/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
debian/mandos.maintscript

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/upstream/metadata

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/po/templates.pot

debian/rules

debian/source/lintian-overrides

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.5

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

100

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

102

110

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

103

111

104

112

# Do not change these two

105

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

106

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

107

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

108

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

109

117

153

161

154

162

objects:=$(addsuffix .o,$(CPROGS))

155

163

164

.PHONY: all

156

165

all: $(PROGS) mandos.lsm

157

166

167

.PHONY: doc

158

168

doc: $(DOCS)

159

169

170

.PHONY: html

160

171

html: $(htmldocs)

161

172

162

173

%.5: %.xml common.ent legalnotice.xml

278

289

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

279

290

$@)

280

291

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

281

299

# Need to add the GnuTLS, Avahi and GPGME libraries

282

plugins.d/mandos-client: plugins.d/mandos-client.c

283

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

284

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

285

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

286

) $(LDLIBS) -o $@

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

302

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

303

) $(AVAHI_LIBS) $(GPGME_LIBS)

287

304

288

305

# Need to add the libnl-route library

289

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

290

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

291

) $(LOADLIBES) $(LDLIBS) -o $@

306

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

307

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

292

308

293

309

# Need to add the GLib and pthread libraries

294

dracut-module/password-agent: dracut-module/password-agent.c

295

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

296

) $(LOADLIBES) $(LDLIBS) -o $@

297

298

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

299

check run-client run-server install install-html \

300

install-server install-client-nokey install-client uninstall \

301

uninstall-server uninstall-client purge purge-server \

302

purge-client

303

310

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

311

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

312

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

313

314

.PHONY: clean

304

315

clean:

305

316

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

306

317

318

.PHONY: distclean

307

319

distclean: clean

320

.PHONY: mostlyclean

308

321

mostlyclean: clean

322

.PHONY: maintainer-clean

309

323

maintainer-clean: clean

310

324

-rm --force --recursive keydir confdir statedir

311

325

326

.PHONY: check

312

327

check: all

313

328

./mandos --check

314

329

./mandos-ctl --check

318

333

./dracut-module/password-agent --test

319

334

320

335

# Run the client with a local config and key

336

.PHONY: run-client

321

337

run-client: all keydir/seckey.txt keydir/pubkey.txt \

322

338

keydir/tls-privkey.pem keydir/tls-pubkey.pem

323

339

@echo '######################################################'

351

367

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

352

368

install --directory keydir

353

369

./mandos-keygen --dir keydir --force

370

if ! [ -e keydir/tls-privkey.pem ]; then \

371

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

372

373

if ! [ -e keydir/tls-pubkey.pem ]; then \

374

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

375

354

376

355

377

# Run the server with a local config

378

.PHONY: run-server

356

379

run-server: confdir/mandos.conf confdir/clients.conf statedir

357

380

./mandos --debug --no-dbus --configdir=confdir \

358

381

--statedir=statedir $(SERVERARGS)

359

382

360

383

# Used by run-server

361

384

confdir/mandos.conf: mandos.conf

362

install --directory confdir

363

install --mode=u=rw,go=r $^ $@

385

install -D --mode=u=rw,go=r $^ $@

364

386

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

365

install --directory confdir

366

install --mode=u=rw $< $@

387

install -D --mode=u=rw $< $@

367

388

# Add a client password

368

389

./mandos-keygen --dir keydir --password --no-ssh >> $@

369

390

statedir:

370

391

install --directory statedir

371

392

393

.PHONY: install

372

394

install: install-server install-client-nokey

373

395

396

.PHONY: install-html

374

397

install-html: html

375

install --directory $(htmldir)

376

install --mode=u=rw,go=r --target-directory=$(htmldir) \

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

377

399

$(htmldocs)

378

400

401

.PHONY: install-server

379

402

install-server: doc

380

install --directory $(CONFDIR)

381

403

if install --directory --mode=u=rwx --owner=$(USER) \

382

404

--group=$(GROUP) $(STATEDIR); then \

383

405

:; \

384

406

elif install --directory --mode=u=rwx $(STATEDIR); then \

385

407

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

386

408

387

if [ "$(TMPFILES)" != "$(DESTDIR)" \

388

-a -d "$(TMPFILES)" ]; then \

389

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

390

411

$(TMPFILES)/mandos.conf; \

391

412

392

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

415

$(SYSUSERS)/mandos.conf; \

416

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

393

420

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

394

421

mandos-ctl

395

422

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

396

423

mandos-monitor

424

install --directory $(CONFDIR)

397

425

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

398

426

mandos.conf

399

427

install --mode=u=rw --target-directory=$(CONFDIR) \

400

428

clients.conf

401

install --mode=u=rw,go=r dbus-mandos.conf \

402

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

403

install --mode=u=rwx,go=rx init.d-mandos \

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

404

432

$(DESTDIR)/etc/init.d/mandos

405

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

406

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

407

436

408

install --mode=u=rw,go=r default-mandos \

437

install -D --mode=u=rw,go=r default-mandos \

409

438

$(DESTDIR)/etc/default/mandos

410

439

if [ -z $(DESTDIR) ]; then \

411

440

update-rc.d mandos defaults 25 15;\

412

441

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

413

443

gzip --best --to-stdout mandos.8 \

414

444

> $(MANDIR)/man8/mandos.8.gz

415

445

gzip --best --to-stdout mandos-monitor.8 \

423

453

gzip --best --to-stdout intro.8mandos \

424

454

> $(MANDIR)/man8/intro.8mandos.gz

425

455

456

.PHONY: install-client-nokey

426

457

install-client-nokey: all doc

427

install --directory $(LIBDIR)/mandos $(CONFDIR)

428

458

install --directory --mode=u=rwx $(KEYDIR) \

429

459

$(LIBDIR)/mandos/plugins.d \

430

460

$(LIBDIR)/mandos/plugin-helpers

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

463

$(SYSUSERS)/mandos-client.conf; \

464

431

465

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

432

install --mode=u=rwx \

433

--directory "$(CONFDIR)/plugins.d" \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

434

468

"$(CONFDIR)/plugin-helpers"; \

435

469

436

install --mode=u=rwx,go=rx --directory \

470

install --directory --mode=u=rwx,go=rx \

437

471

"$(CONFDIR)/network-hooks.d"

438

472

install --mode=u=rwx,go=rx \

439

473

--target-directory=$(LIBDIR)/mandos plugin-runner

440

474

install --mode=u=rwx,go=rx \

441

475

--target-directory=$(LIBDIR)/mandos \

442

476

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

443

478

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

444

479

mandos-keygen

445

480

install --mode=u=rwx,go=rx \

463

498

install --mode=u=rwx,go=rx \

464

499

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

465

500

plugin-helpers/mandos-client-iprouteadddel

466

install initramfs-tools-hook \

501

install -D initramfs-tools-hook \

467

502

$(INITRAMFSTOOLS)/hooks/mandos

468

install --mode=u=rw,go=r initramfs-tools-conf \

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

469

504

$(INITRAMFSTOOLS)/conf.d/mandos-conf

470

install --mode=u=rw,go=r initramfs-tools-conf-hook \

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

471

506

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

472

install initramfs-tools-script \

507

install -D initramfs-tools-script \

473

508

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

474

install initramfs-tools-script-stop \

509

install -D initramfs-tools-script-stop \

475

510

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

476

install --directory $(DRACUTMODULE)

477

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

478

513

dracut-module/ask-password-mandos.path \

479

514

dracut-module/ask-password-mandos.service

480

515

install --mode=u=rwxs,go=rx \

483

518

dracut-module/cmdline-mandos.sh \

484

519

dracut-module/password-agent

485

520

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

486

522

gzip --best --to-stdout mandos-keygen.8 \

487

523

> $(MANDIR)/man8/mandos-keygen.8.gz

488

524

gzip --best --to-stdout plugin-runner.8mandos \

502

538

gzip --best --to-stdout dracut-module/password-agent.8mandos \

503

539

> $(MANDIR)/man8/password-agent.8mandos.gz

504

540

541

.PHONY: install-client

505

542

install-client: install-client-nokey

506

543

# Post-installation stuff

507

544

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

517

554

518

555

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

519

556

557

.PHONY: uninstall

520

558

uninstall: uninstall-server uninstall-client

521

559

560

.PHONY: uninstall-server

522

561

uninstall-server:

523

562

-rm --force $(PREFIX)/sbin/mandos \

524

563

$(PREFIX)/sbin/mandos-ctl \

531

570

update-rc.d -f mandos remove

532

571

-rmdir $(CONFDIR)

533

572

573

.PHONY: uninstall-client

534

574

uninstall-client:

535

575

# Refuse to uninstall client if /etc/crypttab is explicitly configured

536

576

# to use it.

572

612

done; \

573

613

574

614

615

.PHONY: purge

575

616

purge: purge-server purge-client

576

617

618

.PHONY: purge-server

577

619

purge-server: uninstall-server

578

620

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

579

621

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

580

622

$(DESTDIR)/etc/default/mandos \

581

623

$(DESTDIR)/etc/init.d/mandos \

582

$(SYSTEMD)/mandos.service \

583

624

$(DESTDIR)/run/mandos.pid \

584

625

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

585

629

-rmdir $(CONFDIR)

586

630

631

.PHONY: purge-client

587

632

purge-client: uninstall-client

588

633

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

589

634

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »