/mandos/trunk : revision 1294

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 01:36:41 UTC
Revision ID: teddy@recompile.se-20240909013641-6zu6kx2f7meu134k

Make all required directories when installing

When installing into a normal system, one can assume that target
directories, such as /usr/bin, already exists.  But when installing
into a subdirectory for the purpose of creating a package, one cannot
assume that all directories already exist.  Therefore, when
installing, we must not check if any directories exist, and must
instead always create any directories we want to install into.

* Makefile (confdir/mandos.conf, confdir/clients.conf, install-html):
  Use the "-D" option to "install" instead of creating the directory
  separately.
  (install-server): Move creation of $(CONFDIR) down to before it is
  needed.  Don't check if the $(TMPFILES) or $(SYSUSERS) directories
  exist; instead create them by using the "-D" option to "install".
  Create the $(PREFIX)/sbin directory.  Always use
  "--target-directory" if possible; i.e. if the file name is the same.
  Create the $(DBUSPOLICYDIR) and $(DESTDIR)/etc/init.d directories by
  using the "-D" option to "install".  Don't check if the $(SYSTEMD)
  directory exists; instead create it by using the "-D" option to
  "install".  Create the $(DESTDIR)/etc/default and $(MANDIR)/man8
  directories by using the "-D" option to "install".  Create the
  $(MANDIR)/man5 directories explicitly.
  (install-client-nokey): Remove unnecessary creation of the
  $(CONFDIR) directory.  Don't check if the $(SYSUSERS) directory
  exists; instead create it by using the "-D" option to "install".
  Move the "--directory" argument to be the first argument, for
  clarity.  Create the $(PREFIX)/sbin directory.  Use the "-D"
  argument to "install" when installing
  $(INITRAMFSTOOLS)/hooks/mandos,
  $(INITRAMFSTOOLS)/conf.d/mandos-conf,
  $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos,
  $(INITRAMFSTOOLS)/scripts/init-premount/mandos,
  $(INITRAMFSTOOLS)/scripts/local-premount/mandos,
  $(DRACUTMODULE)/ask-password-mandos.path, and
  $(DRACUTMODULE)/dracut-module/ask-password-mandos.service.  Create
  the $(MANDIR)/man8 directory.

Reported-By: Erich Eckner <erich@eckner.net>
Thanks: Erich Eckner <erich@eckner.net> for analysis

files added:
debian/mandos.maintscript

debian/po/es.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/po/fr.po

debian/rules

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.7

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

100

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

101

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

104

111

105

112

# Do not change these two

106

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

107

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

114

$(LANGUAGE) -DVERSION='"$(version)"'

108

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

109

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

110

117

154

161

155

162

objects:=$(addsuffix .o,$(CPROGS))

156

163

164

.PHONY: all

157

165

all: $(PROGS) mandos.lsm

158

166

167

.PHONY: doc

159

168

doc: $(DOCS)

160

169

170

.PHONY: html

161

171

html: $(htmldocs)

162

172

163

173

%.5: %.xml common.ent legalnotice.xml

280

290

$@)

281

291

282

292

# Need to add the GnuTLS, Avahi and GPGME libraries

283

plugins.d/mandos-client: plugins.d/mandos-client.c

284

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

285

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

286

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

287

) $(LDLIBS) -o $@

293

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

294

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

295

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

296

) $(AVAHI_LIBS) $(GPGME_LIBS)

288

297

289

298

# Need to add the libnl-route library

290

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

291

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

292

) $(LOADLIBES) $(LDLIBS) -o $@

299

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

300

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

293

301

294

302

# Need to add the GLib and pthread libraries

295

dracut-module/password-agent: dracut-module/password-agent.c

296

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

297

) $(LOADLIBES) $(LDLIBS) -o $@

298

299

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

300

check run-client run-server install install-html \

301

install-server install-client-nokey install-client uninstall \

302

uninstall-server uninstall-client purge purge-server \

303

purge-client

304

303

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

304

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

305

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

306

307

.PHONY: clean

305

308

clean:

306

309

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

307

310

311

.PHONY: distclean

308

312

distclean: clean

313

.PHONY: mostlyclean

309

314

mostlyclean: clean

315

.PHONY: maintainer-clean

310

316

maintainer-clean: clean

311

317

-rm --force --recursive keydir confdir statedir

312

318

319

.PHONY: check

313

320

check: all

314

321

./mandos --check

315

322

./mandos-ctl --check

319

326

./dracut-module/password-agent --test

320

327

321

328

# Run the client with a local config and key

329

.PHONY: run-client

322

330

run-client: all keydir/seckey.txt keydir/pubkey.txt \

323

331

keydir/tls-privkey.pem keydir/tls-pubkey.pem

324

332

@echo '######################################################'

352

360

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

353

361

install --directory keydir

354

362

./mandos-keygen --dir keydir --force

363

if ! [ -e keydir/tls-privkey.pem ]; then \

364

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

365

366

if ! [ -e keydir/tls-pubkey.pem ]; then \

367

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

368

355

369

356

370

# Run the server with a local config

371

.PHONY: run-server

357

372

run-server: confdir/mandos.conf confdir/clients.conf statedir

358

373

./mandos --debug --no-dbus --configdir=confdir \

359

374

--statedir=statedir $(SERVERARGS)

360

375

361

376

# Used by run-server

362

377

confdir/mandos.conf: mandos.conf

363

install --directory confdir

364

install --mode=u=rw,go=r $^ $@

378

install -D --mode=u=rw,go=r $^ $@

365

379

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

366

install --directory confdir

367

install --mode=u=rw $< $@

380

install -D --mode=u=rw $< $@

368

381

# Add a client password

369

382

./mandos-keygen --dir keydir --password --no-ssh >> $@

370

383

statedir:

371

384

install --directory statedir

372

385

386

.PHONY: install

373

387

install: install-server install-client-nokey

374

388

389

.PHONY: install-html

375

390

install-html: html

376

install --directory $(htmldir)

377

install --mode=u=rw,go=r --target-directory=$(htmldir) \

391

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

378

392

$(htmldocs)

379

393

394

.PHONY: install-server

380

395

install-server: doc

381

install --directory $(CONFDIR)

382

396

if install --directory --mode=u=rwx --owner=$(USER) \

383

397

--group=$(GROUP) $(STATEDIR); then \

384

398

:; \

385

399

elif install --directory --mode=u=rwx $(STATEDIR); then \

386

400

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

387

401

388

if [ "$(TMPFILES)" != "$(DESTDIR)" \

389

-a -d "$(TMPFILES)" ]; then \

390

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

402

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

403

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

391

404

$(TMPFILES)/mandos.conf; \

392

405

393

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

406

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

407

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

408

$(SYSUSERS)/mandos.conf; \

409

410

install --directory $(PREFIX)/sbin

411

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

412

mandos

394

413

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

395

414

mandos-ctl

396

415

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

397

416

mandos-monitor

417

install --directory $(CONFDIR)

398

418

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

399

419

mandos.conf

400

420

install --mode=u=rw --target-directory=$(CONFDIR) \

401

421

clients.conf

402

install --mode=u=rw,go=r dbus-mandos.conf \

403

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

404

install --mode=u=rwx,go=rx init.d-mandos \

422

install -D --mode=u=rw,go=r dbus-mandos.conf \

423

$(DBUSPOLICYDIR)/mandos.conf

424

install -D --mode=u=rwx,go=rx init.d-mandos \

405

425

$(DESTDIR)/etc/init.d/mandos

406

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

407

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

426

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

427

install -D --mode=u=rw,go=r mandos.service \

428

$(SYSTEMD); \

408

429

409

install --mode=u=rw,go=r default-mandos \

430

install -D --mode=u=rw,go=r default-mandos \

410

431

$(DESTDIR)/etc/default/mandos

411

432

if [ -z $(DESTDIR) ]; then \

412

433

update-rc.d mandos defaults 25 15;\

413

434

435

install --directory $(MANDIR)/man8 $(MANDIR)/man5

414

436

gzip --best --to-stdout mandos.8 \

415

437

> $(MANDIR)/man8/mandos.8.gz

416

438

gzip --best --to-stdout mandos-monitor.8 \

424

446

gzip --best --to-stdout intro.8mandos \

425

447

> $(MANDIR)/man8/intro.8mandos.gz

426

448

449

.PHONY: install-client-nokey

427

450

install-client-nokey: all doc

428

install --directory $(LIBDIR)/mandos $(CONFDIR)

429

451

install --directory --mode=u=rwx $(KEYDIR) \

430

452

$(LIBDIR)/mandos/plugins.d \

431

453

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

455

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

456

$(SYSUSERS)/mandos-client.conf; \

457

432

458

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

433

install --mode=u=rwx \

434

--directory "$(CONFDIR)/plugins.d" \

459

install --directory \

460

--mode=u=rwx "$(CONFDIR)/plugins.d" \

435

461

"$(CONFDIR)/plugin-helpers"; \

436

462

437

install --mode=u=rwx,go=rx --directory \

463

install --directory --mode=u=rwx,go=rx \

438

464

"$(CONFDIR)/network-hooks.d"

439

465

install --mode=u=rwx,go=rx \

440

466

--target-directory=$(LIBDIR)/mandos plugin-runner

441

467

install --mode=u=rwx,go=rx \

442

468

--target-directory=$(LIBDIR)/mandos \

443

469

mandos-to-cryptroot-unlock

470

install --directory $(PREFIX)/sbin

444

471

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

445

472

mandos-keygen

446

473

install --mode=u=rwx,go=rx \

464

491

install --mode=u=rwx,go=rx \

465

492

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

466

493

plugin-helpers/mandos-client-iprouteadddel

467

install initramfs-tools-hook \

494

install -D initramfs-tools-hook \

468

495

$(INITRAMFSTOOLS)/hooks/mandos

469

install --mode=u=rw,go=r initramfs-tools-conf \

496

install -D --mode=u=rw,go=r initramfs-tools-conf \

470

497

$(INITRAMFSTOOLS)/conf.d/mandos-conf

471

install --mode=u=rw,go=r initramfs-tools-conf-hook \

498

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

472

499

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

473

install initramfs-tools-script \

500

install -D initramfs-tools-script \

474

501

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

475

install initramfs-tools-script-stop \

502

install -D initramfs-tools-script-stop \

476

503

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

477

install --directory $(DRACUTMODULE)

478

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

504

install -D --mode=u=rw,go=r \

505

--target-directory=$(DRACUTMODULE) \

479

506

dracut-module/ask-password-mandos.path \

480

507

dracut-module/ask-password-mandos.service

481

508

install --mode=u=rwxs,go=rx \

484

511

dracut-module/cmdline-mandos.sh \

485

512

dracut-module/password-agent

486

513

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

514

install --directory $(MANDIR)/man8

487

515

gzip --best --to-stdout mandos-keygen.8 \

488

516

> $(MANDIR)/man8/mandos-keygen.8.gz

489

517

gzip --best --to-stdout plugin-runner.8mandos \

503

531

gzip --best --to-stdout dracut-module/password-agent.8mandos \

504

532

> $(MANDIR)/man8/password-agent.8mandos.gz

505

533

534

.PHONY: install-client

506

535

install-client: install-client-nokey

507

536

# Post-installation stuff

508

537

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

518

547

519

548

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

520

549

550

.PHONY: uninstall

521

551

uninstall: uninstall-server uninstall-client

522

552

553

.PHONY: uninstall-server

523

554

uninstall-server:

524

555

-rm --force $(PREFIX)/sbin/mandos \

525

556

$(PREFIX)/sbin/mandos-ctl \

532

563

update-rc.d -f mandos remove

533

564

-rmdir $(CONFDIR)

534

565

566

.PHONY: uninstall-client

535

567

uninstall-client:

536

568

# Refuse to uninstall client if /etc/crypttab is explicitly configured

537

569

# to use it.

573

605

done; \

574

606

575

607

608

.PHONY: purge

576

609

purge: purge-server purge-client

577

610

611

.PHONY: purge-server

578

612

purge-server: uninstall-server

579

613

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

580

614

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

581

615

$(DESTDIR)/etc/default/mandos \

582

616

$(DESTDIR)/etc/init.d/mandos \

583

$(SYSTEMD)/mandos.service \

584

617

$(DESTDIR)/run/mandos.pid \

585

618

$(DESTDIR)/var/run/mandos.pid

619

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

620

-rm --force -- $(SYSTEMD)/mandos.service; \

621

586

622

-rmdir $(CONFDIR)

587

623

624

.PHONY: purge-client

588

625

purge-client: uninstall-client

589

626

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

590

627

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »