/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
29
29
 
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
32
FORTIFY:=-fstack-protector-all -fPIC
 
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
 
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
 
FEATURES:=-D_FILE_OFFSET_BITS=64
 
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
 
version:=1.8.9
 
47
version:=1.8.16
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
 
63
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
66
# LIBDIR:=$(PREFIX)/lib
 
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
68
##
67
69
 
68
70
## These settings are for a package-type install
83
85
                        break; \
84
86
                fi; \
85
87
        done)
 
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
89
##
87
90
 
88
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
 
103
        || gpgme-config --cflags; getconf LFS_CFLAGS)
 
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
 
105
        || gpgme-config --libs; getconf LFS_LIBS; \
101
106
        getconf LFS_LDFLAGS)
102
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
111
 
107
112
# Do not change these two
108
113
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
 
        $(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
 
114
        $(LANGUAGE) -DVERSION='"$(version)"'
110
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
116
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
117
 
284
289
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
285
290
                $@)
286
291
 
 
292
# Uses nested functions
 
293
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
 
294
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
 
295
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
 
296
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
 
297
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
 
298
 
287
299
# Need to add the GnuTLS, Avahi and GPGME libraries
288
300
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
301
        ) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
296
308
 
297
309
# Need to add the GLib and pthread libraries
298
310
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
 
311
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
299
312
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
313
 
301
314
.PHONY: clean
354
367
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
368
        install --directory keydir
356
369
        ./mandos-keygen --dir keydir --force
 
370
        if ! [ -e keydir/tls-privkey.pem ]; then \
 
371
                install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
 
372
        fi
 
373
        if ! [ -e keydir/tls-pubkey.pem ]; then \
 
374
                install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
 
375
        fi
357
376
 
358
377
# Run the server with a local config
359
378
.PHONY: run-server
363
382
 
364
383
# Used by run-server
365
384
confdir/mandos.conf: mandos.conf
366
 
        install --directory confdir
367
 
        install --mode=u=rw,go=r $^ $@
 
385
        install -D --mode=u=rw,go=r $^ $@
368
386
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
369
 
        install --directory confdir
370
 
        install --mode=u=rw $< $@
 
387
        install -D --mode=u=rw $< $@
371
388
# Add a client password
372
389
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
373
390
statedir:
378
395
 
379
396
.PHONY: install-html
380
397
install-html: html
381
 
        install --directory $(htmldir)
382
 
        install --mode=u=rw,go=r --target-directory=$(htmldir) \
 
398
        install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
383
399
                $(htmldocs)
384
400
 
385
401
.PHONY: install-server
386
402
install-server: doc
387
 
        install --directory $(CONFDIR)
388
403
        if install --directory --mode=u=rwx --owner=$(USER) \
389
404
                --group=$(GROUP) $(STATEDIR); then \
390
405
                :; \
391
406
        elif install --directory --mode=u=rwx $(STATEDIR); then \
392
407
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
393
408
        fi
394
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" \
395
 
                        -a -d "$(TMPFILES)" ]; then \
396
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
409
        if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
 
410
                install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
397
411
                        $(TMPFILES)/mandos.conf; \
398
412
        fi
399
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
400
 
                        -a -d "$(SYSUSERS)" ]; then \
401
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
413
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
414
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
402
415
                        $(SYSUSERS)/mandos.conf; \
403
416
        fi
404
 
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
417
        install --directory $(PREFIX)/sbin
 
418
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
419
                mandos
405
420
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
406
421
                mandos-ctl
407
422
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
408
423
                mandos-monitor
 
424
        install --directory $(CONFDIR)
409
425
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
410
426
                mandos.conf
411
427
        install --mode=u=rw --target-directory=$(CONFDIR) \
412
428
                clients.conf
413
 
        install --mode=u=rw,go=r dbus-mandos.conf \
414
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
415
 
        install --mode=u=rwx,go=rx init.d-mandos \
 
429
        install -D --mode=u=rw,go=r dbus-mandos.conf \
 
430
                $(DBUSPOLICYDIR)/mandos.conf
 
431
        install -D --mode=u=rwx,go=rx init.d-mandos \
416
432
                $(DESTDIR)/etc/init.d/mandos
417
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
418
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
433
        if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
 
434
                install -D --mode=u=rw,go=r mandos.service \
 
435
                        $(SYSTEMD); \
419
436
        fi
420
 
        install --mode=u=rw,go=r default-mandos \
 
437
        install -D --mode=u=rw,go=r default-mandos \
421
438
                $(DESTDIR)/etc/default/mandos
422
439
        if [ -z $(DESTDIR) ]; then \
423
440
                update-rc.d mandos defaults 25 15;\
424
441
        fi
 
442
        install --directory $(MANDIR)/man8 $(MANDIR)/man5
425
443
        gzip --best --to-stdout mandos.8 \
426
444
                > $(MANDIR)/man8/mandos.8.gz
427
445
        gzip --best --to-stdout mandos-monitor.8 \
437
455
 
438
456
.PHONY: install-client-nokey
439
457
install-client-nokey: all doc
440
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
441
458
        install --directory --mode=u=rwx $(KEYDIR) \
442
459
                $(LIBDIR)/mandos/plugins.d \
443
460
                $(LIBDIR)/mandos/plugin-helpers
444
 
        if [ "$(SYSUSERS)" != "$(DESTDIR)" \
445
 
                        -a -d "$(SYSUSERS)" ]; then \
446
 
                install --mode=u=rw,go=r sysusers.d-mandos.conf \
 
461
        if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
 
462
                install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
447
463
                        $(SYSUSERS)/mandos-client.conf; \
448
464
        fi
449
465
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
450
 
                install --mode=u=rwx \
451
 
                        --directory "$(CONFDIR)/plugins.d" \
 
466
                install --directory \
 
467
                        --mode=u=rwx "$(CONFDIR)/plugins.d" \
452
468
                        "$(CONFDIR)/plugin-helpers"; \
453
469
        fi
454
 
        install --mode=u=rwx,go=rx --directory \
 
470
        install --directory --mode=u=rwx,go=rx \
455
471
                "$(CONFDIR)/network-hooks.d"
456
472
        install --mode=u=rwx,go=rx \
457
473
                --target-directory=$(LIBDIR)/mandos plugin-runner
458
474
        install --mode=u=rwx,go=rx \
459
475
                --target-directory=$(LIBDIR)/mandos \
460
476
                mandos-to-cryptroot-unlock
 
477
        install --directory $(PREFIX)/sbin
461
478
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
462
479
                mandos-keygen
463
480
        install --mode=u=rwx,go=rx \
481
498
        install --mode=u=rwx,go=rx \
482
499
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
483
500
                plugin-helpers/mandos-client-iprouteadddel
484
 
        install initramfs-tools-hook \
 
501
        install -D initramfs-tools-hook \
485
502
                $(INITRAMFSTOOLS)/hooks/mandos
486
 
        install --mode=u=rw,go=r initramfs-tools-conf \
 
503
        install -D --mode=u=rw,go=r initramfs-tools-conf \
487
504
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
488
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
 
505
        install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
489
506
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
490
 
        install initramfs-tools-script \
 
507
        install -D initramfs-tools-script \
491
508
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
492
 
        install initramfs-tools-script-stop \
 
509
        install -D initramfs-tools-script-stop \
493
510
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
494
 
        install --directory $(DRACUTMODULE)
495
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
 
511
        install -D --mode=u=rw,go=r \
 
512
                --target-directory=$(DRACUTMODULE) \
496
513
                dracut-module/ask-password-mandos.path \
497
514
                dracut-module/ask-password-mandos.service
498
515
        install --mode=u=rwxs,go=rx \
501
518
                dracut-module/cmdline-mandos.sh \
502
519
                dracut-module/password-agent
503
520
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
 
521
        install --directory $(MANDIR)/man8
504
522
        gzip --best --to-stdout mandos-keygen.8 \
505
523
                > $(MANDIR)/man8/mandos-keygen.8.gz
506
524
        gzip --best --to-stdout plugin-runner.8mandos \
603
621
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
604
622
                $(DESTDIR)/etc/default/mandos \
605
623
                $(DESTDIR)/etc/init.d/mandos \
606
 
                $(SYSTEMD)/mandos.service \
607
624
                $(DESTDIR)/run/mandos.pid \
608
625
                $(DESTDIR)/var/run/mandos.pid
 
626
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
627
                -rm --force -- $(SYSTEMD)/mandos.service; \
 
628
        fi
609
629
        -rmdir $(CONFDIR)
610
630
 
611
631
.PHONY: purge-client