/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
bugs.xml

debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

# Check which sanitizing options can be used

SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \

-o /dev/null >/dev/null 2>&1 && echo $(option)))

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

-fsanitize=enum -fsanitize-address-use-after-scope

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

htmldir=man

version=1.7.3

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

## Use these settings for a traditional /usr/local install

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

PREFIX=$(DESTDIR)/usr

CONFDIR=$(DESTDIR)/etc/mandos

KEYDIR=$(DESTDIR)/etc/keys/mandos

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

109

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

110

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

111

112

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \

$(GPGME_CFLAGS) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

117

118

# Commands to format a DocBook <refentry> document into a manual page

119

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

102

125

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

103

126

$(notdir $<); \

104

127

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

105

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

106

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

107

fi >/dev/null)

128

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

129

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

130

$(notdir $@); fi >/dev/null)

108

131

109

132

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

110

133

--param make.year.ranges 1 \

116

139

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

117

140

$<; $(HTMLPOST) $@)

118

141

# Fix citerefentry links

119

HTMLPOST=$(SED) --in-place \

142

HTMLPOST:=$(SED) --in-place \

120

143

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

121

144

122

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

145

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

123

146

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

124

147

plugins.d/plymouth

125

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

126

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

127

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

128

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

148

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

149

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

150

$(PLUGIN_HELPERS)

151

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

152

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

129

153

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

154

dracut-module/password-agent.8mandos \

130

155

plugins.d/mandos-client.8mandos \

131

156

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

132

157

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

133

158

plugins.d/plymouth.8mandos intro.8mandos

134

159

135

htmldocs=$(addsuffix .xhtml,$(DOCS))

136

137

objects=$(addsuffix .o,$(CPROGS))

138

160

htmldocs:=$(addsuffix .xhtml,$(DOCS))

161

162

objects:=$(addsuffix .o,$(CPROGS))

163

164

.PHONY: all

139

165

all: $(PROGS) mandos.lsm

140

166

167

.PHONY: doc

141

168

doc: $(DOCS)

142

169

170

.PHONY: html

143

171

html: $(htmldocs)

144

172

145

173

%.5: %.xml common.ent legalnotice.xml

204

232

overview.xml legalnotice.xml

205

233

$(DOCBOOKTOHTML)

206

234

235

dracut-module/password-agent.8mandos: \

236

dracut-module/password-agent.xml common.ent \

237

overview.xml legalnotice.xml

238

$(DOCBOOKTOMAN)

239

dracut-module/password-agent.8mandos.xhtml: \

240

dracut-module/password-agent.xml common.ent \

241

overview.xml legalnotice.xml

242

$(DOCBOOKTOHTML)

243

207

244

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

208

245

common.ent \

209

246

mandos-options.xml \

252

289

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

253

290

$@)

254

291

255

plugins.d/mandos-client: plugins.d/mandos-client.c

256

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

257

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

258

259

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

260

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

261

) $(LOADLIBES) $(LDLIBS) -o $@

262

263

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

264

check run-client run-server install install-html \

265

install-server install-client-nokey install-client uninstall \

266

uninstall-server uninstall-client purge purge-server \

267

purge-client

268

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

299

# Need to add the GnuTLS, Avahi and GPGME libraries

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

302

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

303

) $(AVAHI_LIBS) $(GPGME_LIBS)

304

305

# Need to add the libnl-route library

306

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

307

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

308

309

# Need to add the GLib and pthread libraries

310

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

311

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

312

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

313

314

.PHONY: clean

269

315

clean:

270

316

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

271

317

318

.PHONY: distclean

272

319

distclean: clean

320

.PHONY: mostlyclean

273

321

mostlyclean: clean

322

.PHONY: maintainer-clean

274

323

maintainer-clean: clean

275

324

-rm --force --recursive keydir confdir statedir

276

325

277

check: all

326

.PHONY: check

327

check: all

278

328

./mandos --check

279

329

./mandos-ctl --check

330

./mandos-keygen --version

331

./plugin-runner --version

332

./plugin-helpers/mandos-client-iprouteadddel --version

333

./dracut-module/password-agent --test

280

334

281

335

# Run the client with a local config and key

282

run-client: all keydir/seckey.txt keydir/pubkey.txt

283

@echo "###################################################################"

284

@echo "# The following error messages are harmless and can be safely #"

285

@echo "# ignored. The messages are caused by not running as root, but #"

286

@echo "# you should NOT run \"make run-client\" as root unless you also #"

287

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

288

@echo "# From plugin-runner: setgid: Operation not permitted #"

289

@echo "# setuid: Operation not permitted #"

290

@echo "# From askpass-fifo: mkfifo: Permission denied #"

291

@echo "# From mandos-client: #"

292

@echo "# Failed to raise privileges: Operation not permitted #"

293

@echo "# Warning: network hook \"*\" exited with status * #"

294

@echo "###################################################################"

336

.PHONY: run-client

337

run-client: all keydir/seckey.txt keydir/pubkey.txt \

338

keydir/tls-privkey.pem keydir/tls-pubkey.pem

339

@echo '######################################################'

340

@echo '# The following error messages are harmless and can #'

341

@echo '# be safely ignored: #'

342

@echo '## From plugin-runner: #'

343

@echo '# setgid: Operation not permitted #'

344

@echo '# setuid: Operation not permitted #'

345

@echo '## From askpass-fifo: #'

346

@echo '# mkfifo: Permission denied #'

347

@echo '## From mandos-client: #'

348

@echo '# Failed to raise privileges: Operation not permi... #'

349

@echo '# Warning: network hook "*" exited with status * #'

350

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

351

@echo '# Failed to bring up interface "*": Operation not... #'

352

@echo '# #'

353

@echo '# (The messages are caused by not running as root, #'

354

@echo '# but you should NOT run "make run-client" as root #'

355

@echo '# unless you also unpacked and compiled Mandos as #'

356

@echo '# root, which is also NOT recommended.) #'

357

@echo '######################################################'

295

358

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

296

359

./plugin-runner --plugin-dir=plugins.d \

297

360

--plugin-helper-dir=plugin-helpers \

298

361

--config-file=plugin-runner.conf \

299

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

362

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

300

363

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

301

364

$(CLIENTARGS)

302

365

303

366

# Used by run-client

304

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

367

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

305

368

install --directory keydir

306

369

./mandos-keygen --dir keydir --force

370

if ! [ -e keydir/tls-privkey.pem ]; then \

371

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

372

373

if ! [ -e keydir/tls-pubkey.pem ]; then \

374

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

375

307

376

308

377

# Run the server with a local config

378

.PHONY: run-server

309

379

run-server: confdir/mandos.conf confdir/clients.conf statedir

310

380

./mandos --debug --no-dbus --configdir=confdir \

311

381

--statedir=statedir $(SERVERARGS)

312

382

313

383

# Used by run-server

314

384

confdir/mandos.conf: mandos.conf

315

install --directory confdir

316

install --mode=u=rw,go=r $^ $@

317

confdir/clients.conf: clients.conf keydir/seckey.txt

318

install --directory confdir

319

install --mode=u=rw $< $@

385

install -D --mode=u=rw,go=r $^ $@

386

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

387

install -D --mode=u=rw $< $@

320

388

# Add a client password

321

389

./mandos-keygen --dir keydir --password --no-ssh >> $@

322

390

statedir:

323

391

install --directory statedir

324

392

393

.PHONY: install

325

394

install: install-server install-client-nokey

326

395

396

.PHONY: install-html

327

397

install-html: html

328

install --directory $(htmldir)

329

install --mode=u=rw,go=r --target-directory=$(htmldir) \

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

330

399

$(htmldocs)

331

400

401

.PHONY: install-server

332

402

install-server: doc

333

install --directory $(CONFDIR)

334

403

if install --directory --mode=u=rwx --owner=$(USER) \

335

404

--group=$(GROUP) $(STATEDIR); then \

336

405

:; \

337

406

elif install --directory --mode=u=rwx $(STATEDIR); then \

338

407

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

339

408

340

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

411

$(TMPFILES)/mandos.conf; \

412

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

415

$(SYSUSERS)/mandos.conf; \

416

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

341

420

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

342

421

mandos-ctl

343

422

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

344

423

mandos-monitor

424

install --directory $(CONFDIR)

345

425

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

346

426

mandos.conf

347

427

install --mode=u=rw --target-directory=$(CONFDIR) \

348

428

clients.conf

349

install --mode=u=rw,go=r dbus-mandos.conf \

350

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

351

install --mode=u=rwx,go=rx init.d-mandos \

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

352

432

$(DESTDIR)/etc/init.d/mandos

353

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

354

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

355

436

356

install --mode=u=rw,go=r default-mandos \

437

install -D --mode=u=rw,go=r default-mandos \

357

438

$(DESTDIR)/etc/default/mandos

358

439

if [ -z $(DESTDIR) ]; then \

359

440

update-rc.d mandos defaults 25 15;\

360

441

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

361

443

gzip --best --to-stdout mandos.8 \

362

444

> $(MANDIR)/man8/mandos.8.gz

363

445

gzip --best --to-stdout mandos-monitor.8 \

371

453

gzip --best --to-stdout intro.8mandos \

372

454

> $(MANDIR)/man8/intro.8mandos.gz

373

455

456

.PHONY: install-client-nokey

374

457

install-client-nokey: all doc

375

install --directory $(LIBDIR)/mandos $(CONFDIR)

376

458

install --directory --mode=u=rwx $(KEYDIR) \

377

459

$(LIBDIR)/mandos/plugins.d \

378

460

$(LIBDIR)/mandos/plugin-helpers

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

463

$(SYSUSERS)/mandos-client.conf; \

464

379

465

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

380

install --mode=u=rwx \

381

--directory "$(CONFDIR)/plugins.d"; \

382

install --directory "$(CONFDIR)/plugin-helpers"; \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

468

"$(CONFDIR)/plugin-helpers"; \

383

469

384

install --mode=u=rwx,go=rx --directory \

470

install --directory --mode=u=rwx,go=rx \

385

471

"$(CONFDIR)/network-hooks.d"

386

472

install --mode=u=rwx,go=rx \

387

473

--target-directory=$(LIBDIR)/mandos plugin-runner

474

install --mode=u=rwx,go=rx \

475

--target-directory=$(LIBDIR)/mandos \

476

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

388

478

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

389

479

mandos-keygen

390

480

install --mode=u=rwx,go=rx \

405

495

install --mode=u=rwxs,go=rx \

406

496

--target-directory=$(LIBDIR)/mandos/plugins.d \

407

497

plugins.d/plymouth

408

install --mode=u=rwxs,go=rx \

498

install --mode=u=rwx,go=rx \

409

499

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

410

500

plugin-helpers/mandos-client-iprouteadddel

411

install initramfs-tools-hook \

501

install -D initramfs-tools-hook \

412

502

$(INITRAMFSTOOLS)/hooks/mandos

413

install --mode=u=rw,go=r initramfs-tools-hook-conf \

414

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

415

install initramfs-tools-script \

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

504

$(INITRAMFSTOOLS)/conf.d/mandos-conf

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

506

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

507

install -D initramfs-tools-script \

416

508

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

509

install -D initramfs-tools-script-stop \

510

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

513

dracut-module/ask-password-mandos.path \

514

dracut-module/ask-password-mandos.service

515

install --mode=u=rwxs,go=rx \

516

--target-directory=$(DRACUTMODULE) \

517

dracut-module/module-setup.sh \

518

dracut-module/cmdline-mandos.sh \

519

dracut-module/password-agent

417

520

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

418

522

gzip --best --to-stdout mandos-keygen.8 \

419

523

> $(MANDIR)/man8/mandos-keygen.8.gz

420

524

gzip --best --to-stdout plugin-runner.8mandos \

431

535

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

432

536

gzip --best --to-stdout plugins.d/plymouth.8mandos \

433

537

> $(MANDIR)/man8/plymouth.8mandos.gz

538

gzip --best --to-stdout dracut-module/password-agent.8mandos \

539

> $(MANDIR)/man8/password-agent.8mandos.gz

434

540

541

.PHONY: install-client

435

542

install-client: install-client-nokey

436

543

# Post-installation stuff

437

544

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

438

update-initramfs -k all -u

545

if command -v update-initramfs >/dev/null; then \

546

update-initramfs -k all -u; \

547

elif command -v dracut >/dev/null; then \

548

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

549

if [ -w "$$initrd" ]; then \

550

chmod go-r "$$initrd"; \

551

dracut --force "$$initrd"; \

552

fi; \

553

done; \

554

439

555

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

440

556

557

.PHONY: uninstall

441

558

uninstall: uninstall-server uninstall-client

442

559

560

.PHONY: uninstall-server

443

561

uninstall-server:

444

562

-rm --force $(PREFIX)/sbin/mandos \

445

563

$(PREFIX)/sbin/mandos-ctl \

452

570

update-rc.d -f mandos remove

453

571

-rmdir $(CONFDIR)

454

572

573

.PHONY: uninstall-client

455

574

uninstall-client:

456

575

# Refuse to uninstall client if /etc/crypttab is explicitly configured

457

576

# to use it.

468

587

$(INITRAMFSTOOLS)/hooks/mandos \

469

588

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

470

589

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

590

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

591

$(DRACUTMODULE)/ask-password-mandos.path \

592

$(DRACUTMODULE)/ask-password-mandos.service \

593

$(DRACUTMODULE)/module-setup.sh \

594

$(DRACUTMODULE)/cmdline-mandos.sh \

595

$(DRACUTMODULE)/password-agent \

471

596

$(MANDIR)/man8/mandos-keygen.8.gz \

472

597

$(MANDIR)/man8/plugin-runner.8mandos.gz \

473

598

$(MANDIR)/man8/mandos-client.8mandos.gz

476

601

$(MANDIR)/man8/splashy.8mandos.gz \

477

602

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

478

603

$(MANDIR)/man8/plymouth.8mandos.gz \

604

$(MANDIR)/man8/password-agent.8mandos.gz \

479

605

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

480

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

481

update-initramfs -k all -u

606

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

607

if command -v update-initramfs >/dev/null; then \

608

update-initramfs -k all -u; \

609

elif command -v dracut >/dev/null; then \

610

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

611

test -w "$$initrd" && dracut --force "$$initrd"; \

612

done; \

613

482

614

615

.PHONY: purge

483

616

purge: purge-server purge-client

484

617

618

.PHONY: purge-server

485

619

purge-server: uninstall-server

486

620

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

487

621

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

488

622

$(DESTDIR)/etc/default/mandos \

489

623

$(DESTDIR)/etc/init.d/mandos \

490

$(SYSTEMD)/mandos.service \

491

624

$(DESTDIR)/run/mandos.pid \

492

625

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

493

629

-rmdir $(CONFDIR)

494

630

631

.PHONY: purge-client

495

632

purge-client: uninstall-client

496

-shred --remove $(KEYDIR)/seckey.txt

633

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

497

634

-rm --force $(CONFDIR)/plugin-runner.conf \

498

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

635

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

636

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

499

637

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »