To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 1237
- compare with another revision
- download diff
- download tarball
- view history from revision 1237
- Committer: Teddy Hogeborn
- Date: 2021-02-03 23:10:42 UTC
- Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server. But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing. Fix this.
In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).
Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.
* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
original "clients" dict, and loop over those instead. Add assertion
that all clients were indeed removed. Also fix the code which looks
for the Remove command, which now needs to actually work.
(TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
assertion that there are still clients before looping over them.
(TestPropertySetterCmd.runTest): Add assertion that the list of
values to get is not empty before looping over them. Also add check
that there are still clients before looping over clients.
- files added:
- bugs.xml
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
-Wunsafe-loop-optimizations -Wpointer-arith \
5
7
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
LINK_FORTIFY_LD=-z relro -z now
15
LINK_FORTIFY=
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
16
35
17
36
# If BROKEN_PIE is set, do not build with -pie
18
37
ifndef BROKEN_PIE
20
39
LINK_FORTIFY += -pie
21
40
endif
22
41
#COVERAGE=--coverage
23
OPTIMIZE=-Os
24
LANGUAGE=-std=gnu99
25
htmldir=man
26
version=1.0.14
27
SED=sed
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
FEATURES:=-D_FILE_OFFSET_BITS=64
45
htmldir:=man
46
version:=1.8.14
47
SED:=sed
48
PKG_CONFIG?=pkg-config
49
50
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
51
|| getent passwd nobody || echo 65534)))
52
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
53
|| getent group nogroup || echo 65534)))
54
55
LINUXVERSION:=$(shell uname --kernel-release)
28
56
29
57
## Use these settings for a traditional /usr/local install
30
# PREFIX=$(DESTDIR)/usr/local
31
# CONFDIR=$(DESTDIR)/etc/mandos
32
# KEYDIR=$(DESTDIR)/etc/mandos/keys
33
# MANDIR=$(PREFIX)/man
34
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
58
# PREFIX:=$(DESTDIR)/usr/local
59
# CONFDIR:=$(DESTDIR)/etc/mandos
60
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
# MANDIR:=$(PREFIX)/man
62
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
63
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
# LIBDIR:=$(PREFIX)/lib
35
66
##
36
67
37
68
## These settings are for a package-type install
38
PREFIX=$(DESTDIR)/usr
39
CONFDIR=$(DESTDIR)/etc/mandos
40
KEYDIR=$(DESTDIR)/etc/keys/mandos
41
MANDIR=$(PREFIX)/share/man
42
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
69
PREFIX:=$(DESTDIR)/usr
70
CONFDIR:=$(DESTDIR)/etc/mandos
71
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
MANDIR:=$(PREFIX)/share/man
73
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
74
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
75
STATEDIR:=$(DESTDIR)/var/lib/mandos
76
LIBDIR:=$(shell \
77
for d in \
78
"/usr/lib/`dpkg-architecture \
79
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
80
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
81
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
82
echo "$(DESTDIR)$$d"; \
83
break; \
84
fi; \
85
done)
43
86
##
44
87
45
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
46
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
47
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
48
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
49
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
50
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
88
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
89
--variable=systemdsystemunitdir)
90
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
91
--variable=tmpfilesdir)
92
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
93
--variable=sysusersdir)
94
95
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
96
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
51
101
getconf LFS_LDFLAGS)
102
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
104
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
105
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
52
106
53
107
# Do not change these two
54
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
55
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
56
-DVERSION='"$(version)"'
57
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
108
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
110
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
58
112
59
113
# Commands to format a DocBook <refentry> document into a manual page
60
114
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
63
117
--param make.single.year.ranges 1 \
64
118
--param man.output.quietly 1 \
65
119
--param man.authors.section.enabled 0 \
66
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
120
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
67
121
$(notdir $<); \
68
$(MANPOST) $(notdir $@))
69
# DocBook-to-man post-processing to fix a '\n' escape bug
70
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
122
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
123
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
124
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
125
$(notdir $@); fi >/dev/null)
71
126
72
127
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
73
128
--param make.year.ranges 1 \
79
134
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
80
135
$<; $(HTMLPOST) $@)
81
136
# Fix citerefentry links
82
HTMLPOST=$(SED) --in-place \
137
HTMLPOST:=$(SED) --in-place \
83
138
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
84
139
85
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
140
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
86
141
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
87
142
plugins.d/plymouth
88
CPROGS=plugin-runner $(PLUGINS)
89
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
90
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
91
mandos-monitor.8 \
143
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
144
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
145
$(PLUGIN_HELPERS)
146
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
147
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
148
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
149
dracut-module/password-agent.8mandos \
92
150
plugins.d/mandos-client.8mandos \
93
plugins.d/password-prompt.8mandos mandos.conf.5 \
94
plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
95
plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
96
97
htmldocs=$(addsuffix .xhtml,$(DOCS))
98
99
objects=$(addsuffix .o,$(CPROGS))
100
151
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
152
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
153
plugins.d/plymouth.8mandos intro.8mandos
154
155
htmldocs:=$(addsuffix .xhtml,$(DOCS))
156
157
objects:=$(addsuffix .o,$(CPROGS))
158
159
.PHONY: all
101
160
all: $(PROGS) mandos.lsm
102
161
162
.PHONY: doc
103
163
doc: $(DOCS)
104
164
165
.PHONY: html
105
166
html: $(htmldocs)
106
167
107
168
%.5: %.xml common.ent legalnotice.xml
119
180
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
120
181
$(DOCBOOKTOHTML)
121
182
183
intro.8mandos: intro.xml common.ent legalnotice.xml
184
$(DOCBOOKTOMAN)
185
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
186
$(DOCBOOKTOHTML)
187
122
188
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
123
189
legalnotice.xml
124
190
$(DOCBOOKTOMAN)
140
206
legalnotice.xml
141
207
$(DOCBOOKTOHTML)
142
208
209
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
210
legalnotice.xml
211
$(DOCBOOKTOMAN)
212
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
213
legalnotice.xml
214
$(DOCBOOKTOHTML)
215
143
216
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
144
217
legalnotice.xml
145
218
$(DOCBOOKTOMAN)
154
227
overview.xml legalnotice.xml
155
228
$(DOCBOOKTOHTML)
156
229
230
dracut-module/password-agent.8mandos: \
231
dracut-module/password-agent.xml common.ent \
232
overview.xml legalnotice.xml
233
$(DOCBOOKTOMAN)
234
dracut-module/password-agent.8mandos.xhtml: \
235
dracut-module/password-agent.xml common.ent \
236
overview.xml legalnotice.xml
237
$(DOCBOOKTOHTML)
238
157
239
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
158
240
common.ent \
159
241
mandos-options.xml \
202
284
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
203
285
$@)
204
286
205
plugins.d/mandos-client: plugins.d/mandos-client.c
206
$(LINK.c) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) $(strip\
207
) $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
208
209
.PHONY : all doc html clean distclean run-client run-server install \
210
install-server install-client uninstall uninstall-server \
211
uninstall-client purge purge-server purge-client
212
287
# Need to add the GnuTLS, Avahi and GPGME libraries
288
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
290
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
291
) $(AVAHI_LIBS) $(GPGME_LIBS)
292
293
# Need to add the libnl-route library
294
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
295
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
296
297
# Need to add the GLib and pthread libraries
298
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
299
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
301
.PHONY: clean
213
302
clean:
214
303
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
215
304
305
.PHONY: distclean
216
306
distclean: clean
307
.PHONY: mostlyclean
217
308
mostlyclean: clean
309
.PHONY: maintainer-clean
218
310
maintainer-clean: clean
219
-rm --force --recursive keydir confdir
311
-rm --force --recursive keydir confdir statedir
220
312
221
check: all
313
.PHONY: check
314
check: all
222
315
./mandos --check
316
./mandos-ctl --check
317
./mandos-keygen --version
318
./plugin-runner --version
319
./plugin-helpers/mandos-client-iprouteadddel --version
320
./dracut-module/password-agent --test
223
321
224
322
# Run the client with a local config and key
225
run-client: all keydir/seckey.txt keydir/pubkey.txt
226
@echo "###################################################################"
227
@echo "# The following error messages are harmless and can be safely #"
228
@echo "# ignored. The messages are caused by not running as root, but #"
229
@echo "# you should NOT run \"make run-client\" as root unless you also #"
230
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
231
@echo "# From plugin-runner: setuid: Operation not permitted #"
232
@echo "# From askpass-fifo: mkfifo: Permission denied #"
233
@echo "# From mandos-client: setuid: Operation not permitted #"
234
@echo "# seteuid: Operation not permitted #"
235
@echo "# klogctl: Operation not permitted #"
236
@echo "###################################################################"
323
.PHONY: run-client
324
run-client: all keydir/seckey.txt keydir/pubkey.txt \
325
keydir/tls-privkey.pem keydir/tls-pubkey.pem
326
@echo '######################################################'
327
@echo '# The following error messages are harmless and can #'
328
@echo '# be safely ignored: #'
329
@echo '## From plugin-runner: #'
330
@echo '# setgid: Operation not permitted #'
331
@echo '# setuid: Operation not permitted #'
332
@echo '## From askpass-fifo: #'
333
@echo '# mkfifo: Permission denied #'
334
@echo '## From mandos-client: #'
335
@echo '# Failed to raise privileges: Operation not permi... #'
336
@echo '# Warning: network hook "*" exited with status * #'
337
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
338
@echo '# Failed to bring up interface "*": Operation not... #'
339
@echo '# #'
340
@echo '# (The messages are caused by not running as root, #'
341
@echo '# but you should NOT run "make run-client" as root #'
342
@echo '# unless you also unpacked and compiled Mandos as #'
343
@echo '# root, which is also NOT recommended.) #'
344
@echo '######################################################'
345
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
237
346
./plugin-runner --plugin-dir=plugins.d \
347
--plugin-helper-dir=plugin-helpers \
238
348
--config-file=plugin-runner.conf \
239
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
349
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
350
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
240
351
$(CLIENTARGS)
241
352
242
353
# Used by run-client
243
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
354
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
244
355
install --directory keydir
245
356
./mandos-keygen --dir keydir --force
357
if ! [ -e keydir/tls-privkey.pem ]; then \
358
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
359
fi
360
if ! [ -e keydir/tls-pubkey.pem ]; then \
361
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
362
fi
246
363
247
364
# Run the server with a local config
248
run-server: confdir/mandos.conf confdir/clients.conf
249
@echo "#################################################################"
250
@echo "# NOTE: Please IGNORE the error about \"Could not open file #"
251
@echo "# u'/var/run/mandos.pid'\" - it is harmless and is caused by #"
252
@echo "# the server not running as root. Do NOT run \"make run-server\" #"
253
@echo "# server as root if you didn't also unpack and compile it thus. #"
254
@echo "#################################################################"
255
./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
365
.PHONY: run-server
366
run-server: confdir/mandos.conf confdir/clients.conf statedir
367
./mandos --debug --no-dbus --configdir=confdir \
368
--statedir=statedir $(SERVERARGS)
256
369
257
370
# Used by run-server
258
371
confdir/mandos.conf: mandos.conf
259
372
install --directory confdir
260
373
install --mode=u=rw,go=r $^ $@
261
confdir/clients.conf: clients.conf keydir/seckey.txt
374
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
262
375
install --directory confdir
263
376
install --mode=u=rw $< $@
264
377
# Add a client password
265
./mandos-keygen --dir keydir --password >> $@
378
./mandos-keygen --dir keydir --password --no-ssh >> $@
379
statedir:
380
install --directory statedir
266
381
382
.PHONY: install
267
383
install: install-server install-client-nokey
268
384
385
.PHONY: install-html
269
386
install-html: html
270
387
install --directory $(htmldir)
271
388
install --mode=u=rw,go=r --target-directory=$(htmldir) \
272
389
$(htmldocs)
273
390
391
.PHONY: install-server
274
392
install-server: doc
275
393
install --directory $(CONFDIR)
394
if install --directory --mode=u=rwx --owner=$(USER) \
395
--group=$(GROUP) $(STATEDIR); then \
396
:; \
397
elif install --directory --mode=u=rwx $(STATEDIR); then \
398
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
399
fi
400
if [ "$(TMPFILES)" != "$(DESTDIR)" \
401
-a -d "$(TMPFILES)" ]; then \
402
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
403
$(TMPFILES)/mandos.conf; \
404
fi
405
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
406
-a -d "$(SYSUSERS)" ]; then \
407
install --mode=u=rw,go=r sysusers.d-mandos.conf \
408
$(SYSUSERS)/mandos.conf; \
409
fi
276
410
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
277
411
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
278
412
mandos-ctl
286
420
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
287
421
install --mode=u=rwx,go=rx init.d-mandos \
288
422
$(DESTDIR)/etc/init.d/mandos
423
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
424
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
425
fi
289
426
install --mode=u=rw,go=r default-mandos \
290
427
$(DESTDIR)/etc/default/mandos
291
428
if [ -z $(DESTDIR) ]; then \
293
430
fi
294
431
gzip --best --to-stdout mandos.8 \
295
432
> $(MANDIR)/man8/mandos.8.gz
433
gzip --best --to-stdout mandos-monitor.8 \
434
> $(MANDIR)/man8/mandos-monitor.8.gz
435
gzip --best --to-stdout mandos-ctl.8 \
436
> $(MANDIR)/man8/mandos-ctl.8.gz
296
437
gzip --best --to-stdout mandos.conf.5 \
297
438
> $(MANDIR)/man5/mandos.conf.5.gz
298
439
gzip --best --to-stdout mandos-clients.conf.5 \
299
440
> $(MANDIR)/man5/mandos-clients.conf.5.gz
441
gzip --best --to-stdout intro.8mandos \
442
> $(MANDIR)/man8/intro.8mandos.gz
300
443
444
.PHONY: install-client-nokey
301
445
install-client-nokey: all doc
302
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
446
install --directory $(LIBDIR)/mandos $(CONFDIR)
303
447
install --directory --mode=u=rwx $(KEYDIR) \
304
$(PREFIX)/lib/mandos/plugins.d
305
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
448
$(LIBDIR)/mandos/plugins.d \
449
$(LIBDIR)/mandos/plugin-helpers
450
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
451
-a -d "$(SYSUSERS)" ]; then \
452
install --mode=u=rw,go=r sysusers.d-mandos.conf \
453
$(SYSUSERS)/mandos-client.conf; \
454
fi
455
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
306
456
install --mode=u=rwx \
307
--directory "$(CONFDIR)/plugins.d"; \
457
--directory "$(CONFDIR)/plugins.d" \
458
"$(CONFDIR)/plugin-helpers"; \
308
459
fi
309
install --mode=u=rwx,go=rx \
310
--target-directory=$(PREFIX)/lib/mandos plugin-runner
460
install --mode=u=rwx,go=rx --directory \
461
"$(CONFDIR)/network-hooks.d"
462
install --mode=u=rwx,go=rx \
463
--target-directory=$(LIBDIR)/mandos plugin-runner
464
install --mode=u=rwx,go=rx \
465
--target-directory=$(LIBDIR)/mandos \
466
mandos-to-cryptroot-unlock
311
467
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
312
468
mandos-keygen
313
469
install --mode=u=rwx,go=rx \
314
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
470
--target-directory=$(LIBDIR)/mandos/plugins.d \
315
471
plugins.d/password-prompt
316
472
install --mode=u=rwxs,go=rx \
317
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
473
--target-directory=$(LIBDIR)/mandos/plugins.d \
318
474
plugins.d/mandos-client
319
475
install --mode=u=rwxs,go=rx \
320
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
476
--target-directory=$(LIBDIR)/mandos/plugins.d \
321
477
plugins.d/usplash
322
478
install --mode=u=rwxs,go=rx \
323
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
479
--target-directory=$(LIBDIR)/mandos/plugins.d \
324
480
plugins.d/splashy
325
481
install --mode=u=rwxs,go=rx \
326
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
482
--target-directory=$(LIBDIR)/mandos/plugins.d \
327
483
plugins.d/askpass-fifo
328
484
install --mode=u=rwxs,go=rx \
329
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
485
--target-directory=$(LIBDIR)/mandos/plugins.d \
330
486
plugins.d/plymouth
487
install --mode=u=rwx,go=rx \
488
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
489
plugin-helpers/mandos-client-iprouteadddel
331
490
install initramfs-tools-hook \
332
491
$(INITRAMFSTOOLS)/hooks/mandos
333
install --mode=u=rw,go=r initramfs-tools-hook-conf \
334
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
492
install --mode=u=rw,go=r initramfs-tools-conf \
493
$(INITRAMFSTOOLS)/conf.d/mandos-conf
494
install --mode=u=rw,go=r initramfs-tools-conf-hook \
495
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
335
496
install initramfs-tools-script \
336
497
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
498
install initramfs-tools-script-stop \
499
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
500
install --directory $(DRACUTMODULE)
501
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
502
dracut-module/ask-password-mandos.path \
503
dracut-module/ask-password-mandos.service
504
install --mode=u=rwxs,go=rx \
505
--target-directory=$(DRACUTMODULE) \
506
dracut-module/module-setup.sh \
507
dracut-module/cmdline-mandos.sh \
508
dracut-module/password-agent
337
509
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
338
510
gzip --best --to-stdout mandos-keygen.8 \
339
511
> $(MANDIR)/man8/mandos-keygen.8.gz
340
512
gzip --best --to-stdout plugin-runner.8mandos \
341
513
> $(MANDIR)/man8/plugin-runner.8mandos.gz
514
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
515
> $(MANDIR)/man8/mandos-client.8mandos.gz
342
516
gzip --best --to-stdout plugins.d/password-prompt.8mandos \
343
517
> $(MANDIR)/man8/password-prompt.8mandos.gz
344
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
345
> $(MANDIR)/man8/mandos-client.8mandos.gz
346
518
gzip --best --to-stdout plugins.d/usplash.8mandos \
347
519
> $(MANDIR)/man8/usplash.8mandos.gz
348
520
gzip --best --to-stdout plugins.d/splashy.8mandos \
349
521
> $(MANDIR)/man8/splashy.8mandos.gz
350
522
gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
351
523
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
524
gzip --best --to-stdout plugins.d/plymouth.8mandos \
525
> $(MANDIR)/man8/plymouth.8mandos.gz
526
gzip --best --to-stdout dracut-module/password-agent.8mandos \
527
> $(MANDIR)/man8/password-agent.8mandos.gz
352
528
529
.PHONY: install-client
353
530
install-client: install-client-nokey
354
531
# Post-installation stuff
355
532
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
356
update-initramfs -k all -u
533
if command -v update-initramfs >/dev/null; then \
534
update-initramfs -k all -u; \
535
elif command -v dracut >/dev/null; then \
536
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
537
if [ -w "$$initrd" ]; then \
538
chmod go-r "$$initrd"; \
539
dracut --force "$$initrd"; \
540
fi; \
541
done; \
542
fi
357
543
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
358
544
545
.PHONY: uninstall
359
546
uninstall: uninstall-server uninstall-client
360
547
548
.PHONY: uninstall-server
361
549
uninstall-server:
362
550
-rm --force $(PREFIX)/sbin/mandos \
363
551
$(PREFIX)/sbin/mandos-ctl \
364
552
$(PREFIX)/sbin/mandos-monitor \
365
553
$(MANDIR)/man8/mandos.8.gz \
554
$(MANDIR)/man8/mandos-monitor.8.gz \
555
$(MANDIR)/man8/mandos-ctl.8.gz \
366
556
$(MANDIR)/man5/mandos.conf.5.gz \
367
557
$(MANDIR)/man5/mandos-clients.conf.5.gz
368
558
update-rc.d -f mandos remove
369
559
-rmdir $(CONFDIR)
370
560
561
.PHONY: uninstall-client
371
562
uninstall-client:
372
563
# Refuse to uninstall client if /etc/crypttab is explicitly configured
373
564
# to use it.
374
565
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
375
566
$(DESTDIR)/etc/crypttab
376
567
-rm --force $(PREFIX)/sbin/mandos-keygen \
377
$(PREFIX)/lib/mandos/plugin-runner \
378
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
379
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
380
$(PREFIX)/lib/mandos/plugins.d/usplash \
381
$(PREFIX)/lib/mandos/plugins.d/splashy \
382
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
383
$(PREFIX)/lib/mandos/plugins.d/plymouth \
568
$(LIBDIR)/mandos/plugin-runner \
569
$(LIBDIR)/mandos/plugins.d/password-prompt \
570
$(LIBDIR)/mandos/plugins.d/mandos-client \
571
$(LIBDIR)/mandos/plugins.d/usplash \
572
$(LIBDIR)/mandos/plugins.d/splashy \
573
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
574
$(LIBDIR)/mandos/plugins.d/plymouth \
384
575
$(INITRAMFSTOOLS)/hooks/mandos \
385
576
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
386
577
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
578
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
579
$(DRACUTMODULE)/ask-password-mandos.path \
580
$(DRACUTMODULE)/ask-password-mandos.service \
581
$(DRACUTMODULE)/module-setup.sh \
582
$(DRACUTMODULE)/cmdline-mandos.sh \
583
$(DRACUTMODULE)/password-agent \
584
$(MANDIR)/man8/mandos-keygen.8.gz \
387
585
$(MANDIR)/man8/plugin-runner.8mandos.gz \
388
$(MANDIR)/man8/mandos-keygen.8.gz \
586
$(MANDIR)/man8/mandos-client.8mandos.gz
389
587
$(MANDIR)/man8/password-prompt.8mandos.gz \
390
588
$(MANDIR)/man8/usplash.8mandos.gz \
391
589
$(MANDIR)/man8/splashy.8mandos.gz \
392
590
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
393
$(MANDIR)/man8/mandos-client.8mandos.gz
394
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
395
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
396
update-initramfs -k all -u
591
$(MANDIR)/man8/plymouth.8mandos.gz \
592
$(MANDIR)/man8/password-agent.8mandos.gz \
593
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
594
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
595
if command -v update-initramfs >/dev/null; then \
596
update-initramfs -k all -u; \
597
elif command -v dracut >/dev/null; then \
598
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
599
test -w "$$initrd" && dracut --force "$$initrd"; \
600
done; \
601
fi
397
602
603
.PHONY: purge
398
604
purge: purge-server purge-client
399
605
606
.PHONY: purge-server
400
607
purge-server: uninstall-server
401
608
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
402
609
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
403
610
$(DESTDIR)/etc/default/mandos \
404
611
$(DESTDIR)/etc/init.d/mandos \
612
$(SYSTEMD)/mandos.service \
613
$(DESTDIR)/run/mandos.pid \
405
614
$(DESTDIR)/var/run/mandos.pid
406
615
-rmdir $(CONFDIR)
407
616
617
.PHONY: purge-client
408
618
purge-client: uninstall-client
409
-shred --remove $(KEYDIR)/seckey.txt
619
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
410
620
-rm --force $(CONFDIR)/plugin-runner.conf \
411
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
621
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
622
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
412
623
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0