.conf; \
350
404
        fi
 
405
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
406
                        -a -d "$(SYSUSERS)" ]; then \
 
407
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
408
                        $(SYSUSERS)/mandos.conf; \
 
409
        fi
351
410
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
352
411
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
353
412
                mandos-ctl
382
441
        gzip --best --to-stdout intro.8mandos \
383
442
                > $(MANDIR)/man8/intro.8mandos.gz
384
443
 
 
444
.PHONY: install-client-nokey
385
445
install-client-nokey: all doc
386
446
        install --directory $(LIBDIR)/mandos $(CONFDIR)
387
447
        install --directory --mode=u=rwx $(KEYDIR) \
388
448
                $(LIBDIR)/mandos/plugins.d \
389
449
                $(LIBDIR)/mandos/plugin-helpers
 
450
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
 
451
                        -a -d "$(SYSUSERS)" ]; then \
 
452
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
453
                        $(SYSUSERS)/mandos-client.conf; \
 
454
        fi
390
455
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
391
456
                install --mode=u=rwx \
392
457
                        --directory "$(CONFDIR)/plugins.d" \
396
461
                "$(CONFDIR)/network-hooks.d"
397
462
        install --mode=u=rwx,go=rx \
398
463
                --target-directory=$(LIBDIR)/mandos plugin-runner
 
464
        install --mode=u=rwx,go=rx \
 
465
                --target-directory=$(LIBDIR)/mandos \
 
466
                mandos-to-cryptroot-unlock
399
467
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
400
468
                mandos-keygen
401
469
        install --mode=u=rwx,go=rx \
421
489
                plugin-helpers/mandos-client-iprouteadddel
422
490
        install initramfs-tools-hook \
423
491
                $(INITRAMFSTOOLS)/hooks/mandos
424
 
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
425
 
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
 
492
        install --mode=u=rw,go=r initramfs-tools-conf \
 
493
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
 
494
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
495
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
426
496
        install initramfs-tools-script \
427
497
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
 
498
        install initramfs-tools-script-stop \
 
499
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
 
500
        install --directory $(DRACUTMODULE)
 
501
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
502
                dracut-module/ask-password-mandos.path \
 
503
                dracut-module/ask-password-mandos.service
 
504
        install --mode=u=rwxs,go=rx \
 
505
                --target-directory=$(DRACUTMODULE) \
 
506
                dracut-module/module-setup.sh \
 
507
                dracut-module/cmdline-mandos.sh \
 
508
                dracut-module/password-agent
428
509
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
429
510
        gzip --best --to-stdout mandos-keygen.8 \
430
511
                > $(MANDIR)/man8/mandos-keygen.8.gz
442
523
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
443
524
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
444
525
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
526
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
 
527
                > $(MANDIR)/man8/password-agent.8mandos.gz
445
528
 
 
529
.PHONY: install-client
446
530
install-client: install-client-nokey
447
531
# Post-installation stuff
448
532
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
449
 
        update-initramfs -k all -u
 
533
        if command -v update-initramfs >/dev/null; then \
 
534
            update-initramfs -k all -u; \
 
535
        elif command -v dracut >/dev/null; then \
 
536
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
537
                if [ -w "$$initrd" ]; then \
 
538
                    chmod go-r "$$initrd"; \
 
539
                    dracut --force "$$initrd"; \
 
540
                fi; \
 
541
            done; \
 
542
        fi
450
543
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
451
544
 
 
545
.PHONY: uninstall
452
546
uninstall: uninstall-server uninstall-client
453
547
 
 
548
.PHONY: uninstall-server
454
549
uninstall-server:
455
550
        -rm --force $(PREFIX)/sbin/mandos \
456
551
                $(PREFIX)/sbin/mandos-ctl \
463
558
        update-rc.d -f mandos remove
464
559
        -rmdir $(CONFDIR)
465
560
 
 
561
.PHONY: uninstall-client
466
562
uninstall-client:
467
563
# Refuse to uninstall client if /etc/crypttab is explicitly configured
468
564
# to use it.
479
575
                $(INITRAMFSTOOLS)/hooks/mandos \
480
576
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
481
577
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
578
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
 
579
                $(DRACUTMODULE)/ask-password-mandos.path \
 
580
                $(DRACUTMODULE)/ask-password-mandos.service \
 
581
                $(DRACUTMODULE)/module-setup.sh \
 
582
                $(DRACUTMODULE)/cmdline-mandos.sh \
 
583
                $(DRACUTMODULE)/password-agent \
482
584
                $(MANDIR)/man8/mandos-keygen.8.gz \
483
585
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
484
586
                $(MANDIR)/man8/mandos-client.8mandos.gz
487
589
                $(MANDIR)/man8/splashy.8mandos.gz \
488
590
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
489
591
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
592
                $(MANDIR)/man8/password-agent.8mandos.gz \
490
593
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
491
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
492
 
        update-initramfs -k all -u
 
594
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
 
595
        if command -v update-initramfs >/dev/null; then \
 
596
            update-initramfs -k all -u; \
 
597
        elif command -v dracut >/dev/null; then \
 
598
            for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
 
599
                test -w "$$initrd" && dracut --force "$$initrd"; \
 
600
            done; \
 
601
        fi
493
602
 
 
603
.PHONY: purge
494
604
purge: purge-server purge-client
495
605
 
 
606
.PHONY: purge-server
496
607
purge-server: uninstall-server
497
608
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
498
609
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
503
614
                $(DESTDIR)/var/run/mandos.pid
504
615
        -rmdir $(CONFDIR)
505
616
 
 
617
.PHONY: purge-client
506
618
purge-client: uninstall-client
507
 
        -shred --remove $(KEYDIR)/seckey.txt
 
619
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
508
620
        -rm --force $(CONFDIR)/plugin-runner.conf \
509
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
 
621
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
 
622
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
510
623
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)