/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
debian/mandos.maintscript

debian/po/es.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/po/fr.po

debian/rules

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.8

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

100

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

101

106

getconf LFS_LDFLAGS)

102

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

103

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

106

111

107

112

# Do not change these two

108

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

109

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

114

$(LANGUAGE) -DVERSION='"$(version)"'

110

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

111

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

112

117

156

161

157

162

objects:=$(addsuffix .o,$(CPROGS))

158

163

164

.PHONY: all

159

165

all: $(PROGS) mandos.lsm

160

166

167

.PHONY: doc

161

168

doc: $(DOCS)

162

169

170

.PHONY: html

163

171

html: $(htmldocs)

164

172

165

173

%.5: %.xml common.ent legalnotice.xml

281

289

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

282

290

$@)

283

291

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

284

299

# Need to add the GnuTLS, Avahi and GPGME libraries

285

plugins.d/mandos-client: plugins.d/mandos-client.c

286

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

287

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

288

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

289

) $(LDLIBS) -o $@

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

302

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

303

) $(AVAHI_LIBS) $(GPGME_LIBS)

290

304

291

305

# Need to add the libnl-route library

292

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

293

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

294

) $(LOADLIBES) $(LDLIBS) -o $@

306

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

307

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

295

308

296

309

# Need to add the GLib and pthread libraries

297

dracut-module/password-agent: dracut-module/password-agent.c

298

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

299

) $(LOADLIBES) $(LDLIBS) -o $@

300

301

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

302

check run-client run-server install install-html \

303

install-server install-client-nokey install-client uninstall \

304

uninstall-server uninstall-client purge purge-server \

305

purge-client

306

310

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

311

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

312

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

313

314

.PHONY: clean

307

315

clean:

308

316

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

309

317

318

.PHONY: distclean

310

319

distclean: clean

320

.PHONY: mostlyclean

311

321

mostlyclean: clean

322

.PHONY: maintainer-clean

312

323

maintainer-clean: clean

313

324

-rm --force --recursive keydir confdir statedir

314

325

326

.PHONY: check

315

327

check: all

316

328

./mandos --check

317

329

./mandos-ctl --check

321

333

./dracut-module/password-agent --test

322

334

323

335

# Run the client with a local config and key

336

.PHONY: run-client

324

337

run-client: all keydir/seckey.txt keydir/pubkey.txt \

325

338

keydir/tls-privkey.pem keydir/tls-pubkey.pem

326

339

@echo '######################################################'

354

367

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

355

368

install --directory keydir

356

369

./mandos-keygen --dir keydir --force

370

if ! [ -e keydir/tls-privkey.pem ]; then \

371

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

372

373

if ! [ -e keydir/tls-pubkey.pem ]; then \

374

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

375

357

376

358

377

# Run the server with a local config

378

.PHONY: run-server

359

379

run-server: confdir/mandos.conf confdir/clients.conf statedir

360

380

./mandos --debug --no-dbus --configdir=confdir \

361

381

--statedir=statedir $(SERVERARGS)

362

382

363

383

# Used by run-server

364

384

confdir/mandos.conf: mandos.conf

365

install --directory confdir

366

install --mode=u=rw,go=r $^ $@

385

install -D --mode=u=rw,go=r $^ $@

367

386

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

368

install --directory confdir

369

install --mode=u=rw $< $@

387

install -D --mode=u=rw $< $@

370

388

# Add a client password

371

389

./mandos-keygen --dir keydir --password --no-ssh >> $@

372

390

statedir:

373

391

install --directory statedir

374

392

393

.PHONY: install

375

394

install: install-server install-client-nokey

376

395

396

.PHONY: install-html

377

397

install-html: html

378

install --directory $(htmldir)

379

install --mode=u=rw,go=r --target-directory=$(htmldir) \

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

380

399

$(htmldocs)

381

400

401

.PHONY: install-server

382

402

install-server: doc

383

install --directory $(CONFDIR)

384

403

if install --directory --mode=u=rwx --owner=$(USER) \

385

404

--group=$(GROUP) $(STATEDIR); then \

386

405

:; \

387

406

elif install --directory --mode=u=rwx $(STATEDIR); then \

388

407

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

389

408

390

if [ "$(TMPFILES)" != "$(DESTDIR)" \

391

-a -d "$(TMPFILES)" ]; then \

392

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

393

411

$(TMPFILES)/mandos.conf; \

394

412

395

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

396

-a -d "$(SYSUSERS)" ]; then \

397

install --mode=u=rw,go=r sysusers.d-mandos.conf \

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

398

415

$(SYSUSERS)/mandos.conf; \

399

416

400

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

401

420

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

402

421

mandos-ctl

403

422

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

404

423

mandos-monitor

424

install --directory $(CONFDIR)

405

425

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

406

426

mandos.conf

407

427

install --mode=u=rw --target-directory=$(CONFDIR) \

408

428

clients.conf

409

install --mode=u=rw,go=r dbus-mandos.conf \

410

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

411

install --mode=u=rwx,go=rx init.d-mandos \

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

412

432

$(DESTDIR)/etc/init.d/mandos

413

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

414

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

415

436

416

install --mode=u=rw,go=r default-mandos \

437

install -D --mode=u=rw,go=r default-mandos \

417

438

$(DESTDIR)/etc/default/mandos

418

439

if [ -z $(DESTDIR) ]; then \

419

440

update-rc.d mandos defaults 25 15;\

420

441

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

421

443

gzip --best --to-stdout mandos.8 \

422

444

> $(MANDIR)/man8/mandos.8.gz

423

445

gzip --best --to-stdout mandos-monitor.8 \

431

453

gzip --best --to-stdout intro.8mandos \

432

454

> $(MANDIR)/man8/intro.8mandos.gz

433

455

456

.PHONY: install-client-nokey

434

457

install-client-nokey: all doc

435

install --directory $(LIBDIR)/mandos $(CONFDIR)

436

458

install --directory --mode=u=rwx $(KEYDIR) \

437

459

$(LIBDIR)/mandos/plugins.d \

438

460

$(LIBDIR)/mandos/plugin-helpers

439

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

440

-a -d "$(SYSUSERS)" ]; then \

441

install --mode=u=rw,go=r sysusers.d-mandos.conf \

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

442

463

$(SYSUSERS)/mandos-client.conf; \

443

464

444

465

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

445

install --mode=u=rwx \

446

--directory "$(CONFDIR)/plugins.d" \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

447

468

"$(CONFDIR)/plugin-helpers"; \

448

469

449

install --mode=u=rwx,go=rx --directory \

470

install --directory --mode=u=rwx,go=rx \

450

471

"$(CONFDIR)/network-hooks.d"

451

472

install --mode=u=rwx,go=rx \

452

473

--target-directory=$(LIBDIR)/mandos plugin-runner

453

474

install --mode=u=rwx,go=rx \

454

475

--target-directory=$(LIBDIR)/mandos \

455

476

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

456

478

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

457

479

mandos-keygen

458

480

install --mode=u=rwx,go=rx \

476

498

install --mode=u=rwx,go=rx \

477

499

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

478

500

plugin-helpers/mandos-client-iprouteadddel

479

install initramfs-tools-hook \

501

install -D initramfs-tools-hook \

480

502

$(INITRAMFSTOOLS)/hooks/mandos

481

install --mode=u=rw,go=r initramfs-tools-conf \

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

482

504

$(INITRAMFSTOOLS)/conf.d/mandos-conf

483

install --mode=u=rw,go=r initramfs-tools-conf-hook \

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

484

506

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

485

install initramfs-tools-script \

507

install -D initramfs-tools-script \

486

508

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

487

install initramfs-tools-script-stop \

509

install -D initramfs-tools-script-stop \

488

510

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

489

install --directory $(DRACUTMODULE)

490

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

491

513

dracut-module/ask-password-mandos.path \

492

514

dracut-module/ask-password-mandos.service

493

515

install --mode=u=rwxs,go=rx \

496

518

dracut-module/cmdline-mandos.sh \

497

519

dracut-module/password-agent

498

520

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

499

522

gzip --best --to-stdout mandos-keygen.8 \

500

523

> $(MANDIR)/man8/mandos-keygen.8.gz

501

524

gzip --best --to-stdout plugin-runner.8mandos \

515

538

gzip --best --to-stdout dracut-module/password-agent.8mandos \

516

539

> $(MANDIR)/man8/password-agent.8mandos.gz

517

540

541

.PHONY: install-client

518

542

install-client: install-client-nokey

519

543

# Post-installation stuff

520

544

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

530

554

531

555

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

532

556

557

.PHONY: uninstall

533

558

uninstall: uninstall-server uninstall-client

534

559

560

.PHONY: uninstall-server

535

561

uninstall-server:

536

562

-rm --force $(PREFIX)/sbin/mandos \

537

563

$(PREFIX)/sbin/mandos-ctl \

544

570

update-rc.d -f mandos remove

545

571

-rmdir $(CONFDIR)

546

572

573

.PHONY: uninstall-client

547

574

uninstall-client:

548

575

# Refuse to uninstall client if /etc/crypttab is explicitly configured

549

576

# to use it.

585

612

done; \

586

613

587

614

615

.PHONY: purge

588

616

purge: purge-server purge-client

589

617

618

.PHONY: purge-server

590

619

purge-server: uninstall-server

591

620

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

592

621

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

593

622

$(DESTDIR)/etc/default/mandos \

594

623

$(DESTDIR)/etc/init.d/mandos \

595

$(SYSTEMD)/mandos.service \

596

624

$(DESTDIR)/run/mandos.pid \

597

625

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

598

629

-rmdir $(CONFDIR)

599

630

631

.PHONY: purge-client

600

632

purge-client: uninstall-client

601

633

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

602

634

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »