/mandos/trunk : revision 1298

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-09-09 04:24:39 UTC
Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis

Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

files added:
debian/mandos-client.templates

debian/mandos.maintscript

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

# Check which sanitizing options can be used

SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \

-o /dev/null >/dev/null 2>&1 && echo $(option)))

-fsanitize=enum -fsanitize-address-use-after-scope

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.7.19

version:=1.8.16

SED:=sed

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

100

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

101

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

102

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

103

|| gpgme-config --cflags; getconf LFS_CFLAGS)

104

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

105

|| gpgme-config --libs; getconf LFS_LIBS; \

106

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

107

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

108

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

109

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

110

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

111

112

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

113

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

114

$(LANGUAGE) -DVERSION='"$(version)"'

115

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

116

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

117

118

# Commands to format a DocBook <refentry> document into a manual page

119

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

102

125

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

103

126

$(notdir $<); \

104

127

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

105

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

106

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

107

fi >/dev/null)

128

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

129

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

130

$(notdir $@); fi >/dev/null)

108

131

109

132

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

110

133

--param make.year.ranges 1 \

123

146

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

124

147

plugins.d/plymouth

125

148

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

126

CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

149

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

150

$(PLUGIN_HELPERS)

127

151

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

128

152

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

129

153

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

154

dracut-module/password-agent.8mandos \

130

155

plugins.d/mandos-client.8mandos \

131

156

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

132

157

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

136

161

137

162

objects:=$(addsuffix .o,$(CPROGS))

138

163

164

.PHONY: all

139

165

all: $(PROGS) mandos.lsm

140

166

167

.PHONY: doc

141

168

doc: $(DOCS)

142

169

170

.PHONY: html

143

171

html: $(htmldocs)

144

172

145

173

%.5: %.xml common.ent legalnotice.xml

204

232

overview.xml legalnotice.xml

205

233

$(DOCBOOKTOHTML)

206

234

235

dracut-module/password-agent.8mandos: \

236

dracut-module/password-agent.xml common.ent \

237

overview.xml legalnotice.xml

238

$(DOCBOOKTOMAN)

239

dracut-module/password-agent.8mandos.xhtml: \

240

dracut-module/password-agent.xml common.ent \

241

overview.xml legalnotice.xml

242

$(DOCBOOKTOHTML)

243

207

244

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

208

245

common.ent \

209

246

mandos-options.xml \

252

289

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

253

290

$@)

254

291

255

# Need to add the GnuTLS, Avahi and GPGME libraries, and can't use

256

# -fsanitize=leak because GnuTLS and GPGME both leak memory.

257

plugins.d/mandos-client: plugins.d/mandos-client.c

258

$(CC) $(filter-out -fsanitize=leak,$(CFLAGS)) $(strip\

259

) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) $(strip\

260

) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH) $^ $(strip\

261

) -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

262

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

263

264

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

265

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

266

) $(LOADLIBES) $(LDLIBS) -o $@

267

268

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

269

check run-client run-server install install-html \

270

install-server install-client-nokey install-client uninstall \

271

uninstall-server uninstall-client purge purge-server \

272

purge-client

273

292

# Uses nested functions

293

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

294

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

295

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

296

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

297

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

298

299

# Need to add the GnuTLS, Avahi and GPGME libraries

300

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

301

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

302

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

303

) $(AVAHI_LIBS) $(GPGME_LIBS)

304

305

# Need to add the libnl-route library

306

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

307

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

308

309

# Need to add the GLib and pthread libraries

310

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

311

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

312

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

313

314

.PHONY: clean

274

315

clean:

275

316

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

276

317

318

.PHONY: distclean

277

319

distclean: clean

320

.PHONY: mostlyclean

278

321

mostlyclean: clean

322

.PHONY: maintainer-clean

279

323

maintainer-clean: clean

280

324

-rm --force --recursive keydir confdir statedir

281

325

282

check: all

326

.PHONY: check

327

check: all

283

328

./mandos --check

284

329

./mandos-ctl --check

330

./mandos-keygen --version

331

./plugin-runner --version

332

./plugin-helpers/mandos-client-iprouteadddel --version

333

./dracut-module/password-agent --test

285

334

286

335

# Run the client with a local config and key

287

run-client: all keydir/seckey.txt keydir/pubkey.txt

288

@echo "###################################################################"

289

@echo "# The following error messages are harmless and can be safely #"

290

@echo "# ignored: #"

291

@echo "# From plugin-runner: setgid: Operation not permitted #"

292

@echo "# setuid: Operation not permitted #"

293

@echo "# From askpass-fifo: mkfifo: Permission denied #"

294

@echo "# From mandos-client: #"

295

@echo "# Failed to raise privileges: Operation not permitted #"

296

@echo "# Warning: network hook \"*\" exited with status * #"

297

@echo "# #"

298

@echo "# (The messages are caused by not running as root, but you should #"

299

@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"

300

@echo "# compiled Mandos as root, which is also NOT recommended.) #"

301

@echo "###################################################################"

336

.PHONY: run-client

337

run-client: all keydir/seckey.txt keydir/pubkey.txt \

338

keydir/tls-privkey.pem keydir/tls-pubkey.pem

339

@echo '######################################################'

340

@echo '# The following error messages are harmless and can #'

341

@echo '# be safely ignored: #'

342

@echo '## From plugin-runner: #'

343

@echo '# setgid: Operation not permitted #'

344

@echo '# setuid: Operation not permitted #'

345

@echo '## From askpass-fifo: #'

346

@echo '# mkfifo: Permission denied #'

347

@echo '## From mandos-client: #'

348

@echo '# Failed to raise privileges: Operation not permi... #'

349

@echo '# Warning: network hook "*" exited with status * #'

350

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

351

@echo '# Failed to bring up interface "*": Operation not... #'

352

@echo '# #'

353

@echo '# (The messages are caused by not running as root, #'

354

@echo '# but you should NOT run "make run-client" as root #'

355

@echo '# unless you also unpacked and compiled Mandos as #'

356

@echo '# root, which is also NOT recommended.) #'

357

@echo '######################################################'

302

358

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

303

359

./plugin-runner --plugin-dir=plugins.d \

304

360

--plugin-helper-dir=plugin-helpers \

305

361

--config-file=plugin-runner.conf \

306

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

362

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

307

363

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

308

364

$(CLIENTARGS)

309

365

310

366

# Used by run-client

311

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

367

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

312

368

install --directory keydir

313

369

./mandos-keygen --dir keydir --force

370

if ! [ -e keydir/tls-privkey.pem ]; then \

371

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

372

373

if ! [ -e keydir/tls-pubkey.pem ]; then \

374

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

375

314

376

315

377

# Run the server with a local config

378

.PHONY: run-server

316

379

run-server: confdir/mandos.conf confdir/clients.conf statedir

317

380

./mandos --debug --no-dbus --configdir=confdir \

318

381

--statedir=statedir $(SERVERARGS)

319

382

320

383

# Used by run-server

321

384

confdir/mandos.conf: mandos.conf

322

install --directory confdir

323

install --mode=u=rw,go=r $^ $@

324

confdir/clients.conf: clients.conf keydir/seckey.txt

325

install --directory confdir

326

install --mode=u=rw $< $@

385

install -D --mode=u=rw,go=r $^ $@

386

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

387

install -D --mode=u=rw $< $@

327

388

# Add a client password

328

389

./mandos-keygen --dir keydir --password --no-ssh >> $@

329

390

statedir:

330

391

install --directory statedir

331

392

393

.PHONY: install

332

394

install: install-server install-client-nokey

333

395

396

.PHONY: install-html

334

397

install-html: html

335

install --directory $(htmldir)

336

install --mode=u=rw,go=r --target-directory=$(htmldir) \

398

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

337

399

$(htmldocs)

338

400

401

.PHONY: install-server

339

402

install-server: doc

340

install --directory $(CONFDIR)

341

403

if install --directory --mode=u=rwx --owner=$(USER) \

342

404

--group=$(GROUP) $(STATEDIR); then \

343

405

:; \

344

406

elif install --directory --mode=u=rwx $(STATEDIR); then \

345

407

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

346

408

347

if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \

348

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

409

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

410

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

349

411

$(TMPFILES)/mandos.conf; \

350

412

351

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

413

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

414

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

415

$(SYSUSERS)/mandos.conf; \

416

417

install --directory $(PREFIX)/sbin

418

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

419

mandos

352

420

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

353

421

mandos-ctl

354

422

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

355

423

mandos-monitor

424

install --directory $(CONFDIR)

356

425

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

357

426

mandos.conf

358

427

install --mode=u=rw --target-directory=$(CONFDIR) \

359

428

clients.conf

360

install --mode=u=rw,go=r dbus-mandos.conf \

361

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

362

install --mode=u=rwx,go=rx init.d-mandos \

429

install -D --mode=u=rw,go=r dbus-mandos.conf \

430

$(DBUSPOLICYDIR)/mandos.conf

431

install -D --mode=u=rwx,go=rx init.d-mandos \

363

432

$(DESTDIR)/etc/init.d/mandos

364

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

365

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

433

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

434

install -D --mode=u=rw,go=r mandos.service \

435

$(SYSTEMD); \

366

436

367

install --mode=u=rw,go=r default-mandos \

437

install -D --mode=u=rw,go=r default-mandos \

368

438

$(DESTDIR)/etc/default/mandos

369

439

if [ -z $(DESTDIR) ]; then \

370

440

update-rc.d mandos defaults 25 15;\

371

441

442

install --directory $(MANDIR)/man8 $(MANDIR)/man5

372

443

gzip --best --to-stdout mandos.8 \

373

444

> $(MANDIR)/man8/mandos.8.gz

374

445

gzip --best --to-stdout mandos-monitor.8 \

382

453

gzip --best --to-stdout intro.8mandos \

383

454

> $(MANDIR)/man8/intro.8mandos.gz

384

455

456

.PHONY: install-client-nokey

385

457

install-client-nokey: all doc

386

install --directory $(LIBDIR)/mandos $(CONFDIR)

387

458

install --directory --mode=u=rwx $(KEYDIR) \

388

459

$(LIBDIR)/mandos/plugins.d \

389

460

$(LIBDIR)/mandos/plugin-helpers

461

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

462

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

463

$(SYSUSERS)/mandos-client.conf; \

464

390

465

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

391

install --mode=u=rwx \

392

--directory "$(CONFDIR)/plugins.d" \

466

install --directory \

467

--mode=u=rwx "$(CONFDIR)/plugins.d" \

393

468

"$(CONFDIR)/plugin-helpers"; \

394

469

395

install --mode=u=rwx,go=rx --directory \

470

install --directory --mode=u=rwx,go=rx \

396

471

"$(CONFDIR)/network-hooks.d"

397

472

install --mode=u=rwx,go=rx \

398

473

--target-directory=$(LIBDIR)/mandos plugin-runner

399

474

install --mode=u=rwx,go=rx \

400

--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock

475

--target-directory=$(LIBDIR)/mandos \

476

mandos-to-cryptroot-unlock

477

install --directory $(PREFIX)/sbin

401

478

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

402

479

mandos-keygen

403

480

install --mode=u=rwx,go=rx \

421

498

install --mode=u=rwx,go=rx \

422

499

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

423

500

plugin-helpers/mandos-client-iprouteadddel

424

install initramfs-tools-hook \

501

install -D initramfs-tools-hook \

425

502

$(INITRAMFSTOOLS)/hooks/mandos

426

install --mode=u=rw,go=r initramfs-tools-conf \

503

install -D --mode=u=rw,go=r initramfs-tools-conf \

427

504

$(INITRAMFSTOOLS)/conf.d/mandos-conf

428

install initramfs-tools-script \

505

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

506

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

507

install -D initramfs-tools-script \

429

508

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

430

install initramfs-tools-script-stop \

509

install -D initramfs-tools-script-stop \

431

510

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

511

install -D --mode=u=rw,go=r \

512

--target-directory=$(DRACUTMODULE) \

513

dracut-module/ask-password-mandos.path \

514

dracut-module/ask-password-mandos.service

515

install --mode=u=rwxs,go=rx \

516

--target-directory=$(DRACUTMODULE) \

517

dracut-module/module-setup.sh \

518

dracut-module/cmdline-mandos.sh \

519

dracut-module/password-agent

432

520

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

521

install --directory $(MANDIR)/man8

433

522

gzip --best --to-stdout mandos-keygen.8 \

434

523

> $(MANDIR)/man8/mandos-keygen.8.gz

435

524

gzip --best --to-stdout plugin-runner.8mandos \

446

535

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

447

536

gzip --best --to-stdout plugins.d/plymouth.8mandos \

448

537

> $(MANDIR)/man8/plymouth.8mandos.gz

538

gzip --best --to-stdout dracut-module/password-agent.8mandos \

539

> $(MANDIR)/man8/password-agent.8mandos.gz

449

540

541

.PHONY: install-client

450

542

install-client: install-client-nokey

451

543

# Post-installation stuff

452

544

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

453

update-initramfs -k all -u

545

if command -v update-initramfs >/dev/null; then \

546

update-initramfs -k all -u; \

547

elif command -v dracut >/dev/null; then \

548

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

549

if [ -w "$$initrd" ]; then \

550

chmod go-r "$$initrd"; \

551

dracut --force "$$initrd"; \

552

fi; \

553

done; \

554

454

555

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

455

556

557

.PHONY: uninstall

456

558

uninstall: uninstall-server uninstall-client

457

559

560

.PHONY: uninstall-server

458

561

uninstall-server:

459

562

-rm --force $(PREFIX)/sbin/mandos \

460

563

$(PREFIX)/sbin/mandos-ctl \

467

570

update-rc.d -f mandos remove

468

571

-rmdir $(CONFDIR)

469

572

573

.PHONY: uninstall-client

470

574

uninstall-client:

471

575

# Refuse to uninstall client if /etc/crypttab is explicitly configured

472

576

# to use it.

483

587

$(INITRAMFSTOOLS)/hooks/mandos \

484

588

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

485

589

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

590

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

591

$(DRACUTMODULE)/ask-password-mandos.path \

592

$(DRACUTMODULE)/ask-password-mandos.service \

593

$(DRACUTMODULE)/module-setup.sh \

594

$(DRACUTMODULE)/cmdline-mandos.sh \

595

$(DRACUTMODULE)/password-agent \

486

596

$(MANDIR)/man8/mandos-keygen.8.gz \

487

597

$(MANDIR)/man8/plugin-runner.8mandos.gz \

488

598

$(MANDIR)/man8/mandos-client.8mandos.gz

491

601

$(MANDIR)/man8/splashy.8mandos.gz \

492

602

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

493

603

$(MANDIR)/man8/plymouth.8mandos.gz \

604

$(MANDIR)/man8/password-agent.8mandos.gz \

494

605

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

495

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

496

update-initramfs -k all -u

606

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

607

if command -v update-initramfs >/dev/null; then \

608

update-initramfs -k all -u; \

609

elif command -v dracut >/dev/null; then \

610

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

611

test -w "$$initrd" && dracut --force "$$initrd"; \

612

done; \

613

497

614

615

.PHONY: purge

498

616

purge: purge-server purge-client

499

617

618

.PHONY: purge-server

500

619

purge-server: uninstall-server

501

620

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

502

621

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

503

622

$(DESTDIR)/etc/default/mandos \

504

623

$(DESTDIR)/etc/init.d/mandos \

505

$(SYSTEMD)/mandos.service \

506

624

$(DESTDIR)/run/mandos.pid \

507

625

$(DESTDIR)/var/run/mandos.pid

626

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

627

-rm --force -- $(SYSTEMD)/mandos.service; \

628

508

629

-rmdir $(CONFDIR)

509

630

631

.PHONY: purge-client

510

632

purge-client: uninstall-client

511

-shred --remove $(KEYDIR)/seckey.txt

633

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

512

634

-rm --force $(CONFDIR)/plugin-runner.conf \

513

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

635

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

636

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

514

637

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »