/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-hook

initramfs-tools-script

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

FORTIFY += -fPIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

htmldir:=man

version:=1.8.4

SED:=sed

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

# Commands to format a DocBook <refentry> document into a manual page

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

--param man.charmap.use.subset 0 \

100

--param make.year.ranges 1 \

101

--param make.single.year.ranges 1 \

102

--param man.output.quietly 1 \

103

--param man.authors.section.enabled 0 \

104

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

105

$(notdir $<); \

106

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

107

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

108

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

109

fi >/dev/null)

110

111

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

112

--param make.year.ranges 1 \

113

--param make.single.year.ranges 1 \

114

--param man.output.quietly 1 \

115

--param man.authors.section.enabled 0 \

116

--param citerefentry.link 1 \

117

--output $@ \

118

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

119

$<; $(HTMLPOST) $@)

120

# Fix citerefentry links

121

HTMLPOST:=$(SED) --in-place \

122

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

123

124

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

125

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

126

plugins.d/plymouth

127

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

128

CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

129

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

130

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

131

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

132

plugins.d/mandos-client.8mandos \

133

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

134

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

135

plugins.d/plymouth.8mandos intro.8mandos

136

137

htmldocs:=$(addsuffix .xhtml,$(DOCS))

138

139

objects:=$(addsuffix .o,$(CPROGS))

140

141

all: $(PROGS) mandos.lsm

142

143

doc: $(DOCS)

144

145

html: $(htmldocs)

146

147

%.5: %.xml common.ent legalnotice.xml

148

$(DOCBOOKTOMAN)

149

%.5.xhtml: %.xml common.ent legalnotice.xml

150

$(DOCBOOKTOHTML)

151

152

%.8: %.xml common.ent legalnotice.xml

153

$(DOCBOOKTOMAN)

154

%.8.xhtml: %.xml common.ent legalnotice.xml

155

$(DOCBOOKTOHTML)

156

157

%.8mandos: %.xml common.ent legalnotice.xml

158

$(DOCBOOKTOMAN)

159

%.8mandos.xhtml: %.xml common.ent legalnotice.xml

160

$(DOCBOOKTOHTML)

161

162

intro.8mandos: intro.xml common.ent legalnotice.xml

163

$(DOCBOOKTOMAN)

164

intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml

165

$(DOCBOOKTOHTML)

166

167

mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \

168

legalnotice.xml

169

$(DOCBOOKTOMAN)

170

mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \

171

overview.xml legalnotice.xml

172

$(DOCBOOKTOHTML)

173

174

mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \

175

legalnotice.xml

176

$(DOCBOOKTOMAN)

177

mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \

178

legalnotice.xml

179

$(DOCBOOKTOHTML)

180

181

mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \

182

legalnotice.xml

183

$(DOCBOOKTOMAN)

184

mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \

185

legalnotice.xml

186

$(DOCBOOKTOHTML)

187

188

mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \

189

legalnotice.xml

190

$(DOCBOOKTOMAN)

191

mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \

192

legalnotice.xml

193

$(DOCBOOKTOHTML)

194

195

mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \

196

legalnotice.xml

197

$(DOCBOOKTOMAN)

198

mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \

199

legalnotice.xml

200

$(DOCBOOKTOHTML)

201

202

plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \

203

legalnotice.xml

204

$(DOCBOOKTOMAN)

205

plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \

206

overview.xml legalnotice.xml

207

$(DOCBOOKTOHTML)

208

209

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

210

common.ent \

211

mandos-options.xml \

212

overview.xml legalnotice.xml

213

$(DOCBOOKTOMAN)

214

plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \

215

common.ent \

216

mandos-options.xml \

217

overview.xml legalnotice.xml

218

$(DOCBOOKTOHTML)

219

220

# Update all these files with version number $(version)

221

common.ent: Makefile

222

$(strip $(SED) --in-place \

223

--expression='s/^$<!ENTITY version "$[^"]*">$$/\1$(version)">/' \

224

$@)

225

226

mandos: Makefile

227

$(strip $(SED) --in-place \

228

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

229

$@)

230

231

mandos-keygen: Makefile

232

$(strip $(SED) --in-place \

233

--expression='s/^$VERSION="$[^"]*"$$/\1$(version)"/' \

234

$@)

235

236

mandos-ctl: Makefile

237

$(strip $(SED) --in-place \

238

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

239

$@)

240

241

mandos-monitor: Makefile

242

$(strip $(SED) --in-place \

243

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

244

$@)

245

246

mandos.lsm: Makefile

247

$(strip $(SED) --in-place \

248

--expression='s/^$Version:$.*/\1\t$(version)/' \

249

$@)

250

$(strip $(SED) --in-place \

251

--expression='s/^$Entered-date:$.*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \

252

$@)

253

$(strip $(SED) --in-place \

254

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

255

$@)

256

257

# Need to add the GnuTLS, Avahi and GPGME libraries

258

plugins.d/mandos-client: plugins.d/mandos-client.c

259

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

260

) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\

261

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

262

) $(LDLIBS) -o $@

263

264

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

265

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

266

) $(LOADLIBES) $(LDLIBS) -o $@

267

268

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

269

check run-client run-server install install-html \

270

install-server install-client-nokey install-client uninstall \

271

uninstall-server uninstall-client purge purge-server \

272

purge-client

CFLAGS="-Wall -std=gnu99"

LDFLAGS=-lgnutls

all: plugbasedclient

273

274

clean:

275

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

276

277

distclean: clean

278

mostlyclean: clean

279

maintainer-clean: clean

280

-rm --force --recursive keydir confdir statedir

281

282

check: all

283

./mandos --check

284

./mandos-ctl --check

285

286

# Run the client with a local config and key

287

run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem

288

@echo "###################################################################"

289

@echo "# The following error messages are harmless and can be safely #"

290

@echo "# ignored: #"

291

@echo "# From plugin-runner: setgid: Operation not permitted #"

292

@echo "# setuid: Operation not permitted #"

293

@echo "# From askpass-fifo: mkfifo: Permission denied #"

294

@echo "# From mandos-client: #"

295

@echo "# Failed to raise privileges: Operation not permitted #"

296

@echo "# Warning: network hook \"*\" exited with status * #"

297

@echo "# #"

298

@echo "# (The messages are caused by not running as root, but you should #"

299

@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"

300

@echo "# compiled Mandos as root, which is also NOT recommended.) #"

301

@echo "###################################################################"

302

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

303

./plugin-runner --plugin-dir=plugins.d \

304

--plugin-helper-dir=plugin-helpers \

305

--config-file=plugin-runner.conf \

306

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

307

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

308

$(CLIENTARGS)

309

310

# Used by run-client

311

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

312

install --directory keydir

313

./mandos-keygen --dir keydir --force

314

315

# Run the server with a local config

316

run-server: confdir/mandos.conf confdir/clients.conf statedir

317

./mandos --debug --no-dbus --configdir=confdir \

318

--statedir=statedir $(SERVERARGS)

319

320

# Used by run-server

321

confdir/mandos.conf: mandos.conf

322

install --directory confdir

323

install --mode=u=rw,go=r $^ $@

324

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

325

install --directory confdir

326

install --mode=u=rw $< $@

327

# Add a client password

328

./mandos-keygen --dir keydir --password --no-ssh >> $@

329

statedir:

330

install --directory statedir

331

332

install: install-server install-client-nokey

333

334

install-html: html

335

install --directory $(htmldir)

336

install --mode=u=rw,go=r --target-directory=$(htmldir) \

337

$(htmldocs)

338

339

install-server: doc

340

install --directory $(CONFDIR)

341

if install --directory --mode=u=rwx --owner=$(USER) \

342

--group=$(GROUP) $(STATEDIR); then \

343

:; \

344

elif install --directory --mode=u=rwx $(STATEDIR); then \

345

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

346

347

if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \

348

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

349

$(TMPFILES)/mandos.conf; \

350

351

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

352

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

353

mandos-ctl

354

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

355

mandos-monitor

356

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

357

mandos.conf

358

install --mode=u=rw --target-directory=$(CONFDIR) \

359

clients.conf

360

install --mode=u=rw,go=r dbus-mandos.conf \

361

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

362

install --mode=u=rwx,go=rx init.d-mandos \

363

$(DESTDIR)/etc/init.d/mandos

364

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

365

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

366

367

install --mode=u=rw,go=r default-mandos \

368

$(DESTDIR)/etc/default/mandos

369

if [ -z $(DESTDIR) ]; then \

370

update-rc.d mandos defaults 25 15;\

371

372

gzip --best --to-stdout mandos.8 \

373

> $(MANDIR)/man8/mandos.8.gz

374

gzip --best --to-stdout mandos-monitor.8 \

375

> $(MANDIR)/man8/mandos-monitor.8.gz

376

gzip --best --to-stdout mandos-ctl.8 \

377

> $(MANDIR)/man8/mandos-ctl.8.gz

378

gzip --best --to-stdout mandos.conf.5 \

379

> $(MANDIR)/man5/mandos.conf.5.gz

380

gzip --best --to-stdout mandos-clients.conf.5 \

381

> $(MANDIR)/man5/mandos-clients.conf.5.gz

382

gzip --best --to-stdout intro.8mandos \

383

> $(MANDIR)/man8/intro.8mandos.gz

384

385

install-client-nokey: all doc

386

install --directory $(LIBDIR)/mandos $(CONFDIR)

387

install --directory --mode=u=rwx $(KEYDIR) \

388

$(LIBDIR)/mandos/plugins.d \

389

$(LIBDIR)/mandos/plugin-helpers

390

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

391

install --mode=u=rwx \

392

--directory "$(CONFDIR)/plugins.d" \

393

"$(CONFDIR)/plugin-helpers"; \

394

395

install --mode=u=rwx,go=rx --directory \

396

"$(CONFDIR)/network-hooks.d"

397

install --mode=u=rwx,go=rx \

398

--target-directory=$(LIBDIR)/mandos plugin-runner

399

install --mode=u=rwx,go=rx \

400

--target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock

401

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

402

mandos-keygen

403

install --mode=u=rwx,go=rx \

404