/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzrignore

COPYING

README

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Wunreachable-code -Winline \

-Wvolatile-register-var

DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see

# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>

FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all

#COVERAGE=--coverage

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

# PREFIX=/usr/local

PREFIX=$(DESTDIR)/usr

# CONFDIR=/usr/local/lib/mandos

CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=/usr/local/lib/mandos/keys

KEYDIR=$(DESTDIR)/etc/keys/mandos

# MANDIR=/usr/local/man

MANDIR=$(DESTDIR)/usr/share/man

GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)

GNUTLS_LIBS=$(shell libgnutls-config --libs)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags)

GPGME_LIBS=$(shell gpgme-config --libs)

# Do not change these two

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

LDFLAGS=$(COVERAGE)

# Commands to format a DocBook refentry document into a manual page

DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \

--param man.charmap.use.subset 0 \

--param make.year.ranges 1 \

--param make.single.year.ranges 1 \

--param man.output.quietly 1 \

--param man.authors.section.enabled 0 \

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

$(notdir $<); \

$(MANPOST) $(notdir $@)

# DocBook-to-man post-processing to fix a \n escape bug

MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

PLUGINS=plugins.d/password-prompt plugins.d/password-request

PROGS=plugin-runner $(PLUGINS)

DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \

plugins.d/password-request.8mandos \

plugins.d/password-prompt.8mandos mandos.conf.5 \

mandos-clients.conf.5

objects=$(addsuffix .o,$(PROGS))

all: $(PROGS)

doc: $(DOCS)

%.5: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8mandos: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.8: mandos.xml mandos-options.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos-keygen.8: mandos-keygen.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.conf.5: mandos.conf.xml mandos-options.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugin-runner.8mandos: plugin-runner.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request.8mandos: plugins.d/password-request.xml \

mandos-options.xml \

overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request: plugins.d/password-request.o

$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \

$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@

.PHONY : all doc clean distclean run-client run-server install \

install-server install-client uninstall uninstall-server \

uninstall-client purge purge-server purge-client

CFLAGS="-Wall -std=gnu99"

LDFLAGS=-lgnutls

all: plugbasedclient

clean:

-rm --force $(PROGS) $(objects) $(DOCS) core

100

distclean: clean

101

mostlyclean: clean

102

maintainer-clean: clean

103

-rm --force --recursive keydir confdir

104

105

check:

106

./mandos --check

107

108

# Run the client with a local config and key

109

run-client: all keydir/seckey.txt keydir/pubkey.txt

110

./plugin-runner --plugin-dir=plugins.d \

111

--config-file=plugin-runner.conf \

112

--options-for=password-request:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt

113

114

# Used by run-client

115

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

116

install --directory keydir

117

./mandos-keygen --dir keydir --force

118

119

# Run the server with a local config

120

run-server: confdir/mandos.conf confdir/clients.conf

121

./mandos --debug --configdir=confdir

122

123

# Used by run-server

124

confdir/mandos.conf: mandos.conf

125

install --directory confdir

126

install --mode=u=rw,go=r $^ $@

127

confdir/clients.conf: clients.conf keydir/seckey.txt

128

install --directory confdir

129

install --mode=u=rw,g=r $< $@

130

# Add a client password

131

./mandos-keygen --dir keydir --password >> $@

132

133

install: install-server install-client

134

135

install-server: doc

136

install --directory $(CONFDIR) $(MANDIR)/man5 \

137

$(MANDIR)/man8

138

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

139

install --mode=u=rw,go=r --target-directory=$(CONFDIR) mandos.conf

140

install --mode=u=rw,g=r --target-directory=$(CONFDIR) \

141

clients.conf

142

gzip --best --to-stdout mandos.8 \

143

> $(MANDIR)/man8/mandos.8.gz

144

gzip --best --to-stdout mandos.conf.5 \

145

> $(MANDIR)/man5/mandos.conf.5.gz

146

gzip --best --to-stdout mandos-clients.conf.5 \

147

> $(MANDIR)/man5/mandos-clients.conf.5.gz

148

149

install-client: all doc /usr/share/initramfs-tools/hooks/.

150

install --directory $(PREFIX)/lib/mandos $(CONFDIR) \

151

$(MANDIR)/man8

152

install --directory --mode=u=rwx $(KEYDIR)

153

install --directory --mode=u=rwx $(PREFIX)/lib/mandos/plugins.d

154

if [ "$(CONFDIR)/plugins.d" \

155

!= "$(PREFIX)/lib/mandos/plugins.d" ]; then \

156

install --directory "$(CONFDIR)/plugins.d"; \

157

158

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/lib/mandos \

159

plugin-runner

160

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

161

mandos-keygen

162

install --mode=u=rwx,go=rx \

163

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

164

plugins.d/password-prompt

165

install --mode=u=rwxs,go=rx \

166

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

167

plugins.d/password-request

168

install --mode=u=rwx,go=rx \

169

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

170

plugins.d/usplash

171

install initramfs-tools-hook \

172

/usr/share/initramfs-tools/hooks/mandos

173

install initramfs-tools-hook-conf \

174

/usr/share/initramfs-tools/conf-hooks.d/mandos

175

install initramfs-tools-script \

176

/usr/share/initramfs-tools/scripts/local-top/mandos

177

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

178

gzip --best --to-stdout mandos-keygen.8 \

179

> $(MANDIR)/man8/mandos-keygen.8.gz

180

gzip --best --to-stdout plugin-runner.8mandos \

181

> $(MANDIR)/man8/plugin-runner.8mandos.gz

182

gzip --best --to-stdout plugins.d/password-prompt.8mandos \

183

> $(MANDIR)/man8/password-prompt.8mandos.gz

184

gzip --best --to-stdout plugins.d/password-request.8mandos \

185

> $(MANDIR)/man8/password-request.8mandos.gz

186

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

187

update-initramfs -k all -u

188

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

189

190

uninstall: uninstall-server uninstall-client

191

192

uninstall-server:

193

-rm --force $(PREFIX)/sbin/mandos \

194

$(MANDIR)/man8/mandos.8.gz \

195

$(MANDIR)/man5/mandos.conf.5.gz \

196

$(MANDIR)/man5/mandos-clients.conf.5.gz

197

-rmdir $(CONFDIR)

198

199

uninstall-client:

200

# Refuse to uninstall client if /etc/crypttab is explicitly configured

201

# to use it.

202

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

203

/etc/crypttab

204

-rm --force $(PREFIX)/sbin/mandos-keygen \

205

$(PREFIX)/lib/mandos/plugin-runner \

206

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

207

$(PREFIX)/lib/mandos/plugins.d/password-request \

208

/usr/share/initramfs-tools/hooks/mandos \

209

/usr/share/initramfs-tools/conf-hooks.d/mandos \

210

$(MANDIR)/man8/plugin-runner.8mandos.gz \

211

$(MANDIR)/man8/mandos-keygen.8.gz \

212

$(MANDIR)/man8/password-prompt.8mandos.gz \

213

$(MANDIR)/man8/password-request.8mandos.gz

214

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

215

$(PREFIX)/lib/mandos $(CONFDIR)

216

update-initramfs -k all -u

217

218

purge: purge-server purge-client

219

220

purge-server: uninstall-server

221

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf

222

-rmdir $(CONFDIR)

223

224

purge-client: uninstall-client

225

-shred --remove $(KEYDIR)/seckey.txt

226

-rm --force $(CONFDIR)/plugin-runner.conf \

227

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

228

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

rm -f plugbasedclient

client_debug: client

mv -f client client.tmp

$(MAKE) client CXXFLAGS="$(CXXFLAGS) -DDEBUG -DCERT_ROOT=\\\"./\\\""

mv client client_debug

mv client.tmp client

Older »