/mandos/trunk : revision 1312

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-11-17 18:43:11 UTC
Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g

Debian package: Avoid suggesting a C compiler unnecessarily

The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.

debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".

files added:
debian/mandos.maintscript

debian/po/de.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/tests/control

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.6

version:=1.8.17

SED:=sed

PKG_CONFIG?=pkg-config

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# BINDIR:=$(PREFIX)/sbin

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

BINDIR:=$(PREFIX)/sbin

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

100

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

101

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

102

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

103

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

104

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

105

|| gpgme-config --cflags; getconf LFS_CFLAGS)

106

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

107

|| gpgme-config --libs; getconf LFS_LIBS; \

108

getconf LFS_LDFLAGS)

100

109

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

101

110

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

104

113

105

114

# Do not change these two

106

115

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

107

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

116

$(LANGUAGE) -DVERSION='"$(version)"'

108

117

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

109

118

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

110

119

154

163

155

164

objects:=$(addsuffix .o,$(CPROGS))

156

165

166

.PHONY: all

157

167

all: $(PROGS) mandos.lsm

158

168

169

.PHONY: doc

159

170

doc: $(DOCS)

160

171

172

.PHONY: html

161

173

html: $(htmldocs)

162

174

163

175

%.5: %.xml common.ent legalnotice.xml

279

291

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

280

292

$@)

281

293

294

# Does the linker support the --no-warn-execstack option?

295

ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)

296

# These programs use nested functions, which uses an executable stack

297

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

298

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

299

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

300

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

301

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

302

endif

303

282

304

# Need to add the GnuTLS, Avahi and GPGME libraries

283

plugins.d/mandos-client: plugins.d/mandos-client.c

284

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

285

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

286

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

287

) $(LDLIBS) -o $@

305

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

306

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

307

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

308

) $(AVAHI_LIBS) $(GPGME_LIBS)

288

309

289

310

# Need to add the libnl-route library

290

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

291

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

292

) $(LOADLIBES) $(LDLIBS) -o $@

311

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

312

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

293

313

294

314

# Need to add the GLib and pthread libraries

295

dracut-module/password-agent: dracut-module/password-agent.c

296

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

297

) $(LOADLIBES) $(LDLIBS) -o $@

298

299

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

300

check run-client run-server install install-html \

301

install-server install-client-nokey install-client uninstall \

302

uninstall-server uninstall-client purge purge-server \

303

purge-client

304

315

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

316

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

317

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

318

319

.PHONY: clean

305

320

clean:

306

321

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

307

322

323

.PHONY: distclean

308

324

distclean: clean

325

.PHONY: mostlyclean

309

326

mostlyclean: clean

327

.PHONY: maintainer-clean

310

328

maintainer-clean: clean

311

329

-rm --force --recursive keydir confdir statedir

312

330

331

.PHONY: check

313

332

check: all

314

333

./mandos --check

315

334

./mandos-ctl --check

319

338

./dracut-module/password-agent --test

320

339

321

340

# Run the client with a local config and key

341

.PHONY: run-client

322

342

run-client: all keydir/seckey.txt keydir/pubkey.txt \

323

343

keydir/tls-privkey.pem keydir/tls-pubkey.pem

324

344

@echo '######################################################'

352

372

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

353

373

install --directory keydir

354

374

./mandos-keygen --dir keydir --force

375

if ! [ -e keydir/tls-privkey.pem ]; then \

376

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

377

378

if ! [ -e keydir/tls-pubkey.pem ]; then \

379

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

380

355

381

356

382

# Run the server with a local config

383

.PHONY: run-server

357

384

run-server: confdir/mandos.conf confdir/clients.conf statedir

358

385

./mandos --debug --no-dbus --configdir=confdir \

359

386

--statedir=statedir $(SERVERARGS)

360

387

361

388

# Used by run-server

362

389

confdir/mandos.conf: mandos.conf

363

install --directory confdir

364

install --mode=u=rw,go=r $^ $@

390

install -D --mode=u=rw,go=r $^ $@

365

391

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

366

install --directory confdir

367

install --mode=u=rw $< $@

392

install -D --mode=u=rw $< $@

368

393

# Add a client password

369

394

./mandos-keygen --dir keydir --password --no-ssh >> $@

370

395

statedir:

371

396

install --directory statedir

372

397

398

.PHONY: install

373

399

install: install-server install-client-nokey

374

400

401

.PHONY: install-html

375

402

install-html: html

376

install --directory $(htmldir)

377

install --mode=u=rw,go=r --target-directory=$(htmldir) \

403

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

378

404

$(htmldocs)

379

405

406

.PHONY: install-server

380

407

install-server: doc

381

install --directory $(CONFDIR)

382

408

if install --directory --mode=u=rwx --owner=$(USER) \

383

409

--group=$(GROUP) $(STATEDIR); then \

384

410

:; \

385

411

elif install --directory --mode=u=rwx $(STATEDIR); then \

386

412

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

387

413

388

if [ "$(TMPFILES)" != "$(DESTDIR)" \

389

-a -d "$(TMPFILES)" ]; then \

390

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

414

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

415

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

391

416

$(TMPFILES)/mandos.conf; \

392

417

393

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

394

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

418

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

419

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

420

$(SYSUSERS)/mandos.conf; \

421

422

install --directory $(BINDIR)

423

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos

424

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

395

425

mandos-ctl

396

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

426

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

397

427

mandos-monitor

428

install --directory $(CONFDIR)

398

429

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

399

430

mandos.conf

400

431

install --mode=u=rw --target-directory=$(CONFDIR) \

401

432

clients.conf

402

install --mode=u=rw,go=r dbus-mandos.conf \

403

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

404

install --mode=u=rwx,go=rx init.d-mandos \

433

install -D --mode=u=rw,go=r dbus-mandos.conf \

434

$(DBUSPOLICYDIR)/mandos.conf

435

install -D --mode=u=rwx,go=rx init.d-mandos \

405

436

$(DESTDIR)/etc/init.d/mandos

406

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

407

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

437

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

438

install -D --mode=u=rw,go=r mandos.service \

439

$(SYSTEMD); \

408

440

409

install --mode=u=rw,go=r default-mandos \

441

install -D --mode=u=rw,go=r default-mandos \

410

442

$(DESTDIR)/etc/default/mandos

411

443

if [ -z $(DESTDIR) ]; then \

412

444

update-rc.d mandos defaults 25 15;\

413

445

446

install --directory $(MANDIR)/man8 $(MANDIR)/man5

414

447

gzip --best --to-stdout mandos.8 \

415

448

> $(MANDIR)/man8/mandos.8.gz

416

449

gzip --best --to-stdout mandos-monitor.8 \

424

457

gzip --best --to-stdout intro.8mandos \

425

458

> $(MANDIR)/man8/intro.8mandos.gz

426

459

460

.PHONY: install-client-nokey

427

461

install-client-nokey: all doc

428

install --directory $(LIBDIR)/mandos $(CONFDIR)

429

462

install --directory --mode=u=rwx $(KEYDIR) \

430

463

$(LIBDIR)/mandos/plugins.d \

431

464

$(LIBDIR)/mandos/plugin-helpers

465

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

466

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

467

$(SYSUSERS)/mandos-client.conf; \

468

432

469

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

433

install --mode=u=rwx \

434

--directory "$(CONFDIR)/plugins.d" \

470

install --directory \

471

--mode=u=rwx "$(CONFDIR)/plugins.d" \

435

472

"$(CONFDIR)/plugin-helpers"; \

436

473

437

install --mode=u=rwx,go=rx --directory \

474

install --directory --mode=u=rwx,go=rx \

438

475

"$(CONFDIR)/network-hooks.d"

439

476

install --mode=u=rwx,go=rx \

440

477

--target-directory=$(LIBDIR)/mandos plugin-runner

441

478

install --mode=u=rwx,go=rx \

442

479

--target-directory=$(LIBDIR)/mandos \

443

480

mandos-to-cryptroot-unlock

444

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

481

install --directory $(BINDIR)

482

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

445

483

mandos-keygen

446

484

install --mode=u=rwx,go=rx \

447

485

--target-directory=$(LIBDIR)/mandos/plugins.d \

464

502

install --mode=u=rwx,go=rx \

465

503

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

466

504

plugin-helpers/mandos-client-iprouteadddel

467

install initramfs-tools-hook \

505

install -D initramfs-tools-hook \

468

506

$(INITRAMFSTOOLS)/hooks/mandos

469

install --mode=u=rw,go=r initramfs-tools-conf \

507

install -D --mode=u=rw,go=r initramfs-tools-conf \

470

508

$(INITRAMFSTOOLS)/conf.d/mandos-conf

471

install --mode=u=rw,go=r initramfs-tools-conf-hook \

509

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

472

510

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

473

install initramfs-tools-script \

511

install -D initramfs-tools-script \

474

512

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

475

install initramfs-tools-script-stop \

513

install -D initramfs-tools-script-stop \

476

514

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

477

install --directory $(DRACUTMODULE)

478

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

515

install -D --mode=u=rw,go=r \

516

--target-directory=$(DRACUTMODULE) \

479

517

dracut-module/ask-password-mandos.path \

480

518

dracut-module/ask-password-mandos.service

481

519

install --mode=u=rwxs,go=rx \

484

522

dracut-module/cmdline-mandos.sh \

485

523

dracut-module/password-agent

486

524

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

525

install --directory $(MANDIR)/man8

487

526

gzip --best --to-stdout mandos-keygen.8 \

488

527

> $(MANDIR)/man8/mandos-keygen.8.gz

489

528

gzip --best --to-stdout plugin-runner.8mandos \

503

542

gzip --best --to-stdout dracut-module/password-agent.8mandos \

504

543

> $(MANDIR)/man8/password-agent.8mandos.gz

505

544

545

.PHONY: install-client

506

546

install-client: install-client-nokey

507

547

# Post-installation stuff

508

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

548

-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"

509

549

if command -v update-initramfs >/dev/null; then \

510

550

update-initramfs -k all -u; \

511

551

elif command -v dracut >/dev/null; then \

518

558

519

559

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

520

560

561

.PHONY: uninstall

521

562

uninstall: uninstall-server uninstall-client

522

563

564

.PHONY: uninstall-server

523

565

uninstall-server:

524

-rm --force $(PREFIX)/sbin/mandos \

525

$(PREFIX)/sbin/mandos-ctl \

526

$(PREFIX)/sbin/mandos-monitor \

566

-rm --force $(BINDIR)/mandos \

567

$(BINDIR)/mandos-ctl \

568

$(BINDIR)/mandos-monitor \

527

569

$(MANDIR)/man8/mandos.8.gz \

528

570

$(MANDIR)/man8/mandos-monitor.8.gz \

529

571

$(MANDIR)/man8/mandos-ctl.8.gz \

532

574

update-rc.d -f mandos remove

533

575

-rmdir $(CONFDIR)

534

576

577

.PHONY: uninstall-client

535

578

uninstall-client:

536

579

# Refuse to uninstall client if /etc/crypttab is explicitly configured

537

580

# to use it.

538

581

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

539

582

$(DESTDIR)/etc/crypttab

540

-rm --force $(PREFIX)/sbin/mandos-keygen \

583

-rm --force $(BINDIR)/mandos-keygen \

541

584

$(LIBDIR)/mandos/plugin-runner \

542

585

$(LIBDIR)/mandos/plugins.d/password-prompt \

543

586

$(LIBDIR)/mandos/plugins.d/mandos-client \

573

616

done; \

574

617

575

618

619

.PHONY: purge

576

620

purge: purge-server purge-client

577

621

622

.PHONY: purge-server

578

623

purge-server: uninstall-server

579

624

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

580

625

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

581

626

$(DESTDIR)/etc/default/mandos \

582

627

$(DESTDIR)/etc/init.d/mandos \

583

$(SYSTEMD)/mandos.service \

584

628

$(DESTDIR)/run/mandos.pid \

585

629

$(DESTDIR)/var/run/mandos.pid

630

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

631

-rm --force -- $(SYSTEMD)/mandos.service; \

632

586

633

-rmdir $(CONFDIR)

587

634

635

.PHONY: purge-client

588

636

purge-client: uninstall-client

589

637

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

590

638

-rm --force $(CONFDIR)/plugin-runner.conf \

Older »