/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
debian/mandos.maintscript

debian/po/es.po

debian/po/pt_BR.po

files modified:
Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/po/fr.po

debian/rules

dracut-module/ask-password-mandos.service

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos.conf.xml

mandos.lsm

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.14

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

100

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

101

106

getconf LFS_LDFLAGS)

102

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

103

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

106

111

107

112

# Do not change these two

108

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

109

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

114

$(LANGUAGE) -DVERSION='"$(version)"'

110

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

111

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

112

117

284

289

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

285

290

$@)

286

291

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

287

299

# Need to add the GnuTLS, Avahi and GPGME libraries

288

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

289

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

370

382

371

383

# Used by run-server

372

384

confdir/mandos.conf: mandos.conf

373

install --directory confdir

374

install --mode=u=rw,go=r $^ $@

385

install -D --mode=u=rw,go=r $^ $@

375

386

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

376

install --directory confdir

377

install --mode=u=rw $< $@

387

install -D --mode=u=rw $< $@

378

388

# Add a client password

379

389

./mandos-keygen --dir keydir --password --no-ssh >> $@

380

390

statedir:

385

395

386

396

.PHONY: install-html

387

397

install-html: html

388

install --directory $(htmldir)

389

install --mode=u=rw,go=r --target-directory=$(htmldir) \

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

390

399

$(htmldocs)

391

400

392

401

.PHONY: install-server

393

402

install-server: doc

394

install --directory $(CONFDIR)

395

403

if install --directory --mode=u=rwx --owner=$(USER) \

396

404

--group=$(GROUP) $(STATEDIR); then \

397

405

:; \

398

406

elif install --directory --mode=u=rwx $(STATEDIR); then \

399

407

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

400

408

401

if [ "$(TMPFILES)" != "$(DESTDIR)" \

402

-a -d "$(TMPFILES)" ]; then \

403

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

404

411

$(TMPFILES)/mandos.conf; \

405

412

406

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

407

-a -d "$(SYSUSERS)" ]; then \

408

install --mode=u=rw,go=r sysusers.d-mandos.conf \

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

409

415

$(SYSUSERS)/mandos.conf; \

410

416

411

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

412

420

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

413

421

mandos-ctl

414

422

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

415

423

mandos-monitor

424

install --directory $(CONFDIR)

416

425

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

417

426

mandos.conf

418

427

install --mode=u=rw --target-directory=$(CONFDIR) \

419

428

clients.conf

420

install --mode=u=rw,go=r dbus-mandos.conf \

421

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

422

install --mode=u=rwx,go=rx init.d-mandos \

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

423

432

$(DESTDIR)/etc/init.d/mandos

424

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

425

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

426

436

427

install --mode=u=rw,go=r default-mandos \

437

install -D --mode=u=rw,go=r default-mandos \

428

438

$(DESTDIR)/etc/default/mandos

429

439

if [ -z $(DESTDIR) ]; then \

430

440

update-rc.d mandos defaults 25 15;\

431

441

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

432

443

gzip --best --to-stdout mandos.8 \

433

444

> $(MANDIR)/man8/mandos.8.gz

434

445

gzip --best --to-stdout mandos-monitor.8 \

444

455

445

456

.PHONY: install-client-nokey

446

457

install-client-nokey: all doc

447

install --directory $(LIBDIR)/mandos $(CONFDIR)

448

458

install --directory --mode=u=rwx $(KEYDIR) \

449

459

$(LIBDIR)/mandos/plugins.d \

450

460

$(LIBDIR)/mandos/plugin-helpers

451

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

452

-a -d "$(SYSUSERS)" ]; then \

453

install --mode=u=rw,go=r sysusers.d-mandos.conf \

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

454

463

$(SYSUSERS)/mandos-client.conf; \

455

464

456

465

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

457

install --mode=u=rwx \

458

--directory "$(CONFDIR)/plugins.d" \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

459

468

"$(CONFDIR)/plugin-helpers"; \

460

469

461

install --mode=u=rwx,go=rx --directory \

470

install --directory --mode=u=rwx,go=rx \

462

471

"$(CONFDIR)/network-hooks.d"

463

472

install --mode=u=rwx,go=rx \

464

473

--target-directory=$(LIBDIR)/mandos plugin-runner

465

474

install --mode=u=rwx,go=rx \

466

475

--target-directory=$(LIBDIR)/mandos \

467

476

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

468

478

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

469

479

mandos-keygen

470

480

install --mode=u=rwx,go=rx \

488

498

install --mode=u=rwx,go=rx \

489

499

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

490

500

plugin-helpers/mandos-client-iprouteadddel

491

install initramfs-tools-hook \

501

install -D initramfs-tools-hook \

492

502

$(INITRAMFSTOOLS)/hooks/mandos

493

install --mode=u=rw,go=r initramfs-tools-conf \

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

494

504

$(INITRAMFSTOOLS)/conf.d/mandos-conf

495

install --mode=u=rw,go=r initramfs-tools-conf-hook \

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

496

506

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

497

install initramfs-tools-script \

507

install -D initramfs-tools-script \

498

508

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

499

install initramfs-tools-script-stop \

509

install -D initramfs-tools-script-stop \

500

510

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

501

install --directory $(DRACUTMODULE)

502

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

503

513

dracut-module/ask-password-mandos.path \

504

514

dracut-module/ask-password-mandos.service

505

515

install --mode=u=rwxs,go=rx \

508

518

dracut-module/cmdline-mandos.sh \

509

519

dracut-module/password-agent

510

520

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

511

522

gzip --best --to-stdout mandos-keygen.8 \

512

523

> $(MANDIR)/man8/mandos-keygen.8.gz

513

524

gzip --best --to-stdout plugin-runner.8mandos \

610

621

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

611

622

$(DESTDIR)/etc/default/mandos \

612

623

$(DESTDIR)/etc/init.d/mandos \

613

$(SYSTEMD)/mandos.service \

614

624

$(DESTDIR)/run/mandos.pid \

615

625

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

616

629

-rmdir $(CONFDIR)

617

630

618

631

.PHONY: purge-client

Older »