/mandos/trunk : revision 1294

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 01:36:41 UTC
Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k

Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

files added:
debian/mandos.maintscript

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/upstream/metadata

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/po/templates.pot

debian/rules

debian/source/lintian-overrides

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.6

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

100

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

102

110

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

103

111

104

112

# Do not change these two

105

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

106

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

107

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

108

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

109

117

153

161

154

162

objects:=$(addsuffix .o,$(CPROGS))

155

163

164

.PHONY: all

156

165

all: $(PROGS) mandos.lsm

157

166

167

.PHONY: doc

158

168

doc: $(DOCS)

159

169

170

.PHONY: html

160

171

html: $(htmldocs)

161

172

162

173

%.5: %.xml common.ent legalnotice.xml

279

290

$@)

280

291

281

292

# Need to add the GnuTLS, Avahi and GPGME libraries

282

plugins.d/mandos-client: plugins.d/mandos-client.c

283

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

284

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

285

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

286

) $(LDLIBS) -o $@

293

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

294

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

295

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

296

) $(AVAHI_LIBS) $(GPGME_LIBS)

287

297

288

298

# Need to add the libnl-route library

289

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

290

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

291

) $(LOADLIBES) $(LDLIBS) -o $@

299

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

300

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

292

301

293

302

# Need to add the GLib and pthread libraries

294

dracut-module/password-agent: dracut-module/password-agent.c

295

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

296

) $(LOADLIBES) $(LDLIBS) -o $@

297

298

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

299

check run-client run-server install install-html \

300

install-server install-client-nokey install-client uninstall \

301

uninstall-server uninstall-client purge purge-server \

302

purge-client

303

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

304

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

305

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

306

307

.PHONY: clean

304

308

clean:

305

309

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

306

310

311

.PHONY: distclean

307

312

distclean: clean

313

.PHONY: mostlyclean

308

314

mostlyclean: clean

315

.PHONY: maintainer-clean

309

316

maintainer-clean: clean

310

317

-rm --force --recursive keydir confdir statedir

311

318

319

.PHONY: check

312

320

check: all

313

321

./mandos --check

314

322

./mandos-ctl --check

318

326

./dracut-module/password-agent --test

319

327

320

328

# Run the client with a local config and key

329

.PHONY: run-client

321

330

run-client: all keydir/seckey.txt keydir/pubkey.txt \

322

331

keydir/tls-privkey.pem keydir/tls-pubkey.pem

323

332

@echo '######################################################'

351

360

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

352

361

install --directory keydir

353

362

./mandos-keygen --dir keydir --force

363

if ! [ -e keydir/tls-privkey.pem ]; then \

364

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

365

366

if ! [ -e keydir/tls-pubkey.pem ]; then \

367

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

368

354

369

355

370

# Run the server with a local config

371

.PHONY: run-server

356

372

run-server: confdir/mandos.conf confdir/clients.conf statedir

357

373

./mandos --debug --no-dbus --configdir=confdir \

358

374

--statedir=statedir $(SERVERARGS)

359

375

360

376

# Used by run-server

361

377

confdir/mandos.conf: mandos.conf

362

install --directory confdir

363

install --mode=u=rw,go=r $^ $@

378

install -D --mode=u=rw,go=r $^ $@

364

379

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

365

install --directory confdir

366

install --mode=u=rw $< $@

380

install -D --mode=u=rw $< $@

367

381

# Add a client password

368

382

./mandos-keygen --dir keydir --password --no-ssh >> $@

369

383

statedir:

370

384

install --directory statedir

371

385

386

.PHONY: install

372

387

install: install-server install-client-nokey

373

388

389

.PHONY: install-html

374

390

install-html: html

375

install --directory $(htmldir)

376

install --mode=u=rw,go=r --target-directory=$(htmldir) \

391

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

377

392

$(htmldocs)

378

393

394

.PHONY: install-server

379

395

install-server: doc

380

install --directory $(CONFDIR)

381

396

if install --directory --mode=u=rwx --owner=$(USER) \

382

397

--group=$(GROUP) $(STATEDIR); then \

383

398

:; \

384

399

elif install --directory --mode=u=rwx $(STATEDIR); then \

385

400

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

386

401

387

if [ "$(TMPFILES)" != "$(DESTDIR)" \

388

-a -d "$(TMPFILES)" ]; then \

389

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

402

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

403

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

390

404

$(TMPFILES)/mandos.conf; \

391

405

392

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

406

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

407

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

408

$(SYSUSERS)/mandos.conf; \

409

410

install --directory $(PREFIX)/sbin

411

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

412

mandos

393

413

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

394

414

mandos-ctl

395

415

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

396

416

mandos-monitor

417

install --directory $(CONFDIR)

397

418

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

398

419

mandos.conf

399

420

install --mode=u=rw --target-directory=$(CONFDIR) \

400

421

clients.conf

401

install --mode=u=rw,go=r dbus-mandos.conf \

402

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

403

install --mode=u=rwx,go=rx init.d-mandos \

422

install -D --mode=u=rw,go=r dbus-mandos.conf \

423

$(DBUSPOLICYDIR)/mandos.conf

424

install -D --mode=u=rwx,go=rx init.d-mandos \

404

425

$(DESTDIR)/etc/init.d/mandos

405

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

406

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

426

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

427

install -D --mode=u=rw,go=r mandos.service \

428

$(SYSTEMD); \

407

429

408

install --mode=u=rw,go=r default-mandos \

430

install -D --mode=u=rw,go=r default-mandos \

409

431

$(DESTDIR)/etc/default/mandos

410

432

if [ -z $(DESTDIR) ]; then \

411

433

update-rc.d mandos defaults 25 15;\

412

434

435

install --directory $(MANDIR)/man8 $(MANDIR)/man5

413

436

gzip --best --to-stdout mandos.8 \

414

437

> $(MANDIR)/man8/mandos.8.gz

415

438

gzip --best --to-stdout mandos-monitor.8 \

423

446

gzip --best --to-stdout intro.8mandos \

424

447

> $(MANDIR)/man8/intro.8mandos.gz

425

448

449

.PHONY: install-client-nokey

426

450

install-client-nokey: all doc

427

install --directory $(LIBDIR)/mandos $(CONFDIR)

428

451

install --directory --mode=u=rwx $(KEYDIR) \

429

452

$(LIBDIR)/mandos/plugins.d \

430

453

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

455

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

456

$(SYSUSERS)/mandos-client.conf; \

457

431

458

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

432

install --mode=u=rwx \

433

--directory "$(CONFDIR)/plugins.d" \

459

install --directory \

460

--mode=u=rwx "$(CONFDIR)/plugins.d" \

434

461

"$(CONFDIR)/plugin-helpers"; \

435

462

436

install --mode=u=rwx,go=rx --directory \

463

install --directory --mode=u=rwx,go=rx \

437

464

"$(CONFDIR)/network-hooks.d"

438

465

install --mode=u=rwx,go=rx \

439

466

--target-directory=$(LIBDIR)/mandos plugin-runner

440

467

install --mode=u=rwx,go=rx \

441

468

--target-directory=$(LIBDIR)/mandos \

442

469

mandos-to-cryptroot-unlock

470

install --directory $(PREFIX)/sbin

443

471

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

444

472

mandos-keygen

445

473

install --mode=u=rwx,go=rx \

463

491

install --mode=u=rwx,go=rx \

464

492

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

465

493

plugin-helpers/mandos-client-iprouteadddel

466

install initramfs-tools-hook \

494

install -D initramfs-tools-hook \

467

495

$(INITRAMFSTOOLS)/hooks/mandos

468

install --mode=u=rw,go=r initramfs-tools-conf \

496

install -D --mode=u=rw,go=r initramfs-tools-conf \

469

497

$(INITRAMFSTOOLS)/conf.d/mandos-conf

470

install --mode=u=rw,go=r initramfs-tools-conf-hook \

498

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

471

499

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

472

install initramfs-tools-script \

500

install -D initramfs-tools-script \

473

501

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

474

install initramfs-tools-script-stop \

502

install -D initramfs-tools-script-stop \

475

503

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

476

install --directory $(DRACUTMODULE)

477

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

504

install -D --mode=u=rw,go=r \

505

--target-directory=$(DRACUTMODULE) \

478

506

dracut-module/ask-password-mandos.path \

479

507

dracut-module/ask-password-mandos.service

480

508

install --mode=u=rwxs,go=rx \

483

511

dracut-module/cmdline-mandos.sh \

484

512

dracut-module/password-agent

485

513

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

514

install --directory $(MANDIR)/man8

486

515

gzip --best --to-stdout mandos-keygen.8 \

487

516

> $(MANDIR)/man8/mandos-keygen.8.gz

488

517

gzip --best --to-stdout plugin-runner.8mandos \

502

531

gzip --best --to-stdout dracut-module/password-agent.8mandos \

503

532

> $(MANDIR)/man8/password-agent.8mandos.gz

504

533

534

.PHONY: install-client

505

535

install-client: install-client-nokey

506

536

# Post-installation stuff

507

537

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

517

547

518

548

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

519

549

550

.PHONY: uninstall

520

551

uninstall: uninstall-server uninstall-client

521

552

553

.PHONY: uninstall-server

522

554

uninstall-server:

523

555

-rm --force $(PREFIX)/sbin/mandos \

524

556

$(PREFIX)/sbin/mandos-ctl \

531

563

update-rc.d -f mandos remove

532

564

-rmdir $(CONFDIR)

533

565

566

.PHONY: uninstall-client

534

567

uninstall-client:

535

568

# Refuse to uninstall client if /etc/crypttab is explicitly configured

536

569

# to use it.

572

605

done; \

573

606

574

607

608

.PHONY: purge

575

609

purge: purge-server purge-client

576

610

611

.PHONY: purge-server

577

612

purge-server: uninstall-server

578

613

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

579

614

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

580

615

$(DESTDIR)/etc/default/mandos \

581

616

$(DESTDIR)/etc/init.d/mandos \

582

$(SYSTEMD)/mandos.service \

583

617

$(DESTDIR)/run/mandos.pid \

584

618

$(DESTDIR)/var/run/mandos.pid

619

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

620

-rm --force -- $(SYSTEMD)/mandos.service; \

621

585

622

-rmdir $(CONFDIR)

586

623

624

.PHONY: purge-client

587

625

purge-client: uninstall-client

588

626

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

589

627

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »